« previous next »
Pages: [1] 2   Go Down

Author Topic: fake system warning virus got me, help please  (Read 1034 times)

0 Members and 1 Guest are viewing this topic.

Offline buyorsell888

  • Newbie
  • *
  • Posts: 11
fake system warning virus got me, help please
« on: September 13, 2011, 05:06:36 PM »
I posted on the Garden Web Computer Help forum last night and was advised this morning to come here. I did everything wrong by coming here and lurking and doing stuff without supervision last night after finding threads there advising others to come here.

So, here is what happened:
As I was surfing this evening Firefox got stuck, I don't even remember what exactly I was doing at the time. Might have been downloading a photo from Facebook. I tried to close it, it was non responsive then a warning popped up from near the clock saying hard drive error and I could tell it was fake, but, I made the mistake of clicking on it to close it and it apparently installed itself. I tried to shut down the computer properly but it wouldn't work so I pushed the button. control alt delete gave me a fake error message that I was denied the task manager by admin. I am the only user of this computer.

I got on my Netbook and did some research, I booted it back up and tried to go to Safe Mode but it would not boot into Safe Mode. My desktop and start menu was all wrong. My start menu is missing all my programs for example. Desktop was blue, quick launch toolbar was empty, I looked in My Computer and under Program files was able to start Malwarebytes. I ran a full scan which took over an hour and it found several trojans or just one with different names. I removed everything and restarted my computer.  I had not read your instructions at that point, I was going on my own. I did not look for anything that said system restore I checked everything it found and removed it.

During the scan by Malwarebytes windows popped up repeatedly saying hard drive error, memory error and Zone Alarm kept popping up with a long named/numbered program wanting to connect to the Internet which I denied. I did write it down if that is needed.

Upon restart my desktop and start menu still are wrong they are blank. Webshots won't work, my programs are all gone from the menu. My Documents is grayed out when I look at My Computer and when I click on it, it is empty.

I ran a Quick Scan by Malwarebytes and found nothing this time.
I ran Super Anti Spyware which found a tracking cookie and nothing more.
I ran CCleaner too.

I tried to use System Restore but it would not restore, said there had been no changes.
I tried yesterday's date and last week's.

Then I found your forum and read someone else's thread with a very similar problem. I had been at my computer for five hours and I missed warnings not to do this.

I downloaded and ran Unhide and got some of my stuff back. I read on someone else's thread about outdated Java and mine was the same as theirs so I used Add/Remove and removed it then downloaded Java Ra and ran it and installed the current version of Java.
I downloaded and ran Security Check

The nice folks at the Garden Web forum are certain I still have nasties and encouraged me to come here and talk directly to you nice folks.


Win XP SP3
Firefox 6.0.2
Avast free
Zone Alarm free
Spyware Blaster
Malwarebytes
Super Antispyware
Spybot Search & Destroy


