My Anti Spyware

[char]

I have a problem with my registry I did a highjackthis report but I dont know how to read it.

[patrik]

Hello, welcome to the Myantispyware forum.

Run HijackThis once again. Click "Do a system scan only and save a log" button.
It will scan and the log should open in Notepad.
Copy and paste the contents of the HijackThis log into your reply.

[char]

hijackthis.log

(12.29 KiB) Downloaded 9 times

[patrik]

Run HijackThis. Click "Do a system scan only" button.
Now select the following entries by placing a tick in the left hand check box, if still present:

Code: Select all

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{39986570-372D-4303-A11D-67301AA33459}: NameServer = 93.188.162.9,93.188.166.75
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2F2BC2F-A945-43B5-BE87-270407BD8DD3}: NameServer = 93.188.162.9,93.188.166.75
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.9,93.188.166.75
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.162.9,93.188.166.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.9,93.188.166.75

Once you have selected all entries, close all running programs then click once on the "fix checked" button.

Click Start, Run, enter cmd and click OK.
At the Dos Prompt Screen, type in

Code: Select all

ipconfig /flushdns

and then press ENTER. (notice the space after ipconfig)
Close the command prompt window.

Reboot your computer.

Download RSIT by random/random from here and save it to your desktop.

* Double click on RSIT.exe to run RSIT.
* Click Continue at the disclaimer screen.
* Once it has finished, two logs will open. If it does not automatically open, then these logs can be found at %systemdrive%\rsit folder (typically C:\rsit)

Post back with both RSIT logs. Post each log in separate post.

[char]

Here is the first log. My automatic update just came on as I was sending this to you. I think you fixed it for me, I will let you know, I will let you know if it lets me do the updates.

Char

[char]

Second log: info log

[char]

I clicked on that update it was to download the SP3,I heard not to download that it causes nothing but problems on your computer. I never downloaded it.

TY Char

[char]

I just wanted to ty again for fixing my laptop. Could you tell by all the stuff you looked at if I did something on my computer to make this happen, if so please tell me how to not do it again if you can?
I was also wondering if you could fix my desktop, same problem as my laptop and it happened approx the same time In Jan.

TY in Advance

[patrik]

RSIT log looks ok, but i would check a few more.

Download GMER Antirootkit from here.
Mirror location: here. This version will download a zip. If you use this mirror, please unzip it to a folder that you create such as C:\Gmer\.

Disconnect from the internet and disable all active protection so your security program drivers will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. a1afk10a.exe) and allow the gmer.sys driver to load if asked.
For mirror version, double-click Gmer.exe to run the program.
When the program opens, click the ">>>" Tab
Click the "Rootkit/Malware" Tab.
Select all drives that are connected to your system to be scanned.
Click the Scan button.
When the scan is finished, click Copy to save the scan log to the Windows clipboard.
Open Notepad or a similar text editor.
Paste the clipboard contents into a text file by clicking Edit -> Paste or Ctrl + V
Save the gmer scan log to your desktop.
Close Gmer.

Please also scan your computer with Kaspersky Online Scanner.

Post back with a scan report + GMER log.

I was also wondering if you could fix my desktop, same problem as my laptop and it happened approx the same time In Jan.

Please start a new topic for your desktop.

[char]

Gmer Log
I scanned my computer with Microsoft One Live Care, it keeps telling me I have a high risk virus Win32/Alureon.A, it says it is in C:/window system32/driver/atapi.sys
Nothing is finding it tho, Malwarebytes, AntiVir,Superanti spyware, they all say nothing found.
Do you see it in here?


Tx Char

[patrik]

Do you see it in here?

Yes, GMER found it.

Download TDSSKiller from here and unzip to your desktop.
Open tdsskiller folder and run TDSSKiller.
Follow the prompts.

If you have previously downloaded ComboFix, please delete that version now.
Download Combofix from here. Close any open browsers. Double click on combofix.exe and follow the prompts.
When the tool is finished, it will produce a log for you.If the log does not automatically open, then it can be found at %systemdrive%\combofix.txt (typically C:\combofix.txt).

If ComboFix will not run, please rename it to myapp.exe and try again!

Post back with combofix log.

[char]

I finally got that Kaspersky Scanner to run, here is thr report. I found the file where it said that Trojan was and I deleted all the old hotmail messages that were in there. I never knew they were kept on the computer. Hope this is fixed. I was having trouble with my browser not going to the site I wanted when I PASTE AND CLICK in the address.
Won't let me download the file it was identified as a possible attack vector.
This is what it said:
C:\Documents and Settings\Jay Malone\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Recovered items\12-09-2009 fdc\637027CD-00000011.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1

Selected area has been scanned

Tx Char

[patrik]

You have tried to run TDSSKiller and Combofix ?

[char]

this is what I got said on reboot it was successful
I will try it again

results didn't go threw
Char

[char]

sorry I found the right logs

Char