Avira Malwarebytes and SuperAntiSpy helped, am I clear?

By Dadof3
Nov 11, 2009
  1. SuperAntiSpy found over 80 problems and fixed them, then Alvira found some that sounded similar, then Malwarebytes removed about 120 do I attach the log files? the paper clip above nor the attach files below is active for me to select?
  2. raybay

    raybay TS Evangelist Posts: 7,241   +9

    Run MalwareBytes again while in <Safe Mode>.

    Then run HiJackThis and send us that log.
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Dad, after 46 posts here, you should have learned how to attach a log:

    Go to the Reply Box and click on Go to Advanced
    Start your message
    • Scroll down until you see a button Manage Attachments.
    • Click on that and a popup-window opens.
    • Click on the Browse button, find the HijackThis.log file, or whatever file you`re trying to attach on your PC and doubleclick on it.
    • Now click on the Upload button in the popup.
    • When done, click on the Close this window button.
    • Finish your message-text, then click on Submit Message.

    Please Note: you can attach more than one file to a post by repeating the above steps.

    The above quotebox also applies to posting other log files as well.

    Safe Mode has nothing to do with it. Run the programs as instructed HERE.
    Attach the 3 logs.
  4. Dadof3

    Dadof3 TS Rookie Topic Starter Posts: 67

    Big problems

    All of a sudden, the internet started opening up windows with that same fake Security Site, I am unable to start in safe mode, AND, it wont let me open/run Avira, I cant run Maleware program, and cant run SuperAntiSpy....I can open the internet, but I am afraid it is spreading throughout my computer. I am sending this message from my other sons laptop. I can run Hijack this, but unable to make changes....What can I do?
  5. Dadof3

    Dadof3 TS Rookie Topic Starter Posts: 67

    No checkbox to attach files under additional options

    Maybe its the version of I.E. 6.0 or ?? but on my other computers running XP or later, there is a box to check and attach files...but no manage attachements here on this version....only a description of the types of files that can be attached...

    Ran Combo-Fix and have a log.....

    Ran Kaspersky and have a report

    Ran Hijack this and have a log file....

    How can I relay them to you for review??

    Thank you!!
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Click on Go Advanced on the bottom right of the message box
    • Scroll down below the message box until you see the section called Additional Options
    • First section is titled Miscellaneous Options
      [o]Automatically parse links in text
      [o]Disable smilies in text
    • Below that is section titled Attach Files showing the following list of valid file extensions>
      [o]Valid file extensions: bmp dmp doc gif jpe jpeg jpg log pdf png psd txt zip
      [o] Box named Manage Attachments is below that line.
    • Click on Manage Attachments
    • Browse to location of each log in your system and attach. do same for each log.

    You have first got to click on Go Advance before these options become available to you. I went through the entire User Control Panel and didn't see any setting available to change this section.

    If you still can't see it, I'll have a moderator check.
  7. Dadof3

    Dadof3 TS Rookie Topic Starter Posts: 67

    Hijackthis Log, ComboFix, Kaspersky, Malewarebytes

    After running ComboFix, and it made its fixes, I was then able to run SuperAntiSpy and then Malewarebytes....logs attached (all ziped). I was not able to attach files from that older desktop, so I emailed them to myself and now able to attach from the laptop that runs a newer operating system and newer version of I.E.

    While sending this to you, I am running Avira and it also is still finding virus/trojans....

    I dont keep the infected computer tied to the internet now (only for short durations) so that it wont re-install the viruss that I have been able to kill thus far...but there must be some underlying problem that keeps releasing the same ones over again...

    Thanks for your help
  8. raybay

    raybay TS Evangelist Posts: 7,241   +9

    Have you run MalwareBytes and Avira or Avast in SAFE MODE?
  9. kritius

    kritius TS Guru Posts: 2,084

    That should have been what you picked up on raybay.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Father, unless you handle the following, there is no point in attempting a cleaning:

    You have multiple antivirus programs running.

    Symantec-SNDMon.exe>> Part of Symantec's LiveUpate (eg, Norton).
    AVG v7: support for this version ended a long time ago.
    Avira- version unknown

    You should decide which you want to keep and remove the others because:
    • Multiple antivirus programs can cause conflicts that may leave the system more vulnerable.
    • Multiple antivirus programs can also slow down the system.[/b]

    You are way behind in Windows Update. Current SP for Windows XP is #3
    You have Platform: Windows XP SP1 (WinNT 5.01.2600)

    You have also run an old version of HijackThis, v1.9.9. Current version is v2.0.2, the link given in the virus and malware cleaning steps. Additional malware may be found in the current version.

    You did not disable TeaTimer before scanning. Temporarily disabling Real Time Protection is found in Step 3 of the removal thread.

    P2P or 'file sharing: P2P Warning:
    I see that you are running LimeWire, a P2P program
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall LimeWire for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.

    The AdAware antimalware program you are running is v7- that is out of date. That means you won't get current updates.

    Kaspersky has found the following malware:
    not-a-virus:FraudTool.Win32.AVPlus.d>>>> also known as This was found in the backup files.>>>> this is a harmful backdoor Trojan that uses stealth techniques to remain undetected on an infected computer or network.

