WiredWX Hobby Weather ToolsLog in

 


XP Security Virus

2 posters

descriptionXP Security Virus - Page 2 EmptyRe: XP Security Virus

more_horiz
Allow it.

Uninstall AVG if needed.

descriptionXP Security Virus - Page 2 EmptyRe: XP Security Virus

more_horiz
ComboFix 12-01-02.01 - HP_Administrator 01/02/2012 15:19:02.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1471 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\belahzuer.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator.121GW\WINDOWS
c:\documents and settings\HP_Administrator\Application Data\HPSU_48BitScanUpdate.log
c:\documents and settings\HP_Administrator\Desktop\Setup.exe
c:\documents and settings\HP_Administrator\WINDOWS
c:\windows\$NtUninstallKB62280$
c:\windows\$NtUninstallKB62280$\313133515
c:\windows\alcrmv.exe
c:\windows\bwUnin-6.1.4.68-8876480L.exe
c:\windows\dasetup.log
c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ps2.bat
K:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.redbook
.
.
((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))
.
.
2011-12-15 23:18 . 2011-12-15 23:18 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG2012
2011-12-15 23:06 . 2012-01-02 13:32 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-15 23:06 . 2011-12-15 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-12-15 22:53 . 2012-01-02 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-12-11 23:52 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-12-11 23:52 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\dllcache\redbook.sys
2011-12-10 19:13 . 2011-12-10 19:13 -------- d-----w- c:\windows\system32\LogFiles
2011-12-08 23:01 . 2011-12-08 23:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Boilsoft
2011-12-08 23:01 . 2011-12-08 23:01 -------- d-----w- c:\program files\Boilsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 21:38 . 2011-10-11 21:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2004-08-10 19:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-10 17:39 . 2009-08-07 04:33 350720 ----a-w- c:\program files\hjsplit.exe
2007-08-16 16:22 . 2007-10-31 00:08 2494367 ----a-w- c:\program files\Wimpy FLV Player.exe
2006-12-16 16:29 . 2008-07-16 01:58 483328 ----a-w- c:\program files\HDVSplit.exe
2004-07-18 07:31 . 2005-12-17 06:10 1009664 ----a-w- c:\program files\imageGrab30en.exe
2003-10-11 19:36 . 2006-04-07 22:52 1093632 ----a-w- c:\program files\IfoEdit.exe
2011-11-21 01:46 . 2011-04-09 17:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"MusicManager"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe" [2011-11-30 13223936]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-11 59392]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-02-21 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-3-14 450560]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Theme Studio 5.0\\_jvm\\bin\\javaw.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Theme Studio 5.0\\_jvm\\bin\\java.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Smartphone Simulators 5.0.0\\5.0.0.296 (9700-ATT)\\fledge.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Airfoil\\Airfoil.exe"=
"c:\\Program Files\\Airfoil\\AirfoilSpeakers.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"46042:TCP"= 46042:TCP:skype
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3194823337-1542147629-3601429794-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-03 17:29]
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3194823337-1542147629-3601429794-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-03 17:29]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Settings,ProxyServer = 223.255.165.37:8080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jmowqkwg.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.http - 89.249.211.44
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-02 15:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\dllhost.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\eHome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\hp\KBD\KBD.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-01-02 20:56:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-03 01:56
ComboFix2.txt 2010-05-03 23:16
.
Pre-Run: 29,938,851,840 bytes free
Post-Run: 32,309,248,000 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - DC00CE62E0563909C75A598885BF15A2

descriptionXP Security Virus - Page 2 EmptyRe: XP Security Virus

more_horiz
Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionXP Security Virus - Page 2 EmptyRe: XP Security Virus

more_horiz
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1716111162d12843ae46fb5ba80d860f
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-12 12:32:22
# local_time=2011-12-11 07:32:22 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 56856616 56856616 0 0
# compatibility_mode=8192 67108863 100 0 49913242 49913242 0 0
# scanned=140170
# found=3
# cleaned=3
# scan_time=8623
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fmw.exe Win32/Adware.XPAntiSpyware.AC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HP_Administrator\Local Settings\temp\0.7994031623648437.exe Win32/Adware.XPAntiSpyware.AC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HP_Administrator\Local Settings\temp\ICReinstall\FLVConverterSetup.exe a variant of Win32/SweetIM.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1716111162d12843ae46fb5ba80d860f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-07 04:25:00
# local_time=2012-01-07 11:25:00 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777191 100 0 1874408 1874408 0 0
# compatibility_mode=8192 67108863 100 0 52218871 52218871 0 0
# scanned=242948
# found=0
# cleaned=0
# scan_time=6550

descriptionXP Security Virus - Page 2 EmptyRe: XP Security Virus

more_horiz
Congratulations!! Your PC is all clean! ;D

To uninstall ComboFix



  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall


XP Security Virus - Page 2 Combofix_uninstall_image

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)



  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

=========



Please run OTL.exe.


  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Commands
    [emptytemp]
    [emptyflash]
    [clearallrestorepoints]
    [reboot]

    Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe


If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

======

Remove OTL:

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.


  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.


Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
=======

Download [URL="http://screen317.changelog.fr/SecurityCheck.exe"]Security Check[/URL] by screen317 and save it to your Desktop.

  • Double-click Security Check.exe to start the application
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Note: if a security program requests permission from dig.exe to access the Internet, allow it to do so.
=======

There are many things you can do to keep this from happening again. You can think of a computer like a car. It requires basic maintenance to keep in tip top shape and ready to go. Would you drive your car 100,000 miles without changing the oil? The same principle applies here.

For some helpful tips regarding why you were infected in the first place, what you can do to keep this from happening again, and routine basic maintenance you should be performing on your PC to keep it running, you may wish to review the following threads:

[URL="http://www.pchelpforum.com/fixed-hijackthis-logs/64964-so-you-want-prevent-happening.html"]So, you want to keep this from happening again?[/URL]
[URL="http://www.pchelpforum.com/fixed-hijackthis-logs/57400-how-did-i-get-infected.html"]How Did I Get Infected?[/URL]
[URL="http://www.pchelpforum.com/fixed-hijackthis-logs/59327-now-you-all-clean-afterwork.html"]XP Security Virus - Page 2 Pchf_afterwork[/URL]

In your next reply:

Please confirm removal of the tools
Post the SecurityCheck log

descriptionXP Security Virus - Page 2 EmptyRe: XP Security Virus

more_horiz
All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Temp folder emptied: 66003190 bytes
->Temporary Internet Files folder emptied: 1175180062 bytes
->Java cache emptied: 99308 bytes
->FireFox cache emptied: 124264033 bytes
->Google Chrome cache emptied: 276523179 bytes
->Flash cache emptied: 85272 bytes

User: HP_Administrator.121GW
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_ADM~1~121

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1301833 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 29505718 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 411631795 bytes

Total Files Cleaned = 1,988.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Flash cache emptied: 0 bytes

User: HP_Administrator.121GW
->Flash cache emptied: 0 bytes

User: HP_ADM~1~121

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 02202012_075521

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

descriptionXP Security Virus - Page 2 EmptyRe: XP Security Virus

more_horiz
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG 2012
ESET Online Scanner v3
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgrsx.exe
``````````End of Log````````````

descriptionXP Security Virus - Page 2 EmptyRe: XP Security Virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum