0

Last week, i noticed while at a computer lab at my local college someone who was getting a spam of a virus protection that the computer should have. Sortly after, it would not let the guy use the internet and proceeded to give a window saying that the pc has been hijacked. I figured this was some strange virus.
Yesturday, i got attacked by that same virus, or so i think it is a virus. Figuring what was coming, i went into task manager and stopped the rogue program from running anymore. This did fix my problem, but now i was left without the ability to use the internet. I tried turning off and on the pc, and the program came back up. I then used windows defender to go into the startup list and removed the program that was causing the problem, and proceeded to the provided link windows defender gave me and deleted the location of the program. Everything started to work properly, but i could not access the internet. Sorta. I could pull up an instant messager and talk to my friend about this, but i could not access the internet direction with internet explorer. I tried to use the window's repair connection program when you right click the internet connection on the system bar, but it stopped because it could not register the dns server. Giving up, i called it a night and turned off my pc.
This morning i turned it back on with the same internet problem. I did the repair again, and this time it registered with the dns server. Only problem is that it has a 192.168 kind of ip address.
I went off to college today with Avast!, my anti virus, running a scan.

Is there anything else i can do to fix this problem? I haven't been able to access the internet till i got to college today.
I run Windows XP with Avast! antivirus and Windows Defender.

2
Contributors
15
Replies
16
Views
7 Years
Discussion Span
Last Post by jholland1964
Featured Replies
  • Will look for that log, or your next post saying all was clean. By the way, AFTER that scan and IF it is clean you should also Set a new and now clean System Restore Point: To do this Right Click My computer. Choose Properties When System Properties opens choose … Read More

0

Obviously you have one of the Rogue anti-virus trojans on the computer. Please do the following, since you cannot access the internet via the infected computer you likely will have to use a flash drive to install the program.
First of all, turn off Windows Defender as it may interfere.
Please try this version of malwarebytes: Click the link here Place the program on a flash drive and take it to the infected computer and install.
n case the installer (random named file) won't run either, rename it to EXPLORER.EXE and try again.

When Malwarebytes opens, click the "Update" tab FIRST and select to check for updates in order to get the latest updates.
In case Malwarebytes doesn't open, search for the folder mbam-installer on your desktop, open it and doubleclick the file winlogon.exe which will be present in there. This should launch Malwarebytes and go ahead and try to run a scan with the program without updating. When the scan is finished and you are shown the infected files in red be sure to click Remove Selected. Then reboot the computer and see if you can get back online.

0

Ok, so i managed to preform the tasks you gave me. It did not fix the problem, so i dug a little deeper into my internet problem. I looked at the ip config and i was given this.
IP Address 192.168.1.106
Subnet mask 255.255.255.0
Default Gateway 192.168.1.1
DHCP Server 192.168.1.1
DNS Servers 68.87.73.246 and 68.87.71.230

I'm not good at networking, but if the computer is able to see the DNS server, shouldn't it be getting its own IP Address instead of signing itself the one it got?

Also, I thought ahead yesturday and got HiJackThis onto my flashdrive. Here is the report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:28 AM, on 5/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmo-champion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070409
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Documents and Settings\user\My Documents\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Documents and Settings\user\My Documents\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Documents and Settings\user\My Documents\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Documents and Settings\user\My Documents\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Documents and Settings\user\My Documents\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Documents and Settings\user\My Documents\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Documents and Settings\user\My Documents\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Documents and Settings\user\My Documents\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {14A1249F-CA17-4FDF-8F39-7DB8A77F11FC} (VPOSSystem Class) - https://downloadvpos.authorize.net/AnetVPOS.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11109 bytes

0

I don't see anything wrong with your ip config.
I could be wrong but it looks ok to me.
You said you ran the steps I gave you. I need to see the log that was generated by MBA-M. There isn't anything in the HJT log indicating infection.
You show wireless connection. Can you physically attach the computer to internet and connect?

0

I don't see anything wrong with your ip config.
I could be wrong but it looks ok to me.
You said you ran the steps I gave you. I need to see the log that was generated by MBA-M. There isn't anything in the HJT log indicating infection.
You show wireless connection. Can you physically attach the computer to internet and connect?

I tried the connection with a wire to the router. When i did so, i managed to pull up the status for both the wireless connection and the wired connection.
http://img341.imageshack.us/img341/7677/dualnetworkconnection.png
I couldn't figure out how to do thumbnails/needed the time to study because this week is finals week at college.
The wireless details is on the left, and the physical connection details was on the right.