Here are my logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13  BrowserJavaVersion: 1.6.0_27
Run by LeeAnne Goen at 9:44:16 on 2011-09-13
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3263.2330 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PCCloneEX\PCCloneEX.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
svchost.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\AGI\core\4.0\AGCoreService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Documents and Settings\LeeAnne Goen\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Webshots\Webshots.scr
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Alwil Software\Avast5\defs\11091301\Sf.bin
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uWindow Title = Windows Internet Explorer provided by Comcast
mWindow Title = Windows Internet Explorer provided by Comcast
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [PCCloneEX] c:\program files\pccloneex\PCCloneEX.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\leeann~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\leeanne goen\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\leeann~1\startm~1\programs\startup\epsons~1.lnk - d:\common\epsonreg\Ereg.exe
StartupFolder: c:\docume~1\leeann~1\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\3.1.5.7613\Launcher.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8BE6F13A-7E38-4ECA-A82C-8809B029DB81} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\leeanne goen\application data\mozilla\firefox\profiles\uo99r8sn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama
FF - plugin: c:\documents and settings\leeanne goen\application data\move networks\plugins\071803000001\npqmp071803000001.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-6 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-5-14 307928]
R1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [2008-1-1 13412]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-12-16 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-12-31 532224]
R2 AGCoreService;AG Core Services;c:\program files\agi\core\4.0\AGCoreService.exe [2009-11-12 20480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-5-14 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-10 42184]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 12872]
.
=============== Created Last 30 ================
.
2011-09-13 05:57:35   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-09-03 10:17:37   599040   -c----w-   c:\windows\system32\dllcache\crypt32.dll
2011-09-02 01:20:01   --------   d-----w-   c:\documents and settings\leeanne goen\application data\Ashampoo
2011-09-02 01:19:00   --------   d-----w-   c:\documents and settings\leeanne goen\local settings\application data\ashampoo
2011-09-02 01:19:00   --------   d-----w-   c:\documents and settings\all users\application data\ashampoo
2011-09-02 01:18:53   --------   d-----w-   c:\program files\Ashampoo
2011-08-20 03:30:49   --------   d-----w-   c:\program files\common files\Sony Shared
2011-08-20 03:30:18   --------   d-----w-   c:\documents and settings\all users\application data\Sony Corporation
2011-08-20 03:27:16   --------   d-----w-   c:\program files\Sony Media Go Install
2011-08-18 01:13:57   15104   -c--a-w-   c:\windows\system32\dllcache\usbscan.sys
2011-08-18 01:13:57   15104   ----a-w-   c:\windows\system32\drivers\usbscan.sys
2011-08-18 01:04:52   --------   d-----w-   c:\program files\ABBYY FineReader 6.0 Sprint
2011-08-18 01:03:04   501912   ----a-w-   c:\windows\system32\PICSDK2.dll
2011-08-18 01:03:03   80024   ----a-w-   c:\windows\system32\PICSDK.dll
2011-08-18 01:03:03   51360   ----a-w-   c:\windows\system32\EpPicPrt.dll
2011-08-18 01:03:03   51360   ----a-w-   c:\windows\system32\EpPicMgr.dll
2011-08-18 01:03:03   108704   ----a-w-   c:\windows\system32\PICEntry.dll
2011-08-18 01:02:05   282624   ----a-w-   c:\program files\common files\installshield\updateservice\agent.exe
2011-08-18 01:01:11   --------   d-----w-   c:\program files\Epson Software
2011-08-18 01:01:09   696320   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2011-08-18 01:01:09   57344   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2011-08-18 01:01:09   5632   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2011-08-18 01:01:09   237568   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2011-08-18 01:01:09   155648   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2011-08-18 01:01:08   282756   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2011-08-18 01:01:08   163972   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2011-08-18 00:59:51   65793   ----a-w-   c:\windows\system32\esfwa1.bin
2011-08-18 00:59:51   3584   ----a-w-   c:\windows\system32\eswiaml.dll
2011-08-18 00:59:51   266240   ----a-w-   c:\windows\system32\esinta1.dll
2011-08-18 00:59:51   15872   ----a-w-   c:\windows\system32\escdev.dll
2011-08-18 00:59:51   128392   ----a-w-   c:\windows\system32\esdevapp.exe
2011-08-18 00:59:50   390656   ----a-w-   c:\windows\system32\eswiaa1.dll
2011-08-18 00:59:47   --------   d-----w-   c:\program files\epson
.
==================== Find3M  ====================
.
2011-09-13 05:57:19   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-09-03 10:17:37   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-01 00:00:50   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-20 03:30:05   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00   10496   ----a-w-   c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36   139656   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45:58   832512   ----a-w-   c:\windows\system32\wininet.dll
2011-06-21 18:45:57   78336   ----a-w-   c:\windows\system32\ieencode.dll
2011-06-21 18:45:57   1830912   ------w-   c:\windows\system32\inetcpl.cpl
2011-06-21 18:45:57   17408   ------w-   c:\windows\system32\corpol.dll
2011-06-21 11:47:20   389120   ----a-w-   c:\windows\system32\html.iec
2011-06-20 17:44:52   293376   ----a-w-   c:\windows\system32\winsrv.dll
.
============= FINISH:  9:52:14.20 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/31/2007 4:57:04 PM
System Uptime: 9/13/2011 9:23:05 AM (0 hours ago)
.
Motherboard: MSI |  | MS-7252
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | CPU 1 | 2611/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 179.998 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 75 GiB total, 63.22 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1240: 6/14/2011 5:41:22 PM - System Checkpoint
RP1241: 6/15/2011 5:58:28 PM - System Checkpoint
RP1242: 6/16/2011 3:13:46 PM - Software Distribution Service 3.0
RP1243: 6/17/2011 4:12:34 PM - System Checkpoint
RP1244: 6/18/2011 5:48:37 PM - System Checkpoint
RP1245: 6/19/2011 7:51:03 PM - System Checkpoint
RP1246: 6/20/2011 8:31:06 PM - System Checkpoint
RP1247: 6/21/2011 11:12:13 PM - System Checkpoint
RP1248: 6/22/2011 11:24:29 PM - System Checkpoint
RP1249: 6/24/2011 12:24:29 AM - System Checkpoint
RP1250: 6/25/2011 1:24:29 AM - System Checkpoint
RP1251: 6/26/2011 2:24:29 AM - System Checkpoint
RP1252: 6/27/2011 3:23:28 AM - System Checkpoint
RP1253: 6/28/2011 4:23:28 AM - System Checkpoint
RP1254: 6/29/2011 4:34:32 AM - System Checkpoint
RP1255: 6/29/2011 8:32:39 AM - Software Distribution Service 3.0
RP1256: 6/29/2011 9:28:53 AM - Software Distribution Service 3.0
RP1257: 6/30/2011 9:57:24 AM - System Checkpoint
RP1258: 7/1/2011 10:51:23 AM - System Checkpoint
RP1259: 7/2/2011 10:57:20 AM - System Checkpoint
RP1260: 7/3/2011 11:57:21 AM - System Checkpoint
RP1261: 7/4/2011 12:57:20 PM - System Checkpoint
RP1262: 7/5/2011 1:56:20 PM - System Checkpoint
RP1263: 7/6/2011 2:29:41 PM - System Checkpoint
RP1264: 7/7/2011 2:56:21 PM - System Checkpoint
RP1265: 7/8/2011 3:34:19 PM - System Checkpoint
RP1266: 7/9/2011 4:02:18 PM - System Checkpoint
RP1267: 7/10/2011 5:58:07 PM - System Checkpoint
RP1268: 7/11/2011 6:52:11 PM - System Checkpoint
RP1269: 7/12/2011 7:04:32 PM - Software Distribution Service 3.0
RP1270: 7/13/2011 8:17:42 PM - System Checkpoint
RP1271: 7/14/2011 9:17:03 PM - System Checkpoint
RP1272: 7/15/2011 10:21:10 PM - System Checkpoint
RP1273: 7/16/2011 11:15:57 PM - System Checkpoint
RP1274: 7/18/2011 12:15:57 AM - System Checkpoint
RP1275: 7/19/2011 1:15:57 AM - System Checkpoint
RP1276: 7/20/2011 2:02:54 AM - System Checkpoint
RP1277: 7/21/2011 3:02:53 AM - System Checkpoint
RP1278: 7/22/2011 4:02:53 AM - System Checkpoint
RP1279: 7/23/2011 5:02:53 AM - System Checkpoint
RP1280: 7/24/2011 6:02:53 AM - System Checkpoint
RP1281: 7/25/2011 7:01:52 AM - System Checkpoint
RP1282: 7/26/2011 9:23:54 AM - System Checkpoint
RP1283: 7/27/2011 9:43:01 AM - System Checkpoint
RP1284: 7/28/2011 10:30:44 AM - System Checkpoint
RP1285: 7/29/2011 11:15:13 AM - System Checkpoint
RP1286: 7/30/2011 11:46:01 AM - System Checkpoint
RP1287: 7/31/2011 1:13:25 PM - System Checkpoint
RP1288: 8/1/2011 6:47:44 PM - System Checkpoint
RP1289: 8/2/2011 6:54:22 PM - System Checkpoint
