InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 551. |
Solve : Registry Cleaning.? |
|
Answer» I Recently ran 'Registry HELPER' and it said that i had over 290 errors in my registry can i just go to regedit and DELETE them or do i have to purchase the program for them to be cleaned?That SOUNDS like a scam.... "yer you've got loads of viruses and stuff so buy our product" If you WANT a free registry CLEANER download CCleaner http://www.ccleaner.com/ |
|
| 552. |
Solve : Should I let Comodo scan my PC for malware?? |
|
Answer» This is a really short thread. Should I or not let Comodo installing scan my PC for malware? Or Comodo won't do a good job, so don't scan it?Comodo antivirus is RATHER new but it is trusted. Your choice.They are better known for their FIREWALL software, but they are a trusted name in the computer / online INDUSTRY. I'd let them scan your computer, or mine.I think, we're talking about two different things here. |
|
| 553. |
Solve : Re: All of my Icons and my tool bar are missing from my desktop "start" is gone too? |
|
Answer» I HAVE THE SAME PROBLEM. MY DESKTOP IS NOT DISPLAYED.NO ICON NO TOOLBAR.ON RIGHTCLICKING THERE IS NO RESPONSE CAN ANY ONE HELP ME?this may be CAUSED by a virus. check this out. in the mean time you may be able to get it back by going to task manager (control+alt+delete), in applications click on NEW task and enter 'explorer.exe'. |
|
| 554. |
Solve : Updating Winpatrol? |
|
Answer» I've looked. How do I make sure it is up to date? What's New with Version 15.9.2008.5 What's your version?v15.0.2008 I began using WP on behalf of EF's advise with good RESULTS. I became curious and wondered if it was up to date. I looked at it and determined I could not find anything that would suggest I was either 'out of date' or 'I can update' this freeware. That's why I pose this question. How do I know if winpatrol is CURRENT?I'm not familiar with WinPatrol, but is there no option to Update anywhere?My sentiments. How do I use winpatrol and expect current to date protection?http://securityticker.blogspot.com/2007/10/winpatrol-update-will-now-warn-of.html Quote Winpatrol v12.2.2007 was made available for download on Friday. This new version will now alert you if changes are made to your Automatic Update settings. Like most features, the intention is to protect users from changes made by malicious programs. As a side however, it will also detect if Microsoft or one of their applications decide to change these settings without your knowledge.Very interesting program...... That is a year old, so I would guess WinPatrol's does have automatic UPDATES.Now I'm not sure if we are on the same sheet of music? I don't have a problem with Window's Updates as an OS or if Winpatrol is monitoring Window's. What I would like to knoe is.. how do I know 'Winpatrol' is current? When I OPEN the program, what do I do to ask it if it is current to date?The free version does not autoupdate. To check your version open WinPatrol the select the plus tab. Click Check for new Winpatrol version At the top of the page you will see something similar to this: Current WinPatrol version is : 15.9.2008.5:15.9.2008.5 Your version is : 15.9.2008.5:15.9.2008.5 It just updated Monday Oct. 13 so you should need a new version if you didn't get that one. http://www.winpatrol.com/download.htmlThanks. I understand what needs to be done now.Ah, thanks EVIL. |
|
| 555. |
Solve : concerned about 1 process in log ?? |
|
Answer» i noO12 - PLUGIN for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll |
|
| 556. |
Solve : I hope hope is on the way? |
|
Answer» If I did this correct, I read about spyware listed information by evilfantasy. Followed the proceedure as best I could understand. Did the cleaner download and scanned per directions. So far, so good. Captured quite a bunch of items and made the list in notepad. Did it 3 times over because I had to keep going back to reread the directions, even though I printed them. Got to step 4 that said download (MBAM). It wouldn't work unless I used the alternate choice method. Then it said I need (NT) or something. Forgot to write it down. I have windows ME and it is a custom repaired from scrap machine with my old hard drive installed as a storage system. I beleive I got the trojans, etc from a fwd email requesting I add my name to the list and send it along in SUPPORT of something. I only read it, but the popups started comming the next time I went on line. I get about 10 to 15 in a row. Sometimes it locks up as I TRY to exit them. I beleive they are quarentined at the moment, but now I'm stumped as to what next. I'm not in a big rush, as I'm a bit busy elsewhere, but getting this resolved would lift a burden for sure. Thanks for the time you give to help others.I'm afraid you'll need to post theses three logs for Evil Fantasy to see
Open the SDFix folder and double click RunThis.bat to start the script.
Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows:
|
|
| 557. |
Solve : Slow laptop.? |
|
Answer» I have followed the directions for Malware Removal. I am enclosing the 3 files that are required. Can any expert please analyze my files and let me know that I can do to make my computer faster. Thanks
safe surfing.... |
|
| 558. |
Solve : HiJackThis vs. WinPatrol? |
|
Answer» What is the difference between the HiJacklogs that each of these softwares generate? They look COMPLETELY different to the untrained (my) eye. I don't show signs or cause for reason for mine to be reviewed unless something critical is hidden in one but exposed in the other? To prevent unknown applications from being installed on your computer install WinPatrol 2008 The Hijack log created by WinPatrol is mostly the same except you will notice the --- Additional WinPatrol Info --- which can be useful in finding some forms of malware. That said I have never used a WinPatrol log in malware removal. Hey EF, it was you who actually suggested I use winpatrol during a previous PC problem experience when I asked for y'alls help. I simply just recently noticed it performed a similar HJT log function and compared the logs as if I wished I knew what I was looking for using comparisons. I understand now; either software will present any or all the information one is looking for when trying to effect PC repairs. If I weren't so old; I've wondered if I had learned about computer processes earlier in life time maybe I could become an IT or even a malware guru. Thanks, I appreciate the forums help.If you NEED to research any files just go to one of the online databases and search for it. I have some memorized but I don't have them all. Here are a few good file databases. http://www.bleepingcomputer.com/startups/ http://www.systemlookup.com/ For example if you see C:\Program Files\Windows Defender\MSASCui.exe you would search for MSASCui.exe. Google works well also. Just search MSASCui.exe. |
|
| 559. |
Solve : PWS-Gamania.gen.a? |
|
Answer» Hello, |
|
| 560. |
Solve : Bellsouth (now at&t) antivirus problems, continuous, grrr!? |
|
Answer» I am using it because it CAME with my DSL. It's always corrupted and I have to reinstall it every week or so. It's really on my last FREAKING nerve |
|
| 561. |
Solve : what is the best anti-virus to use in a computer?? |
|
Answer» I post this question because i don't KNOW what anti-VIRUS is the best to install in my computer because some anti-virus are not works from different virus in a computer! |
|
| 562. |
Solve : What are the intended uses for each of the HJT versions? || SREng ||? |
Answer»
HijackThis Installer This installs HijackThis to C:\Program Files\Trend Micro\HijackThis as well as creates Start Menu shortcuts and Desktop shortcuts. HijackThis Zip CONTAINS the program and a readme. HijackThis Executable Only the program itself. (.exe) As for SREng, never heard of it. Link?I would never trust or advise that a novice user run SREng. Actually, it looks like an INTERESTING tool. You can get a whole KZTechs.COM Software Suite: http://www.kztechs.com/eng/download.html which includes: # System Repair Engineer with all PLUGINS # Windows Shell Menus Manager # File Digital Sign Verify Tool # Windows Notifaction Area Tooltip Fix Tool # Windows Installer UnUsed File Cleanup Tool # RenamePlus # PendMove Quote from: evilfantasy on October 08, 2008, 11:19:32 AM I would never trust or advise that a novice user run SREng.specifically, why not? Quote from: Carbon Dudeoxide on October 08, 2008, 04:05:21 AM Welcome to the forums. WHY would i use the .zip version rather than the Installer Version? And if the Installer Version accomplishes the install then why do I need the .zip or .exe versions?? and how does the .zip or .exe versions install if the Installer is not included?zip, and .exe versions don't install. HJT is basically a single file, however since HJT creates a backup, it's important to run it from dedicated folder. Installer, does nothing else, but creates HijackThis folder in Program Files directory, and puts hijackthis.exe into that folder, thus very good for novices. Quote zip, and .exe versions don't install.then what does it do? and what is the distinctive uses of .zip and .exe? why would i, even if not a novice, use the .zip or .exe?HJT simply contains one file: hijackthis.exe, which doesn't need installation, and can be run as is. zip file is hijackthis.exe zipped.Some forms of malware ALSO prevent you from downloading any applications, which may be why there is a .zip option. |
|
| 563. |
Solve : Lavasoft AdAware Pro versus Other AntiMalwares?? |
|
Answer» I have been using Lavasoft's AdAware Pro for 1 year, and it is TIME for renewal. As far as I know, AdAware's the real-time protection (CALLED "AdWatch") has served me WELL, even though I was not sophisticated enough to understand the User's Guide and I therefore was not able to utilize many of AdAware Pro's features; rather, I accepted their default settings and accepted the efficacy on faith.) |
|
| 564. |
Solve : Infection Need Help.? |
|
Answer» Ok so basically , WINDOWS has been hanging extremely badly , so i ran some virus / spyware checks , and trojan hunter , picked up 11 trojans i couldnt clean them due to there so called 30 trial not working anymore , i then scanned with spybot , superantispyware and avria, it hasn't picked up anything . My system is infected with a ghost of a infection. Nothing else can find it . Got the screen shot of the infections on trojan hunter and my hijackthis log . |
|
| 565. |
Solve : Posting logs after scan.."can't connect to internet..."? |
|
Answer» here are the logs from Hijack this
---------- Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.
