Help with infections (MalwareBytes/HiJackThis logs)

A

Americo

New Member
I just joined the forum, and read with interest the Removing something bad thread.

Per the advise to this poster, I downloaded MalwareBytes and HijackThis, and have run both, and will present the log results here.

A little background, quickly: I have a used computer running Microsoft Windows 2000 that had been on a small business' network. I, for the first time, just went online with it via AT&T's High-Speed DSL internet service about 10 days ago. The last several days have been a nightmare, but I'll spare you the details since most of you have heard them before.

Here are the reports:

Malwarebytes' Anti-Malware 1.30
Database version: 1380
Windows 5.0.2195 Service Pack 4

11/10/2008 3:00:55 PM
mbam-log-2008-11-10 (15-00-49).txt

Scan type: Full Scan (C:\|)
Objects scanned: 72509
Time elapsed: 15 minute(s), 41 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 30
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 7
Files Infected: 32

Memory Processes Infected:
C:\Program Files\GetModule\GetModule27.exe (Trojan.Agent) -> No action taken.

Memory Modules Infected:
C:\WINNT\system32\geBtSLbc.dll (Trojan.Vundo.H) -> No action taken.
C:\WINNT\system32\ssqNEvvs.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a63e645f-13bd-45ed-b15f-6e8c1bd57279} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqnevvs (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a63e645f-13bd-45ed-b15f-6e8c1bd57279} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebf5c6db-46dc-4d57-b067-b3766974e4db} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ebf5c6db-46dc-4d57-b067-b3766974e4db} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\antispywarexp2009 (Rogue.AntispywareXP) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\GetPack (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009 (Rogue.Antivirus2008) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a63e645f-13bd-45ed-b15f-6e8c1bd57279} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule27 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\winnt\system32\gebtslbc -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\winnt\system32\gebtslbc -> No action taken.

Folders Infected:
C:\Program Files\Webtools (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\gadcom (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\GetModule (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\speedrunner (Adware.SurfAccuracy) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\Gool (Trojan.Agent) -> No action taken.
C:\Program Files\GetPack (Trojan.Agent) -> No action taken.
C:\Program Files\GetModule (Trojan.Agent) -> No action taken.

Files Infected:
C:\WINNT\system32\ssqNEvvs.dll (Trojan.Vundo.H) -> No action taken.
C:\WINNT\system32\geBtSLbc.dll (Trojan.Vundo.H) -> No action taken.
C:\WINNT\system32\cbLStBeg.ini (Trojan.Vundo.H) -> No action taken.
C:\WINNT\system32\cbLStBeg.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINNT\system32\bsdhnohx.dll (Trojan.Vundo.H) -> No action taken.
C:\WINNT\system32\xhonhdsb.ini (Trojan.Vundo.H) -> No action taken.
C:\Program Files\Webtools\webtools.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\gadcom\gadcom.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\OINAn.exe (Adware.ClickSpring) -> No action taken.
C:\Documents and Settings\Administrator\My Documents\Unfiled\WinRAR\WinRAR 3.70\cr-wr370\CORE10k.EXE (Trojan.Agent) -> No action taken.
C:\WINNT\system32\fcccaywW.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\iifdeebx.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\rqRKBUNF.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\ssqOEXrR.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\xxywUMfe.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\GetModule\dicik.gz (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> No action taken.
C:\Program Files\GetModule\GetModule27.exe (Trojan.Agent) -> No action taken.
C:\WINNT\system32\wpv0312.cpx (Trojan.Agent) -> No action taken.
C:\WINNT\system32\wpv2510.cpx (Trojan.Agent) -> No action taken.
C:\WINNT\system32\wpv369.cpx (Trojan.Agent) -> No action taken.
C:\WINNT\system32\wpv8111.cpx (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\wrdwn2 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> No action taken.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:06 PM, on 11/10/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\dw15.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes0.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [EPSON Stylus C40 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINNT\System32\E_SC.tmp"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1226102732265
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5427/mcfscan.cab
O20 - AppInit_DLLs: jarfxq.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Unknown owner - C:\Program Files\Intel\NCS\Sync\NetSvc.exe (file missing)
O24 - Desktop Component 0: Main Forum - Forums of Pravda.Ru - http://engforum.pravda.ru/forumdisplay.php?f=2

--
End of file - 5207 bytes


As per advise, I deleted the infections via the MalwareBytes program, but have not done anything with the analysis from the HiJackThis program yet. I'm awaiting more advise.