RP1290: 8/3/2011 7:23:45 PM - System Checkpoint
RP1291: 8/4/2011 7:54:56 PM - System Checkpoint
RP1292: 8/5/2011 9:07:45 PM - System Checkpoint
RP1293: 8/6/2011 10:07:17 PM - System Checkpoint
RP1294: 8/7/2011 10:29:17 PM - System Checkpoint
RP1295: 8/8/2011 10:35:51 PM - System Checkpoint
RP1296: 8/9/2011 11:00:56 PM - Software Distribution Service 3.0
RP1297: 8/10/2011 11:35:35 PM - System Checkpoint
RP1298: 8/11/2011 11:39:00 PM - System Checkpoint
RP1299: 8/12/2011 11:43:53 PM - System Checkpoint
RP1300: 8/14/2011 12:39:00 AM - System Checkpoint
RP1301: 8/15/2011 12:47:35 AM - System Checkpoint
RP1302: 8/16/2011 1:47:34 AM - System Checkpoint
RP1303: 8/17/2011 2:47:35 AM - System Checkpoint
RP1304: 8/17/2011 6:00:10 PM - Installed InstallShield Restore Point
RP1305: 8/17/2011 6:01:15 PM - Installed Epson Event Manager
RP1306: 8/17/2011 6:02:04 PM - Installed EPSON Scan Assistant
RP1307: 8/17/2011 6:02:45 PM - Installed Attach To Email
RP1308: 8/17/2011 6:04:22 PM - Installed EPSON Perfection V600 Photo Scanner Driver Update
RP1309: 8/17/2011 6:04:49 PM - Installed ABBYY FineReader 6.0 Sprint
RP1310: 8/18/2011 6:48:39 PM - System Checkpoint
RP1311: 8/19/2011 8:29:45 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP1312: 8/19/2011 8:59:40 PM - Installed Media Go Video Playback Engine 1.64.110.02280
RP1313: 8/20/2011 9:05:17 PM - System Checkpoint
RP1314: 8/21/2011 10:05:16 PM - System Checkpoint
RP1315: 8/22/2011 11:05:16 PM - System Checkpoint
RP1316: 8/24/2011 12:05:16 AM - System Checkpoint
RP1317: 8/25/2011 1:04:12 AM - System Checkpoint
RP1318: 8/25/2011 8:45:24 AM - Software Distribution Service 3.0
RP1319: 8/26/2011 8:54:53 AM - System Checkpoint
RP1320: 8/27/2011 9:20:57 AM - System Checkpoint
RP1321: 8/28/2011 10:17:18 AM - System Checkpoint
RP1322: 8/29/2011 4:41:42 PM - System Checkpoint
RP1323: 8/30/2011 8:01:10 PM - System Checkpoint
RP1324: 8/31/2011 8:33:25 PM - System Checkpoint
RP1325: 9/1/2011 9:16:46 PM - System Checkpoint
RP1326: 9/2/2011 9:17:52 PM - System Checkpoint
RP1327: 9/3/2011 10:31:19 PM - System Checkpoint
RP1328: 9/4/2011 11:22:35 PM - System Checkpoint
RP1329: 9/6/2011 12:21:29 AM - System Checkpoint
RP1330: 9/7/2011 12:38:30 AM - System Checkpoint
RP1331: 9/8/2011 1:38:30 AM - System Checkpoint
RP1332: 9/9/2011 2:38:30 AM - System Checkpoint
RP1333: 9/10/2011 2:58:04 AM - System Checkpoint
RP1334: 9/10/2011 9:59:34 PM - Software Distribution Service 3.0
RP1335: 9/11/2011 10:23:18 PM - System Checkpoint
RP1336: 9/12/2011 9:11:18 PM - Restore Operation
RP1337: 9/12/2011 9:14:00 PM - Restore Operation
RP1338: 9/12/2011 10:36:50 PM - Removed Java(TM) 6 Update 20
RP1339: 9/12/2011 10:57:12 PM - Installed Java(TM) 6 Update 27
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adams Living Will Forms
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.3.0
Apple Application Support
Apple Software Update
Ashampoo Burning Studio 6 FREE v.6.80
avast! Free Antivirus
Camedia Master 4.3
CCleaner (remove only)
Comcast High-Speed Internet Install Wizard
Critical Update for Windows Media Player 11 (KB959772)
Dropbox
DScaler 5 Mpeg Decoders
Epson Copy Utility 3.5
Epson Event Manager
EPSON Perfection V600 Photo Scanner Driver Update
EPSON Scan
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Java Auto Updater
Java(TM) 6 Update 27
LightScribe  1.4.136.1
Logitech MouseWare 9.79.1
Malwarebytes' Anti-Malware version 1.51.2.1300
Media Go
Media Go Video Playback Engine 1.64.110.02280
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Move Media Player
MozBackup 1.4.7
Mozilla Firefox 6.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
NVIDIA Drivers
OLYMPUS CAMEDIA Master 4.3
PCCloneEX
PlayStation(R)Network Downloader
PlayStation(R)Store
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.4
SUPERAntiSpyware Free Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2586924)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Webshots Desktop
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
ZoneAlarm
.
==== Event Viewer Messages From Past Week ========
.
9/6/2011 10:36:21 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
9/6/2011 10:36:21 AM, error: Service Control Manager [7000]  - The HTTP SSL service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/12/2011 9:11:19 PM, error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
9/12/2011 10:37:15 PM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
.
==== End Of File ===========================
Logged

