WiredWX Hobby Weather ToolsLog in

 


Admin Virus

2 posters

descriptionSolvedRe: Admin Virus

more_horiz
Purge old temporary files

Download CCleaner Slim and save it to your Desktop - [URL='http://www.majorgeeks.com/CCleaner_Slim_No_Toolbar_d4191.html']Alternate download link[/URL]

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:


  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death

descriptionSolvedRe: Admin Virus

more_horiz
Should I uncheck programs that I do not want deleted? For example I have Office loaded on the machine but no original discs or product keys to load it back on the machine if it gets deleted permanently.

descriptionSolvedRe: Admin Virus

more_horiz
If you're in the Cleaner tab, then no programs will be deleted whatsoever. CCleaner does not delete programs without your permission. However, it chooses to clean up temporary files saved by Microsoft Office, among other products, to help boost the speed of your computer and programs overall. Smile...

Only in the Tools tab do you have the ability to remove programs, and you have to be the one to activate it.

descriptionSolvedRe: Admin Virus

more_horiz
Alright, thank you for clearing that up for me. However, even after running CCleaner, both problems still exist.

descriptionSolvedRe: Admin Virus

more_horiz
Please try the Kaspersky Virus Removal Tool noted here: http://www.GeekPolice.net/t29097p15-admin-virus#202393

descriptionSolvedRe: Admin Virus

more_horiz
Sorry, but the same thing still happens. That page never loads, no download ever pops up, ect. It eventually times out. Even when I tried to download it from third party sites like softpedia it just times out.

descriptionSolvedRe: Admin Virus

more_horiz
Run Dr. Web CureIt, and post log please: http://www.freedrweb.com/cureit/

descriptionSolvedRe: Admin Virus

more_horiz
Page times out upon clicking the download link. Some good news: no more redirection when searching in the omnibox. Just changed the default in settings on Chrome and so far so good.

descriptionSolvedRe: Admin Virus

more_horiz
What other user accounts do you have? Can you use a different account temporarily to try to get it to download?

descriptionSolvedRe: Admin Virus

more_horiz
Created a new account with admin privileges, but it still times out when clicking the free download button on Dr.Web site.

descriptionSolvedRe: Admin Virus

more_horiz
Let's do some final scans...


Delete old copy of ComboFix,

download and run new copy, http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Post new log.

descriptionSolvedRe: Admin Virus

more_horiz
ComboFix 12-10-04.02 - owner 10/06/2012 14:44:28.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.494 [GMT -4:00]
Running from: c:\documents and settings\owner\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ABP470N5
-------\Service_abp470n5
.
.
((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))
.
.
2012-10-05 18:06 . 2012-10-05 18:06 -------- d-----w- c:\documents and settings\J
2012-10-02 23:32 . 2012-10-02 23:32 -------- d-----w- c:\program files\CCleaner
2012-09-16 14:52 . 2012-09-16 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2012-09-06 19:06 . 2012-09-06 19:06 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 21:04 . 2012-02-12 16:42 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:14 . 2008-04-14 04:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-04-14 04:41 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-04-14 04:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-13 23:07 385024 ------w- c:\windows\system32\html.iec
2004-10-01 19:00 . 2011-10-18 02:56 110592 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17420464]
"PowerBar"="c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 159744]
"chromium"="c:\documents and settings\owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012-09-25 1239064]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 110592]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 225280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 229376]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 196608]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\Documents and Settings\\owner\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=
"c:\\WINDOWS\\system32\\SNDVOL32.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=
"c:\\Documents and Settings\\owner\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"c:\\WINDOWS\\system32\\calc.exe"=
"c:\\PROGRA~1\\MICROS~2\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe"=
"c:\\Program Files\\AVG\\AVG PC Tuneup\\BoostSpeed.exe"=
"c:\\Program Files\\CyberLink DVD Solution\\Multimedia Launcher\\PowerBar.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Documents and Settings\\owner\\Desktop\\Fix This Computer\\adwcleaner.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\SyncServer.exe"=
"c:\\DOCUME~1\\owner\\LOCALS~1\\Temp\\winkpgr.exe"=
"c:\\DOCUME~1\\owner\\LOCALS~1\\Temp\\winwuvm.exe"=
.
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [7/8/2010 3:09 PM 606056]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 2:14 PM 160944]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ABP470N5
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-10-06 c:\windows\Tasks\AVG PC Tuneup Integrator Start On owner Logon.job
- c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe [2012-02-28 22:20]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1004336348-1606980848-1003Core.job
- c:\documents and settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-29 20:17]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1004336348-1606980848-1003UA.job
- c:\documents and settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-29 20:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-06 14:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2832)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\WgaTray.exe
c:\program files\iPod\bin\iPodService.exe
c:\docume~1\owner\LOCALS~1\Temp\winkpgr.exe
c:\docume~1\owner\LOCALS~1\Temp\winwuvm.exe
.
**************************************************************************
.
Completion time: 2012-10-06 14:59:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-06 18:59
ComboFix2.txt 2012-09-16 00:47
ComboFix3.txt 2012-09-15 20:23
.
Pre-Run: 25,525,874,688 bytes free
Post-Run: 25,397,964,800 bytes free
.
- - End Of File - - 07B25C115F8CD68CC3208FDE17C23560

descriptionSolvedRe: Admin Virus

more_horiz
Purge old temporary files

Download CCleaner Slim and save it to your Desktop - [URL='http://www.majorgeeks.com/CCleaner_Slim_No_Toolbar_d4191.html']Alternate download link[/URL]

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or [URL='http://screen317.changelog.fr/SecurityCheck.exe']Changelog.fr[/URL].

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Let me know of any more issues after CCleaner being run...

descriptionSolvedRe: Admin Virus

more_horiz
Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86 (UAC is disabled!)
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Please wait while WMIC is being installed.
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
AVG PC Tuneup
CCleaner
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

descriptionSolvedRe: Admin Virus

more_horiz
Still says that the task manager has been disabled by your administrator.

descriptionSolvedRe: Admin Virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum