DeeMee

Members
  • Content count

    24
  • Joined

  • Last visited

About DeeMee

  • Rank
    New Member
  1. Very Cool Link and well organized website. I will pass it along to any newbies that wants to know how to be safe on the web. Thanks a lot for all your help. :)
  2. Thanks a lot for your help. I learn a lot from working with you guys. I hope to donate something in the future and will certainly consider becoming a paying customer. However, most of the people that I work with are underprivileged therefore it is difficult to justify the cost. It is getting to the point that i may have to.or consider a Linux distro. I will make a decision before the fall on which path we will follow. Best regards,
  3. Thanks, I will give it a try although I am aware of most of the tools listed by the link. Do you think that the unit is clean?
  4. Ok, lets try this again, because I do not wake up before 10:00 am. There is a typo in the last sentence. It should have been written: "However, XP loads slower than 7, therefore as long as you do not think that it is a malware related issue, her unit is running great.
  5. There is a typo the last sentence should read: "However, XP loads slower than 7, therefore as long as you do not think that it is not a malware related issue then this will be fine.
  6. It is working fine. I have run additional online scans and have not picked up anything. It does take a little time to load after logging in, approxiamately 4-5 minutes on completion, but once it loads it runs fine. I can use it before that--towards the back end--but it is more stable if I wait until it completes loading and before I click on say, IE. Unfortunately, I can't gage loading since I upgraded the RAM substantially and didn't find out about the Trojan until after upgrading. However, XP loads lower than 7, therefore as long as you do not think that it is not a malware related issue then this will be fine.
  7. There was no a Detected Threads report. Scan was clean. Automatic Scan: completed 7 minutes ago (events: 156246, objects: 156851, time: 01:37:05) 7/26/2012 6:40:00 PM Task completed Scan was 17 MB. I could not attach and upload. If you like I can cut and paste the whole thing.
  8. Here you go: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=cc160596c40aed4c8c5cd4898bf2a11a # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-26 01:32:19 # local_time=2012-07-26 08:32:19 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 2119597 2119597 0 0 # compatibility_mode=3073 16777213 80 71 2146087 18796316 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=37604 # found=0 # cleaned=0 # scan_time=2262
  9. Hello, I received an alert from Superantispyware that there was a keygen.exe that needed to be deleted from my machine. This was received after I ran Malwarebytes. My mother has had this machine approximately two weeks. We bought is as an extra machine for others in the residence. The nonprofit that sold the computer to us assured us that the unit had been reformatted and loaded with a copy of WinXP Pro. I rather doubt that since I've found too many other things on the computer like copies of IObit etc. In any case your help in making sure that this unit is clean would be greatly appreciated Here is a Malwarbytes scan and a DDS scan: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.25.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 David :: DELL-64BFA9CE46 [administrator] 7/25/2012 6:01:54 PM mbam-log-2012-07-25 (18-01-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 252629 Time elapsed: 12 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ================================================================================ . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.0 Run by David at 18:20:12 on 2012-07-25 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.572 [GMT -5:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: COMODO Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Macrium\Reflect\ReflectService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Opera\opera.exe C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342722022734 DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab TCP: Interfaces\{47873C58-5B33-4269-885E-095D8D281F5D} : NameServer = 208.67.222.222,208.67.220.220 Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxsrvc.dll AppInit_DLLs: c:\windows\system32\guard32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\david\application data\mozilla\firefox\profiles\2yhhxs5l.default\ FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\windows\npMSDM.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2012-6-12 16064] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-12 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-12 353688] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 494968] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 31704] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-12 21256] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-12 44808] R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-6-30 1983232] R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2012-6-12 224960] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-19 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-21 250056] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-19 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-19 113120] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-07-25 18:55:18 -------- d-----w- c:\documents and settings\david\application data\SUPERAntiSpyware.com 2012-07-25 18:54:42 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-07-25 18:54:42 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com 2012-07-25 18:40:49 -------- d-----w- c:\documents and settings\david\application data\ElevatedDiagnostics 2012-07-19 22:03:24 -------- d-----w- c:\documents and settings\all users\application data\WEBREG 2012-07-19 21:59:12 278016 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll 2012-07-19 21:59:12 117760 ----a-w- c:\windows\system32\hpzll5mu.dll 2012-07-19 21:47:40 -------- d-----w- c:\program files\Yahoo! 