Sponsored By

sarahw

My Infected Computer

Recommended Posts

Great. Also post a new HijackThis log. What do you mean by not being able to access Virustotal on the computer?

What problems do you have left? The girls are probably still dancing on your desktop, aren't they. Don't worry; they'll be fixed in the next step, after you've posted the virustotal results.

Best Regards :D

Edited by cdavfrew

Share this post


Link to post
Share on other sites
beep.sys

AhnLab-V3 2008.5.30.1 2008.06.05 -

AntiVir 7.8.0.55 2008.06.06 -

Authentium 5.1.0.4 2008.06.06 -

Avast 4.8.1195.0 2008.06.07 -

AVG 7.5.0.516 2008.06.06 -

BitDefender 7.2 2008.06.07 -

CAT-QuickHeal 9.50 2008.06.06 -

ClamAV 0.92.1 2008.06.07 -

DrWeb 4.44.0.09170 2008.06.06 -

eSafe 7.0.15.0 2008.06.05 -

eTrust-Vet 31.6.5855 2008.06.06 -

Ewido 4.0 2008.06.06 -

F-Prot 4.4.4.56 2008.06.06 -

F-Secure 6.70.13260.0 2008.06.06 -

Fortinet 3.14.0.0 2008.06.07 -

GData 2.0.7306.1023 2008.06.07 -

Ikarus T3.1.1.26.0 2008.06.07 -

Kaspersky 7.0.0.125 2008.06.07 -

McAfee 5312 2008.06.06 -

Microsoft None 2008.06.07 -

NOD32v2 3165 2008.06.06 -

Norman 5.80.02 2008.06.06 -

Panda 9.0.0.4 2008.06.06 -

Prevx1 V2 2008.06.07 -

Rising 20.47.42.00 2008.06.06 -

Sophos 4.30.0 2008.06.07 -

Sunbelt 3.0.1145.1 2008.06.05 -

Symantec 10 2008.06.07 -

TheHacker 6.2.92.339 2008.06.07 -

VBA32 3.12.6.7 2008.06.06 -

VirusBuster 4.3.26:9 2008.06.06 -

Webwasher-Gateway 6.6.2 2008.06.06 -

I havn't has the computer on so I havn't noticed any other problems

Share this post


Link to post
Share on other sites

Please follow all my instructions accordingly. Read through all of it.

1.

• Start HijackThis.

• Click on Misc Tools.

• Then click Open Uninstall Manager.

• Click Save list...

• Notepad will open with the list.

• Post the list here.

2.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.

Also disable your internet connection.

Open Notepad and copy/paste the text in the code box below into it:

Folder::
C:\WINDOWS\system32\iDlo07

Save this as CFScript.txt in the same folder as ComboFix.

Then drag the CFScript.txt into Combo-Fix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt).

Do not click on the ComoboFix window, as it may cause it to stall.

Post a new HijackThis log.

Also turn on the computer and tell me what problems are left.

Best Regards :D

Share this post


Link to post
Share on other sites

Acrobat.com

Acrobat.com

Adobe AIR

Adobe AIR

Adobe Flash Player ActiveX

Adobe Reader 9

Al Roker Vs. Star Jones Boxing by Outerinfo

Apple Mobile Device Support

Apple Software Update

Bonjour

FlashGet 1.9.6.1073

Google Toolbar for Internet Explorer

Google Toolbar for Internet Explorer

Hijackthis 1.99.1

HijackThis 2.0.2

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB952287)

InCtrl5

iTunes

Java 6 Update 7

Malwarebytes' Anti-Malware

Matrix-ks

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

MWGuide (Ver. 5001)

OIN Analytics

pointgo

QuickTime

RaidApplication

Realtek AC'97 Audio

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB944338-v2)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950749)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

SiS 900 PCI Fast Ethernet Adapter Driver

SUPERAntiSpyware Free Edition

Update for Windows XP (KB898461)

Update for Windows XP (KB904942)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB942763)

Update for Windows XP (KB942840)

Update for Windows XP (KB951072-v2)

VirtuaGirl HD

Windows Internet Explorer 7

WinRAR archiver

ComboFix 08-09-27.06 - Family Computer 2008-10-06 16:41:11.12 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.735 [GMT -7:00]

Running from: C:\Documents and Settings\Family Computer\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Family Computer\Desktop\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\system32\idlo07

C:\Windows\system32\idlo07\iDlo071084.exe

.

((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 )))))))))))))))))))))))))))))))

.

