Jump to content

ShadowPuterDude

Emsisoft Employee
  • Posts

    20164
  • Joined

  • Last visited

  • Days Won

    214

Everything posted by ShadowPuterDude

  1. Thread Closed Reason: Lack of Response PM either ShadowPuterDude or Lynx to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  2. Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  3. Thread Closed Reason: Lack of Response PM either ShadowPuterDude or Lynx to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  4. Hello and welcome to the EMSI Software support forums. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread Traduction anglais-français: http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fsupport.emsisoft.com%2Findex.php%3F%2Fforum-6%2Fannouncement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread%2F&sl=en&tl=fr&history_state0= Englisch > Deutsch Übersetzung: http://translate.google.com/translate?hl=en&sl=en&tl=de&u=http%3A%2F%2Fsupport.emsisoft.com%2Findex.php%3F%2Fforum-6%2Fannouncement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread%2F Inglese Traduzione italiana: http://translate.google.com/translate?hl=en&sl=en&tl=it&u=http%3A%2F%2Fsupport.emsisoft.com%2Findex.php%3F%2Fforum-6%2Fannouncement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread%2F Traducción del Inglés al Español: http://translate.google.com/translate?hl=en&sl=en&tl=es&u=http%3A%2F%2Fsupport.emsisoft.com%2Findex.php%3F%2Fforum-6%2Fannouncement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread%2F
  5. Hello and welcome to the EMSI Software support forums. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread Traduction anglais-français: http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fsupport.emsisoft.com%2Findex.php%3F%2Fforum-6%2Fannouncement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread%2F&sl=en&tl=fr&history_state0= Englisch > Deutsch Übersetzung: http://translate.google.com/translate?hl=en&sl=en&tl=de&u=http%3A%2F%2Fsupport.emsisoft.com%2Findex.php%3F%2Fforum-6%2Fannouncement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread%2F Inglese Traduzione italiana: http://translate.google.com/translate?hl=en&sl=en&tl=it&u=http%3A%2F%2Fsupport.emsisoft.com%2Findex.php%3F%2Fforum-6%2Fannouncement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread%2F Traducción del Inglés al Español: http://translate.google.com/translate?hl=en&sl=en&tl=es&u=http%3A%2F%2Fsupport.emsisoft.com%2Findex.php%3F%2Fforum-6%2Fannouncement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread%2F
  6. Everything should be fine now. How are things running?
  7. Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  8. The installed version of Java on this computer is out-dated. Install Java Runtime Environment (JRE) 6u17 available from Sun Microsystems. ----------------------------------------------------------- Using Add or Remove Programs in the Control Panel; uninstall the following: ----------------------------------------------------------- Download Avenger from HERE and unzip to your desktop. Run Avenger Read the prompt that appears, and press OK Copy & paste the following text in Input script Box: Drivers to delete: QuestService Service Files to delete: C:\Documents and Settings\All Users.WINDOWS\Application Data\QuestService\questservice129.exe C:\Program Files\QuestService\questservice.exe C:\Program Files\QuestService\questservice.dll C:\WINDOWS\23145078.dat C:\WINDOWS\23145078.exe C:\WINDOWS\29716671.dat C:\WINDOWS\29716671.exe C:\WINDOWS\4259687.dat C:\WINDOWS\4259687.exe C:\WINDOWS\683921.dat C:\WINDOWS\683921.exe Folders to delete: C:\Documents and Settings\All Users.WINDOWS\Application Data\QuestService C:\Program Files\QuestService Registry keys to delete: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Then click "Execute". You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot. Note: It is possible that Avenger will reboot your system TWICE. Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Attach that log here in your next post. ----------------------------------------------------------- Attach fresh logs for: Avenger (C:\avenger.txt) a-squared Free/Anti-Malware ISeeYouXP Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  9. Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  10. The installed version of Java on this computer is out-dated. Install Java Runtime Environment (JRE) 6u17 available from Sun Microsystems. ----------------------------------------------------------- Using Add or Remove Programs in the Control Panel; uninstall the following: ----------------------------------------------------------- Download Avenger from HERE and unzip to your desktop. Run Avenger Read the prompt that appears, and press OK Copy & paste the following text in Input script Box: Registry values to delete: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run | RegistryMonitor1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run | RegistryMonitor1 Registry keys to delete: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00A3C40 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00A7059 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00A7C89 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00AC039 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00D6152 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00E3C76 Files to delete: C:\WINDOWS\system32\__c00A3C40.dat C:\WINDOWS\system32\__c00A7059.dat C:\WINDOWS\system32\__c00A7C89.dat C:\WINDOWS\system32\__c00AC039.dat C:\WINDOWS\system32\__c00D6152.dat C:\WINDOWS\system32\__c00E3C76.dat C:\WINDOWS\system32\qtplugin.exe C:\WINDOWS\system32\SYSTEM C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\At10.job C:\WINDOWS\tasks\At100.job C:\WINDOWS\tasks\At101.job C:\WINDOWS\tasks\At102.job C:\WINDOWS\tasks\At103.job C:\WINDOWS\tasks\At104.job C:\WINDOWS\tasks\At105.job C:\WINDOWS\tasks\At106.job C:\WINDOWS\tasks\At107.job C:\WINDOWS\tasks\At108.job C:\WINDOWS\tasks\At109.job C:\WINDOWS\tasks\At11.job C:\WINDOWS\tasks\At110.job C:\WINDOWS\tasks\At111.job C:\WINDOWS\tasks\At112.job C:\WINDOWS\tasks\At113.job C:\WINDOWS\tasks\At114.job C:\WINDOWS\tasks\At115.job C:\WINDOWS\tasks\At116.job C:\WINDOWS\tasks\At117.job C:\WINDOWS\tasks\At118.job C:\WINDOWS\tasks\At119.job C:\WINDOWS\tasks\At12.job C:\WINDOWS\tasks\At120.job C:\WINDOWS\tasks\At13.job C:\WINDOWS\tasks\At14.job C:\WINDOWS\tasks\At15.job C:\WINDOWS\tasks\At16.job C:\WINDOWS\tasks\At17.job C:\WINDOWS\tasks\At18.job C:\WINDOWS\tasks\At19.job C:\WINDOWS\tasks\At2.job C:\WINDOWS\tasks\At20.job C:\WINDOWS\tasks\At21.job C:\WINDOWS\tasks\At22.job C:\WINDOWS\tasks\At23.job C:\WINDOWS\tasks\At24.job C:\WINDOWS\tasks\At25.job C:\WINDOWS\tasks\At26.job C:\WINDOWS\tasks\At27.job C:\WINDOWS\tasks\At28.job C:\WINDOWS\tasks\At29.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At30.job C:\WINDOWS\tasks\At31.job C:\WINDOWS\tasks\At32.job C:\WINDOWS\tasks\At33.job C:\WINDOWS\tasks\At34.job C:\WINDOWS\tasks\At35.job C:\WINDOWS\tasks\At36.job C:\WINDOWS\tasks\At37.job C:\WINDOWS\tasks\At38.job C:\WINDOWS\tasks\At39.