also @ TechSpot: Congress pressures Google on Glass privacy concerns

*Infected* rootkit.0access Trogens:Win32:Kryptik-KEG/zeroaccess/.FakeMS/.Delf/enchanim.gePUM.Hijack

Discussion in 'Virus and Malware Removal' started by herewegoagain, Oct 16, 2012.

Post New Reply
Page 2 of 3

  1. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Yes it is. :)
    Jay Pfoutz, Oct 19, 2012
    #21

  2. herewegoagain Newcomer, in training Posts: 50

    Heres the new combofix log

    ComboFix 12-10-18.03 - Owner 10/20/2012 1:25.2.1 - x86
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
    * Created a new restore point
    .
    FILE ::
    "c:\documents and settings\Owner\My Documents\7af3996f.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-20 to 2012-10-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-16 22:13 . 2012-10-16 22:13 -------- d-----w- C:\FRST
    2012-10-16 06:59 . 2012-10-16 06:59 177496 ----a-w- c:\windows\system32\drivers\07292517.sys
    2012-10-16 06:59 . 2012-10-16 06:59 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-10-15 08:26 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-15 06:02 . 2012-10-15 06:02 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-10-15 00:31 . 2012-10-15 23:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-10-14 20:13 . 2012-10-14 20:13 -------- d-----w- c:\program files\Enigma Software Group
    2012-10-14 20:09 . 2012-10-14 20:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2012-10-14 19:55 . 2012-10-14 19:55 -------- d-----w- c:\documents and settings\Owner\Application Data\DriverCure
    2012-10-14 19:54 . 2012-10-14 19:54 -------- d-----w- c:\documents and settings\Owner\Application Data\SpeedyPC Software
    2012-10-14 08:21 . 2012-10-14 08:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2012-10-14 08:20 . 2012-10-14 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-10-09 09:04 . 2012-10-09 09:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2012-10-02 05:36 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
    2012-10-02 05:36 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
    2012-10-02 05:36 . 2008-04-13 23:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
    2012-10-02 05:36 . 2008-04-13 23:09 6144 ----a-w- c:\windows\system32\kbd106.dll
    2012-09-24 08:23 . 2012-09-24 08:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Spam Monitor
    2012-09-24 08:22 . 2012-06-22 15:39 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys
    2012-09-24 08:22 . 2012-06-22 15:39 149464 ----a-w- c:\windows\SGDetectionTool.dll
    2012-09-24 08:22 . 2012-06-22 15:39 2267096 ----a-w- c:\windows\PCTBDCore.dll
    2012-09-24 08:22 . 2012-06-22 15:38 767960 ----a-w- c:\windows\BDTSupport.dll
    2012-09-24 08:22 . 2012-06-22 15:39 1689560 ----a-w- c:\windows\PCTBDRes.dll
    2012-09-24 08:21 . 2012-06-22 19:29 254944 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2012-09-24 08:21 . 2012-06-22 19:33 17880 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
    2012-09-24 08:20 . 2012-06-22 19:35 125920 ----a-w- c:\windows\system32\drivers\pctplfw.sys
    2012-09-24 08:20 . 2012-04-19 13:56 91648 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
    2012-09-24 08:20 . 2011-07-08 13:55 32936 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
    2012-09-24 08:20 . 2010-07-08 12:49 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
    2012-09-24 08:20 . 2012-06-22 19:35 70568 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2012-09-24 08:20 . 2012-09-24 08:20 -------- d-----w- c:\program files\PC Tools
    2012-09-24 08:18 . 2012-02-28 15:43 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
    2012-09-24 08:18 . 2012-02-28 15:43 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2012-09-24 08:18 . 2012-04-23 16:36 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2012-09-24 08:18 . 2012-04-23 16:36 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2012-09-21 08:12 . 2012-09-21 08:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Product_FR
    2012-09-21 05:47 . 2012-09-21 05:47 -------- d-----w- c:\program files\VS Revo Group
    2012-09-20 19:29 . 2012-09-20 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-16 07:25 . 2004-08-26 16:12 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
    "TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-15 348160]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-12 81920]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
    "nwiz"="nwiz.exe" [2004-07-12 843776]
    "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-04 131072]
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
    "ISTray"="c:\program files\PC Tools\PC Tools Security\pctsGui.exe" [2012-06-22 2673624]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk.disabled
    backup=c:\windows\pss\Secunia PSI Tray.lnk.disabledCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
    2010-05-12 22:03 300472 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2004-07-12 04:50 4112384 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
    2004-06-04 04:51 131072 ----a-w- c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2004-07-12 04:50 843776 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
    2009-10-22 08:43 64048 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Browser Defender Update Service"=2 (0x2)
    "wuauserv"=2 (0x2)
    "Secunia Update Agent"=3 (0x3)
    "JavaQuickStarterService"=3 (0x3)
    "iPod Service"=3 (0x3)
    "Apple Mobile Device"=3 (0x3)
    "AudioSrv"=2 (0x2)
    "AdobeFlashPlayerUpdateSvc"=3 (0x3)
    "RSVP"=3 (0x3)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunKistEM"=c:\program files\Digital Media Reader\shwiconem.exe
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    "nwiz"=nwiz.exe /install
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    "<NO NAME>"=
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" /startup
    "ControlCenter2.0"=c:\program files\Brother\ControlCenter2\brctrcen.exe /autorun
    "SetDefPrt"=c:\program files\Brother\Brmfl04a\BrStDvPt.exe
    "Path"="c:\program files\ZOOM\ZFX Tools\ZFX Tools startup.exe"
    "SelectRebates"=c:\program files\SelectRebates\SelectRebates.exe
    "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    R3 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [x]
    R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis.sys [x]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
    R3 QslFsFltr;QslFsFltr;c:\windows\system32\DRIVERS\QslFsFltr.sys [x]
    R3 QuikSync;QuikSync;c:\program files\EMC Corporation\v.Clone\QuikSync\QuikSync.exe [x]
    R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
    R3 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
    R3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmghpau.sys [x]
    R4 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [x]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [x]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [x]
    S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [x]
    S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [x]
    S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [x]
    S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [x]
    S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [x]
    S2 vstor2-mntapi10;Vstor2 vix Disk Tools Virtual Storage Driver;c:\program files\VMware\VMware Virtual Disk Development Kit\bin\vstor2-mntapi10.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [x]
    S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys [x]
    S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [x]
    S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-27 06:43]
    .
    2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-27 06:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
    uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    LSP: c:\program files\VMware\VMware Player\vsocklib.dll
    Trusted Zone: pb.com\ibdswebp8-ext
    Trusted Zone: usps.com\carrierpickup
    Trusted Zone: usps.com\tools
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-20 01:44
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(1064)
    c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    .
    Completion time: 2012-10-20 01:51:27
    ComboFix-quarantined-files.txt 2012-10-20 05:51
    ComboFix2.txt 2012-10-19 08:53
    .
    Pre-Run: 35,520,106,496 bytes free
    Post-Run: 35,538,763,776 bytes free
    .
    - - End Of File - - 561F2744B54C0773B8F296C023EAF10B
    herewegoagain, Oct 19, 2012
    #22

