Help with logs please? New user. Thanks

Hi

Here are my cf and SAS logs...

 

....and the other two logs. Will appreciate any help. Many thanks

Andy

 

Sorry to be a nuisance...bear with me! I've been advised to install Zone Alarm firewall and turn off the Windows one, which I've done. Is this ok?

A

 

Hi JADSTERSDAD!
Welcome to Major Geeks!

Yes, this is okay. (the firewall)

Please do the following:

Go to add/remove programs and uninstall Viewpoint Media Player.

Then if you don't use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

Install the current version of Sun Java from: Sun Java Runtime Environment

Then please do the following:

Now we need to use ComboFix to remove a malware file.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

Driver::
qlxajfcg6

File::
C:\WINDOWS\System32\rswkufdk6.exe 

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note: Do not mouseclick combofix's window while it is running. That may cause it to stall.


Please attach the combofix log with your next post.
Let me know how this goes?

abri

 

Hi abri

Have attached the new log. All seemed to go ok.

Viewpoint didn't seem to be present in the add/remove progs.

In the disable Windows messenger box, after clicking 'Apply', nothing seemed to happen. Just clicked 'exit'. Perhaps it did the job without confirming this, yes?

Installed the Sun Java. What does this do?

ongoing thanks

Andy

 

Hi JADSTERSDAD,

The files I had you remove are gone. I will post the final cleanup instructions for you, but I'm curious if you had specific malware symptoms which made you suspect malware? Is your computer working better now?

abri

 

Thanks again! All seems to have gone well. I take it I had to do nothing between disabling and enabling system restore (apart from rebooting). I'm curious why many sites speak of booting into safe mode to do this kind of stuff. I'm assuming that's not necessary, then.

Regarding why I'm here, the pc was booting slowly and closing down slowly. I also ran Adaware regularly and it was coming up with a lot of stuff. Also Registry Patrol came up with a lot of errors. Finally, a couple of months back, my AOL e mail and Paypal accounts were also hacked and the passwords changed. Strangely, nothing was missing and no money was attemptedly taken. Perhaps I caught them in time!

It's good to get into this stuff, anyway. All the best!

Andy

 

Hi JADSTERDAD,

Thank you. I hope this took care of some of the slowness you were experiencing. If not, you may want to post a thread in the Hardware or Software Forums. In Safe Mode less programs are loaded. This answer doesn't really answer your question though, so I'll try to get you a better one.

abri

 

Hi again abri

Just wondered if you could take a look at this file for me. It's the latest of several runs of Identity Patrol and these usual suspects always remain AFTER cleaning. Basically I just need to know if I should be worried about any of them.

The file is two screenshots (too wide for the info to get into one) of the resulting log.

Cheers for now

Andy

 

Hi JASTERDAD,

Identity Patrol is giving you a lot of false positives. It's a problem among anti-malware programs, that they identify each other as suspicious items. In some cases, you can "allow" items, like Tribal Fusion or Superantispyware or ZoneLabs. If you go to How to Protect Yourself from Malware you'll see the recommendations of this site for a set of software which offers you the best protection for the least amount of resources and there are many combinations which offer protection for free. Identity Patrol itself must know that ZoneLabs and SuperAntiSpyware are reputable companies, so it's their choice to list them as suspicious and that is something they can change. It's not a good business practice to do that.

abri

 

Hey, thanks again for that. I see the problem now.

Still wondering about those items at the bottom, though.

Nicespy

iSpyKiller

GuardianMonitor and

ActivityMonitor

Should I worry? Or are these more false positives?

A

 

Hi JASTERSDAD,

In your add/remove programs you have an uninstall for Identity Patrol v2.0. If you put this into Google with quotation marks, it's not coming up with the kind of entries I would expect for something legitimate. Identity Defender is, as far as I can make out, part of Identity Patrol. The main entries which come up with information about it, are those trying to sell it. One kind of rogue spyware is the type which gives you a lot of false positives. A slightly worse variation on this is the type which actually puts bad things on your computer and then requires that you pay them to have them taken back off again. Since this one comes with an uninstall program, I would go to add/remove programs and uninstall it. I would like to believe it's just giving you false positives and hasn't actually put anything bad onto your computer. To give yourself some assurance, you can go to the Alternate Scans download and run the trial version of Counterspy. Be sure it fixes anything if it finds anything. Then attach the log from that here.

abri

 

I'm very grateful for your continuing support, A

Here is the log (as a screenshot, I'm afraid...hurried).

catch you when you've time.

A

 

Hi JASTERDAD,

That was worth the effort. I would like for you to run two more scans, BitDefender, an online scan and GMER, a rootkit scan. For the instructions, please go to the following links:
Running BitDefender Online Scan and Running GMER to detect rootkits
You'll find the complete instructions for each in those threads. Please read them carefully so you know how to get a log we can use when you get done.

abri

 

Mission accomplished!

 

Hi Jastersdad,

Some of what was picked up in the scan were infected restore points. I checked your original logs again and MalWareBytes quarantined and deleted what it found, but I'm not sure what SuperAntiSpyware did. Please run SAS again to make sure those items are gone. Your log will show no detections if they were taken care of the first time.

Please go to add/remove programs and uninstall Counterspy.

Then go back to Alternate Scans and download and run the trial version of aSquared Free Edition and let me know if that finds anything. If you get a lot, please attach it.

Thanks.
abri

 

Hello again abri

I ran SAS again. Seems last time the items were quarantined, not removed. There were less results this time (37 adware cookies). I removed both sets from quarantine, but attach a screenshot here. Likewise, there were quarantined items in a2 and I deleted them. Ran it again and only 3 items turned up. Log attached. Seems like we're getting there.

Getting real confused about what programs should remain on the pc and what I should delete, though. To the best of my knowledge, what is currently on are:

AVG antivirus
ZoneAlarm free firewall
SuperAntiSpyware
Registry Patrol
a squared free
Spybot
Adaware
Spywareblaster
Comodo
CCleaner
Malwarebytes

What do you think I should keep?

Thanks (again) for the help

Andy

 

Logs.......sorry!

 

Hi Jastersdad,

Tracking cookies are not a problem. Your logs look good. Of the software you listed:

AVG antivirus - keep as long as you don't have problems. If you have problems, try Avast or Antivir.
ZoneAlarm free firewall - keep
SuperAntiSpyware - uninstall
Registry Patrol - uninstall
a squared free - uninstall
Spybot - keep (be sure the immunize feature has been clicked on)
Adaware - uninstall
Spywareblaster - check it for updates, make sure they're applied and let it happily run in the background
Comodo - uninstall
CCleaner - keep - use often (everytime you close down your browsers)
Malwarebytes - your choice

abri

 

You're a star! Cheers again.

A

 

You're welcome!
Happy surfing!