InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : i have spyware? |
|
Answer» everytime i click on a google search link it gives me another page thats about buying stuff or ads.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. ---------- Download GooredFix from one of the locations below and save it to your Desktop. Link #1 Link #2 * Double-click GooredFix.exe to run it. * Select 1. Find Goored (no fix) by typing 1 and pressing Enter. * A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.Malwarebytes' Anti-Malware 1.36 Database version: 2178 Windows 5.1.2600 Service Pack 3 5/25/2009 7:53:47 PM mbam-log-2009-05-25 (19-53-47).txt Scan type: Quick Scan Objects scanned: 86969 Time elapsed: 6 minute(s), 14 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Inject) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\drivers\svchost.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\svchost.exe) Good: (userinit.exe) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\svchost.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Oscar\Local Settings\Temporary Internet Files\Content.IE5\1JKOCQIC\ccsuper0[1].htm (Rootkit.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Oscar\Local Settings\Temporary Internet Files\Content.IE5\1JKOCQIC\iobpgg[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Oscar\Local Settings\Temporary Internet Files\Content.IE5\GIHSGJPP\voclzzjkg[1].htm (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Oscar\Local Settings\Temporary Internet Files\Content.IE5\L07GOYCF\jyiifgkxhy[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Oscar\Local Settings\Temporary Internet Files\Content.IE5\SLGVZ25I\jtcqqe[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully. GooredFix v1.92 by jpshortstuff Log created at 19:57 on 25/05/2009 running Option #1 (Oscar) Firefox version 3.0.10 (en-US) =====Suspect Goored Entries===== =====Dumping Registry Values===== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions] "Plugins"="D:\Program Files\plugins" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions] "Components"="D:\Program Files\components" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "[emailprotected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" Click Start > Run and then copy/paste the following into the box and then click OK Code: [Select]"%userprofile%\Desktop\GooredFix.exe" /uninstallIf any of your SECURITY PROGRAMS query a new Registry/AutoStart value being added please allow the changes. ---------- Download DDS by sUBs and save it to your desktop. Alternate DDS download link Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. 1) DDS.txt 2) Attach.txt * Save both logs to your desktop. * Please copy and paste the entire contents of both logs in your next reply. Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copy and pasting it into the reply. DDS (Ver_09-05-14.01) - NTFSx86 Run by Oscar at 20:17:09.70 on Mon 05/25/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.453 [GMT 1:00] AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\ASTSRV.EXE svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Tablet.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Oscar\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [AdobeBridge] mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe uPolicies-explorer: NoResolveTrack = 1 (0x1) uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) uPolicies-explorer: NoInstrumentation = 1 (0x1) uPolicies-explorer: NoSMBalloonTip = 1 (0x1) dPolicies-explorer: NoResolveTrack = 1 (0x1) dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) dPolicies-explorer: NoInstrumentation = 1 (0x1) dPolicies-explorer: NoSMBalloonTip = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: {29DBFC70-ADB2-4950-BF32-358273D17553} = 4.2.2.1,4.2.2.2 TCP: {CBFFB94A-B86B-4769-887E-89459223601D} = 4.2.2.1,4.2.2.2 Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Notification Packages = :\WINDOW ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\oscar\applic~1\mozilla\firefox\profiles\tbd6nkx8.