Is my computer clean?

wilmajean · Mar 15, 2010

I previously has AVG free installed on my computer and a couple of weeks ago it kept popping up with a trojan warning. I kept getting diverted to strange sites from my google search results. I cleaned my computer using Spy bot, adaware and malaware which seemed to work. Then came along antivirus 2010 which was a pest so I cleaned again. However AVG kept finding new trojans, so I found this site and have followed the READ ME post.
I have attached the logs and hope you can tell if I have to do anything further.

Thanks,
Wilma

wilmajean · Mar 15, 2010

Further logs: Is my computer clean?

Further 2 logs.

Any help would be great.

Wilma

Kestrel13! · Mar 16, 2010

1. What can you tell me about the below files?

c:\program files\Uninstall Spy Blocker.dll
c:\windows\system32\B10C63D0F9.dll
Click to expand...

2. Now we need to use ComboFix

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!

If it is not on your Desktop, the below will not work.

Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.

If ComboFix tells you it needs to update to a new version, make sure you allow it to update.

Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
Code:
KILLALL::

Driver::
cesfcd8 
dft4b73 
egec7f9 
fhb5fb0 
jlf661b  
jlk77bb  
kmgfa37  
mti09f7  
prlecac 
ren292c 
sao0828 
tap1a85 

FileLook::
c:\program files\Uninstall Spy Blocker.dll
c:\windows\system32\B10C63D0F9.dll

File::
c:\windows\system32\drivers\cesfcd8.sys 
c:\windows\system32\drivers\dft4b73.sys 
c:\windows\system32\drivers\egec7f9.sys 
c:\windows\system32\drivers\fhb5fb0.sys 
c:\windows\system32\drivers\jlf661b.sys
c:\windows\system32\drivers\jlk77bb.sys
c:\windows\system32\drivers\kmgfa37.sys
c:\windows\system32\drivers\mti09f7.sys
c:\windows\system32\drivers\prlecac.sys 
c:\windows\system32\drivers\ren292c.sys 
c:\windows\system32\drivers\sao0828.sys 
c:\windows\system32\drivers\tap1a85.sys 

c:\documents and settings\Wilma\Local Settings\Application Data\prvlcl.dat
c:\documents and settings\MAIRI~1\Local Settings\Application Data\prvlcl.dat
c:\documents and settings\Kids\Local Settings\Application Data\prvlcl.dat
c:\windows\system32\stu2.exe

Folder::
c:\documents and settings\All Users\Application Data\avg9
c:\documents and settings\Wilma\Application Data\AVG8
c:\documents and settings\All Users\Application Data\Viewpoint

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI02.01.01.01PRO"="BD23D3534F0F07D480634ADE24E7D1F3A63E31AB8B5020BB58C6AA328224EAA1F77095C44595745A0CD126C3B9E2282833CA92996EDCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E6678EDD5E5BE2F6E667A6171C11EC38DE3DC5A584F69A96A9D66554DA301AF9ABD157241632E64DE56A38A54E50B75F1AB8932EA4CEBD941FABC52A3D015768DD8B73C9C2AEC236E1CD82FA7CDAEE64F13837ACF84853CB455A4EE93F58D8FB404D35459839D74EBE49C88B686020BF7A0C2BD18DD714A96F0DA0CADC5AD2BAE4FB8A6FA841F34C73A061F751BDD000A8754DA474E95F34339F45569A201DBC23B3C277052C8800B5CB8433FDC5AB473667E07C45DC3A00EA25266A7F34B4AE964313E046D3A94802F55004B53EFECB9F8C0C051683483A35E21538951737509EAB13028884119A197EC508C4613BD7263FD840882657A072D2C3C66B3EE9F45DA440846AFE1A820079CAADFCDD7648CE11B503BA7ED408CA22496D928FB5873B19FAE80FF8C71B7C2D293A32D36C1163C575F4D43C52D627B1A25C23E82401E1A58502A09BBD971D950DC33DDA783871D74F157F810A09B618AD14381867F2429E0BF3C782C4BA306308B77AFC1FD7C8715B32E7E6542D6B1E2F6B6EE251838D89963DB6BFCADFCAF811544BB6849DFEF39A71C0F531E57AC04D8AEA01DBE8BCA198AA9FD85FF2C4ED7F2E14FBF1CD6DF4ECCCBFAF43EBDEB214F0D19EA1EF8A55E55EB9463876BA8E922C3DB1573CB1BB1B8F1D0551895659F26FCFDB6278F4C636CF42F52EFE0DD9EA0CB3B24554AB45CCDB185D469FE3CDBC2C924B0377C0CBA64A7847BDB55E828CDCE74C7294024293A4F014319FCB5EA9A0CC778A75F3F038EC9E10885818F063014E40380F1D9660B3EEF8C4111A8AD51A365AA50D5A734D29FC19D238E5413B31DFC414E82A5B09A6DA4ED88F1D0A3E3C876423710245AF46E020853AB843C5799905A85E995CC76D02CB664B6546477A8179F7E33F8E8CDE9755AE57C4781938FA1EBB3CA29BBCCCB51A8D8549DA3A206472BB3EA9A8F162F6DD7D1D00992D2489A2B6E5BB4CE8DCCDDA9297E31BBFCA799A2BEC9A225693D4D3C8ADA992E042CE18285125D7348BA021596B938C69EB09B2246E323E11098D43073D408274EED5F7C2885D5AE6990FF16F817967A9C8636EAB5AD3F25FAC80AC5716073C0E5B30B05AA92A24309BF7C9816B7C9AD6FC5A756AD5A66A61BE9286F9938848B60AF1256AE61539A2F9C3176452C647AE74C4E4AA1E95841BD0A939522A8E625D53342A8F07EBD3B4725A3E8EEFC5C1CE71FDCA5E84CFD2F44AB221EBDBAB79D0E1138A8D64BEDEC19329141A94AB95BB8AE3AC966C491BBA659C90F1C2B0B04736"
Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe

At this point, you MUST EXIT ALL BROWSERS NOW before continuing!

You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.

Now use your mouse to drag CFscript.txt on top of ComboFix.exe

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Follow the prompts.

When it finishes, a log will be produced named c:\combofix.txt

I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

3. Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Combofix.

4. Let us know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Log in or Sign up

Is my computer clean?

wilmajean Private E-2

Attached Files:

SUPERAntiSpyware Scan Log - 03-11-2010 - 13-30-57.log

mbam-log-2010-03-15 (12-37-23).txt

ComboFix.txt

wilmajean Private E-2

Attached Files:

RootReport15.03.10.txt

MGlogs.zip

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member