|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
06-21-2009, 04:59 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2009
Posts: 11
OS: Vista
|
99 problems
but'....ah got u (inside joke, between me and another mod).... Anyways i have a bunch of problems with my comp going slow. I need my computer to do some work, but it has been slowed down by Trojans. My little nephew shares this computer, so I think it was him who put me at risk. Anyways can any one help?
DDS (Ver_09-05-14.01) - NTFSx86 Run by DC at 16:41:18.71 on Mon 06/22/2009 Internet Explorer: 7.0.6000.16851 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1013.174 [GMT -6:00] AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Windows\system32\bgsvcgen.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe C:\Windows\system32\CTsvcCDA.EXE C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe C:\Windows\System32\svchost.exe -k netsvcs C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wuauclt.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Windows\System32\spoolsv.exe C:\Users\DC\Documents\Desktop\gmer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\explorer.exe C:\Users\DC\Downloads\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: FG2CatchUrl: {1f364306-aa45-47b5-9f9d-39a8b94e7ef1} - c:\flashget network\flashget\comdlls\bhoCATCH.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [<NO NAME>] uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup uRun: [Cognac] c:\users\dc\appdata\local\temp\d.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [RemoteControl] c:\program files\roxio\roxio dvdmax player\PDVDServ.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [sysldtray] c:\windows\ld10.exe mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot dRun: [kell] c:\program files\manson\liser.exe mPolicies-system: EnableLUA = 0 (0x0) IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204 IE: &Save Video As... - c:\program files\videodetect\videodetect.dll/201 IE: &ʹÓÿ쳵(FlashGet)ÏÂÔØ - c:\flashget network\flashget\comdlls\Bholink.htm IE: &ʹÓÿ쳵(FlashGet)ÏÂÔØÈ«²¿Á´½Ó - c:\flashget network\flashget\comdlls\Bhoall.htm IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202 IE: Download Video - http://www.viloader.net/addon.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe" IE: {0028E570-E86D-4ceb-A108-76158C18DEF3} - {C3A40C0F-6FBA-44AF-B171-09E72D7AD011} - c:\program files\videodetect\videodetect.dll IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: c:\windows\system32\wpclsp.dll DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.sopcast.com/download/SOPCORE.CAB DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: igfxcui - igfxdev.dll AppInit_DLLs: avgrsstx.dll,c:\progra~1\manson\liser.dll SSODL: TrunGateway - {7a9499e7-1314-4234-81b6-1c354edeae23} - c:\program files\common files\trun\TrunGateway.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\dc\appdata\roaming\mozilla\firefox\profiles\jdct6kbd.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-stage6&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?.home=ytff FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-stage6&p= FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\mozilla firefox\components\FlashgetXpi.dll FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll ============= SERVICES / DRIVERS =============== R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-5-30 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-30 327688] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-30 108552] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-30 906520] R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-30 298776] S2 gupdate1c9f0521d2b360;Google Update Service (gupdate1c9f0521d2b360);c:\program files\google\update\GoogleUpdate.exe [2009-6-18 133104] =============== Created Last 30 ================ 2009-06-20 01:44 122,372 a------- c:\windows\msa.exe.vir 2009-06-20 01:43 <DIR> --d----- c:\program files\Trend Micro 2009-06-20 01:26 162,304 a------- c:\windows\system32\ztvunrar36.dll 2009-06-20 01:26 153,088 a------- c:\windows\system32\UNRAR3.dll 2009-06-20 01:26 77,312 a------- c:\windows\system32\ztvunace26.dll 2009-06-20 01:26 75,264 a------- c:\windows\system32\unacev2.dll 2009-06-20 01:26 69,632 a------- c:\windows\system32\ztvcabinet.dll 2009-06-20 01:26 <DIR> --d----- c:\users\dc\appdata\roaming\Simply Super Software 2009-06-20 01:26 <DIR> --d----- c:\programdata\Simply Super Software 2009-06-20 01:26 <DIR> --d----- c:\progra~2\Simply Super Software 2009-06-20 01:26 <DIR> --d----- c:\program files\Trojan Remover 2009-06-19 23:59 176,640 a------- c:\windows\system32\tpsaxyd.exe 2009-06-19 23:58 2 a------- c:\windows\010112010146118114.lso 2009-06-19 23:58 2 a------- c:\windows\010112010146118114.dat 