Early on with this problem, I noticed an alert - purportedly from Microsoft security - that some key files had been altered or replace (forgot the terminology), and I now notice that if I set security settings (cookies, etc) higher they do not take, and all settings continually default to the minimum settings.

I've been getting several other alerts purporting to be from my operating system, but one infection report has the misspelling "pervent" instead of "prevent", which suggests its a fraud, and otherwise, I've had alerts that require an "OK" or "Save" which I've avoided doing but saw the "Save" button depress automatically. Numerous other problems

Please advise about how I should proceed with the information obtained from HiJack this, and also advise on how to initiate better security, programs to buy or use, things to avoid, and so on. I did install a 30-day trial of Kapersky's Security - is this a good one or do you recommend another as a permanent anti-virus/spyware program? Should I buy MalwareBytes?

One last thing. After being fooled by phony Microsoft security alerts, I deleted quite a few files and folders out of frustration and confusion. One was Intel PROSet, which I think was a mistake. I've not been able to figure out where to find - or even if - those files can be re-installed after searching my computer and visiting Intel's website. Help on this is appreciated, too.

Do I need to re-install the whole operating system? (I don't have a disc. I bought this computer used and the Disc Drive does not work for some reason - another problem yet to be resolved). Is having an outdated operating system (Windows 2000) part of my problem and will likely lead to a repeat of these problems?

As I mentioned, I'm new to having the internet at home, and have been so stressed that I'm considering cancelling the service - but then the terrorists win. :) I'm encouraged by finding this forum and using the programs recommended, as I may be getting my computer back.

All help is very, very much appreciated.

Kevin
 
Last edited:
Hello:

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
Respital said:
Download and Run ComboFix
Click to expand...

I downloaded and ran ComboFix. I read in some instructions before doing so that I should disable third-party security software, and so I "paused" Kaspersky. When running ComboFix, I got the message:
"Cannot import temp00.dat; Not all data was successfully written to the registry. Some keys are open by the system or other processes".

The log file:
ComboFix 08-11-09.04 - Administrator 11/10/2008 18:02:16.1 - NTFSx86
Microsoft Windows 2000 Professional [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\fbk.sts
c:\winnt\system32\jarfxq.dll
c:\winnt\system32\ptxwtkma.dll
c:\winnt\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.