Also let me know how everything is now?Thanks Evilfantasy... I just followed all the steps you gave. All went well until the scan onDial-a-fix...the last 2 bowex didn't clear in No. 5 Registration center --Explorer / IE / OE / shell / /WMP and --object linking libaries (OLE) In the scan itself it stops at --Registering imgtil.dll Any ideas? Try this. Download to your desktop FixPolicies.exe, a self-extracting ZIP archive from HERE. Double-click FixPolicies.exe. Click the Install button on the bottom toolbar of the box that will open. The program will create a new Folder called FixPolicies. Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd A black box will briefly appear and then close. Restart the computer so the changes can take effect. How is everything now? I meant to get back to you sooner but had to go to work. This is what I did.. I canceled the Dial-a-fix scan and it said it had crashed so I scanned again. It went all the way through that time. I restarted the computer and it connected to the internet no problem. They only wierd thing is the home page "Google" has boxes where it should have text but I can move from there with out any difficulty. Are there any more steps to follow?Yes theres more, we needed to get the connection fixed so it will be easier. Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.here is the Combofix log ComboFix 08-10-09.06 - Owner 2008-10-10 17:31:45.1 - NTFSx86 Microsoft Windows XP Home EDITION 5.1.2600.0.1252.1.1033.18.27 [GMT -7:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\adir.dll C:\WINDOWS\system32\aimsmx.dll C:\WINDOWS\system32\aosmx.dll C:\WINDOWS\system32\dd.exe C:\WINDOWS\system32\gtalsmx.dll C:\WINDOWS\system32\rsvp32_2.dll C:\WINDOWS\system32\rsvp32_2.dll3f2tj C:\WINDOWS\system32\setup.exe.tmp C:\WINDOWS\system32\sm.exe C:\WINDOWS\system32\ymsgsmx.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WINCOM32 -------\Service_wincom32 ((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 ))))))))))))))))))))))))))))))) . 2008-10-10 06:57 . 2008-10-10 17:31 d-------- C:\WINDOWS\system32\CatRoot2 2008-10-09 23:30 . 2008-10-09 23:30 d-------- C:\Program Files\CCleaner 2008-10-09 23:28 . 2008-10-09 23:28 d-------- C:\Program Files\Trend Micro 2008-10-09 22:46 . 2001-08-17 14:03 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-10-09 22:41 . 2008-10-09 22:41 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-10-09 22:36 . 2008-10-09 22:36 d-------- C:\Program Files\Common Files\Skype 2008-10-09 22:35 . 2008-10-09 23:14 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-09 22:35 . 2008-10-09 22:35 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-10-04 20:02 . 2008-10-09 22:41 d-------- C:\Program Files\SUPERAntiSpyware 2008-10-04 20:02 . 2008-10-04 20:02 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com 2008-10-04 19:52 . 2008-10-04 19:52 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes 2008-10-04 19:52 . 2008-10-04 19:52 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-04 19:52 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-04 19:52 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-04 19:39 . 2008-10-04 19:39 285 --a------ C:\WINDOWS\system32\MRT.INI 2008-10-04 19:35 . 2008-10-04 19:35 2,400 --a------ C:\WINDOWS\system32\wpa.bak 2008-10-04 18:58 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-10-04 18:58 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-10-04 18:58 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-10-04 18:58 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-11 00:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype 2008-10-05 23:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6 2008-10-05 23:20 --------- d-----w C:\Program Files\Skype 2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 1077277] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-29 25370152] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll R2 EZYJOPOP;EZYJOPOP;C:\WINDOWS\System32\ezyjopop.ciq [2001-08-23 14976] S3 PAC207;UCAM-E1C10&UCAM-G1C10 series;C:\WINDOWS\System32\DRIVERS\pfc027.sys [ ] . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.com O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm - O17 -: HKLM\CCS\Interface\{9BEE9ECD-E2B6-411B-ADC3-480BCB64598E}: NameServer = 86.64.145.144 O17 -: HKLM\CCS\Interface\{A7BE54E0-1517-4ED2-A79C-90ED790DB98F}: NameServer = 86.64.145.144 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by GMER, http://www.gmer.net Rootkit scan 2008-10-10 17:35:05 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EZYJOPOP] "ImagePath"="\??\C:\WINDOWS\System32\ezyjopop.ciq" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\PAStiSvc.exe . ************************************************************************** . Completion time: 2008-10-10 17:38:39 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-11 00:38:33 Pre-Run: 37,495,373,824 bytes free Post-Run: 37,487,112,192 bytes free 108 --- E O F --- 2008-10-11 00:28:30 here is the Hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:39:40 PM, on 10/10/2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{9BEE9ECD-E2B6-411B-ADC3-480BCB64598E}: NameServer = 86.64.145.144 O17 - HKLM\System\CCS\Services\Tcpip\..\{A7BE54E0-1517-4ED2-A79C-90ED790DB98F}: NameServer = 86.64.145.144 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 2183 bytes
---------- Download
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Now run a new HijackThis scan and post the log. Also let me know how everything is now.This is the Hijackthis log after doing everything else first. Everything is running just fine now. I wont be able to post again until sunday..Iam away for the weekend...so I will say to now...Evilfantasy you are the MAN...thanks so much for seeing me through this. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:50:53 PM, on 10/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\spupdsvc.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\msiexec.exe \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE C:\DOCUME~1\Owner\LOCALS~1\Temp\SSUPDATE.EXE C:\WINDOWS\System32\msdtc.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{9BEE9ECD-E2B6-411B-ADC3-480BCB64598E}: NameServer = 86.64.145.144 O17 - HKLM\System\CCS\Services\Tcpip\..\{A7BE54E0-1517-4ED2-A79C-90ED790DB98F}: NameServer = 86.64.145.144 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 2399 bytes You need to install a free antivirus now before you are back in this situation again. Avira AntiVir Personal is probably the best. Remember to only install one antivirus! 1) Avast! Home Free Edition 2) AVG Free Edition 3) Avira AntiVir Personal ---------- Disable the System Restore Utility to prevent re-infection from an old one 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Put a check mark next to Turn off System Restore on All Drives 4) Click the OK button. 5) You will be prompted to restart the computer. Click the Yes button. Now re-enable System Restore To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'. 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Remove the check mark next to Turn off System Restore on All Drives 4) Click the OK button. ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't SLOW down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop CERTAIN cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 566. |
Solve : Hit with a ton of viruses, here are my log files.? |
|
Answer» Logfile of Trend Micro HijackThis v2.0.2
======Uninstall list====== -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} -->msiexec /i {46548E80-0409-0000-7E8A-45000F855001} -->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601} -->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001} Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=d:\adobe creative suite 2.0/lang=0409 Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log Ahead InCD EasyWrite Reader-->C:\WINDOWS\unmrw.exe /UNINSTALL Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL BitComet 0.70-->C:\Program Files\BitComet\uninst.exe Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} CC_ccProxyExt-->MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919} ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" ccPxyCore-->MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917} CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A} Conquer 2.0-->C:\Program Files\InstallShield Installation Information\{B6060381-5C28-4F86-A31A-B5ADA7A1BD8D}\setup.exe -runfromtemp -l0x0009 -removeonly DAO 3.5-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Your Company\DAO 3.5\Uninst.isu" DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Pro Trial-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" iTunes-->MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355} LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69} Nero 6-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL NeroVision Express 2-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL Norton AntiSpam-->MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519} Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F} Norton Internet Security 2005 (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125} Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935} Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B} Norton Internet Security-->MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F} Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20} Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555} Norton Internet Security-->MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22} Norton WMI Update-->MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0} NTI DVD Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D31612BB-C6D7-4142-96AE-16DB062354CF}\Setup.exe" -l0x9 NTI DVD-Maker Gold-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1033 AnyText NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI PartyPokerNet-->"C:\Program Files\PartyGaming.Net\PartyPokerNet\Uninstall.exe" "C:\Program Files\PartyGaming.Net\PartyPokerNet\install.log" Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3} QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE Risk II (remove only)-->"C:\Program Files\Games\Risk II\Uninstall.exe" S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display' S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2' S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2' S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay' Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe" Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe" Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe" Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe" Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe" Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe" Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe" Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe" Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe" Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe" Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe" Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04} SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Symantec Technical Support Web Controls-->MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441} Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe" Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe" Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe" Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe" Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe" Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe Wrath of the Lich KING Beta-->C:\Program Files\Common Files\Blizzard Entertainment\Wrath of the Lich King\Uninstall.exe =====HijackThis Backups===== O4 - HKLM\..\Run: [iut75] c:\windows\system32\drivers\uzcx.exe O2 - BHO: (no name) - {70BC9B99-5802-4523-8B5E-519F3AF61828} - C:\WINDOWS\system32\hgGvwvWp.dll (file missing) O20 - AppInit_DLLs: avgrsstx.dll pclgna.dll R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245 O3 - Toolbar: (no name) - {6366459B-45A6-489C-9726-429617BB05C2} - (no file) O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\addpf.exe (file missing) Hosts File Missing Gonna take about 4 posts or so to get the log file in so give me a couple mins. |
|
| 567. |
Solve : Computer Extremely slow!!!!!? |
|
Answer» hey all!!!
Open the SDFix folder and double click RunThis.bat to start the script.
|
|
| 568. |
Solve : Recover files from Infected Drive?? |
|
Answer» I was wondering if it were possible to get files off an infected DRIVE. Start the computer off a new drive, and then just copy over the files that you need from the other sick drive. |
|
| 569. |
Solve : Help with possible Trojan/Virus Issue? |
|
Answer» First, I want to say thanks for the help you guys and girls have done for everyone. I really think you are doing an awesome job. My issue is that whenever I try to click a link under a search engine like yahoo or google, I get redirected somewhere else. Also, my AVG is the newer version, but it won't connect to the servce to update. I can't even get onto the AVG.com website. I have ran all the required tests and hope you can help. Thanks in advance.
---------- Download Alternate download link Note: Vista users must use Run As Administrator
Important: Restart the computer before continuing. ---------- Run this online scan. This scanner requires Internet Explorer Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When ASKED, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.here's the log.... # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3505 (20081008) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=4e4351c1f2917747a7348297cdabfa78 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2008-10-09 11:16:12 # local_time=2008-10-09 07:16:12 (-0500, Eastern Daylight Time) # country="United States" # osver=5.1.2600 NT Service Pack 2 # scanned=562552 # found=0 # scan_time=6209Looks good, how is the computer running now? Download OTCleanIt.exe and save it to your Desktop.
---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 570. |
Solve : Possible Trojan/virus Making interent slow?? |
|
Answer» Hello, over the past week i've been experiancing EXTREMLY slow internet, sometimes its fine and then it will either be so slow for hours that the connection just times out - or will takes so long to load a simple page that i could grow a beard. I've ran EVER virus scanner under the sun and degragmented my hardrive and stuff. Even had to have two Virgin MEDIA engineers out. The one that came out today changed the ethernet cable to my modem and added a signal filter, it seemed to work normaly for about an hour and then started to slow down again. Can someone please help me, i really don't want to have to reformat windows and loose everything. I don't understand these hijack things so dont know what i'm looking for, so if someone could tell me if i have any trojans which are making my internet like this that would be good. thank you
---------- Run this online scan. This scanner requires Internet Explorer Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.Hey, thanks for the reply - i done what you said. # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3502 (20081007) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=b19debf8d2a7e74caa65d899e11a38a2 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2008-10-07 11:23:42 # local_time=2008-10-08 12:23:42 (+0000, GMT Daylight Time) # country="United Kingdom" # osver=5.1.2600 NT Service Pack 2 # scanned=274620 # found=0 # scan_time=5683 # nod_component=V3 Build:0x30000000 () Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.
How is everything now?everything seems great now, thanks so much for your time and help Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 571. |
Solve : MY YAHOO MESSENGER WON'T OPEN UP OR START??? |
|
Answer» my yahoo messenger wont start anymore, at my first install of it it was running completely ic ould log in and log out without any problem,but after i turn off my pc.and tried to open it, it wont open up anymore,the yahoo messenger version i first installed was V.8,i tried to uninstall at and reinstall it,it still wont open up any more,also tried
Open the SDFix folder and double click RunThis.bat to start the script.
