also @ TechSpot: Tea Party Republicans and 'liberal weenies' alike celebrate Texas email privacy law

Multiple Virus warning allows popping up

Discussion in 'Virus and Malware Removal' started by atcdav, Oct 29, 2010.

Page 5 of 5

  1. atcdav Newcomer, in training Posts: 72

    cant paste whole file, stilltoo big but here is an example...all deleted-quarantined

    C:\Documents and Settings\ANDREW\__\#1 Video Converter 5.2.32.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\.NET PDF Viewer 2.4.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\.photobucket.comalbumsoo286RemygaRAJ.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\000012345abcxxzzyy.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\001 File Joiner and Splitter 4.0.5.0.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\007 James Bond NightFire!.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\007 Quantum of Solace PC.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\007 Quantum Of Solace Wii.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\007 Stealth Activity Monitor 4.2 SAM.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\009 Sound System - With A Spirit.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\009soft Sound Effect Maker 1.2.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\0day 15 May 2010.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\0day 19 November 2009.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\0day 21 April 2010.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\0day 26 October 2009.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\0day Pack 07.04.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\0xford English Dictionary Collection of 4 Major Dictionaries.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 12 Ritter PC.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Click Dvd Copy 5.4.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 click DVD copy 5.7.9.0.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Click DVD Copy Pro 3.2.6.0.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Click DVD Copy Pro 4.0.6.2.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Click DVD Copy Pro 5.6.4.0.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Click Dvd Copy Pro v4.2.2.1 Portable.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Click DVD Copy v5.4.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 DVD Ripper 7.3.0.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Million Serial Keys For Softwares.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 MIllion Serial Numbers for applications.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Million Serial numbers Keys And More.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Penguin 100 Cases Portable.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Penguin 100 Cases.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Video Converter 4.1.27.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Video Converter 4.1.32.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Video Converter 4.1.46.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Video Converter 4.2.13.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Video Converter 5.2.14 (Portable).zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Video Converter 5.2.17.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Video Converter 5.2.24.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Video Converter 5.2.31 Rus.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Video Converter 5.2.31 Rust.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Video Converter 5.2.31.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Video Converter 5.2.32.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Video Converter 5.2.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 Video Converter v5.2.26.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1 year account for nod32 anti.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\1-Click YouTube Downloader Version 3.5.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    C:\Documents and Settings\ANDREW\__\10 Days To Save The World The Adv Of Diana Salinger HF - Tastro.zip a variant of Win32/Injector.CYZ trojan deleted - quarantined
    atcdav, Nov 2, 2010
    #81

  2. atcdav Newcomer, in training Posts: 72

    Also what id the NTUSER.DAT text document? it is continuously changing its size
    atcdav, Nov 2, 2010
    #82

  3. atcdav Newcomer, in training Posts: 72

    QuickScan Beta 32-bit v0.9.9.50
    -------------------------------
    Scan date: Tue Nov 02 18:01:42 2010
    Machine ID: D4F4B445



    No infection found.
    -------------------



    Processes
    ---------
    Apple Mobile Device Service 2388 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    avast! Antivirus 1624 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    avast! Antivirus 596 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
    Bonjour 2416 C:\Program Files\Bonjour\mDNSResponder.exe
    Communications_Helper.exe 236 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    Firefox 4040 C:\Program Files\Mozilla Firefox\firefox.exe
    Firefox 4044 C:\Program Files\Mozilla Firefox\plugin-container.exe
    GrooveMonitor Utility 340 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    iTunes 3544 C:\Program Files\iPod\bin\iPodService.exe
    iTunes 300 C:\Program Files\iTunes\iTunesHelper.exe
    Java(TM) Platform SE 6 U22 2492 C:\Program Files\Java\jre6\bin\jqs.exe
    Java(TM) Platform SE Auto Updater 2 0 656 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    Logitech QuickCam 2848 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    Logitech QuickCam 2940 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    Logitech QuickCam 2720 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    Logitech QuickCam 2096 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    Logitech SetPoint 936 C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
    Logitech SetPoint 132 C:\Program Files\Logitech\SetPoint\SetPoint.exe
    Microsoft® Windows® Operating System 1868 C:\WINDOWS\explorer.exe
    Microsoft® Windows® Operating System 4048 C:\WINDOWS\system32\alg.exe
    Microsoft® Windows® Operating System 664 C:\WINDOWS\system32\csrss.exe
    Microsoft® Windows® Operating System 668 C:\WINDOWS\system32\ctfmon.exe
    Microsoft® Windows® Operating System 744 C:\WINDOWS\system32\lsass.exe
    Microsoft® Windows® Operating System 180 C:\WINDOWS\system32\rundll32.exe
    Microsoft® Windows® Operating System 732 C:\WINDOWS\system32\services.exe
    Microsoft® Windows® Operating System 604 C:\WINDOWS\system32\smss.exe
    Microsoft® Windows® Operating System 2028 C:\WINDOWS\system32\spoolsv.exe
    Microsoft® Windows® Operating System 1368 C:\WINDOWS\system32\svchost.exe
    Microsoft® Windows® Operating System 1160 C:\WINDOWS\system32\svchost.exe
    Microsoft® Windows® Operating System 1024 C:\WINDOWS\system32\svchost.exe
    Microsoft® Windows® Operating System 2328 C:\WINDOWS\system32\svchost.exe
    Microsoft® Windows® Operating System 956 C:\WINDOWS\system32\svchost.exe
    Microsoft® Windows® Operating System 2932 C:\WINDOWS\system32\svchost.exe
    Microsoft® Windows® Operating System 1300 C:\WINDOWS\system32\svchost.exe
    Microsoft® Windows® Operating System 688 C:\WINDOWS\system32\winlogon.exe
    Microsoft® Windows® Operating System 1992 C:\WINDOWS\system32\wscntfy.exe
    MouseSuite 98 216 C:\WINDOWS\system32\ico.exe
    NVIDIA Driver Helper Service, Version 1 920 C:\WINDOWS\system32\nvsvc32.exe
    NVIDIA® NVMixer 196 C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
    sysinf_s Application 264 C:\WINDOWS\system32\FSRremoS.EXE
    Windows Defender 3984 C:\Program Files\Windows Defender\MSASCui.exe
    Windows Defender 3848 C:\Program Files\Windows Defender\MsMpEng.exe