2008-11-10 15:24 . 08-11-10 15:24 <DIR> d-------- c:\program files\Trend Micro
2008-11-10 14:31 . 08-11-10 14:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-10 14:31 . 08-11-10 14:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-10 14:31 . 08-11-10 14:31 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-10 14:31 . 08-10-22 16:10 38,496 --a------ c:\winnt\system32\drivers\mbamswissarmy.sys
2008-11-10 14:31 . 08-10-22 16:10 15,504 --a------ c:\winnt\system32\drivers\mbam.sys
2008-11-09 20:38 . 08-11-09 22:04 96,976 --a------ c:\winnt\system32\drivers\klin.dat
2008-11-09 20:38 . 08-11-09 20:38 87,855 --a------ c:\winnt\system32\drivers\klick.dat
2008-11-09 20:36 . 08-11-09 20:36 <DIR> d-------- c:\program files\Kaspersky Lab
2008-11-09 20:36 . 08-11-10 15:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-09 20:29 . 08-11-10 18:10 54,156 --ah----- c:\winnt\QTFont.qfn
2008-11-09 20:29 . 08-11-10 18:04 1,409 --a------ c:\winnt\QTFont.for
2008-11-09 20:17 . 08-11-09 20:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-09 00:43 . 08-11-09 09:57 <DIR> d-------- c:\winnt\Windows Update Setup Files
2008-11-08 20:31 . 03-09-26 03:43 831,760 --a------ c:\winnt\system32\mswdat10.dll
2008-11-08 20:31 . 03-09-26 03:42 512,272 --a------ c:\winnt\system32\msexch40.dll
2008-11-08 20:31 . 03-09-26 03:42 422,160 --a------ c:\winnt\system32\msrd2x40.dll
2008-11-08 20:31 . 03-09-26 03:42 315,664 --a------ c:\winnt\system32\msrd3x40.dll
2008-11-08 20:31 . 03-09-26 03:42 213,264 --a------ c:\winnt\system32\msltus40.dll
2008-11-08 19:49 . 08-11-08 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg7
2008-11-08 18:43 . 08-11-09 20:27 <DIR> d-------- c:\program files\Avast4
2008-11-08 02:36 . 08-11-08 21:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-08 00:10 . 08-11-08 00:10 <DIR> d-------- c:\program files\Alwil Software
2008-11-07 22:41 . 03-03-18 16:20 1,060,864 --a------ c:\winnt\system32\MFC71.dll
2008-11-07 21:48 . 08-11-07 21:48 <DIR> d-------- c:\winnt\system32\BITS
2008-11-07 20:13 . 02-05-15 16:16 462,848 --a------ c:\winnt\system32\msaatext.dll
2008-11-07 20:13 . 02-05-15 16:16 360,448 --a------ c:\winnt\system32\oleacc.dll
2008-11-07 20:13 . 02-05-15 16:16 360,448 --a------ c:\winnt\system32\dllcache\oleacc.dll
2008-11-07 20:13 . 02-05-15 16:16 356,352 --a------ c:\winnt\system32\oleaccrc.dll
2008-11-07 20:13 . 02-05-15 16:16 356,352 --a------ c:\winnt\system32\dllcache\oleaccrc.dll
2008-11-07 19:58 . 08-11-07 19:58 <DIR> d-------- c:\winnt\McAfee.com
2008-11-07 19:40 . 08-11-07 19:40 <DIR> d-------- c:\winnt\system32\Windows Media
2008-11-07 19:38 . 08-11-08 21:36 <DIR> d-------- c:\winnt\msiinst.tmp
2008-11-07 19:38 . 08-11-07 19:38 <DIR> d--h-c--- c:\winnt\$NtUpdateRollupPackUninstall$
2008-11-07 19:30 . 08-11-07 19:30 <DIR> d-------- c:\winnt\system32\ie_de
2008-11-07 19:30 . 08-11-07 19:30 <DIR> d-------- c:\winnt\ServicePackFiles
2008-11-07 19:26 . 05-02-06 21:35 6,301,696 --a------ c:\winnt\system32\sp3res.dll
2008-11-07 19:25 . 05-05-04 14:45 2,890,240 --a------ c:\winnt\system32\msi.dll
2008-11-07 19:24 . 03-06-19 14:05 618,889 --a------ c:\winnt\system32\instcat.sql
2008-11-07 19:23 . 03-06-19 14:05 2,531,088 --a------ c:\winnt\system32\cdosys.dll
2008-11-07 19:06 . 07-07-30 19:19 549,720 --a------ c:\winnt\system32\wuapi.dll
2008-11-07 19:06 . 07-07-30 19:19 325,976 --a------ c:\winnt\system32\wucltui.dll
2008-11-07 19:06 . 07-07-30 19:19 43,352 --a------ c:\winnt\system32\wups2.dll
2008-11-07 19:06 . 07-07-30 19:18 34,136 --a------ c:\winnt\system32\wucltui.dll.mui
2008-11-07 19:06 . 07-07-30 19:18 33,624 --a------ c:\winnt\system32\wups.dll
2008-11-07 19:06 . 07-07-30 19:19 25,944 --a------ c:\winnt\system32\wuaucpl.cpl.mui
2008-11-07 19:06 . 07-07-30 19:19 25,944 --a------ c:\winnt\system32\wuapi.dll.mui
2008-11-07 19:06 . 07-07-30 19:18 20,312 --a------ c:\winnt\system32\wuaueng.dll.mui
2008-11-04 23:33 . 08-11-04 23:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-11-02 02:42 . 08-11-02 03:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\mIRC
2008-10-31 16:30 . 08-10-31 16:30 <DIR> d-a------ c:\documents and settings\All Users\Application Data\Motive
2008-10-31 16:29 . 08-10-31 16:30 <DIR> d-a------ c:\program files\Common Files\Motive
2008-10-31 16:29 . 08-11-07 20:45 <DIR> d-------- c:\program files\ATT
2008-10-31 16:29 . 05-07-12 02:28 69,632 --a------ c:\winnt\system32\MCCDevice.dll
2008-10-31 16:29 . 05-07-12 02:28 6,048 --a------ c:\winnt\system32\MCC16.dll
2008-10-30 23:05 . 08-10-30 23:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2008-10-30 23:04 . 08-10-30 23:04 <DIR> d-------- c:\program files\Common Files\iS3
2008-10-30 23:04 . 08-10-31 01:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2008-10-30 22:04 . 08-10-30 22:05 316,707 --a------ c:\winnt\system32\msvcr80.zip
2008-10-28 20:10 . 08-10-28 20:10 <DIR> d-------- c:\program files\Google
2008-10-28 11:59 . 08-10-28 11:59 <DIR> d-------- c:\program files\Yahoo!
2008-10-10 23:39 . 08-10-10 23:39 <DIR> d-------- c:\program files\PDAToolbox
2008-10-10 23:39 . 04-12-05 08:13 638,976 --a------ c:\winnt\system32\ExEdit.dll
2008-10-10 23:39 . 00-01-18 09:55 452,040 --a------ c:\winnt\system32\SSTBARS2.OCX
2008-10-10 23:39 . 04-12-05 08:13 155,648 --a------ c:\winnt\system32\ExPrint.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 01:32 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-10 01:32 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-10 01:32 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-09 02:49 --------- d-----w c:\program files\Lavasoft
2008-11-09 02:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-09 02:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 02:01 --------- d-----w c:\program files\Common Files\Adaptec Shared
2008-11-08 01:11 --------- d-----w c:\program files\Best_Security_Tips
2003-02-06 14:33 271 ---h--w c:\program files\desktop.ini
2003-02-06 14:33 21,952 ---h--w c:\program files\folder.htt
2002-07-24 12:00 32,528 ----a-w c:\winnt\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da30eff8-ccc6-4162-a20d-67402a26a215}"= "c:\program files\Best_Security_Tips\tbBes0.dll" [08-09-15 06:47 1784856]