2009-06-19 23:58 0 a------- c:\windows\soc_1245477535.exe 2009-06-19 23:58 61,440 a------- c:\windows\ksrsr6ikruhjstjash353haaaa2hd81.exe 2009-06-19 23:58 <DIR> --dshr-- c:\program files\Manson 2009-06-19 23:58 38,912 ----h--- c:\windows\ld10.exe 2009-06-19 23:53 <DIR> --d----- c:\program files\common files\Trun 2009-06-19 23:29 206,852 a------- c:\windows\system32\msxml71.dll.vir 2009-06-19 22:20 <DIR> --d----- c:\programdata\RegCure 2009-06-19 22:20 <DIR> --d----- c:\progra~2\RegCure 2009-06-18 22:51 <DIR> --d----- c:\program files\Unlocker 2009-06-18 16:10 <DIR> --d----- c:\users\dc\appdata\roaming\LEAPS 2009-06-18 15:36 <DIR> --d----- c:\program files\Pegasys Inc 2009-06-18 14:17 <DIR> --d----- c:\program files\common files\DivX Shared 2009-06-18 01:29 <DIR> --d----- c:\programdata\AVG Security Toolbar 2009-06-18 01:29 <DIR> --d----- c:\progra~2\AVG Security Toolbar 2009-06-18 00:35 788,992 a------- c:\windows\system32\rpcrt4.dll 2009-06-18 00:20 2,028,032 a------- c:\windows\system32\win32k.sys 2009-06-18 00:20 696,832 a------- c:\windows\system32\localspl.dll 2009-06-07 17:11 <DIR> --d----- c:\program files\iPod 2009-05-31 13:53 <DIR> --d-h--- C:\$AVG8.VAULT$ 2009-05-30 12:56 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-05-30 12:56 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys 2009-05-30 12:56 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-05-30 12:55 327,688 a------- c:\windows\system32\drivers\avgldx86.sys 2009-05-30 12:55 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-05-30 12:55 <DIR> --d----- c:\program files\AVG 2009-05-30 12:55 <DIR> --d----- c:\programdata\avg8 2009-05-30 12:55 <DIR> --d----- c:\progra~2\avg8 2009-05-30 11:54 <DIR> --d----- c:\program files\uTorrent 2009-05-30 11:54 <DIR> --d----- c:\users\dc\appdata\roaming\uTorrent 2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll 2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys 2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx 2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts ==================== Find3M ==================== 2009-06-18 15:35 145,504 a------- c:\windows\system32\bgsvcgen.exe 2009-06-18 15:35 59,488 a------- c:\windows\system32\GenSvcInst.exe 2009-06-18 14:08 86,016 a------- c:\windows\inf\infstrng.dat 2009-06-18 14:08 86,016 a------- c:\windows\inf\infstor.dat 2009-06-18 14:08 51,200 a------- c:\windows\inf\infpub.dat 2009-05-01 15:02 90,112 a------- c:\windows\system32\dpl100.dll 2009-05-01 15:02 823,296 a------- c:\windows\system32\divx_xx0c.dll 2009-05-01 15:02 823,296 a------- c:\windows\system32\divx_xx07.dll 2009-05-01 15:02 815,104 a------- c:\windows\system32\divx_xx0a.dll 2009-05-01 15:02 811,008 a------- c:\windows\system32\divx_xx16.dll 2009-05-01 15:02 802,816 a------- c:\windows\system32\divx_xx11.dll 2009-05-01 15:02 685,056 a------- c:\windows\system32\DivX.dll 2009-04-24 10:22 827,392 a------- c:\windows\system32\wininet.dll 2009-04-24 10:14 56,320 a------- c:\windows\system32\iesetup.dll 2009-04-24 10:14 78,336 a------- c:\windows\system32\ieencode.dll 2009-04-24 10:14 52,736 a------- c:\windows\apppatch\iebrshim.dll 2009-04-24 10:11 72,704 a------- c:\windows\system32\admparse.dll 2009-04-24 07:53 48,128 a------- c:\windows\system32\ieUnatt.exe 2009-04-24 06:25 48,128 a------- c:\windows\system32\mshtmler.dll 2008-12-28 07:34 174 a--sh--- c:\program files\desktop.ini 2008-09-15 14:29 665,600 a------- c:\windows\inf\drvindex.dat 2008-02-13 19:30 118 a------- c:\users\dc\appdata\roaming\wklnhst.dat 2008-01-28 01:53 87,608 a------- c:\users\dc\appdata\roaming\inst.exe 2008-01-28 01:53 47,360 a------- c:\users\dc\appdata\roaming\pcouffin.sys 2006-11-02 06:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 06:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 06:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 06:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2008-03-26 22:12 2,048 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\lastalive0.dat 2008-03-26 22:12 2,048 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\lastalive1.dat 2008-05-10 01:02 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2008-05-10 01:02 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2008-05-10 01:02 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat 2008-04-06 20:24 16,384 a--sh--- c:\windows\temp\cookies\index.dat 2008-04-06 20:24 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat 2008-04-06 20:24 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 16:45:29.31 =============== P.S. why the switch from Hijack this, seemed much more simpler. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
06-22-2009, 05:16 AM
|
#2 (permalink) | |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Dùn Èideann,Scotland.