    Network activity
    ----------------
    Process firefox.exe (4040) connected on port 80 (HTTP) --> 66.235.143.54
    Process firefox.exe (4040) connected on port 80 (HTTP) --> 184.85.85.115
    Process firefox.exe (4040) connected on port 80 (HTTP) --> 74.125.95.149
    Process firefox.exe (4040) connected on port 80 (HTTP) --> 184.85.232.74
    Process firefox.exe (4040) connected on port 80 (HTTP) --> 74.125.166.88
    Process firefox.exe (4040) connected on port 80 (HTTP) --> 96.17.108.144
    Process firefox.exe (4040) connected on port 80 (HTTP) --> 74.125.95.102
    Process firefox.exe (4040) connected on port 80 (HTTP) --> 74.125.95.138
    Process firefox.exe (4040) connected on port 80 (HTTP) --> 209.85.225.148
    Process firefox.exe (4040) connected on port 80 (HTTP) --> 206.132.242.72

    Process svchost.exe (956) listens on ports: 3389 (Terminal Server)
    Process svchost.exe (1024) listens on ports: 135 (RPC)


    Autoruns and critical files
    ---------------------------
    Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    avast! Antivirus C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
    Communications_Helper.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    EPSON Status Monitor 3 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
    GrooveMonitor Utility C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    iTunes C:\Program Files\iTunes\iTunesHelper.exe
    Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    Logitech SetPoint C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
    Logitech SetPoint C:\Program Files\Logitech\SetPoint\SetPoint.exe
    Logitech SetPoint C:\WINDOWS\KHALMNPR.EXE
    Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
    Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
    Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\upnpui.dll
    Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
    Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
    MouseSuite 98 C:\WINDOWS\system32\ico.exe
    NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\nvcpl.dll
    NVIDIA Media Center Library C:\WINDOWS\system32\nvmctray.dll
    NVIDIA® NVMixer C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
    nwiz.exe C:\WINDOWS\system32\nwiz.exe
    Quickcam.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe
    QuickTime C:\Program Files\QuickTime\qttask.exe
    Windows Defender C:\Program Files\Windows Defender\MpCmdRun.exe
    Windows Defender c:\program files\windows defender\mpshhook.dll
    Windows Defender C:\Program Files\Windows Defender\MSASCui.exe
    Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe
    Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


    Browser plugins
    ---------------
    2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
    Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
    Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
    BitDefender QuickScan C:\Documents and Settings\ANDREW\Application Data\Mozilla\Firefox\Profiles\fevsl91k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    BitDefender QuickScan C:\Documents and Settings\ANDREW\Application Data\Mozilla\Firefox\Profiles\fevsl91k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
    Facebook Photo Uploader 5 C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx
    getPlusPlus for Adobe 16291 C:\Documents and Settings\ANDREW\Application Data\Mozilla\Firefox\Profiles\fevsl91k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    Java Deployment Toolkit 6.0.220.4 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    Java(TM) Platform SE 6 U22 c:\program files\java\jre6\bin\jp2ssv.dll
    Java(TM) Platform SE 6 U22 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    Java(TM) Platform SE 6 U22 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    Messenger C:\Program Files\Messenger\msmsgs.exe
    Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
    Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
    npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
    QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
    QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
    QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
    QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
    QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
    QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
    QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    RealPlayer Version Plugin C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    sdhelper.dll c:\program files\spybot - search & destroy\sdhelper.dll
    Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
    Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
    Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll
    YInstHelper Module C:\WINDOWS\Downloaded Program Files\yinsthelper.dll


    Missing files
    -------------
    File not found: avgrsstx.dll
    --> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter\"DllName"


    Scan
    ----


    No file uploaded.