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da30eff8-ccc6-4162-a20d-67402a26a215}"= "c:\program files\Best_Security_Tips\tbBes0.dll" [08-09-15 06:47 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= "c:\program files\Best_Security_Tips\tbBes0.dll" [08-09-15 06:47 1784856]

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C40 Series"="c:\winnt\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [01-01-18 20:00 68608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08-11-02 12:43 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\winnt\System32\igfxtray.exe" [03-03-11 10:24 155648]
"HotKeysCmds"="c:\winnt\System32\hkcmd.exe" [03-03-11 10:11 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [03-08-04 17:02 77824]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [08-07-29 20:20 206088]
"Synchronization Manager"="mobsync.exe" [03-06-19 14:05 111376 c:\winnt\system32\mobsync.exe]
"GWMDMMSG"="GWMDMMSG.exe" [02-08-06 15:24 90112 c:\winnt\GWMDMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 14:05 186640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\winnt\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2008-05-09 127488]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-04-03 415072]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\winnt\system32\drivers\klbg.sys [08-01-29 18:29 32784]
R0 ultra66;ultra66;c:\winnt\system32\DRIVERS\ultra66.sys [99-09-25 11:11 33296]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\winnt\system32\DRIVERS\klfltdev.sys [08-03-13 19:02 23312]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\winnt\system32\DRIVERS\klim5.sys [08-04-30 18:06 24592]
R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\DRIVERS\usbhub20.sys [03-06-19 14:05 49776]
S3 PCDRDRV;Pcdr Helper Driver;c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [ ]

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-GWMDMpi - c:\winnt\GWMDMpi.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.msn.com
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://www.msn.com
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm -

O16 -: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
c:\winnt\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
c:\winnt\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 18:09:56
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-10 18:14:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-10 23:14:18

Pre-Run: 26,309,734,912 bytes free
Post-Run: 26,656,242,688 bytes free

174
Click to expand...

I noticed then that Kapersky was not showing in my icon tray and furthermore confirmed it was disabled, and ran ComboFix again.