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\At40.job C:\WINDOWS\tasks\At41.job C:\WINDOWS\tasks\At42.job C:\WINDOWS\tasks\At43.job C:\WINDOWS\tasks\At44.job C:\WINDOWS\tasks\At45.job C:\WINDOWS\tasks\At46.job C:\WINDOWS\tasks\At47.job C:\WINDOWS\tasks\At48.job C:\WINDOWS\tasks\At49.job C:\WINDOWS\tasks\At5.job C:\WINDOWS\tasks\At50.job C:\WINDOWS\tasks\At51.job C:\WINDOWS\tasks\At52.job C:\WINDOWS\tasks\At53.job C:\WINDOWS\tasks\At54.job C:\WINDOWS\tasks\At55.job C:\WINDOWS\tasks\At56.job C:\WINDOWS\tasks\At57.job C:\WINDOWS\tasks\At58.job C:\WINDOWS\tasks\At59.job C:\WINDOWS\tasks\At6.job C:\WINDOWS\tasks\At60.job C:\WINDOWS\tasks\At61.job C:\WINDOWS\tasks\At62.job C:\WINDOWS\tasks\At63.job C:\WINDOWS\tasks\At64.job C:\WINDOWS\tasks\At65.job C:\WINDOWS\tasks\At66.job C:\WINDOWS\tasks\At67.job C:\WINDOWS\tasks\At68.job C:\WINDOWS\tasks\At69.job C:\WINDOWS\tasks\At7.job C:\WINDOWS\tasks\At70.job C:\WINDOWS\tasks\At71.job C:\WINDOWS\tasks\At72.job C:\WINDOWS\tasks\At73.job C:\WINDOWS\tasks\At74.job C:\WINDOWS\tasks\At75.job C:\WINDOWS\tasks\At76.job C:\WINDOWS\tasks\At77.job C:\WINDOWS\tasks\At78.job C:\WINDOWS\tasks\At79.job C:\WINDOWS\tasks\At8.job C:\WINDOWS\tasks\At80.job C:\WINDOWS\tasks\At81.job C:\WINDOWS\tasks\At82.job C:\WINDOWS\tasks\At83.job C:\WINDOWS\tasks\At84.job C:\WINDOWS\tasks\At85.job C:\WINDOWS\tasks\At86.job C:\WINDOWS\tasks\At87.job C:\WINDOWS\tasks\At88.job C:\WINDOWS\tasks\At89.job C:\WINDOWS\tasks\At9.job C:\WINDOWS\tasks\At90.job C:\WINDOWS\tasks\At91.job C:\WINDOWS\tasks\At92.job C:\WINDOWS\tasks\At93.job C:\WINDOWS\tasks\At94.job C:\WINDOWS\tasks\At95.job C:\WINDOWS\tasks\At96.job C:\WINDOWS\tasks\At97.job C:\WINDOWS\tasks\At98.job C:\WINDOWS\tasks\At99.job C:\WINDOWS\Temp\fla11.tmp C:\WINDOWS\Temp\fla12.tmp C:\WINDOWS\Temp\fla1F.tmp C:\WINDOWS\Temp\fla23.tmp C:\WINDOWS\Temp\fla3.tmp C:\WINDOWS\Temp\fla8.tmp C:\WINDOWS\Temp\flaC.tmp C:\WINDOWS\Temp\flaD.tmp Folders to delete: C:\WINDOWS\system32\lowsec Then click "Execute". You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot. Note: It is possible that Avenger will reboot your system TWICE. Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Attach that log here in your next post. ----------------------------------------------------------- Attach fresh logs for: Avenger (C:\avenger.txt) a-squared Free/Anti-Malware ISeeYouXP HiJackFree Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  11. Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  12. The installed version of Java on this computer is out-dated. Install Java Runtime Environment (JRE) 6u17 available from Sun Microsystems. ----------------------------------------------------------- Using Add or Remove Programs in the Control Panel; uninstall the following: ----------------------------------------------------------- THe Win32kDiag log still show infected mountpoints. Go to start > run and copy and paste the following command in the field: "C:\Documents and Settings\Christine\desktop\win32kdiag.exe" -f -r This should restore permissions on locked files and remove mountpoints. It will save a report on the Desktop (Win32kDiag.txt). Attach that report on your next reply. ----------------------------------------------------------- Download -->> OTL <<-- to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. Attach both logs with your next reply.
  13. There is no need to reinstall your operating system. ----------------------------------------------------------- Download Avenger from HERE and unzip to your desktop. Run Avenger Read the prompt that appears, and press OK Copy & paste the following text in Input script Box: Files to delete: c:\program files\SGPSA\SearchAssistant.dll Folders to delete: c:\program files\SGPSA c:\ec9098043cea2d1b662bab9605\update c:\ec9098043cea2d1b662bab9605 Then click "Execute". You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot. Note: It is possible that Avenger will reboot your system TWICE. Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Attach that log here in your next post.
