Laptop infected

By Jimmy99
Sep 27, 2012
  1. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    Security Check

    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version
    Java(TM) 6 Update 30
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Google Chrome
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE
    Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 3%
    ````````````````````End of Log``````````````````````
  2. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39


    Farbar Service Scanner Version: 07-10-2012
    Ran by Swith (administrator) on 15-10-2012 at 20:09:14
    Running from "C:\Users\smason\Desktop"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    Internet Services:
    Connection Status:
    Localhost is accessible.
    LAN connected.
    Google IP is accessible. is accessible.
    Yahoo IP is accessible. is accessible.

    Windows Firewall:
    Firewall Disabled Policy:

    System Restore:
    System Restore Disabled Policy:

    Action Center:
    Windows Update:
    Windows Autoupdate Disabled Policy:

    Windows Defender:
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

    Other Services:

    File Check:
    \Windows\System32\nsisvc.dll => MD5 is legit
    \Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    \Windows\System32\dhcpcore.dll => MD5 is legit
    \Windows\System32\drivers\afd.sys => MD5 is legit
    \Windows\System32\drivers\tdx.sys => MD5 is legit
    \Windows\System32\Drivers\tcpip.sys => MD5 is legit
    \Windows\System32\dnsrslvr.dll => MD5 is legit
    \Windows\System32\mpssvc.dll => MD5 is legit
    \Windows\System32\bfe.dll => MD5 is legit
    \Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    \Windows\System32\SDRSVC.dll => MD5 is legit
    \Windows\System32\vssvc.exe => MD5 is legit
    \Windows\System32\wscsvc.dll => MD5 is legit
    \Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    \Windows\System32\wuaueng.dll => MD5 is legit
    \Windows\System32\qmgr.dll => MD5 is legit
    \Windows\System32\es.dll => MD5 is legit
    [2012-10-10 10:46] - [2012-06-02 06:41] - 0184320 ____A (Microsoft Corporation) 9C01375BE382E834CC26D1B7EAF2C4FE
    \Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    \Windows\System32\svchost.exe => MD5 is legit
    \Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
  3. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    Broni - I got a big red virus warning against ADW... definitely OK to continue with that link?
  4. Broni

    Broni Malware Annihilator Posts: 52,476   +337

  5. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    OK - here is ADW
  6. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    # AdwCleaner v2.005 - Logfile created 10/16/2012 at 23:25:37
    # Updated 14/10/2012 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : Swith - SWITH-MARS
    # Boot Mode : Normal
    # Running from : C:\Users\smason\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****

    Folder Deleted : C:\ProgramData\Partner

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    [OK] Registry is clean.


    AdwCleaner[S1].txt - [1282 octets] - [16/10/2012 23:25:37]

    ########## EOF - \AdwCleaner[S1].txt - [1342 octets] ##########
  7. Broni

    Broni Malware Annihilator Posts: 52,476   +337

  8. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    I left it running over night Broni. It has finished and now says no threats found. I've agreed to it uninstalling when it finished. Right? Any others I should now uninstall?
  9. Broni

    Broni Malware Annihilator Posts: 52,476   +337

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras:


    1. Update your Java version here:

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.


    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!:
    Simple and easy ways to keep your computer safe and secure on the Internet:

    13. Please, let me know, how your computer is doing.
  10. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    OK - all done. The only think I don't know is the answer to question in point 4: what kind of infection did I have? Did that show anywhere?

    Cheers, Jimmy
  11. Broni

    Broni Malware Annihilator Posts: 52,476   +337

    I didn't see any trojans so your passwords should be OK.

    Way to go!! [​IMG]
    Good luck and stay safe :)

Similar Topics

Create an account or login to comment

You need to be a member in order to leave a comment
TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.