  3. herewegoagain Newcomer, in training Posts: 50

    Just as a sidenote: Security Center is back but not detecting my PC Tools Security suite 2012
    or its Firewall although both seem to be working (Firewall still starts then stops with services start
    but can be enabled manually)
    I will only be available for another 1/2 hr or so ...be back in about 9-10 hrs. Thanks
    herewegoagain, Oct 19, 2012
    #23

  4. herewegoagain Newcomer, in training Posts: 50

    ...still no internet connection either, cannot find ip address
    herewegoagain, Oct 19, 2012
    #24

  5. herewegoagain Newcomer, in training Posts: 50

    I'm back if you are still available & have any instructions.
    herewegoagain, Oct 20, 2012
    #25

  6. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Next scan....

    • Please download VEW by Vino Rosso from here and save it to your desktop
    • Double click it to start it Note: If running Windows Vista or Windows 7 you will need to right click the file and select Run as administrator and click Continue or Allow at the User Account Control Prompt.
    • Click the check boxes next to Application and System located under Select log to query on the upper left
    • Under Select type to list on the right click the boxes next to Error and Warning Note: If running Windows Vista or Windows 7 also click the box next to Critical (not XP).
    • Under Number or date of events select Number of events and type 20 in the box next to 1 to 20 and click Run
    • Once it finishes it will display a log file in notepad
    • Please copy and paste its entire contents into your next reply
    Jay Pfoutz, Oct 20, 2012
    #26
     

  7. herewegoagain Newcomer, in training Posts: 50

    Will not run. States:
    Run-time error '430':
    Class does not support Automation or does not support expected interface
    herewegoagain, Oct 20, 2012
    #27

  8. Jay Pfoutz Malware Helper Posts: 4,286   +49

    How to capture an event log and upload it to the forum:
    • First, open Event Viewer by clicking Start -> Run -> type eventvwr.msc and press ENTER.
    • In the Event Viewer please right click the requested event log (I.e. Application, system, etc...) and click Save Log File As.
    • Please save the logfile to your desktop and give it a recognizable name.
    • Do this for each log that has been requested.
    • When you are finished saving the necessary logs, close Event Viewer.
    • On your desktop find the saved log files. Hold the CTRL key and click to select each event log.
    • When all event logs are selected, right-click one of them, click Send to -> Compressed Zip Folder.
    • A new .ZIP file will have been created on your desktop. Please attach that file to this forum in your next reply.
    Jay Pfoutz, Oct 20, 2012
    #28

  9. herewegoagain Newcomer, in training Posts: 50

    It doesnt give option to save log ...save/save as etc
    also how many did you need if we get there?
    herewegoagain, Oct 20, 2012
    #29

  10. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Press start, then run and enter cmd - then hit OK.