    You should not have run Combofix without a helper telling you to do so and guiding you through it.

    You've had a DNS Charger infection which will require a router resetting.

    So "are you clear"- sorry, not even close

    Do you want to reformat/reinstall or do all the updating, then attempt cleaning?

    Edit to add: you also have a significan number of Vundo entries remaining.
  11. Dadof3

    Dadof3 TS Rookie Topic Starter Posts: 67

    Updated HJT and removed several programs

    Thank you for your reply.

    This is one of my sons computers....he told me that he had an updated version of windows service pack for his computer that was not compatible or gave him problems, so he reverted back to an older version that worked for him...

    I removed the older redundant versions of AVG...had a succesful evening of running maleware removal (see log attached) updated the version of HJT to the current version (again this is an older computer of my sons)...ran Avira and all gave me no virus found....

    Please take a look at the newly attached log files and let me know if the progress made was significant (or atleast enough to keep him safe for the time being, until we can affoard to buy him a new laptop for college)


    p.s... he asked me not to remove the limewire program until he gets home for the weekend...I told him of the problems and he aggrees to do so....
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    We'll see what we can do. Do you know if he's using a legitimate copy of the operating system. If he's not, that would account for a lot.

    As for the updates, some users had problem with SP3 and you can put any SP on a system that not clean and ready. But he needs to get at least SP2 and the updates since.

    You need to update Java to v6u17 and remove the earlier version as it is a vulnerability.
    Update here:

    Remove the remaining Norton/Symantec files using Norton Removal Tool.

    Please scan with Kaspersky again- need to know if the worms wiggled out:
    Kaspersky Online Scanner in Internet Explorer

    • Click Accept and the web scanner will begin to load
    • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
    • You will be prompted to install an ActiveX component from Kaspersky, click Install
    • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT and then Scan Settings
    • In the scan settings make that the following are selected:
      [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
      [o] Scan Options: Scan Archives> Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      [o] Select My Computer
    • The program will start to scan your system.
    • Once the scan is complete, click on the Save as Text button and save the file to your desktop
    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

    So give me another log for Kaspersky. We'll go from there.
  13. Dadof3

    Dadof3 TS Rookie Topic Starter Posts: 67

    Kaspersky Text File

    The operating system is legitimate (came with the hardware at purchase from manufacturor).

    I updated Java as instructed and removed the old version.

    I uninstalled Norton remnants with the website and instructions provided.

    Kaspersky file attached...
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Your son is paying a price for LimeWire:

    C:\Documents and Settings\Joseph\My Documents\PaulsMusic4\10 Billy Joel - Leave A Tender Moment.wma' Infected: Trojan-Downloader.WMA.Wimad.u

    C:\Documents and Settings\Joseph\My Documents\PaulsMusic4\Murray Head - One Night in Bankok.wma Infected: Trojan-Downloader.WMA.Wimad.u

    From Microsoft:
    Trying to patch his system isn't worth the effort if he continues with the music sharing. And you ran Avira and it came up clean! Update it and run it again. If it still misses these infections, you need to get rid of it and put something else on the system.

    One is quarantined and you can delete it:
    C:\Qoobox\Quarantine\C\Program Files\Common Files\ECURIT~1\wοwexec.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.ic

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    See this for guidance in 'Deleting the Harmful Files"

    For this

    In Windows Explorer: Click on Tools> Folder Options> View tab> CHECK 'show hidden files and folders'> UNCHECK 'hide protected system files'> Apply> OK.

    Step 1 : Use Windows Task Manager to Remove Processes
    Remove the "" processes files:
    %Temp%\a.exe  (C:\Users\(username)
    %Windir%\msa.exe   (C:\Windows)
    Backup Registry before doing Step 2:
    Step 2 : Use Registry Editor to Remove Registry Values
    Locate and delete "" registry entries:
    Step 3 : Detect and Delete Other Files
    Remove the "" processes files:
    %Temp%\a.exe  (C:\Users\username)
    %Windir%\msa.exe   (C:\Windows)
    Use Add/Remove Programs to uninstall the program beginning with 'ECRUIT'

    Then use Windows Explorer to delete the program folder which begins with the letters 'ECRUIT.'

    Go back and hide the files and folders.
    Empty the Recycle Bin

    Let me know how it goes.
  15. Dadof3

    Dadof3 TS Rookie Topic Starter Posts: 67



    I removed the Quarantined object from the past and followed your instructions...there was no process running under Task Manager as you had described in the 4 file codes....

    Also, in Regedit, I could not find any of the 3 items you listed hunder Hkey-Current_User\Software....

    There were no programs to remove beginning with "ECRUIT"

    I updated Avira, re-ran and it did not find any virus...also re-ran Malewarebytes and SuperAntiSpy and found no problems at all...

    However, when I re-ran Kaspersky...found what is listed below...