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.att.net/ FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\documents and settings\oscar\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll FF - plugin: d:\program files\plugins\noreg\NPVeohVersion.dll FF - plugin: d:\program files\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: d:\program files\plugins\npPandoWebInst.dll FF - plugin: d:\program files\reader 8.0\reader\browser\nppdf32.dll ============= SERVICES / DRIVERS =============== R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944] R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2009-5-23 57344] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-25 101936] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090525.002\NAVENG.SYS [2009-5-25 89104] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090525.002\NAVEX15.SYS [2009-5-25 876144] S1 SASKUTIL;SASKUTIL;\??\d:\program files\ares songs\saskutil.sys --> d:\program files\ares songs\SASKUTIL.sys [?] S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\oscar\locals~1\temp\imspcloj.sys --> c:\docume~1\oscar\locals~1\temp\iMSPCLOj.sys [?] S3 SASENUM;SASENUM;\??\d:\program files\ares songs\sasenum.sys --> d:\program files\ares songs\SASENUM.SYS [?] S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-3-14 1251720] =============== Created Last 30 ================ 2009-05-25 20:16--d-h---c:\windows\PIF 2009-05-24 03:292,440a-------c:\windows\New OpenDocument Text.odt 2009-05-24 03:08107,852a-------c:\windows\system32\drivers\c712b9fe.sys 2009-05-24 03:082a-------C:\-1596348440 2009-05-23 22:34114,048a-------c:\windows\system32\drivers\snapman.sys 2009-05-23 22:03--d-----C:\CPM 2009-05-23 20:37--d-----c:\docume~1\oscar\applic~1\Lucis 2009-05-23 20:3041a-------c:\windows\ars-dat0169.conf 2009-05-23 15:24--d-----c:\docume~1\oscar\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-05-23 00:4257,344a-------c:\windows\system32\ASTSRV.EXE 2009-05-23 00:41--d-----c:\program files\Alien Skin 2009-05-19 20:51--d-----c:\docume~1\alluse~1\applic~1\ALM ==================== Find3M ==================== 2009-04-13 22:5053,248a-------c:\documents and settings\oscar\lametritonus_en.dll 2009-04-13 22:50162,304a-------c:\documents and settings\oscar\lame_enc_en.dll 2009-04-06 15:3238,496a-------c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 15:3215,504a-------c:\windows\system32\drivers\mbam.sys 2009-03-21 20:07410,984ac------c:\windows\system32\deploytk.dll 2008-07-25 22:001,642,385ac-sh---c:\windows\system32\aoortcfq.ini2 2008-07-25 22:00345ac-sh---c:\windows\system32\GOWFffii.ini2 2008-07-21 20:58345ac-sh---c:\windows\system32\iPpYbccf.ini2 2008-07-11 21:521,878,529ac-sh---c:\windows\system32\jmsvgyxq.ini2 2008-07-20 14:01850,459ac-sh---c:\windows\system32\mVutCJjl.ini2 2008-12-12 22:5532,768ac-sh---c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008121220081213\index.dat ============= FINISH: 20:17:34.79 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-05-14.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/14/2008 12:28:25 PM System Uptime: 5/25/2009 7:54:40 PM (1 hours ago) Motherboard: http://www.abit.com.tw/ | | AA8XE (Intel 925XE-ICH6R) Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Socket 775 | 3260/204mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 20 GiB total, 0.374 GiB free. D: is FIXED (NTFS) - 233 GiB total, 169.15 GiB free. E: is FIXED (NTFS) - 213 GiB total, 212.788 GiB free. F: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP109: 5/23/2009 12:25:58 PM - Removed AcronisDisk Director Suite RP110: 5/24/2009 5:06:57 AM - Restore Operation RP111: 5/24/2009 5:24:08 AM - Removed AcronisDisk Director Suite ==== Installed Programs ====================== 3DVIA player 4.1 6200 6200_Help 6200Trb Acrobat.com Adobe After Effects CS4 Third Party Content Adobe AIR Adobe Anchor Service CS4 Adobe Bridge 1.0 Adobe Bridge CS4 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe Common File Installer Adobe Creative Suite 4 Master Collection Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Drive CS4 Adobe Encore CS4 Codecs Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Help Center 1.0 Adobe Help Viewer 1.1 Adobe Illustrator CS4 Adobe InDesign CS4 Adobe InDesign CS4 Application Feature Set Files (Roman) Adobe InDesign CS4 Common Base Files Adobe InDesign CS4 Icon Handler Adobe Linguistics CS4 Adobe Media Encoder CS4 Exporter Adobe Media Encoder CS4 Importer Adobe Media Player Adobe Output Module Adobe PDF Library Files Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Premiere Pro CS4 Third Party Content Adobe Reader 8.1.3 Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe SGM CS4 Adobe Shockwave Player 11 Adobe SING CS4 Adobe Soundbooth CS4 Codecs Adobe Stock Photos 1.0 Adobe Type Support Adobe Type Support CS4 Adobe Update Manager CS4 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB AiO_Scan AiOSoftware Alien Skin Blow Up 2 Alien Skin Bokeh Alien Skin Snap Art 2 AppCore Apple Mobile Device Support Apple Software Update Ares 2.0.9 AV BufferChm ccCommon CCleaner (remove only) CloneCD CloneDVD 3.9.1 Combat Arms Connect Copy CP_AtenaShokunin1Config cp_dwShrek2Albums1 cp_dwShrek2Cards1 CreativeProjects CreativeProjectsTemplates CueTour Defraggler (remove only) Destinations Director DivX Web Player DocProc DocumentViewer Fax Free YouTube to Mp3 Converter version 3.1 GearDrvs getPlus(R)_dll Google Chrome HijackThis 1.99.1 Hotfix for Windows XP (KB952287) HP Image Zone 4.7 HP Product Assistant HP PSC & OfficeJet 4.7 HP Software Update HPSystemDiagnostics InstantShare iTunes Java(TM) 6 Update 12 Java(TM) 6 Update 5 Java(TM) 6 Update 7 kuler LiveUpdate 3.2 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) LucisArt 3 ED/SE Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.0.10) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MyFonts Order M1518563 Norton 360 Norton 360 (Symantec Corporation) Norton 360 Help Norton Confidential Browser Component Norton Confidential Web Authentification Component Norton Confidential Web Protection Component NVIDIA Drivers OpenOffice.org 3.0 Pando Media Booster PanoStandAlone PDF Settings CS4 PhotoGallery Photoshop Camera Raw ProductContext QFolder QuickTime Readme Realtek High Definition Audio Driver Scan ScannerCopy SecondLife (remove only) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) SkinsHP1 SPBBC 32bit Suite Shared Configuration CS4 SUPERAntiSpyware Free Edition SuppSoft Symantec Real Time Storage Protection Component Symantec Technical Support Controls SymNet System Requirements Lab Tablet Topaz Vivacity TrayApp Uninstall 1.0.0.1 Unity Web Player Unload Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) VC80CRTRedist - 8.0.50727.762 WebFldrs XP WebReg Windows Genuine Advantage Notifications (KB905474) Windows Installer Clean Up Windows Internet Explorer 7 Windows Live installer Windows Live Sign-in Assistant Windows XP Service Pack 3 WinRAR archiver ==== Event Viewer Messages From Past Week ======== 5/25/2009 7:55:44 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 5/19/2009 7:52:49 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000056' while processing the file 'luna.mst.new' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. ==== End Of File =========================== Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it) When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFix ---------- Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. First install the new Sun Java Runtime Environment Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update. Be sure to close all browser windows before beginning the install. Remove the old version(s) Download JavaRa
Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.THE JAVAAR LINK DOES NOT SEND ME TO A DOWNLOAD FOR JAVA ComboFix 09-05-25.05 - Oscar 05/25/2009 21:19.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.541 [GMT 1:00] Running from: c:\documents and settings\Oscar\Desktop\ComboFix.exe AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\-1596348440 c:\documents and settings\Oscar\Application Data\wiaserva.log c:\windows\system32\aoortcfq.ini2 c:\windows\system32\aoortcfq.tmp c:\windows\system32\bitusacu.ini c:\windows\system32\bnkecpgi.ini c:\windows\system32\drivers\c712b9fe.sys c:\windows\system32\fgldbddg.ini c:\windows\system32\GOWFffii.ini c:\windows\system32\GOWFffii.ini2 c:\windows\system32\iPpYbccf.ini2 c:\windows\system32\jmsvgyxq.ini2 c:\windows\system32\jmsvgyxq.tmp c:\windows\system32\maooddhx.ini c:\windows\system32\mVutCJjl.ini2 D:\Uninstall.exe . ((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 ))))))))))))))))))))))))))))))) . 2009-05-25 19:48 . 2009-03-19 13:031907712----a-wc:\windows\system32\BootMan.exe 2009-05-25 19:48 . 2009-02-25 19:228704----a-wc:\windows\system32\epmntdrv.sys 2009-05-25 19:48 . 2009-02-25 19:2286408----a-wc:\windows\system32\setupempdrv03.exe 2009-05-25 19:48 . 2009-02-25 19:223072----a-wc:\windows\system32\EuGdiDrv.sys 2009-05-25 19:48 . 2009-02-25 19:2114848----a-wc:\windows\system32\EuEpmGdi.dll 2009-05-25 19:47 . 2009-05-25 19:47--------d-----wc:\program files\EASEUS 2009-05-25 19:16 . 2009-05-25 19:16--------d--h--wc:\windows\PIF 2009-05-23 21:34 . 2009-05-23 21:34114048----a-wc:\windows\system32\drivers\snapman.sys 2009-05-23 21:03 . 2009-05-23 21:03--------d-----wC:\CPM 2009-05-23 19:37 . 2009-05-23 19:37--------d-----wc:\documents and settings\Oscar\Application Data\Lucis 2009-05-23 14:29 . 2009-05-23 14:29--------d-----wc:\program files\Common Files\Adobe AIR 2009-05-23 14:24 . 2009-05-23 14:2838208----a-wc:\documents and settings\Oscar\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-05-23 14:24 . 2009-05-23 14:24--------d-----wc:\documents and settings\Oscar\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-05-22 23:47 . 2009-05-23 00:03--------d-----wc:\documents and settings\Oscar\Application Data\Alien Skin 2009-05-22 23:42 . 2008-05-19 12:1357344----a-wc:\windows\system32\ASTSRV.EXE 2009-05-22 23:41 . 2009-05-22 23:42--------d-----wc:\program files\Alien Skin 2009-05-19 19:51 . 2009-05-19 19:51--------d-----wc:\documents and settings\All Users\Application Data\ALM 2009-05-19 19:31 . 2009-05-19 19:31--------d-----wc:\program files\Adobe Media Player . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-25 20:25 . 2008-04-23 11:13--------d-----wc:\documents and settings\Oscar\Application Data\WTablet 2009-05-25 20:24 . 2008-03-14 12:49--------d-----wc:\program files\Common Files\Symantec Shared 2009-05-25 19:45 . 2008-11-23 22:06410984-c--a-wc:\windows\system32\deploytk.dll 2009-05-25 18:46 . 2008-09-28 20:57--------d-----wc:\program files\Malwarebytes' Anti-Malware 2009-05-25 18:46 . 2008-09-28 20:582967799-c--a-wc:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-05-24 04:07 . 2008-09-28 19:45--------d-----wc:\program files\SUPERAntiSpyware 2009-05-22 16:47 . 2008-03-15 13:0983280-c--a-wc:\documents and settings\Oscar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-19 19:57 . 2008-03-14 12:44--------d-----wc:\program files\Common Files\Adobe 2009-05-19 18:13 . 2008-12-15 22:25--------d-----wc:\program files\Windows Live 2009-04-26 12:59 . 2008-06-01 11:24--------d-----wc:\documents and settings\LocalService\Application Data\WTablet 2009-04-14 20:40 . 2008-04-22 21:23--------d-----wc:\program files\DivX 2009-04-14 20:39 . 2009-04-14 20:39--------d-----wc:\program files\Common Files\DivX Shared 2009-04-13 21:50 . 2009-04-13 21:5053248----a-wc:\documents and settings\Oscar\lametritonus_en.dll 2009-04-13 21:50 . 2009-04-13 21:50162304----a-wc:\documents and settings\Oscar\lame_enc_en.dll 2009-04-11 01:44 . 2008-03-14 13:35--------d-----wc:\program files\Microsoft Works 2009-04-10 16:36 . 2008-06-23 19:4598304-c--a-wc:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll 2009-04-10 16:36 . 2008-06-23 19:4581920-c--a-wc:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll 2009-04-10 16:36 . 2008-06-23 19:45258352-c--a-wc:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll 2009-04-10 16:36 . 2008-06-23 19:45335872-c--a-wc:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll 2009-04-10 16:36 . 2008-06-23 19:45520192-c--a-wc:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll 2009-04-10 16:36 . 2008-06-23 19:45167936-c--a-wc:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe 2009-04-10 16:05 . 2009-04-10 16:04--------d-----wc:\documents and settings\All Users\Application Data\PMB Files 2009-04-10 16:03 . 2009-04-10 16:03--------d-----wc:\program files\Pando Networks 2009-04-06 14:32 . 2008-09-28 20:5738496----a-wc:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 14:32 . 2008-09-28 20:5715504----a-wc:\windows\system32\drivers\mbam.sys 2009-04-06 00:41 . 2008-11-28 23:331----a-wc:\documents and settings\Oscar\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-04-04 14:53 . 2009-04-04 14:531078----a-rc:\documents and settings\Oscar\Application Data\Microsoft\Installer\{C13A8E73-7E98-4295-BA94-6931701CD1F9}\_4ae13d6c.exe 2009-04-04 14:53 . 2009-04-04 14:531078----a-rc:\documents and settings\Oscar\Application Data\Microsoft\Installer\{C13A8E73-7E98-4295-BA94-6931701CD1F9}\_294823.exe 2009-04-04 14:53 . 2009-04-04 14:531078----a-rc:\documents and settings\Oscar\Application Data\Microsoft\Installer\{C13A8E73-7E98-4295-BA94-6931701CD1F9}\_18be6784.exe 2009-03-21 19:10 . 2009-03-21 19:1057344-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-159679b9-n\Decora-SSE.dll 2009-03-21 19:10 . 2009-03-21 19:10499712-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-534157ec-n\msvcp71.dll 2009-03-21 19:10 . 2009-03-21 19:10499712-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-534157ec-n\jmc.dll 2009-03-21 19:10 . 2009-03-21 19:10348160-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-534157ec-n\msvcr71.dll 2009-03-21 19:10 . 2009-03-21 19:1024064-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-36d373a8-n\Decora-D3D.dll 2009-03-21 19:08 . 2009-03-21 19:0857344-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\37\3976f065-746c9cba-n\Decora-SSE.dll 2009-03-21 19:08 . 2009-03-21 19:0824064-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\37\2c4a0065-6f7bc486-n\Decora-D3D.dll 2009-03-21 19:08 . 2009-03-21 19:08315392-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7bb58b64-n\jogl.dll 2009-03-21 19:08 . 2009-03-21 19:0820480-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7bb58b64-n\jogl_awt.dll 2009-03-21 19:08 . 2009-03-21 19:08114688-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7bb58b64-n\jogl_cg.dll 2009-03-21 19:08 . 2009-03-21 19:0820480-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-253d6c9a-n\gluegen-rt.dll 2009-03-21 19:07 . 2009-03-21 19:07503808-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-3eadbfdc-n\msvcp71.dll 2009-03-21 19:07 . 2009-03-21 19:07499712-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-3eadbfdc-n\jmc.dll 2009-03-21 19:07 . 2009-03-21 19:07348160-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-3eadbfdc-n\msvcr71.dll 2009-03-21 19:05 . 2009-03-21 19:05152576-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\jre1.6.0_12\lzma.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-01-18 18:27356352----a-wc:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "d:\\Program Files\\SecondLife\\SLVoice.exe"= "c:\\Documents and Settings\\Oscar\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "d:\\Program Files\\Combat Arms\\NMService.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8392:TCP"= 8392:TCP:BitComet 8392 TCP "8392:UDP"= 8392:UDP:BitComet 8392 UDP "57116:TCP"= 57116:TCP:Pando Media Booster "57116:UDP"= 57116:UDP:Pando Media Booster "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/3/2008 2:07 PM 8944] R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [5/23/2009 12:42 AM 57344] S1 SASKUTIL;SASKUTIL;\??\d:\program files\Ares Songs\SASKUTIL.sys --> d:\program files\Ares Songs\SASKUTIL.sys [?] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [5/25/2009 8:48 PM 8704] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [5/25/2009 8:48 PM 3072] S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\Oscar\LOCALS~1\Temp\iMSPCLOj.sys --> c:\docume~1\Oscar\LOCALS~1\Temp\iMSPCLOj.sys [?] S3 SASENUM;SASENUM;\??\d:\program files\Ares Songs\SASENUM.SYS --> d:\program files\Ares Songs\SASENUM.SYS [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST . Contents of the 'Scheduled Tasks' folder 2009-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-492894223-725345543-1003.job - c:\documents and settings\Oscar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-15 23:43] . - - - - ORPHANS REMOVED - - - - HKCU-Run-AdobeBridge - (no file) SafeBoot-ati7qexx.sys SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: {29DBFC70-ADB2-4950-BF32-358273D17553} = 4.2.2.1,4.2.2.2 TCP: {CBFFB94A-B86B-4769-887E-89459223601D} = 4.2.2.1,4.2.2.2 FF - ProfilePath - c:\documents and settings\Oscar\Application Data\Mozilla\Firefox\Profiles\tbd6nkx8.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.att.net/ FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\Oscar\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll FF - plugin: d:\program files\Plugins\noreg\NPVeohVersion.dll FF - plugin: d:\program files\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: d:\program files\plugins\npPandoWebInst.dll FF - plugin: d:\program files\Reader 8.0\Reader\browser\nppdf32.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-25 21:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\run\OptionalComponents\IMAIL] @DACL=(02 0000) @="" "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MAPI] @DACL=(02 0000) @="" "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MSFS] @DACL=(02 0000) @="" "Installed"="1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(756) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\windows\system32\Tablet.exe c:\windows\system32\WTablet\TabUserW.exe c:\windows\system32\wscntfy.exe c:\windows\system32\Tablet.exe . ************************************************************************** . Completion time: 2009-05-25 21:28 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-25 20:28 Pre-Run: 224,926,203,904 bytes free Post-Run: 224,859,955,200 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 248--- E O F ---2009-05-21 18:23 The MajorGeeks server that hosts their downloads crashed the other day and it looks like some things were not added back correctly. Use this one please. http://majorgeeks.com/JavaRA_d5982.html ---------- Please go to VirSCAN.org FREE on-line scan service (If more than one file needs scanned they must be done separately and logs posted for each one) 1. Copy and paste the following file path into the Suspicious files to scan box on the top of the page. Code: [Select]c:\docume~1\Oscar\LOCALS~1\Temp\iMSPCLOj.sys2. At the upload site, click once inside the window next to Browse. 3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window. 4. Click on the Upload button. This will perform a scan across multiple different virus scanning engines. Your file will possibly be entered into a queue which normally takes less than a minute to clear. [color="Red"]Important:[/color] Wait for all of the scanning engines to complete. 5. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard. 6. Paste the contents of the Clipboard in your next reply. Note: If using FireFox you will need to copy the link in the address bar and post it back here instead. The Copy to Clipboard feature will not work. ---------- Also let me know how the computer is running now.the computer doesnt find the file and the computer is working fine now thank you Download OTMoveIt3 by OldTimer to your desktop. Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator. * Save it to your Desktop. * Double-click OTMoveIt3.exe to run it. * Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy) Code: [Select]:Processes explorer.exe :services iMSPCLOj :files c:\docume~1\Oscar\LOCALS~1\Temp\iMSPCLOj.sys :Commands [purity] [emptytemp] [start explorer] * Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. * Click the red Moveit! button. * Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. ----------
. The above procedure will:
---------- 1. Double click OTMoveIt3.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt3 ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.sorry i have been taking long i have been doing all the stuff installing new updates getting my c drive defragmented i wil post when i have an update thnk you |
|