Posts: 5,093
OS: XP
|
Re: 99 problems
Hello and welcome to TSF
Quote:
======== Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. ======== Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear. Please DO NOT Attach logs to your posts unless you are advised to do so. ========= Please visit this webpage for download links, and instructions for running combofix: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. |
|
|
|
|
|
06-22-2009, 09:00 PM
|
#3 (permalink) |
|
Registered User
Join Date: Jun 2009
Posts: 11
OS: Vista
|
Re: 99 problems
Okay I Downloaded it.... But now I cant turn off AVG!!!!!! I used task manager, but still couldnt get it to stop running....then i diavbled every function and it still wont go away..... should I run with avg in background or do u have any suggestions sir?
|
|
|
|
|
06-23-2009, 05:47 AM
|
#4 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Dùn Èideann,Scotland.
Posts: 5,093
OS: XP
|
Re: 99 problems
Hello again
Try disabling AVG this way, if you have not tried it already. *Right Click on the tray Icon for AVG( the four colored square icon) *Select Open AVG User Interface *Right Click on Resident Shield and select Open *Uncheck Resident Shield Active *Click on Save Changes If no luck, run Combofix anyway. |
|
|
|
|
06-24-2009, 12:01 AM
|
#5 (permalink) |
|
Registered User
Join Date: Jun 2009
Posts: 11
OS: Vista
|
Re: 99 problems
hey! bad news i got a problem. Well i went to turn on the comb App, So I could give u the scan results, buti was instead prompted by this message.
"!! Alert!! It's not safe to continue! The contents of the combofix package has been compromised. Please DL a fresh copy from (Website)...... You may be infected with a file patching virus 'Virut." I tried to reinstall and reboot my comp so that i could start combofix, but i end up always with this message? Any suggestions? Dc |
|
|
|
|
06-24-2009, 04:59 AM
|
#6 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Dùn Èideann,Scotland.
Posts: 5,093
OS: XP
|
Re: 99 problems
Hello again
Sorry to have to tell you this, but everytime you try to run Combofix that message will reappear as Virut is active on your system. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a clean reformat is the only way to clean the infection and it is the only way to return the machine to its normal working state. Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (software, .exe files) and screensavers (.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable. Also, try to avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too. http://miekiemoes.blogspot.com/2009/...-throwing.html |
|
|
|
|
06-24-2009, 05:40 AM
|
#7 (permalink) |
|
Registered User
Join Date: Jun 2009
Posts: 11
OS: Vista
|
Re: 99 problems
hmm.. doesn't sound to good, sounds like tryin to remove this virus can be dangerous for the system... So system Restore won't work? I have to completely re-format my computer (which I have never done, don't think)??
Last edited by dcaire; 06-24-2009 at 05:41 AM. |
|
|
|
|
06-24-2009, 05:52 AM
|
#8 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Dùn Èideann,Scotland.
Posts: 5,093
OS: XP
|
Re: 99 problems
Hello again
System restore will not work, only a format and re-install will suffice. If this is an HP/Dell machine you can take the PC back to factory settings if you do not have your Vista CD. |
|
|
|
|
06-25-2009, 11:55 AM
|
#9 (permalink) |
|
Registered User
Join Date: Jun 2009
Posts: 11
OS: Vista
|
Re: 99 problems
Yes i have a dell/hp so I guess ill take it back to factory settings. Thanks alot for your help, now i gotta figure out how to do this backup thing and restoration. ( out of curiosity what would happen if I left the comp., untreated?)
|
|
|
|
|
06-25-2009, 12:22 PM
|
#10 (permalink) | |||
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Dùn Èideann,Scotland.
Posts: 5,093
OS: XP
|
Re: 99 problems
Hello again
Quote:
http://oem.windowsreinstall.com/ Quote:
Quote:
http://en.wikipedia.org/wiki/Botnet http://www.independent.co.uk/news/bu...ls-490716.html http://www.foxnews.com/story/0,2933,244009,00.html |
|||
|
|
|
|
06-25-2009, 05:00 PM
|
#12 (permalink) | |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Dùn Èideann,Scotland.
Posts: 5,093
OS: XP
|
Re: 99 problems
Quote:
When the Dell splash screen appears during the computer startup process, press and hold <Ctrl> and then press <F11>. Then, release both keys at the same time. http://support.dell.com/support/topi...restore1_task3 For HP: * Turn on the computer. * When the initial blue HP screen appears Press the "F10" key. * A Recovery menu will appear. * Click on "NEXT" * and then click on "YES" * Your system will now go through the product recovery http://www.probz.com/index.php?showtopic=35 Remember to disconnect from the internet, once the restore is completed, install an antivirus/firewall, then visit windows update page and install all the required patches. Then you can install any other programs of your choice. |
|
|
|
|
|
07-01-2009, 03:54 AM
|
#14 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Dùn Èideann,Scotland.
Posts: 5,093
OS: XP
|
Re: 99 problems
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help |
|
|
|
| Thread Tools | |
|
|