As for the malwarebites logs, i did several scans and have 4 logs. The first scan had the most infected files, while the last one strangely had one infected file come up. The two inbetween had 0 infected files come up. None the less, all 4 logs will be posted in order that the scanning occured.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4063

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

5/3/2010 9:11:30 PM
mbam-log-2010-05-03 (21-11-30).txt

Scan type: Quick scan
Objects scanned: 15000
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\user\Application Data\Microsoft\tlbh11.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\tloaderbho.tlobject (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e48fbe09-9a92-4daa-8d55-40718a85ec82} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{96b00514-3c5d-4ba7-9be1-09345c3d9c26} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{be92034e-5c96-49cc-95ae-43ba8f5793c6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{be92034e-5c96-49cc-95ae-43ba8f5793c6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{be92034e-5c96-49cc-95ae-43ba8f5793c6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tloaderbho.tlobject.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\user\Application Data\Microsoft\tlbh11.dll (Trojan.BHO) -> Delete on reboot.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4063

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

5/3/2010 9:46:15 PM
mbam-log-2010-05-03 (21-46-15).txt

Scan type: Quick scan
Objects scanned: 141839
Time elapsed: 25 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4063

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

5/4/2010 1:07:30 AM
mbam-log-2010-05-04 (01-07-30).txt

Scan type: Full scan (C:\|)
Objects scanned: 243165
Time elapsed: 1 hour(s), 50 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4065

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

5/4/2010 3:50:50 PM
mbam-log-2010-05-04 (15-50-50).txt

Scan type: Full scan (C:\|)
Objects scanned: 243446
Time elapsed: 2 hour(s), 29 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP954\A0176423.exe (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully.

Sorry for the long post.

0

When I said connect directly to the internet I meant actually connect the internet cable to the computer, not to the router.
Try this, in Internet Explorer go to TOOLS, INTERNET OPTIONS, CONNECTIONS tab, LAN SETTINGS. Then uncheck 'Use A Proxy Server...' and click OK

0

When I said connect directly to the internet I meant actually connect the internet cable to the computer, not to the router.
Try this, in Internet Explorer go to TOOLS, INTERNET OPTIONS, CONNECTIONS tab, LAN SETTINGS. Then uncheck 'Use A Proxy Server...' and click OK

I am not sure how you knew that was turned on, but as soon as I turned it off, the internet worked. This message is coming from the formerly infected computer. I am now able to browse the internet. Thank you soo much for your time and effort. Because I am in a good mood, cookies for everyone.

Edited by Coldare10: n/a

0

I am not sure how you knew that was turned on, but as soon as I turned it off, the internet worked. This message is coming from the formerly infected computer. I am now able to browse the internet. Thank you soo much for your time and effort. Because I am in a good mood, cookies for everyone.

I knew it was turned on because these infections turn it on. Are you absolutely certain that the computer is clean? Have all your newest scans come up clean since turning this off? As a precaution you really should update your MBA-M program and run a new full scan with it, especially that portion of the infection remained.

0

I knew it was turned on because these infections turn it on. Are you absolutely certain that the computer is clean? Have all your newest scans come up clean since turning this off? As a precaution you really should update your MBA-M program and run a new full scan with it, especially that portion of the infection remained.

Ah. Good call. Just started one right now with it fully updated. I'll post a log of it as soon as it finishes. For now, I got another exam I need to head off to you. I'll be back with good news soon....I hope.

1

Will look for that log, or your next post saying all was clean.
By the way, AFTER that scan and IF it is clean you should also Set a new and now clean System Restore Point:
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.

Edited by jholland1964: n/a

0

Will look for that log, or your next post saying all was clean.
By the way, AFTER that scan and IF it is clean you should also Set a new and now clean System Restore Point:
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.

Clean bill of health, and does that take up alot of space on the hard drive to do the system restore point? My money goes to books, not hard drive space.

0

Clean bill of health, and does that take up alot of space on the hard drive to do the system restore point? My money goes to books, not hard drive space.

The default level of System Restore is 12 to 15% of the hard drive I believe. No need for that much. As I said you don't want to go back much farther anyway than a couple days. I keep mine set at no more than 5%. Just open it the way I described, reset as instructed and then move that slider down to no more than 5%.
When you reset System Restore it cleans out all those old restore points and you start fresh. Takes maybe 30 seconds and you DO regain hard drive space.
I saw a DDS log today which obviously had the default System Restore size and it actually went back 4 months! There is no way any of those 4 month old restore points could be used.
Anytime you clean a computer like this you want to get rid of all those old restore points to be 100% all is clean. Remember the last item found on that MBA-M scan was IN system restore. So clear it out, reduce the size and start fresh.
Judy