  14. The installer/Unistaller is corrupt for these: Hoyle Friday Night Poker HP Smart Web Printing Shop for HP Supplies HP Customer Participation Program 11.0 HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 HP Help and Support HP Photosmart Essential 3.0 RollerCoaster Tycoon 2 Triple Thrill Pack RollerCoaster Tycoon Deluxe ZoomText 8.1 The best way to handle them is to reinstall the software. They should uninstall cleanly after that. ----------------------------------------------------------- Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*). REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TBSB07396.TBSB07396Toolbar] Close Notepad. Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry. ----------------------------------------------------------- Unless you are having problems from Malware it is time to do the final steps. If you used ComboFix, uninstall ComboFix: Click START then RUN and enter the below into the run box and then click OK. (Use only the command of the same name as your copy of combofix.) AvoidTDSS /uninstall or combofix /uninstall or Combo-Fix /uninstall Note: The space before /uninstall, must be there. Which command you use depends on if I had you rename ComboFix during download. This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults. Delete everything in C:\!KillBox (If I didn't have you use KillBox, then this won't be present) Delete the following from your Desktop (If they exist) Avenger.exe Avenger.txt Avenger.zip CFscript.txt dds.scr dds.pif DisableAutoRuns.reg fixes.bat FixMe.reg FixReg.reg ISeeYouXP.exe ISeeYouXP.lnk ISeeYouXP.txt Win32kDiag.exe Win32kDiag.txt Anything else I had you use Delete the following files: (If they exist) C:\Avenger.txt C:\ComboFix.txt Delete the following folders: (If they exist) C:\Avenger C:\AvoidTDSSS C:\ComboFix C:\SDFix C:\Qoobox You can delete and uninstall any programs I had you download, that you do not wish to keep on the system. Empty the Recycle Bin Run CCleaner Turn off System restore to flush all your restore points then turn system restore back on. To manually turn off System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties. 2. Click the System Restore tab. 3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK. 4. Click Yes when you receive the prompt to the turn off System Restore. To turn on System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties. 2. Click the System Restore tab. 3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK. Delete C:\ISeeYouXP Run Windows Update and update your Windows Operating System. Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated. That should take care of everything. Safe Surfing!
  15. Your logs look fine. Unless you are having problems from Malware it is time to do the final steps. If you used ComboFix, uninstall ComboFix: Click START then RUN and enter the below into the run box and then click OK. (Use only the command of the same name as your copy of combofix.) AvoidTDSS /uninstall or combofix /uninstall or Combo-Fix /uninstall Note: The space before /uninstall, must be there. Which command you use depends on if I had you rename ComboFix during download. This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults. Delete everything in C:\!KillBox (If I didn't have you use KillBox, then this won't be present) Delete the following from your Desktop (If they exist) Avenger.exe Avenger.txt Avenger.zip CFscript.txt dds.scr dds.pif DisableAutoRuns.reg fixes.bat FixMe.reg FixReg.reg ISeeYouXP.exe ISeeYouXP.lnk ISeeYouXP.txt Win32kDiag.exe Win32kDiag.txt Anything else I had you use Delete the following files: (If they exist) C:\Avenger.txt C:\ComboFix.txt Delete the following folders: (If they exist) C:\Avenger C:\AvoidTDSSS C:\ComboFix C:\SDFix C:\Qoobox You can delete and uninstall any programs I had you download, that you do not wish to keep on the system. Empty the Recycle Bin Run CCleaner Turn off System restore to flush all your restore points then turn system restore back on. To manually turn off System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties. 2. Click the System Restore tab. 3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK. 4. Click Yes when you receive the prompt to the turn off System Restore. To turn on System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties. 2. Click the System Restore tab. 3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK. Delete C:\ISeeYouXP Run Windows Update and update your Windows Operating System. Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated. That should take care of everything. Safe Surfing!
  16. Your logs look fine. Unless you are having problems from Malware it is time to do the final steps. If you used ComboFix, uninstall ComboFix: Click START then RUN and enter the below into the run box and then click OK. (Use only the command of the same name as your copy of combofix.) AvoidTDSS /uninstall or combofix /uninstall or Combo-Fix /uninstall Note: The space before /uninstall, must be there. Which command you use depends on if I had you rename ComboFix during download. This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults. Delete everything in C:\!KillBox (If I didn't have you use KillBox, then this won't be present) Delete the following from your Desktop (If they exist) Avenger.exe Avenger.txt Avenger.zip CFscript.txt dds.scr dds.pif DisableAutoRuns.reg fixes.bat FixMe.reg FixReg.reg ISeeYouXP.exe ISeeYouXP.lnk ISeeYouXP.txt Win32kDiag.exe Win32kDiag.txt Anything else I had you use Delete the following files: (If they exist) C:\Avenger.txt C:\ComboFix.txt Delete the following folders: (If they exist) C:\Avenger C:\AvoidTDSSS C:\ComboFix C:\SDFix C:\Qoobox You can delete and uninstall any programs I had you download, that you do not wish to keep on the system. Empty the Recycle Bin Run CCleaner Turn off System restore to flush all your restore points then turn system restore back on. To manually turn off System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties. 2. Click the System Restore tab. 3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK. 4. Click Yes when you receive the prompt to the turn off System Restore. To turn on System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties. 2. Click the System Restore tab. 3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK. Delete C:\ISeeYouXP Run Windows Update and update your Windows Operating System. Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated. That should take care of everything. Safe Surfing!
  17. If you have a problem with what is being blocked by the Surf Protection module of the Malware-IDS feature of a-squared Anti-Malware, then take it up with the hpHosts Project management. Otherwise you have a choice. Disable Surf Protection or leave it enabled. Set it to alert whenever Surf Protection blocks a site and requests what action to take; modify the rule for a blocked site in the Surf Protection module. The vast majority of what is found on torrent sites is pirated software, movies, and music. Most of which comes packaged with malware. You want to engage in illegal activity don't discuss it here. The hpHosts project currently lists more than 130,000 sites, that are engaged in activity that is deemed malicious, immoral, or illegal. The hpHost project is a private project, managed by a private individual. Who makes the database available to other projects, security companies and other private individuals. If you have a problem with what is currently listed in the hpHosts Project, take it up with them. You can request a review of the site status by the hpHosts project. However, if you are not the owner of the site in question, don't expect a response from the hpHosts Project management. hpHosts Support Forums I consider this subject closed to further discussion. THREAD CLOSED
  18. Open notepad Copy and Paste the below lines of code to notepad: @echo off copy C:\WINDOWS\ServicePackFiles\i386\dumprep.exe c:\dumprep.exe copy C:\WINDOWS\system32\logevent.dll c:\eventlog.dll copy C:\WINDOWS\ServicePackFiles\i386\netstat.exe c:\netstat.exe Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your Desktop. Double-click on fixes.bat to execute it. ----------------------------------------------------------- Download Avenger from -->> HERE <<-- and unzip to your desktop. Run Avenger Read the prompt that appears, and press OK Copy & paste the following text in Input script Box: Files to delete: C:\WINDOWS\system32\dumprep.exe C:\WINDOWS\system32\eventlog.dll C:\WINDOWS\system32\netstat.exe Files to move: C:\dumprep.exe | C:\WINDOWS\system32\dumprep.exe C:\eventlog.dll | C:\WINDOWS\system32\eventlog.dll C:\netstat.exe | C:\WINDOWS\system32\netstat.exe Then click "Execute". You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot. Note: It is possible that Avenger will reboot your system TWICE. Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post. ----------------------------------------------------------- Go to start > run and copy and paste the following command in the field: "%userprofile%\desktop\win32kdiag.exe" -f -r This should restore permissions on locked files and remove mountpoints. ----------------------------------------------------------- Post fresh logs for: Avenger (C:\avenger.txt) Win32kDiag a-squared Free ISeeYouXP Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  19. Everything looks good. How are things running?
  20. Run OTL.exe Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL :OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) SRV - (ACDaemon) -- File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - No CLSID value found. :Files C:\WINDOWS\*.tmp C:\WINDOWS\System32\*.tmp :Commands [purity] [emptytemp] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Don't check the boxes beside LOP Check or Purity this time ----------------------------------------------------------- Which programs will not uninstall? In the ISeeYouXP Folder is a batch file named GetUnKeys.bat. Double-click GetUnKeys.bat to run. GetUnKeys will produce a log file located at C:\GetUnKeys.txt. ----------------------------------------------------------- Attach the following logs: OTL GetUnKeys
  21. Create a password protected Zip of the autorun.inf and attach the newly created archive. PM me the password for the zip archive. Anything in Symantec Quarantine is inactive as well as anything in System Restore.