help me please.i want my pc to turn back to normal.and i want to use yahoo messenger [recovering disk space -- attachment deleted by admin]Run this Disable/Remove Windows Messenger to the Desktop to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups. Unzip the file on the Desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply. Exit out of MessengerDisable then delete the two files that were put on the Desktop. ---------- Download ComboFix by sUBs from one of the below links. Be SURE top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.here are the new logs [recovering disk space -- attachment deleted by admin]Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezehi there.. i experienced the same problem for almost 3 weeks, but now my YM is working fine.. What i did? i downloaded AVG FREE 8.0 and installed it. When i restart my PC there's a threat found and moved it to vault.. after that YM appeared and seems working just fine.. I tried to close it and hoping that it will open again and it did, with a new threat found and i also moved it to vault. Just try to do the same.. i hope it will fix your YM.. GudLuck.. Quote from: inDio™ on September 07, 2008, 03:30:51 AM Just try to do the same.. i hope it will fix your YM.. GudLuck..Evilfantasy knows what he is doing...I've got errors during the process.when i dragged the .txt to the icon it runs the my avg detected some kind of a threat.but i just ignored it.then an error message or warning that im not allowed to do the process.but the program still runs.will it effect my log?? [recovering disk space -- attachment deleted by admin]WOW! i've tried installing yahoo messenger and it's working fine now.the tray icon does not disappear any more when i try to open it.i also tried rebooting my pc and it still runs! i'll just monitor it,if the problem appears again back again.many thanks to evilfantasy and Carbon Dudeoxide. thanks a lot!!what should i do now to prevent my previous problem from happening again?? .and can i use this procedures to other pc units with the same problem?? what should i do now to prevent my previous problem from happening again Wait until you are given the all clear first and I will then give final instructions.
.
---------- Download ATF Cleaner by Atribune to your Desktop. Alternate download link Note: Vista users must use Run As Administrator
Important: Restart the computer before continuing. ---------- Download OTCleanIt.exe and save it to your Desktop.
---------- Run the Kaspersky Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
When the scan is done, in the Scan is complete window, any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the INFORMATION on the report. To obtain the report: Click on: Save Report As
Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.sorry i thought it all alright when i have run my yahoo messenger.and access my drives.when i tried visisting the kaspersky lin with firefox.my firefox explorer has error message that tells me that my firefox needs to close.and on my internet explorer but it only happens when i close my internet explorer the same message COMES out. [recovering disk space -- attachment deleted by admin]Do you know what this belongs to? restart.exe |
|
| 572. |
Solve : From Internet Speed Monitor pop up? |
|
Answer» Hi about 3 days ago I had this From Internet Speed Monitor pop up and I tried looking for it in add/remove pragrams to remove it, but it's not in there. I ran a virus scan, but it didn't remove it. Now my computer is incredibly slow. Can anyone help me Please?
---------- Now run a new HijackThis scan and POST the log. |
|
| 573. |
Solve : Evil Fantasy or anyone... Virus/Trojan/Malware issues (3 logs included)? |
|
Answer» 1st off I want to thank you for this! These programs have seemed to help tremendously! I followed every step to the letter and am now submitting my logs if anyone is willing to look at them and let me know if I am in the clear or what I should do next...
Open the SDFix folder and double click RunThis.bat to start the script.
[Saving space - attachment deleted by admin]Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) - O15 - Trusted Zone: *<- Place a check mark next to ALL of the 015 enrties. - O20 - AppInit_DLLs: svpems.dll,avgrsstx.dll Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis and restart the computer to register the changes. ---------- Download OTCleanIt.exe and save it to your Desktop.
---------- Run this online scan. This scanner requires Internet Explorer Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.Seems ok. BTW, I have run AVG a couple of times (on automatic scan) and one time it found some stuff but then my computer froze up. Next time I ran it but those things weren't there. Would AVG have gotten rid of them even if the program didn't finish? I may run it again on slow scan. What do you think about that? [Saving space - attachment deleted by admin]Everything should be gone after these final steps. You can run another scan with AVG for a double check. Disable the System Restore Utility to prevent re-infection from an old one 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Put a check mark next to Turn off System Restore on All Drives 4) Click the OK button. 5) You will be prompted to restart the computer. Click the Yes button. Now re-enable System Restore To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'. 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Remove the check mark next to Turn off System Restore on All Drives 4) Click the OK button. ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on BUSINESS practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 574. |
Solve : TDSSERV-Need help to remove? |
|
Answer» I have the trojan tdsserv and need help to remove it from my system. My virus software cant delete it, but spyware doctor detects it (but i have the free version it cant delete it) and do not want to buy more virus software.