Offline zep516

  • Full Member
  • ***
  • Posts: 126
Re: fake system warning virus got me, help please
« Reply #1 on: September 13, 2011, 05:47:28 PM »
Quote
Zone Alarm kept popping up with a long named/numbered program wanting to connect to the Internet which I denied. I did write it down if that is needed.

Post it please, also,
If you happen to have the first Malwarebytes log post that too, where you said it removed some things.
Logged
You're only as safe as your last update.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: fake system warning virus got me, help please
« Reply #2 on: September 13, 2011, 06:16:04 PM »
Garden Web topic:  http://ths.gardenweb.com/forums/load/comphelp/msg090102114231.html?

Thanks, zep516.  The Malwarebytes log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline buyorsell888

  • Newbie
  • *
  • Posts: 11
Re: fake system warning virus got me, help please
« Reply #3 on: September 13, 2011, 08:24:50 PM »
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7707

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/12/2011 8:35:57 PM
mbam-log-2011-09-12 (20-35-57).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 298746
Time elapsed: 1 hour(s), 46 minute(s), 15 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
c:\documents and settings\all users\application data\ewrtmfetfy.exe (Trojan.FakeAlert) -> 4064 -> Unloaded process successfully.
c:\documents and settings\all users\application data\p1kalmig2kb7fz.exe (Rogue.FakeHDD) -> 3184 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewRTMFETFY (Trojan.FakeAlert) -> Value: ewRTMFETFY -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\ewrtmfetfy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\p1kalmig2kb7fz.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\leeanne goen\local settings\Temp\0.9055948820535582.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Logged

Offline buyorsell888

  • Newbie
  • *
  • Posts: 11
Re: fake system warning virus got me, help please
« Reply #4 on: September 13, 2011, 08:27:41 PM »
The program that kept trying to access the internet was the one above in the log that says Rogue Fake HDD

I have now read that I should not have deleted temp files trying to clean up this mess but I did before reading.
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: fake system warning virus got me, help please
« Reply #5 on: September 14, 2011, 12:23:13 AM »
Hi, buyorsell888.  Welcome to LandzDown Forum.

Indeed, you are correct.  You should not have followed other instructions before obtaining help, particularly since zep516 provided the information at Bleeping Computer for the Rogue HDD. :(  All we can do now is the best we can do to get your system cleaned. 

We will do our best to assist you.  However, in order to do so, please follow all instructions provided in the sequence given.  Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.   

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

Now, please run ComboFix:
  • Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click "Yes" to continue scanning for malware.
  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline buyorsell888