  22. There should be no need to delete anything, after the Java cache was cleared. Is A2 still detecting those items?
  23. Allow a-squared to quarantine the following: c:\program files\funwebproducts detected: Trace.Directory.FunWebProducts!A2 c:\program files\funwebproducts\screensaver detected: Trace.Directory.MyWebSearch Toolbar!A2 c:\program files\funwebproducts\screensaver\images detected: Trace.Directory.MyWebSearch Toolbar!A2 c:\program files\mywebsearch\bar detected: Trace.Directory.MyWebSearch Toolbar!A2 c:\program files\mywebsearch\bar\history detected: Trace.Directory.MyWebSearch Toolbar!A2 c:\program files\mywebsearch\bar\settings detected: Trace.Directory.MyWebSearch Toolbar!A2 c:\program files\mywebsearch detected: Trace.Directory.MyWebSearchToobar!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} detected: Trace.Registry.MyWebSearch!A2 c:\program files\mywebsearch\bar\settings\s_pid.dat detected: Trace.File.MyWebSearch Toolbar!A2 Key: HKEY_CLASSES_ROOT\interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} detected: Trace.Registry.FunWebProducts!A2 Key: HKEY_LOCAL_MACHINE\software\fun web products detected: Trace.Registry.FunWebProducts!A2 Value: HKEY_USERS\S-1-5-21-213363457-4046410354-1965430958-1000\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> DisplayName detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_USERS\S-1-5-21-213363457-4046410354-1965430958-1000\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> URL detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> aim.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> icq.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> icqlite.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> incmail.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msimn.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msmsgs.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msn.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msnmsgr.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> mwsSrcAs.dll detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> outlook.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> waol.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> ypager.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 --> AppName detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 --> Toolbar detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\ScreenSaver --> ImagesDir detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyFreqNone detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyFreqUninstalled detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextNone.0 detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextNone.numActive detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextUninstalled.0 detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextUninstalled.numActive detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.1 detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.2 detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.numActive detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.numActive2 detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> DisplayName detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> URL detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> CurInstall detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> Dir detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> HistoryDir detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> Id detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> pid detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> pl detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> SettingsDir detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> sr detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> CurInstall detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> esh detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> Id detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> lsp detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> pid detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> pl detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> sr detected: Trace.Registry.MyWebSearch Toolbar!A2 Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} detected: Trace.Registry.MyWebSearchToobar!A2 Key: HKEY_CLASSES_ROOT\interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} detected: Trace.Registry.MyWebSearchToobar!A2 Key: HKEY_USERS\S-1-5-21-213363457-4046410354-1965430958-1000\software\mywebsearch detected: Trace.Registry.MyWebSearchToobar!A2 Key: HKEY_LOCAL_MACHINE\software\mywebsearch detected: Trace.Registry.MyWebSearchToobar!A2 C:\Windows.old\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe/PPCToolbar.dll detected: Riskware.AdWare.Win32.Agent!IK C:\Windows.old\Program Files\Online Services\PeoplePC\ISP5900\Dll\CRYPTO.DLL detected: Win32.SuspectCrc!IK C:\Windows.old\Users\test\AppData\Local\CurseClient\wowdb.dll detected: Trojan-Dropper!IK That's all you need to do. Your logs show nothing else of concern.
  24. Run OTL.exe Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL :OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) SRV - (winvnc) -- File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O4 - Startup: C:\Documents and Settings\Jen\Start Menu\Programs\StartUp\SyncBackSE.lnk = C:\Program Files\SyncBackSE\SyncBackSE.exe File not found O32 - AutoRun File - [2004/08/04 06:00:00 | 00,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] :Files C:\WINDOWS\*.tmp C:\WINDOWS\System32\*.tmp C:\WINDOWS\System32\drivers\*.tmp C:\Program Files\error.dat :Commands [purity] [emptytemp] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Attach the new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  25. The installed version of Java on this computer is out-dated. Install Java Runtime Environment (JRE) 6u17 available from Sun Microsystems. ----------------------------------------------------------- Using Add or Remove Programs in the Control Panel; uninstall the following: ----------------------------------------------------------- Antivirus Tools Cannot Clean Infected Files in the System Restore Folder. The System Restore feature in Windows protects all folders and files in the System Restore folder on the Windows partition. This folder and all of its subfolders are the data store that the System Restore feature uses to restore your computer's operating system to a previous state from a previous point in time. Although some antivirus programs may have the ability to work with files that have been compressed or stored in .zip or .cab file format, the System Restore feature does not permit these utilities to manipulate these files within the data store. The data store is protected for data integrity purposes, and the System Restore feature is the only method you can use to obtain access to the data store. Because of this, the antivirus program is unable to remove the virus from the file or files in the data store. The files in the data store are inactive and can be used only by the System Restore feature. ----------------------------------------------------------- Turn off System restore to flush all your restore points then turn system restore back on. To manually turn off System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties. 2. Click the System Restore tab. 3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK. 4. Click Yes when you receive the prompt to the turn off System Restore. To turn on System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties. 2. Click the System Restore tab. 3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK. ----------------------------------------------------------- Otherwise your logs show no malware
×
×
  • Create New...