spyware protect 2009 - ericshin

yeah its awesome everythings fixed. mbams working too.

thanks a ton.

*edit* i just did an avira scan and it found that rootkit virus thing. I saw the word quarantine when they were found so i'm assumming its nothing but just in case heres th log report



Avira AntiVir Personal
Report file date: Monday, 9 March 2009 16:28

Scanning for 1289201 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ANDREW-UX8YV5KH

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/17/2008 20:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/25/2008 19:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 00:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/25/2008 19:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 23:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 01:02:19
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 02:52:14
ANTIVIR3.VDF : 7.1.2.137 172032 Bytes 3/8/2009 02:55:14
Engineversion : 8.2.0.105
AEVDF.DLL : 8.1.1.0 106868 Bytes 3/1/2009 01:02:44
AESCRIPT.DLL : 8.1.1.57 356729 Bytes 3/6/2009 07:48:10
AESCN.DLL : 8.1.1.8 127346 Bytes 3/6/2009 07:48:08
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 01:58:38
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/5/2009 03:01:23
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 3/1/2009 01:02:36
AEHEUR.DLL : 8.1.0.104 1634679 Bytes 3/6/2009 07:48:06
AEHELP.DLL : 8.1.2.2 119158 Bytes 3/1/2009 01:02:29
AEGEN.DLL : 8.1.1.25 336243 Bytes 3/6/2009 07:48:01
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/13/2008 22:05:56
AECORE.DLL : 8.1.6.6 176501 Bytes 3/1/2009 01:02:26
AEBB.DLL : 8.1.0.3 53618 Bytes 10/13/2008 22:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/8/2008 20:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/15/2008 21:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 00:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/8/2008 23:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/11/2008 20:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 00:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 05:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 00:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 00:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 01:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 01:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: d:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Monday, 9 March 2009 16:28

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned
Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'devldr32.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'nTrayFw.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '58' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACbgejpxdq.dll.vir
[DETECTION] Contains recognition pattern of the RKIT/TDss.eyj.65 root kit
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACefavbrpn.dll.vir
[DETECTION] Contains recognition pattern of the RKIT/TDss.eyj.66 root kit
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACpmuyvtbp.dll.vir
[DETECTION] Is the TR/PCK.Tdss.F.135 Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwtnkrobo.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_UACppjwswur_.sys.zip
[0] Archive type: ZIP
--> UACppjwswur.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{DFAC1D38-F60A-49EE-A8BD-012BC55B399C}\RP64\A0017031.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{DFAC1D38-F60A-49EE-A8BD-012BC55B399C}\RP64\A0017032.dll
[DETECTION] Contains recognition pattern of the RKIT/TDss.eyj.66 root kit
[NOTE] The file was deleted!
C:\System Volume Information\_restore{DFAC1D38-F60A-49EE-A8BD-012BC55B399C}\RP64\A0017033.dll
[DETECTION] Contains recognition pattern of the RKIT/TDss.eyj.65 root kit
[NOTE] The file was deleted!
C:\System Volume Information\_restore{DFAC1D38-F60A-49EE-A8BD-012BC55B399C}\RP64\A0017034.dll
[DETECTION] Is the TR/PCK.Tdss.F.135 Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd9053.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'


End of the scan: Monday, 9 March 2009 16:55
Used time: 27:18 Minute(s)

The scan has been done completely.

4151 Scanning directories
193215 Files were scanned
9 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
9 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
193202 Files not concerned
1159 Archives were scanned
4 Warnings
9 Notes

All it found was system restore points and Combofix's quarantine.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

ok done a billion thanks. you are god

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

ok will do that