hounddogg

tmpassthru ?

19 posts in this topic

HI I have the eek log otl txt & extras txt. in my documents but am not sure how to paste them.I apologize for my lack of knowlege.

hope this is correct.

1

Share this post


Link to post
Share on other sites

The Sygate Personal Firewall (SPF) is no longer in development and is nolonger support by Symantec. I highly recommend that you replace SPF with another firewall ASAP. Online Armor Personal is a very good firewall and is free.

Do not run any of the files we ask you to download from their zip archives. Always extract the files to the location we specified in the instructions and then run them.

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java:

  • Download the latest version of JRE 7 Update 3.
  • Click the "Download JRE" button to the right.
  • Accept the license agreement.
  • Click on the download link for your system and save it to your desktop.
    Windows x86 Offline (jre-7u3-windows-i586.exe)
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista/7 users, right click on the JRE download and select "Run as an Administrator.")

Using Add or Remove Programs in the Control Panel; uninstall the following:

Java(TM) 6 Update 31
Java(TM) 6 Update 7

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [EmptyJava]
    [ResetHosts]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done.

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1

Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

  • ComboFix (C:\combofix.txt)
  • OTL (C:\_OTL)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

0

Share this post


Link to post
Share on other sites

I cannot stop microsoft security essentials.right clicking the icon in the system tray only gives an option to open so I tried to uninstall with add and remove programs and received error code 0x80070656 uninstaller can't continue, I then tried revo and got the same message.

Sorry disregard I didn't see the help link for disabling anti virus I now have real time protection disabled.

0

Share this post


Link to post
Share on other sites

Just run ComboFix anyway.

0

Share this post


Link to post
Share on other sites

ran combo fix and it found rootkit zero access inserted itself in tcp/ip stack. once fineshed scanning and after reboot

I now have no internet access.ran combo fix again as per it's instructions if I can't connect and still no internet.

Windows utility says it cannot renew my ip adress.

0

Share this post


Link to post
Share on other sites

Close all windows

Do the following:

Start -> Run

type cmd

Click "OK"

The Command Console will open

Enter the following commands, at the Command Prompt. Commands must be entered exactly as shown.

Press the Enter Key after each command. Wait for each command to finish before proceeding to the next command.

netsh int ip reset reset.log
netsh winsock reset catalog
ipconfig /flushdns
exit

Re-boot your PC.

Did that fix the Internet access?

0

Share this post


Link to post
Share on other sites

Read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    tdss2.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
      Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.

    [*]Click Continue to apply selected actions.

    [*]A reboot may be required to complete disinfection. A window like the below will appear:

    tdss6.jpg

    Reboot immediately if TDSSKiller states that one is needed.

    [*]Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.

    [*]Attach this log to your next reply.

0

Share this post


Link to post
Share on other sites

You did not follow any of of the instructions for outdated software, in post #2 of this thread. Using SPF is not doing you any good as it is outdated and End-of-life by Symatec nearly 5 years now. Replace your firewall.

The version of Java installed on your computer is not compatable with Firefox 5 and up. You must use JRE 7 with Firefox 5 and up. Old versions of java must be removed or your system will be vulnerable to attack.

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    DRV - (TMPassthruMP) -- C:\WINDOWS\system32\drivers\TMPassthru.sys (Trend Micro Inc.)
    DRV - (TMPassthru) -- C:\WINDOWS\system32\drivers\TMPassthru.sys (Trend Micro Inc.)
    IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [EmptyJava]
    [ResetHosts]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

0

Share this post


Link to post
Share on other sites

I have followed the link you provided for Java in post #2 it downloads Java 7 update 3 as well as Java FX 2.0.3 as it did the first time I tried.Am I doing something wrong here?

My pc seems to be running fine although now when I reboot I see a black screen with several options very briefly just before windows starts ,which I did not see before.

0

Share this post


Link to post
Share on other sites
I have followed the link you provided for Java in post #2 it downloads Java 7 update 3 as well as Java FX 2.0.3 as it did the first time I tried.Am I doing something wrong here?
Don't worry about that for now, we'll address that before we finish.
My pc seems to be running fine although now when I reboot I see a black screen with several options very briefly just before windows starts ,which I did not see before.
That is normal, as ComboFix added SafeBoot to the startup options.

Switching tools.

Download:

- ISeeYouXP by ShadowPuterDude

Double-click ISeeYouXP.exe, ISeeYouXp will be extracted to C:\ISeeYouXP; and a shortcut to ISeeYouXP.bat will be placed on the Desktop.

Double-click the ISeeYouXP shortcut to run ISeeYouXP.

Possible Error Messages

  • If your ISeeYouXP.txt log appears to be empty or semi-empty or you get an error message similar to the below when running ISeeYouXP.bat and you are running Windows XP or Windows 2000, follow the steps further down that relate to your OS
    C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Window applications.
    To fix the above error message, choose the download below which is appropriate for your system
    • For Windows XP Pro: download and run: XPproFix
    • For Windows XP Home: download and run: XPHomeFix
    • For Windows 2000: download and run: W2KFix

    Then run ISeeYouXP.bat again and attach the log.

    [*]A possible second type of error message may occur as shown in the quote box below! If you get either of these two messages, perform the Resolution steps given in this: Virtual Device Driver Error Message in 16-Bit MS-DOS Subsystem

16 bit MS-DOS Subsystem

drive:\program path

XXXX. An installable Virtual Device Driver failed DLL initialization. Choose 'Close' to terminate the application.

-or-

16 bit MS-DOS Subsystem

drive:\program path

SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers. VDD. Virtual Device Driver format in the registry is invalid. Choose 'Close' to terminate the application.