Open the SDFix folder and double click RunThis.bat to start the script.
SDFix: Version 1.230 Run by User on Thu 02/10/2008 at 06:57 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Name : tdssserv Path : \systemroot\system32\drivers\TDSSserv.sys tdssserv - Deleted Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-02 19:22:32 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Mitch and Greg\Greg\Nero\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:9f,9c,2b,67,cc,da,2a,26,20,9b,cb,50,bf,77,10,ce,d4,8d,7b,37,ef,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,6b,25,44,a6,01,ae,01,20,6f,58,3b,36,6d,24,63,47,bd,.. "khjeh"=hex:63,6b,95,b6,1a,b1,a9,e9,ad,c9,fe,8f,be,a2,07,18,cc,0b,df,08,01,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:27,47,77,86,07,12,03,6f,b3,f4,02,a4,e6,60,9c,86,a9,67,02,7f,b9,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Mitch and Greg\Greg\Nero\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:9f,9c,2b,67,cc,da,2a,26,20,9b,cb,50,bf,77,10,ce,d4,8d,7b,37,ef,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,6b,25,44,a6,01,ae,01,20,6f,58,3b,36,6d,24,63,47,bd,.. "khjeh"=hex:63,6b,95,b6,1a,b1,a9,e9,ad,c9,fe,8f,be,a2,07,18,cc,0b,df,08,01,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:27,47,77,86,07,12,03,6f,b3,f4,02,a4,e6,60,9c,86,a9,67,02,7f,b9,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Games\\Battlefield 2\\BF2.exe"="C:\\Games\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2" "C:\\Games\\Black and White\\runblack.exe"="C:\\Games\\Black and White\\runblack.exe:*:Enabled:lh" "C:\\Games\\Bet on Soldier Single Player Demo\\BoS.exe"="C:\\Games\\Bet on Soldier Single Player Demo\\BoS.exe:*:Disabled:BoS" "C:\\Demos\\Battlefield 2\\BF2.exe"="C:\\Demos\\Battlefield 2\\BF2.exe:*:Disabled:BF2" "C:\\Demos\\Steam\\SteamApps\\wolvf\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe"="C:\\Demos\\Steam\\SteamApps\\wolvf\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe:*:Disabled:Rag_Doll_Kung_Fu_Steam" "C:\\Demos\\Bet on Soldier Single Player Demo\\BoS.exe"="C:\\Demos\\Bet on Soldier Single Player Demo\\BoS.exe:*:Disabled:BoS" "C:\\Games\\ragdoll\\SteamApps\\audio_stream\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe"="C:\\Games\\ragdoll\\SteamApps\\audio_stream\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe:*:Enabled:Rag_Doll_Kung_Fu_Steam" "C:\\Games\\Game Spy\\Aphex.exe"="C:\\Games\\Game Spy\\Aphex.exe:*:Enabled:GAMESPY Arcade" "C:\\Demos\\Lord Of The Rings\\Rings.exe"="C:\\Demos\\Lord Of The Rings\\Rings.exe:*:Enabled:Rings" "C:\\Games\\Little Fighter\\LF2_v1.9c\\lf2.exe"="C:\\Games\\Little Fighter\\LF2_v1.9c\\lf2.exe:*:Enabled:lf2" "C:\\Demos\\Savage\\silverback.exe"="C:\\Demos\\Savage\\silverback.exe:*:Enabled:silverback" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer" "C:\\Demos\\Battlefield 2\\Bf2_w32ded.exe"="C:\\Demos\\Battlefield 2\\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded" "C:\\Demos\\Battlefield 2\\BF2VoipServer_w32ded.exe"="C:\\Demos\\Battlefield 2\\BF2VoipServer_w32ded.exe:*:Enabled:BF2VoipServer_w32ded" "C:\\Demos\\Battlefield 2\\BF2VoipServer.exe"="C:\\Demos\\Battlefield 2\\BF2VoipServer.exe:*:Enabled:BF2VoipServer" "C:\\Demos\\panzer\\PEA.exe"="C:\\Demos\\panzer\\PEA.exe:*:Disabled:PEA" "C:\\Games\\Steam\\SteamApps\\audio_stream\\counter-strike source\\hl2.exe"="C:\\Games\\Steam\\SteamApps\\audio_stream\\counter-strike source\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\Caplio Software\\RGateLXP.exe"="C:\\Program