  • Newbie
  • *
  • Posts: 11
Re: fake system warning virus got me, help please
« Reply #6 on: September 14, 2011, 04:10:43 AM »
ComboFix 11-09-13.04 - LeeAnne Goen 09/13/2011  20:12:28.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3263.2610 [GMT -7:00]
Running from: c:\documents and settings\LeeAnne Goen\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LeeAnne Goen\My Documents\Downloads\PowerPointViewer.exe
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000015_.tmp.dll
c:\windows\system32\_000016_.tmp.dll
c:\windows\system32\regobj.dll
.
.
(((((((((((((((((((((((((   Files Created from 2011-08-14 to 2011-09-14  )))))))))))))))))))))))))))))))
.
.
2011-09-13 05:57 . 2011-09-13 05:57   --------   d-----w-   c:\program files\Common Files\Java
2011-09-13 05:57 . 2011-09-13 05:57   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-09-03 10:17 . 2011-09-03 10:17   599040   -c----w-   c:\windows\system32\dllcache\crypt32.dll
2011-09-02 01:20 . 2011-09-02 01:20   --------   d-----w-   c:\documents and settings\LeeAnne Goen\Application Data\Ashampoo
2011-09-02 01:19 . 2011-09-02 01:19   --------   d-----w-   c:\documents and settings\LeeAnne Goen\Local Settings\Application Data\ashampoo
2011-09-02 01:19 . 2011-09-02 01:19   --------   d-----w-   c:\documents and settings\All Users\Application Data\ashampoo
2011-09-02 01:18 . 2011-09-02 01:18   --------   d-----w-   c:\program files\Ashampoo
2011-08-20 03:30 . 2011-08-20 03:59   --------   d-----w-   c:\program files\Common Files\Sony Shared
2011-08-20 03:30 . 2011-08-20 03:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\Sony Corporation
2011-08-20 03:27 . 2011-08-20 03:30   --------   d-----w-   c:\program files\Sony Media Go Install
2011-08-20 02:01 . 2011-08-21 23:34   --------   d-----w-   c:\documents and settings\LeeAnne Goen\Application Data\Epson
2011-08-18 01:13 . 2008-04-13 18:45   15104   -c--a-w-   c:\windows\system32\dllcache\usbscan.sys
2011-08-18 01:13 . 2008-04-13 18:45   15104   ----a-w-   c:\windows\system32\drivers\usbscan.sys
2011-08-18 01:07 . 2011-08-18 01:07   --------   d-----w-   c:\documents and settings\LeeAnne Goen\Application Data\Leadertech
2011-08-18 01:04 . 2011-08-18 01:05   --------   d-----w-   c:\program files\ABBYY FineReader 6.0 Sprint
2011-08-18 01:03 . 2006-10-20 07:10   501912   ----a-w-   c:\windows\system32\PICSDK2.dll
2011-08-18 01:03 . 2006-10-31 07:10   51360   ----a-w-   c:\windows\system32\EpPicPrt.dll
2011-08-18 01:03 . 2006-10-31 07:10   51360   ----a-w-   c:\windows\system32\EpPicMgr.dll
2011-08-18 01:03 . 2006-10-20 07:10   80024   ----a-w-   c:\windows\system32\PICSDK.dll
2011-08-18 01:03 . 2006-10-20 07:10   108704   ----a-w-   c:\windows\system32\PICEntry.dll
2011-08-18 01:02 . 2002-07-26 00:06   282624   ----a-w-   c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2011-08-18 01:01 . 2011-08-18 01:03   --------   d-----w-   c:\program files\Epson Software
2011-08-18 01:01 . 2003-02-27 23:12   696320   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-08-18 01:01 . 2002-12-05 21:10   155648   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-08-18 01:01 . 2002-12-02 22:22   5632   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-08-18 01:01 . 2002-12-02 20:33   57344   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-08-18 01:01 . 2002-12-02 20:33   237568   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-08-18 01:01 . 2011-08-18 01:01   282756   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-08-18 01:01 . 2011-08-18 01:01   163972   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-08-18 01:00 . 2011-08-18 01:00   --------   d-----w-   c:\documents and settings\LeeAnne Goen\Application Data\InstallShield
2011-08-18 00:59 . 2009-11-19 07:00   65793   ----a-w-   c:\windows\system32\esfwa1.bin
2011-08-18 00:59 . 2009-10-27 07:00   266240   ----a-w-   c:\windows\system32\esinta1.dll
2011-08-18 00:59 . 2009-05-01 07:00   15872   ----a-w-   c:\windows\system32\escdev.dll
2011-08-18 00:59 . 2009-05-01 07:00   128392   ----a-w-   c:\windows\system32\esdevapp.exe
2011-08-18 00:59 . 2006-03-10 07:00   3584   ----a-w-   c:\windows\system32\eswiaml.dll
2011-08-18 00:59 . 2009-06-02 03:18   390656   ----a-w-   c:\windows\system32\eswiaa1.dll
2011-08-18 00:59 . 2011-08-18 01:05   --------   d-----w-   c:\program files\epson
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-13 05:57 . 2010-04-18 16:03   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-09-03 10:17 . 2004-08-04 08:56   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-01 00:00 . 2009-12-20 05:53   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-20 03:30 . 2011-06-24 15:37   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-04 07:15   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-08-29 12:00   10496   ----a-w-   c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2007-12-29 20:53   139656   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45 . 2004-08-04 08:56   832512   ----a-w-   c:\windows\system32\wininet.dll
2011-06-21 18:45 . 2004-08-04 08:56   1830912   ------w-   c:\windows\system32\inetcpl.cpl
2011-06-21 18:45 . 2004-08-04 08:56   78336   ----a-w-   c:\windows\system32\ieencode.dll
2011-06-21 18:45 . 2004-08-04 08:56   17408   ------w-   c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2004-08-04 06:59   389120   ----a-w-   c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 08:56   293376   ----a-w-   c:\windows\system32\winsrv.dll
2011-09-08 20:38 . 2011-06-22 20:05   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-07 297808]
.
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2009-11-07 08:07   297808   ----a-w-   c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10   122512   ----a-w-   c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\documents and settings\LeeAnne Goen\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\documents and settings\LeeAnne Goen\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\documents and settings\LeeAnne Goen\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\documents and settings\LeeAnne Goen\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 16248320]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"PCCloneEX"="c:\program files\PCCloneEX\PCCloneEX.EXE" [2008-01-01 4109312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-28 7196672]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\LeeAnne Goen\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\LeeAnne Goen\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
Epson scanner Registration.lnk - d:\common\EpsonReg\Ereg.exe [N/A]
Webshots.lnk - c:\program files\Webshots\3.1.5.7613\Launcher.exe [2009-11-12 157000]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-05-27 21:52   40368   ----a-w-   c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCCloneEX]
2008-01-01 18:13   4109312   ----a-w-   c:\program files\PCCloneEX\PCCloneEX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 05:16   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-15 19:04   2879488   ----a-r-   c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07   2260480   --sha-r-   c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Documents and Settings\\LeeAnne Goen\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/6/2011 12:14 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/14/2008 11:05 AM 307928]
R1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [1/1/2008 11:13 AM 13412]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/16/2009 5:26 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 5:26 PM 67656]
R2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.0\AGCoreService.exe [11/12/2009 10:13 PM 20480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/14/2008 11:05 AM 19544]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 5:27 PM 12872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper   REG_MULTI_SZ      getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
mWindow Title = Windows Internet Explorer provided by Comcast
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\LeeAnne Goen\Application Data\Mozilla\Firefox\Profiles\uo99r8sn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-13 20:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2011-09-13  20:30:38
ComboFix-quarantined-files.txt  2011-09-14 03:30
.
Pre-Run: 193,411,915,776 bytes free
Post-Run: 193,343,692,800 bytes free
.
- - End Of File - - 1BF89A65C03669BC2080F00098346BDE
Logged