After attempting to fix the above errors, run ISeeYouXP.bat and attach the log.

IMPORTANT NOTE:

Vista Users

UAC must be turned off to run this script.

Turning Off/On UAC in Vista

1. Open the Control Panel.

2. Under User Account and Family settings click on the "Add or remove user account".

3. Click on your user account.

4. Under the user account click on the "Go to the main User Account page" link.

5. Under "Make changes to your user account" click on the "Change security settings" link.

6. In the "Turn on User Account Control (UAC) to make your computer more secure" click to unselect the "Use User Account Control (UAC) to help protect your computer". Click on the Ok button.

7. You will be prompted to reboot your computer. Do so.

In order to re-enable UAC just select the above checkbox and reboot.

To Run ISeeYouXP right-click on the batch file and select "Run as Administrator"

0

Share this post


Link to post
Share on other sites

OK, JRE 7 is installed. Your logs look fine.

Unless you are having problems, it is time to do the final steps.

Now to remove most of the tools that we have used in fixing your machine:

  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

Delete everything in C:\!KillBox (If I didn't have you use KillBox, then this won't be present)

Delete the following from your Desktop (If they exist)

ISeeYouXP.exe

ISeeYouXP.lnk

ISeeYouXP.txt

TDSSKiller.exe

Anything else I had you use

Delete the following files: (If they exist)

C:\ComboFix.txt

Delete the following folders: (If they exist)

C:\ComboFix

C:\Qoobox

Empty the Recycle Bin

Download to your Desktop:

- CCleaner Portable

  • UnZip CCleaner Portable to a folder on your Desktop named CCleaner

Run CCleaner

  • Open the CCleaner Folder on your Desktop and double click CCleaner.exe (32-bit) or CCleaner64.exe (64-bit)
  • The following should be selected by default, if not, please select:
    4l5a4i.png
  • Click 16jox2o.png and choose 5x3nu8.gif
  • Uncheck amuvj8.gif
  • Then go back to 2jb4qyb.gif and click nf47ev.gif to run it.
  • Exit CCleaner.

Turn off System restore to flush all your restore points then turn system restore back on. See How To Enable and Disable System Restore.

Inside the ISeeYouXP folder, locate and double-click HideIT.bat (C:\ISeeYouXP\HideIT.bat). This will return viewing of Hidden and System Files and Folders to the default settings.

Delete C:\ISeeYouXP

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Run Windows Update and update your Windows Operating System.

Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

Articles to read:

How to Protect Your Computer From Malware

How to keep you and your Windows PC happy

Web, email, chat, password and kids safety

10 Sources of Malware Infections

That should take care of everything.

Safe Surfing!

0

Share this post


Link to post
Share on other sites

I am not able to delete c:/ qoobox . access is not permitted make sure the disk is not full or write protected and that the file is currently not in use.

0

Share this post


Link to post
Share on other sites

You will need to take ownership of the folder.

Windows XP Home Edition

  • Boot to Safe Mode

Windows XP Professional

  • Disable Simple File Sharing
    1. Click Start, and then click My Computer.
    2. On the Tools menu, click Folder Options.
    3. Click the View tab.
    4. In the Advanced Settings section, click to clear the Use simple file sharing (Recommended) check box.
    5. Click OK.

To take ownership of a file or a folder

How to take ownership of a file

You must have ownership of a protected file in order to access it. If another user has restricted access and you are the computer administrator, you can access the file by taking ownership.

To take ownership of a file, follow these steps:

  1. Right-click the file that you want to take ownership of, and then click Properties.
  2. Click the Security tab, and then click OK on the Security message (if one appears).
  3. Click Advanced, and then click the Owner tab.
  4. In the Name list, click Administrator, or click the Administrators group, and then click OK.
    The administrator or the administrators group now owns the file.

To change the permissions on the file that you now own, follow these steps:

  1. Click Add.
  2. In the Enter the object names to select (examples) list, type the user or group account that you want to have access to the file. For example, type Administrator.
  3. Click OK.
  4. In the Group or user names list, click the account that you want, and then select the check boxes of the permissions that you want to assign that user.
  5. When you are finished assigning permissions, click OK.
  6. You can now access the file.

How to take ownership of a folder

You must have ownership of a protected folder in order to access it. If another user has restricted access and you are the computer administrator, you can access the folder by taking ownership.

To take ownership of a folder, follow these steps:

  1. Right-click the folder that you want to take ownership of, and then click Properties.
  2. Click the Security tab, and then click OK on the Security message (if one appears).
  3. Click Advanced, and then click the Owner tab.
  4. In the Name list, click your user name, or click Administrator if you are logged in as Administrator, or click the Administrators group. If you want to take ownership of the contents of the folder, select the Replace owner on subcontainers and objects check box.
  5. Click OK, and then click Yes when you receive the following message:
    You do not have permission to read the contents of directory folder name. Do you want to replace the directory permissions with permissions granting you Full Control?
    All permissions will be replaced if you click Yes.
    Note folder name is the name of the folder that you want to take ownership of.
  6. Click OK, and then reapply the permissions and security settings that you want for the folder and its contents.

You should now be able to delete C:\qoobox

0

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

0

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.