2008-10-04 17:45 . 2008-10-04 17:46 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-10-04 17:45 . 2008-10-04 17:45 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\Malwarebytes

2008-10-04 17:45 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-04 17:45 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-04 16:33 . 2008-10-04 16:36 <DIR> d-------- C:\Combo-Fix

2008-10-02 01:51 . 2008-10-02 01:51 <DIR> d-------- C:\WINDOWS\ERUNT

2008-09-30 23:47 . 2008-09-30 23:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

2008-09-30 23:37 . 2008-09-30 23:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-09-30 23:37 . 2008-09-30 23:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-09-30 23:37 . 2008-09-30 23:37 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\SUPERAntiSpyware.com

2008-09-30 23:37 . 2008-09-30 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-09-30 23:23 . 2008-09-30 23:23 319,488 --a------ C:\WINDOWS\drxinstp.exe

2008-09-30 21:02 . 2008-10-02 02:04 <DIR> d-------- C:\SDFix

2008-09-29 08:01 . 2008-09-29 08:01 <DIR> d-------- C:\WINDOWS\Cache

2008-09-29 08:01 . 2008-09-29 08:01 <DIR> d-------- C:\Program Files\MSN Messenger

2008-09-29 08:01 . 2008-09-29 08:02 491,520 --a------ C:\WINDOWS\msado15.dll

2008-09-29 08:00 . 2008-09-29 08:00 152,920 --a------ C:\WINDOWS\system32\vghd.scr

2008-09-29 07:58 . 2008-09-29 08:02 <DIR> d-------- C:\Program Files\vghd

2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Program Files\pointgo

2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Program Files\Al Roker Vs. Star Jones Boxing

2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\vghd

2008-09-29 07:56 . 2008-09-30 23:19 <DIR> d-------- C:\Temp

2008-09-29 07:56 . 2008-09-29 07:56 <DIR> d-------- C:\Program Files\OINAnalytics

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\QuickTime

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\iTunes

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\iPod

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\Bonjour

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\Apple Computer

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-29 07:41 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll

2008-09-29 07:41 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

2008-09-29 07:40 . 2008-09-29 07:41 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-09-29 07:40 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\Common Files\Apple

2008-09-29 07:40 . 2008-09-29 07:40 <DIR> d-------- C:\Program Files\Apple Software Update

2008-09-29 07:40 . 2008-09-29 07:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-09-29 07:39 . 2008-10-05 18:49 <DIR> d-------- C:\Program Files\FlashGet

2008-09-28 01:49 . 2008-09-28 01:49 <DIR> d-------- C:\Program Files\Matrix-ks

2008-09-28 01:38 . 2008-09-28 01:38 <DIR> d-------- C:\_OTMoveIt

2008-09-20 23:35 . 2008-09-30 23:20 <DIR> d-------- C:\Documents and Settings\Family Computer

2008-09-14 17:33 . 2008-09-30 23:23 <DIR> d-------- C:\WINDOWS\1367

2008-09-14 17:33 . 2008-09-30 23:23 <DIR> d-------- C:\Program Files\MWGuide

2008-09-14 17:32 . 2008-09-29 08:00 415 --a------ C:\DelPI.bat

2008-09-07 13:02 . 2008-10-02 01:48 <DIR> d-------- C:\Documents and Settings\Administrator

2008-09-07 12:44 . 2008-09-07 12:47 <DIR> d-------- C:\rsit

2008-09-07 12:44 . 2008-09-07 12:45 <DIR> d-------- C:\Program Files\trend micro

2008-09-07 07:05 . 2008-09-07 07:05 153,404 --a------ C:\WINDOWS\system32\g15.exe

2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-15 00:35 --------- d-----w C:\Program Files\InCtrl5

2008-09-05 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-08-31 07:53 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe

2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe

2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll

2008-08-29 05:36 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe

2008-08-25 02:19 --------- d-----w C:\Program Files\NOS

2008-08-24 08:21 --------- d-----w C:\Program Files\Common Files\Adobe AIR

2008-08-24 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS

2008-08-24 08:20 --------- d-----w C:\Program Files\Common Files\Adobe

2008-08-20 13:35 --------- d-----w C:\Program Files\Google

2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll

.