The second log:
ComboFix 08-11-09.04 - Administrator 11/10/2008 18:19:58.2 - NTFSx86
Microsoft Windows 2000 Professional [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 23:17 236,816 ----a-w c:\winnt\system32\CF31546.exe.vir
2008-11-10 20:24 --------- d-----w c:\program files\Trend Micro
2008-11-10 20:05 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-10 19:31 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-10 19:31 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-10 19:31 --------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-10 03:04 96,976 ----a-w c:\winnt\system32\drivers\klin.dat
2008-11-10 01:38 87,855 ----a-w c:\winnt\system32\drivers\klick.dat
2008-11-10 01:36 --------- d-----w c:\program files\Kaspersky Lab
2008-11-10 01:32 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-10 01:32 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-10 01:32 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-10 01:27 --------- d-----w c:\program files\Avast4
2008-11-10 01:17 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-09 02:49 --------- d-----w c:\program files\Lavasoft
2008-11-09 02:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-09 02:49 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-09 02:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-09 00:49 --------- d-----w c:\documents and settings\All Users\Application Data\Avg7
2008-11-08 05:10 --------- d-----w c:\program files\Alwil Software
2008-11-08 02:01 --------- d-----w c:\program files\Common Files\Adaptec Shared
2008-11-08 01:45 --------- d-----w c:\program files\ATT
2008-11-08 01:11 --------- d-----w c:\program files\Best_Security_Tips
2008-11-05 04:33 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-11-02 08:00 --------- d-----w c:\documents and settings\Administrator\Application Data\mIRC
2008-10-31 21:30 --------- d---a-w c:\program files\Common Files\Motive
2008-10-31 21:30 --------- d---a-w c:\documents and settings\All Users\Application Data\Motive
2008-10-31 06:48 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2008-10-31 04:05 --------- d-----w c:\documents and settings\All Users\Application Data\SITEguard
2008-10-31 04:04 --------- d-----w c:\program files\Common Files\iS3
2008-10-31 03:05 316,707 ----a-w c:\winnt\system32\msvcr80.zip
2008-10-29 01:10 --------- d-----w c:\program files\Google
2008-10-28 16:59 --------- d-----w c:\program files\Yahoo!
2008-10-22 21:10 38,496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys
2008-10-22 21:10 15,504 ----a-w c:\winnt\system32\drivers\mbam.sys
2008-10-11 04:39 --------- d-----w c:\program files\PDAToolbox
2003-02-06 14:33 271 ---h--w c:\program files\desktop.ini
2003-02-06 14:33 21,952 ---h--w c:\program files\folder.htt
2002-07-24 12:00 32,528 ----a-w c:\winnt\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((( snapshot@Mon 2008-11-10_18.13.33.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-10 23:19:44 16,384 ----atw c:\winnt\system32\Perflib_Perfdata_2c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da30eff8-ccc6-4162-a20d-67402a26a215}"= "c:\program files\Best_Security_Tips\tbBes0.dll" [09/15/08 06:47a 1784856]

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da30eff8-ccc6-4162-a20d-67402a26a215}"= "c:\program files\Best_Security_Tips\tbBes0.dll" [09/15/08 06:47a 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= "c:\program files\Best_Security_Tips\tbBes0.dll" [09/15/08 06:47a 1784856]