    KASPERSKY ONLINE SCANNER 7.0: scan report
    Monday, November 16, 2009
    Operating system: Microsoft Windows XP Home Edition Service Pack 1 (build 2600)
    Kaspersky Online Scanner version:
    Last database update: Monday, November 16, 2009 22:18:59
    Records in database: 3226322

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:

    Scan statistics:
    Objects scanned: 88704
    Threats found: 1
    Infected objects found: 1
    Suspicious objects found: 0
    Scan duration: 02:02:25

    File name / Threat / Threats count
    C:\WINDOWS\SYSTEM32\ruvaluno.exe Infected: 1

    Selected area has been scanned.

    What else can we try?? Or what am I doing wrong? Booted in Safe Mode, I checked show hidden files and folders as well as unchecked hide protected system directed.

    Thanks again for your assistance.

    Logged in on sons computer so I am unable to attach text files (must be a function of the old operating system) sorry for the long paste below of the Hijact this logfile.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:46:30 PM, on 11/16/2009
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =*
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {05842B0C-271B-412F-958F-D1A8F6CAD937} (ClickLoan Control) -,0,0,12/
    O16 - DPF: {56BCB794-783A-48F1-A4C2-110F32371830} (ContClickLoan Control) -,0,0,14/
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
    O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) -,0,0,12/
    O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} -
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    End of file - 6792 bytes
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Dad, you loading this file on startup:

    O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart

    The description of this program from it's home site is that it
    It's possible that it's removing files that we need to see. I'd like you to remove it from Startup for now:

    Click on Start> Run> type in msconfig> enter Selective Startup> Startup tab> find the process and UNCHECK it> Apply> OK.

    Now Reboot. NOTE: you will get a nag message that you can ignore and close after checking 'don't show this message again.' Stay in Selective Startup.

    It al so appears that he has a Dell Machine, but some HP either software or hardware. Additionally, he has BCMSMMSG.exe> Related to Pinnacle_Systems Inc. USB Tip USB hardware. So it appears the flash drive is connected.

    My point is- I don't know where the weak spot it. I'd like you to run Combofix again: First>> do a right click> delete on the Combofix exe file on your desktop, then run the programs again:
    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Run Combo-Fix.exe and follow the prompts.
      (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)


    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Then attach the report to next reply.
  17. Dadof3

    Dadof3 TS Rookie Topic Starter Posts: 67

    maybe combofix got it!!

    Re-ran combo fix per your reccomendation...
    It found and repaired an infected windows\system32\qmgr.dll

    Do you want me to run Kaspersky again to verify?

    Thanks again

    Attached Files:

  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Yes. But you need to do two things first:

    1. Click on Start> Run> type in services.msc> double click on Background Intelligent Transfer Service (BITS)> set Startup type to Manual if it is set to Automatic> Stop the Service> Reboot.

    2. Update Kaspersky before scan:
    To update the database manually:
    • Click the Refresh button in the Kaspersky Online Scanner 7.0 window.
    • Kaspersky Online Scanner 7.0 checks for the program and database updates and downloads and installs them.
    • Run the scan

    Attach the log.
  19. Dadof3

    Dadof3 TS Rookie Topic Starter Posts: 67

    still have

    unfortunately, it did not work, after re-running Kaspersky, it found the same single infection as before,

    ugg, any new suggestions?

  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Is it still showing here:

    C:\WINDOWS\SYSTEM32\ruvaluno.exe Infected:

    If you look at the Combofix report, you can see that he has entries from 2002,2003, 2004 still on the system. One set is a 'try and buy' multiple times.

    I know you're trying to clean this up until he gets a new system-but-the system needs to be wiped and reinstalled.

    I'm going to ask someone else to check this and see if he thinks there is a 'cure.'
  21. Dadof3

    Dadof3 TS Rookie Topic Starter Posts: 67

    lets keep trying

    I appreciate your efforts...Lets try what we can. Maybe someone can give us something new to try that may help us...the computer seems to be working, just know there is still something out there waiting to pray on the system...

    Thank you, standing-by.
  22. kritius

    kritius TS Guru Posts: 2,084

    Delete current copy of ComboFix, redownload a fresh one, post the log here.
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thanks kritius.

    Dad, do a right click> Delete on the Conbofix report on the desktop, then rerun the program.

    You are in good hands.
  24. Dadof3

    Dadof3 TS Rookie Topic Starter Posts: 67

    Combo Fix Log attached

    Thank you for reviewing the situation.

    Deleted, re-installed, re-ran...log attached.

    Attached Files:

    • log.txt
      File size:
      20.2 KB
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Dad, I'll wait for kritius to review the Combofix log, but I noticed this recent activity. It would be a good idea if you did not install any programs while cleaning. Each has a potential for bringing in new malware, especially gaming sites..

    2007-08-30 01:31 -------- d-----w- c:\program files\Full Tilt Poker.Net

    2009-11-18 02:35 -------- d-----w- c:\documents and settings\Joseph\Local Settings\Application Data\FullTiltPoker
    2009-11-20 06:33 -------- d-----w- c:\program files\Full Tilt Poker
    2009-11-18 01:01 31501742 ----a-w- C:\FullTiltSetup.exe
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...