    In the command prompt window, press in the following code exactly:


    netsh winsock reset catalog

    Then, exit out.
    ==

    Do you have Internet after performing the above process?
    Jay Pfoutz, Oct 21, 2012
    #30

  11. herewegoagain Newcomer, in training Posts: 50

    Ta Da! yes that did work, thanks :)
    Sorry for the slow reply, had to go to work.
    Let me know any other suggestions/instructions .... much appreciated
    herewegoagain, Oct 21, 2012
    #31

  12. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Great, let's check for remnants of infection... :D

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
    Jay Pfoutz, Oct 22, 2012
    #32

  13. herewegoagain Newcomer, in training Posts: 50

    Here is the ESET scan results, three infections-
    Note also ...Windows Firewall is back but Windows Security Center still shows
    alerts & does not recognize my PC TOOLS 2012 Security Suite or its firewall.


    C:\Documents and Settings\All Users\Application Data\ctfmon.lnk Win32/Reveton.J trojan cleaned by deleting - quarantined
    C:\Documents and Settings\Owner\My Documents\7af3996f.exe Win32/Sirefef.EV trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP376\A0070952.lnk Win32/Reveton.J trojan cleaned by deleting - quarantined
    herewegoagain, Oct 22, 2012
    #33

  14. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good...and this please:

    Please run Panda ActiveScan online scan.
    • Choose Quick Scan then click the big green Scan now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • Once the scan is completed, please hit the notepad icon next to the text Export to:
    • Save it to a convenient location such as your Desktop
    • Post the contents of the ActiveScan.txt in your next reply
    Jay Pfoutz, Oct 23, 2012
    #34

  15. herewegoagain Newcomer, in training Posts: 50

    The trojens from other scan arent showing with this one jut some cookies:

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2012-10-23 15:41:53
    PROTECTIONS: 0
    MALWARE: 3
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\n0slzcec.txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\b0oug4lo.txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\v1ka82vr.txt
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    herewegoagain, Oct 23, 2012
    #35

  16. Jay Pfoutz Malware Helper Posts: 4,286   +49

    What other issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
    Jay Pfoutz, Oct 24, 2012
    #36

  17. herewegoagain Newcomer, in training Posts: 50

    On computer restart, PC tools Firewall shuts itself off immediately after service start (has to be manually enabled)

    Windows Security System does not recognize PC Tools antivirus or firewall ...tray icon always shows red alert shield with 'x' although both are on.

    Computer running extremely slow page loading, startup, shutdown with frequent freezes.

    Regularly now, a pop-up states something as ..."no internet connection, page cannot display, click to work offline or retry" but connection shows as good.

    On most/all pages, System tray displays yellow alert with exclamtion mark stating "Done, but with errors on page"

    Some previously disabled services have re-enabled themselves, eg- PC Tools Browser Guard, Google Update Svs, Malwarebytes scheduler etc.

    These are some of what Ive encountered. Haven't tried changing service startup options or using/checking anything beyond basic use yet (no sys restore tried etc). Wanted to get the all clear for fear of spreading/enabling viruses.
    Thanks for your input.
    herewegoagain, Oct 24, 2012
    #37

  18. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Cannot do anything about Windows Security Center recognizing antivirus or firewall software.

    New log from ComboFix

    We would like to see a ☆new log☆ from ComboFix. Please find the ComboFix icon on your Desktop and delete it. Download a new one, and run it. Once it finishes running, post the new log.
    Jay Pfoutz, Oct 25, 2012
    #38

  19. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

    However, we'd like to still help. Please update us on the state of your PC.
    Jay Pfoutz, Oct 30, 2012
    #39

  20. herewegoagain Newcomer, in training Posts: 50

    Hi again Jay, Sorry I didnt receive the usual email notification of new response.

    I mention the Security Center not recognizing antivirus/firewall because it probably needs to be
    addressed for some sort of file damage due to the infection.
    This is a new problem occuring only after the service reappeared following one of the fixes
    (if you remember Windows Security Ctr went missing along w/ Windows firewall & Update)

    Still receiving frequent connection error ...Page needs internet connection to display ...given options
    Work Offline or Retry to connect (must select one)
    When I check the page settings the "Work Offline" option is always selected? I must uncheck it.
    ........maybe related?? -
    In Network Connections / TP-link Wireless Connection Properties, Advanced Options there is an error message:
    Windows cannot display the properties of this connection.
    The Windows Management Instrumentation (WMI) information might be corrupted.
    To correct this, use System Restore to restore Windows to an earlier time ... etc
    herewegoagain, Oct 31, 2012
    #40
Page 2 of 3

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.