Offline buyorsell888

  • Newbie
  • *
  • Posts: 11
Re: fake system warning virus got me, help please
« Reply #7 on: September 14, 2011, 03:30:47 PM »
This is NOT a complaint nor criticism but, zep516 provided the instructions for cleaning the Rogue HDD on Tuesday, many hours after I had already run Malwarebytes and Ccleaner on Monday evening.

Malwarebytes was already on my computer and I knew I had malware so while it took me awhile how to get it started since all my shortcuts were gone that is what I did first. I also already had CCleaner on my computer and thought running it would be a good idea. I never dreamed the trojan would put all my shortcuts in temp files.  :shocked: 


I have done nothing since posting here but download and run ComboFix and Microsoft Windows Recovery Console.
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: fake system warning virus got me, help please
« Reply #8 on: September 14, 2011, 06:48:41 PM »
Please download Unhide.exe from here:  http://download.bleepingcomputer.com/grinler/unhide.exe

Double-click on Unhide and allow the program to run.  Please let me know if this returns the programs.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline buyorsell888

  • Newbie
  • *
  • Posts: 11
Re: fake system warning virus got me, help please
« Reply #9 on: September 14, 2011, 11:12:22 PM »
I ran it again, I had done so Monday night and it didn't restore any more than it did the first time.

I have programs listed in the start menu  under all programs but when clicked on they say "empty"

I manually restored short cuts to my quick start toolbar but don't know how to do the link for "show desktop" that is the only one I'm missing.
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: fake system warning virus got me, help please
« Reply #10 on: September 15, 2011, 12:27:15 AM »
In your initial post, it appears from the log that you attempted two restore points:

RP1336: 9/12/2011 9:11:18 PM - Restore Operation
RP1337: 9/12/2011 9:14:00 PM - Restore Operation

You have many earlier restore checkpoints, a couple of restore points from Windows Update

RP1334: 9/10/2011 9:59:34 PM - Software Distribution Service 3.0
RP1318: 8/25/2011 8:45:24 AM - Software Distribution Service 3.0

and what appears to be a number of intentionally set points:
 