    Scan finished - communication took 3 sec
    Total traffic - 0.06 MB sent, 1.52 KB recvd
    Scanned 1222 files and modules - 25 seconds

    ==============================================================================
    atcdav, Nov 2, 2010
    #83

  4. Broni Malware Annihilator Posts: 40,022   +187

    Please, re-read my previous reply.
    Broni, Nov 2, 2010
    #84

  5. Broni Malware Annihilator Posts: 40,022   +187

    Sorry, I didn't see your last reply. Hold on.
    Broni, Nov 2, 2010
    #85

  6. Broni Malware Annihilator Posts: 40,022   +187

    I think, we can safely disregard Eset findings. It looks to me like false positive.

    Now, your profile may be corrupted.

    Create new profile: http://support.microsoft.com/kb/811151
    See, if you have same permission problems there.
    Try to download and run SecurityCheck, for instance.
    Broni, Nov 2, 2010
    #86
     

  7. atcdav Newcomer, in training Posts: 72

    could a corrupt profile cuse the permissions errors I get?
    atcdav, Nov 2, 2010
    #87

  8. Broni Malware Annihilator Posts: 40,022   +187

    Yes.......
    Broni, Nov 2, 2010
    #88

  9. atcdav Newcomer, in training Posts: 72

    ok, I think I understand I make a new user and tranfer the old users files
    atcdav, Nov 2, 2010
    #89

  10. Broni Malware Annihilator Posts: 40,022   +187

    That's what the link says :)
    Broni, Nov 2, 2010
    #90

  11. atcdav Newcomer, in training Posts: 72

    Ok, so it looks clean now. I really appreciate your help
    atcdav, Nov 2, 2010
    #91

  12. Broni Malware Annihilator Posts: 40,022   +187

    No permission problems?
    If so, I need SecurityCheck log.
    Broni, Nov 2, 2010
    #92

  13. atcdav Newcomer, in training Posts: 72

    I havent switch all the files yet.

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    avast! Free Antivirus
    ESET Online Scanner v3
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    MVPS Hosts File
    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.0.45.2
    Adobe Reader 9.3.3
    Japanese Fonts Support For Adobe Reader 9
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Windows Defender MSMpEng.exe
    Windows Defender MSASCui.exe
    Windows Defender MsMpEng.exe
    Windows Defender MSASCui.exe
    Alwil Software Avast5 AvastSvc.exe
    system32 AvastUI.exe -?-
    ALWILS~1 Avast5 avastUI.exe
    ````````````````````````````````
    DNS Vulnerability Check:
    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
    atcdav, Nov 2, 2010
    #93

  14. Broni Malware Annihilator Posts: 40,022   +187

    No. Security Check (my reply #65).
    Broni, Nov 2, 2010
    #94

  15. atcdav Newcomer, in training Posts: 72

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    avast! Free Antivirus
    ESET Online Scanner v3
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    MVPS Hosts File
    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.0.45.2
    Adobe Reader 9.3.3
    Japanese Fonts Support For Adobe Reader 9
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Windows Defender MSMpEng.exe
    Windows Defender MSASCui.exe
    Windows Defender MsMpEng.exe
    Windows Defender MSASCui.exe
    Alwil Software Avast5 AvastSvc.exe
    system32 AvastUI.exe -?-
    ALWILS~1 Avast5 avastUI.exe
    ````````````````````````````````
    DNS Vulnerability Check:
    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
    atcdav, Nov 2, 2010
    #95

  16. Broni Malware Annihilator Posts: 40,022   +187

    Very good :)

    Your computer is clean [IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
    Broni, Nov 2, 2010
    #96

  17. atcdav Newcomer, in training Posts: 72

    The computer has been fine. No permission error witht he new user, It must have been the corrupt profile.

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: ANDREW
    ->Temp folder emptied: 44870464 bytes
    ->Temporary Internet Files folder emptied: 10985416 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 81110953 bytes
    ->Flash cache emptied: 1916 bytes

    User: Andrew_1
    ->Temp folder emptied: 413046 bytes
    ->Temporary Internet Files folder emptied: 96026 bytes
    ->FireFox cache emptied: 5589905 bytes
    ->Flash cache emptied: 434 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 2072 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 109058 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 137.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: ANDREW
    ->Flash cache emptied: 0 bytes

    User: Andrew_1
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.17.1 log created on 11022010_191245

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
    atcdav, Nov 2, 2010
    #97

  18. Broni Malware Annihilator Posts: 40,022   +187

    Way to go!! [IMG]
    Good luck and stay safe :)
    Broni, Nov 2, 2010
    #98
Page 5 of 5
Topic Status:
Not open for further replies.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.