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C40 Series"="c:\winnt\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [01/18/01 08:00p 68608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/02/08 12:43p 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\winnt\System32\igfxtray.exe" [03/11/03 10:24a 155648]
"HotKeysCmds"="c:\winnt\System32\hkcmd.exe" [03/11/03 10:11a 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [08/04/03 05:02p 77824]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/08 08:20p 206088]
"Synchronization Manager"="mobsync.exe" [06/19/03 02:05p 111376 c:\winnt\system32\mobsync.exe]
"GWMDMMSG"="GWMDMMSG.exe" [08/06/02 03:24p 90112 c:\winnt\GWMDMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [06/19/03 02:05p 186640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\winnt\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2008-05-09 127488]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-04-03 415072]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\winnt\system32\drivers\klbg.sys [01/29/08 06:29p 32784]
R0 ultra66;ultra66;c:\winnt\system32\DRIVERS\ultra66.sys [09/25/99 11:11a 33296]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\winnt\system32\DRIVERS\klfltdev.sys [03/13/08 07:02p 23312]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\winnt\system32\DRIVERS\klim5.sys [04/30/08 06:06p 24592]
R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\DRIVERS\usbhub20.sys [06/19/03 02:05p 49776]
S3 PCDRDRV;Pcdr Helper Driver;c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [ ]

*Newly Created Service* - CATCHME
*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.msn.com
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://www.msn.com
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm -

O16 -: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
c:\winnt\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
c:\winnt\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 18:21:43
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 11/10/2008 18:24:03
ComboFix-quarantined-files.txt 2008-11-10 23:23:52
ComboFix2.txt 2008-11-10 23:14:27

Pre-Run: 26,660,830,720 bytes free
Post-Run: 26,654,351,360 bytes free

131
Click to expand...

Before running ComboFix, I was getting an "Internet Explorer has encountered a problem and has to close (forgot the exact wording)" message, and had to leave the message open and unacknowledged to allow me to remain connected online and converse with you here. That message is gone now, and I can also set my privacy settings in the Control Panel / Internet / Privacy settings, which continually defaulted to zero before.

I very much appreciate this help! Upon reviewing the logs, further advise?
 
Last edited:
How is your computer running now?

Is it back to how it was before the infections?

Or are you still having problems? :)
 
Respital said:
How is your computer running now?

Is it back to how it was before the infections?

Or are you still having problems? :)
Click to expand...

I'm not noticing any problems at all now. Before, I had many, many problems going on. FANTASTIC!

THANK YOU VERY, VERY MUCH! :)

Any other recommendations at this point?

I just installed the 30-day trial of Kaspersky Internet 2009, and re-enabled it. Do you recommend another instead? Others?

Anything I should do to avoid these problems again?

Is my having Windows 2000 a problem, and should I update it?

Thanks! :)
 
Americo said:
I'm not noticing any problems at all now. Before, I had many, many problems going on. FANTASTIC!

THANK YOU VERY, VERY MUCH! :)

Any other recommendations at this point?

I just installed the 30-day trial of Kaspersky Internet 2009, and re-enabled it. Do you recommend another instead? Others?

Anything I should do to avoid these problems again?

Is my having Windows 2000 a problem, and should I update it?

Thanks! :)
Click to expand...

One more for the time being, just to make sure there's nothing left. :)

Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.


In your next reply i will need:
  • The Kaspersky report
  • A fresh HiJackThis report
  • An update on how your computer is running (Even a little faster matters)
 
Respital said:
One more for the time being, just to make sure there's nothing left. :)
Run Kaspersky Online AV Scanner
Click to expand...

More problems, of a different nature. I tried to run Kaspersky Online, but I got a message saying I needed to update my Java version. While downloading that, I checked on another thread I placed in this forum asking for help in finding Intel PROSet files, which I had deleted mistakenly while frustratingly trying to stop my infections. Well, on the Softpedia website that I was referred to for the Intel files, there was prominently advertised another program, Driver Detective, and I downloaded it to see if I was missing any other files from my desperation deleting before finding this forum.

Well, I ran Driver Detective, and noticed that it would proceed through its progress bar to completion, then immediately start over, and do the same... at least 15 times. The Cancel button was inactive. Knowing that usually a progress bar shows progress from start to completion, once... I realized that something was wrong but I was unable to stop it (no Cancel). I finally turned off my computer.

When I turned it on, I get a blue screen with DOS-like white font Stop Error screen, "Inaccessible Boot Device".

I explain it in detail in the Hard drive thread since it refers to the hard drive in the message: The details in that thread is at Stop Error Screen: Inaccessible Boot Device

Please help me. I'm melting.... I'm melting... I'm melting
 
You must log in or register to reply here.
Back
Top