0

The default level of System Restore is 12 to 15% of the hard drive I believe. No need for that much. As I said you don't want to go back much farther anyway than a couple days. I keep mine set at no more than 5%. Just open it the way I described, reset as instructed and then move that slider down to no more than 5%.
When you reset System Restore it cleans out all those old restore points and you start fresh. Takes maybe 30 seconds and you DO regain hard drive space.
I saw a DDS log today which obviously had the default System Restore size and it actually went back 4 months! There is no way any of those 4 month old restore points could be used.
Anytime you clean a computer like this you want to get rid of all those old restore points to be 100% all is clean. Remember the last item found on that MBA-M scan was IN system restore. So clear it out, reduce the size and start fresh.
Judy

! I have never messed with the system restore before. Seems it was left to max, which is 12 percent for it. And, if its possible for a somewhat average person to understand that log, mind if i see it? I'm having a little trouble beliving that you had one that went back 4 months.

0

! I have never messed with the system restore before. Seems it was left to max, which is 12 percent for it. And, if its possible for a somewhat average person to understand that log, mind if i see it? I'm having a little trouble beliving that you had one that went back 4 months.

You're saying I am lying? What reason would I have for lying to you?
If you want to read the log, and I am sorry I mis-read the dates on it, they go back to Feb. 3, 2010 so they go back three months, not four.
The pertinent log can be found attached to this thread;
http://www.daniweb.com/forums/thread281065.html
It is labeled DDS Attach1.txt
Since you feel I was lying to you, go ahead and download it.

The point I was making, regardless of whether the time is 3 months or 4 months, is one should NEVER use a restore point older than a couple DAYS.
System Restore is meant to restore from very RECENT changes like just day or two, not weeks. If you install a new driver for instance and that driver doesn't work correctly then System Restore may be able to restore the computer back to just before the time that driver was installed and revert back to older settings...not weeks back just a short time back.
System Restore actually operates only on a very few system files and settings. System Restore backs up your registry. System Restore does not backup your data. If you delete or damage a file, System Restore will not recover it. System Restore will NOT uninstall a program. In fact if you have installed a program and find you don't want it if you use System Restore it may leave you with much of the program but it just won't be listed in Add/Remove, making it much harder to uninstall. System Restore does not keep old copies of your files or settings. If you're looking for an "old version" of a file or program that you used to have on your machine, System Restore isn't going to have it. System Restore does not fix your system. So if your computer crashes and needs to be repaired System Restore will not repair it.

0

You're saying I am lying? What reason would I have for lying to you?
If you want to read the log, and I am sorry I mis-read the dates on it, they go back to Feb. 3, 2010 so they go back three months, not four.
The pertinent log can be found attached to this thread;
http://www.daniweb.com/forums/thread281065.html
It is labeled DDS Attach1.txt
Since you feel I was lying to you, go ahead and download it.

The point I was making, regardless of whether the time is 3 months or 4 months, is one should NEVER use a restore point older than a couple DAYS.
System Restore is meant to restore from very RECENT changes like just day or two, not weeks. If you install a new driver for instance and that driver doesn't work correctly then System Restore may be able to restore the computer back to just before the time that driver was installed and revert back to older settings...not weeks back just a short time back.
System Restore actually operates only on a very few system files and settings. System Restore backs up your registry. System Restore does not backup your data. If you delete or damage a file, System Restore will not recover it. System Restore will NOT uninstall a program. In fact if you have installed a program and find you don't want it if you use System Restore it may leave you with much of the program but it just won't be listed in Add/Remove, making it much harder to uninstall. System Restore does not keep old copies of your files or settings. If you're looking for an "old version" of a file or program that you used to have on your machine, System Restore isn't going to have it. System Restore does not fix your system. So if your computer crashes and needs to be repaired System Restore will not repair it.

I didn't think you were lieing, i just wanted to see the log for myself. Well, thank you very much for the help. I have saved a copy of all the posts on this thread for future reference just in case.

0

Good idea. One additional protection program you should add is this FREE program. SpywareBlaster.

From Javacool Software :

SpywareBlaster doesn't scan for and clean spyware--it prevents it from being installed in the first place. SpywareBlaster prevents the installation of ActiveX-based spyware, adware, dialers, browser hijackers, and other potentially unwanted programs. It can also block spyware/tracking cookies in IE, Mozilla Firefox, Netscape, and many other browsers, and restrict the actions of spyware/ad/tracking sites.

Just download, install, update, enable all protection and close the program. That's it. Doesn't run in the background but offers superb protection. Just manually check for updates every couple of weeks. When new ones are available, download, enable all protection and close the program. I have used this program for several years and truly would not run my computer without it.
Good Luck and Safe Surfing!
Judy

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.