RP1304: 8/17/2011 6:00:10 PM - Installed InstallShield Restore Point
RP1305: 8/17/2011 6:01:15 PM - Installed Epson Event Manager
RP1306: 8/17/2011 6:02:04 PM - Installed EPSON Scan Assistant
RP1307: 8/17/2011 6:02:45 PM - Installed Attach To Email
RP1308: 8/17/2011 6:04:22 PM - Installed EPSON Perfection V600 Photo Scanner Driver Update
RP1309: 8/17/2011 6:04:49 PM - Installed ABBYY FineReader 6.0 Sprint
RP1311: 8/19/2011 8:29:45 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP1312: 8/19/2011 8:59:40 PM - Installed Media Go Video Playback Engine 1.64.110.02280

Have you tried restoring to those earlier system restore points?  If you are unable to access System Restore, do the following:
  • Click Start > Run and copy and paste the following:  %systemroot%\system32\restore\rstrui.exe then click OK
  • Make sure the following line has the bullet next to it: Restore my computer to an earlier time
  • Click Next
  • Select a date before you started having issues, preferably from the list above. 
  • Click Next and then any other prompts that may occur after that to complete the restore process.
This can take some time to complete so it is important that you do not power off the device and if it is a laptop, you leave it plugged into a charger.


If System Restore is not successful, you could try the System File Checker tool.  The System File Checker tool scans system files and replaces incorrect versions of the system files by using the correct versions.

To run the System File Checker tool, follow these steps:
  • Click Start, and then type cmd in the Start Search box.
  • Right-click cmd in the Programs list, and then click Run as administrator.
  • If you are prompted for an administrator password or confirmation, type your password or click Continue
  • At the command prompt, type the following line, and then press ENTER:

sfc /scannow (note the space before the backslash)
  • When the scan is complete, test to see whether the issue that you are experiencing is resolved.

There are a few other "fixes" provided below if System Restore and/or the System File Checker Tool are unsuccessful.  However, from my research, it appears that you have a choice between accessing programs via Program Files or a repair install.

There is a Microsoft Fix it solution to re-create the Show Desktop icon in the Quick Launch toolbar.  Go to the link below and scroll down to the Fix it Solution:  How to re-create the Show desktop icon on the Quick Launch toolbar in Windows XP

This utility restores the missing shortcuts to the Start Menu Accessories group. The Accessories group includes sub-folders namely Accessibility, Communications, System Tools, Entertainment:  Restore missing shortcuts to the Accessories group

If the Administrative Tools folder is empty, you can try the solution here:  [Windows XP] "Administrative Tools" folder is empty

Let me know how you make out. 
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: fake system warning virus got me, help please
« Reply #11 on: September 15, 2011, 01:46:42 PM »
One other option that may work of System Restore and the System File Checker Tool do not solve the Start Programs from showing is to uninstall and reinstall Service Pack 3.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline buyorsell888

  • Newbie
  • *
  • Posts: 11
Re: fake system warning virus got me, help please
« Reply #12 on: September 15, 2011, 04:46:31 PM »
I only tried System Restore twice, both times I got an error message that said I could not restore because no changes had been made.

After I ran Unhide the first time, there were icons on my desktop called System Recovery that I did not recognize. I checked Properties and it showed p1kalmig2kb7fz.exe which I knew to be the trojan that I thought was gone already so I ran a MBAM quick scan and got nothing so I updated and ran Spybot Search and Destroy and it found and removed it and the icons were gone after restart.

I thought perhaps my system restore was hijacked by the trojan so was afraid to try it again.

I purchased a scanner and installed it's software a couple weeks ago, that is what that epsom stuff is. I did not personally create any restore points. I'm afraid I have never used System Restore nor do I fully understand it.  :embarrassed:
Logged

Offline buyorsell888

  • Newbie
  • *
  • Posts: 11
Re: fake system warning virus got me, help please
« Reply #13 on: September 15, 2011, 05:03:49 PM »
Ok, tried System Restore using two of the checkpoints you advised me to use but it still gives me the error message that it cannot do it because there have been no changes.

I'll proceed with some of the other fixes. Thank you
Logged

Offline buyorsell888

  • Newbie
  • *
  • Posts: 11
Re: fake system warning virus got me, help please
« Reply #14 on: September 15, 2011, 05:55:55 PM »
Ok, those fixes worked for those problems. :) Thank you.

Is it safe to assume to fix other programs missing from my menus such as MS Office, anti spyware, scanner and printer software, programs that I have installed myself not part of Windows that I should uninstall them using the add/remove programs utility and then reinstall them?
Logged
Pages: [1] 2   Go Up
« previous next »