2012-07-19 21:43:54 -------- d-----w- c:\program files\common files\HP 2012-07-19 21:43:22 271704 ----a-w- c:\windows\system32\hpzids01.dll 2012-07-19 21:43:11 -------- d-----w- c:\program files\HP 2012-07-19 21:26:36 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2012-07-19 21:26:36 21504 ----a-w- c:\windows\system32\hidserv.dll 2012-07-19 21:23:32 21504 ----a-w- c:\windows\system32\SET7.tmp 2012-07-19 21:23:26 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2012-07-19 21:23:10 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2012-07-19 21:23:10 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2012-07-19 21:23:02 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2012-07-19 21:23:02 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2012-07-19 19:45:53 -------- d-----w- c:\program files\WOT 2012-07-19 15:51:30 1611 ----a-w- c:\windows\system32\drivers\etc\mvps.bat . ==================== Find3M ==================== . 2012-07-19 01:59:38 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-07-12 17:54:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-12 17:54:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr 2012-06-21 08:12:27 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-12 16:19:20 12992 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys 2012-06-12 16:19:08 16064 ----a-w- c:\windows\system32\drivers\pssnap.sys 2012-06-12 16:19:02 53952 ----a-w- c:\windows\system32\drivers\psmounter.sys 2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec 2012-05-05 00:29:22 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-05-05 00:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 18:23:24.79 ===============
  10. Thanks a lot Chris. I appreciate all your help and others who donate their time here. Best of luck with school.
  11. Hi, TFC run, completed & system restarted. Combofix uninstalled Security Check deleted and system rebooted. Firefox upgraded-although I already had it set to automatically upgrade, it had not upgraded since 11.X. That's a little strange...I think. System runs fine with no apparant issues.
  12. Thanks. I will be over my mother's house until tomorrow 7:00 CST. Here is the information that you requested: Ran TFC. I was unable to find the file for ESET. It was not at the file path that was displayed by your directions and others directions on the web. I ran it twice, search for it via Windows search and there is not such a file. In addition I thought that possibly it was hidden. No luck. Would I have to turn off both my firewall and Avast in order to receive such a file? In any case, it completed and was clean. Here is a copy of security check: Results of screen317's Security Check version 0.99.43 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! avast! Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` WinPatrol MVPS Hosts File SpywareBlaster 4.6 Spybot - Search & Destroy SUPERAntiSpyware Malwarebytes Anti-Malware version 1.62.0.1300 CCleaner Java™ 7 Update 5 Adobe Flash Player 11.3.300.265 Mozilla Firefox 11.0 Firefox out of Date! Google Chrome 20.0.1132.47 Google Chrome 20.0.1132.57 ````````Process Check: objlist.exe by Laurent```````` WinPatrol winpatrol.exe Spybot Teatimer.exe is disabled! Comodo Firewall cmdagent.exe Comodo Firewall cfp.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe BillP Studios WinPatrol WinPatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log`````````````````````` That's interesting. I did not install MVPS Host file Thanks. PIC OF ESEST SCAN.rtf
  13. Well said. I thought I was the only one with this issue. However, I use Filehippo for most of my downloading and would recommend it to others as well.
  14. Yeah maybe bumping does that but you should have contacted me via PM regarding this. I PMed you and didn't get a response. I told you that my mother lived quite a distance away. If you have more clients than you can handle, then let's get someone that can handle your overload. I will not be going over my mother's house until Wednesday at the earliest. Therefore, we will be moving towards two weeks into cleaning a system that may have only taken a week. Sure we are happy and thankful that you guys are there for us but you could have told me the deal instead of me waiting and spending the night over my mother's house for two days hoping for a response from you for the next step. Since, you haven't followed my requests, I will need to have someone that may. If that means that I may not be able to use the forum then so be it. All you had to do was to tell me you had a backlog. That's it. I was more than considerate explaining the total situation to you. My mother uses this computer for work. She has a right to be frustrated if I do not have a clue as to the time it will take for resolution because the person who is supposed to be helping me can't even send me a PM or post it on the site. BTW, my internet is down. I'm using a hotspot to send this. Therefore, my access will be spotty at best this week.