((((((((((((((((((((((((((((( [email protected]_ 7.51.57.53 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-09-29 15:02:10 10,138 ----a-w C:\WINDOWS\1367\sub.dat

+ 2008-08-07 23:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

+ 2008-10-02 08:51:39 708,608 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT

+ 2008-10-02 08:51:39 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-08-07 23:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-10-02 08:51:34 708,608 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT

+ 2008-10-02 08:51:34 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

+ 2008-09-29 15:24:59 19,174 --sh--r C:\WINDOWS\Installer\{6a9593c3-a96f-406a-bcd6-5a547a09b58e}\AlrtSys.dll

+ 2008-10-01 06:37:57 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2008-10-01 06:37:57 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

+ 2001-08-28 21:00:00 4,224 -c--a-w C:\WINDOWS\system32\dllcache\beep.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"MWGuide"="C:\Program Files\MWGuide\MWGuide.exe" [2007-04-17 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 2007088]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"SoundMan"="SOUNDMAN.EXE" [2005-02-23 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\Family Computer\Start Menu\Programs\Startup\

VirtuaGirl HD.LNK - C:\Program Files\vghd\vghd.exe [2008-09-29 11875648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\FlashGet\\flashget.exe"=

S1 b7a36ed3;b7a36ed3;C:\WINDOWS\system32\drivers\b7a36ed3.sys [ ]

S3 restore;restore;C:\WINDOWS\system32\drivers\restore.sys [ ]

.

Contents of the 'Scheduled Tasks' folder

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-06 16:42:09

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

Completion time: 2008-10-06 16:44:07

ComboFix-quarantined-files.txt 2008-10-06 23:43:05

ComboFix2.txt 2008-10-05 22:06:08

ComboFix3.txt 2008-10-04 23:36:05

ComboFix4.txt 2008-10-01 06:25:41

ComboFix5.txt 2008-10-06 23:40:54

Pre-Run: 75,381,456,896 bytes free

Post-Run: 75,381,370,880 bytes free

149 --- E O F --- 2008-09-19 02:52:21

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:45, on 2008-10-06

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\FlashGet\FlashGet.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MWGuide\MWGuide.exe

C:\Program Files\vghd\vghd.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Family Computer\Desktop\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MWGuide] C:\Program Files\MWGuide\MWGuide.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: VirtuaGirl HD.LNK = C:\Program Files\vghd\vghd.exe

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--

End of file - 4375 bytes

I don't notice any problems with the computer.

Share this post


Link to post
Share on other sites

Hey sarahw

You can uninstall VirtuaGirl HD from your Add/Remove Programs in the Control Panel. This will make the dancing girls go away, unless you installed this program and wish to keep it.

I'll post back soon with more information for the future security of your computer.

*so...have i passed?

Best Regards :D

Also uninstall these programs unless you want them on your PC:

Al Roker Vs. Star Jones Boxing by Outerinfo

pointgo

Edited by cdavfrew

Share this post


Link to post
Share on other sites

Here are a few other things you must do once you are completely clean:

1. Time for some housekeeping

• Click START then RUN

• Now type (or Copy/Paste) Combofix /u in the runbox and click OK

CF_Cleanup.png

2. Now Set a New Restore Point to prevent possible re-infection from an old one.

Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can re-infect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

• Go to Start > Programs > Accessories > System Tools and click "System Restore".

• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

• Then go to Start > Run and type: Cleanmgr

• Click "OK"

Select the drive you want to clean usually C:

Click OK

When it completes the scan:

• Click the "More Options" Tab.

• Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

3. Defragment your Hard Drive

1.Open My Computer.

2.Right-click the local disk volume that you want to defragment, and then click Properties.

3.On the Tools tab, click Defragment Now.

4.Click Defragment.

And here are some tips to reduce the potential for spyware infection in the future:

Make sure you keep your Windows OS current by visiting Windows update

regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

I strongly recommend installing the following applications:

To protect your machine, I highly recommend BOClean. It’s FREE and it works. I use it and never get one of these infections.

In order to prevent the installation of Trojans and Malware on your machine:

Download and install: Comodo BOClean

Comodo BOClean protects your computer against trojans, malware and other threats. It constantly scans your system in the background and intercepts any recognized trojan activity. The program can ask the user what to do, or run in unattended mode and automatically shutdown and remove any suspected Trojan application. Comodo BOClean currently supports more than 60,000 malware items and offers automatic daily updates. Other features include updating via network share, tamper protection and stealth mode.

Spywareblaster <= SpywareBlaster will prevent spyware from being installed.

See Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

And also see Tony Klein's good advice

So how did I get infected in the first place?

Enjoy your clean computer. Any more questions?

Best Regards :D

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...