Files\\Caplio Software\\RGateLXP.exe:*:Enabled:RICOH Gate La for DSC" "C:\\Program Files\\Microsoft Games\\Rise Of Legends Demo\\legends.exe"="C:\\Program Files\\Microsoft Games\\Rise Of Legends Demo\\legends.exe:*:Enabled:Rise of Legends" "C:\\Demos\\Act of War High Treason Demo\\ActOfWar_HighTreason_Demo.exe"="C:\\Demos\\Act of War High Treason Demo\\ActOfWar_HighTreason_Demo.exe:*:Enabled:ActOfWar_HighTreason_Demo" "C:\\Games\\X Fire\\Xfire\\Xfire.exe"="C:\\Games\\X Fire\\Xfire\\Xfire.exe:*:Enabled:Xfire" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++" "C:\\Documents and Settings\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\133531VC\\WoW-Intro-enUS-downloader[1].exe"="C:\\Documents and Settings\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\133531VC\\WoW-Intro-enUS-downloader[1].exe:*:Enabled:Blizzard Downloader" "C:\\Games\\Raikon\\Rakion\\Bin\\Rakion.bin"="C:\\Games\\Raikon\\Rakion\\Bin\\Rakion.bin:*:Enabled:Rakion" "C:\\Games\\Steam\\SteamApps\\audio_stream\\half-life 2 deathmatch\\hl2.exe"="C:\\Games\\Steam\\SteamApps\\audio_stream\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2" "C:\\Demos\\LimeWire\\LimeWire.exe"="C:\\Demos\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Demos\\riseandfall\\Bin\\RiseAndFallDemo.exe"="C:\\Demos\\riseandfall\\Bin\\RiseAndFallDemo.exe:*:Disabled:Application" "C:\\Games\\Steam\\SteamApps\\audio_stream\\half-life 2\\hl2.exe"="C:\\Games\\Steam\\SteamApps\\audio_stream\\half-life 2\\hl2.exe:*:Enabled:hl2" "C:\\Mitch and Greg\\Mitch\\LimeWire\\LimeWire.exe"="C:\\Mitch and Greg\\Mitch\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Games\\Warcraft III\\Warcraft III.exe"="C:\\Games\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" "C:\\Demos\\firefox.exe"="C:\\Demos\\firefox.exe:*:Enabled:Firefox" "C:\\Games\\Trem\\tremulous.exe"="C:\\Games\\Trem\\tremulous.exe:*:Enabled:tremulous" "C:\\Demos\\Warhammer\\DarkCrusade.exe"="C:\\Demos\\Warhammer\\DarkCrusade.exe:*:Enabled:DarkCrusade" "C:\\Games\\Defcon\\defcon.exe"="C:\\Games\\Defcon\\defcon.exe:*:Enabled:Defcon" "C:\\Mitch and Greg\\Greg\\ChiChi\\Comet\\BitComet\\BitComet.exe"="C:\\Mitch and Greg\\Greg\\ChiChi\\Comet\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player" "C:\\Games\\Warcraft III\\war3.exe"="C:\\Games\\Warcraft III\\war3.exe:*:Enabled:Warcraft III" "C:\\Games\\Never Winter Nights 2\\nwn2main.exe"="C:\\Games\\Never Winter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main" "C:\\Games\\Never Winter Nights 2\\nwn2main_amdxp.exe"="C:\\Games\\Never Winter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD" "C:\\Games\\Never Winter Nights 2\\nwupdate.exe"="C:\\Games\\Never Winter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater" "C:\\Games\\Never Winter Nights 2\\nwn2server.exe"="C:\\Games\\Never Winter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server" "C:\\Games\\Steam\\SteamApps\\audio_stream\\half-life deathmatch source\\hl2.exe"="C:\\Games\\Steam\\SteamApps\\audio_stream\\half-life deathmatch source\\hl2.exe:*:Enabled:hl2" "C:\\Games\\MoC\\Warhammer.exe"="C:\\Games\\MoC\\Warhammer.exe:*:Enabled:Warhammer©: Mark of ChaosT" "C:\\Games\\Condition Zero\\czero.exe"="C:\\Games\\Condition Zero\\czero.exe:*:Enabled:Condition Zero Launcher" "C:\\Games\\Counter-Strike\\cstrike.exe"="C:\\Games\\Counter-Strike\\cstrike.exe:*:Enabled:CounterStrike Launcher" "C:\\Mitch and Greg\\Greg\\pics\\ImagineFX\\3dsMax8\\3dsmax.exe"="C:\\Mitch and Greg\\Greg\\pics\\ImagineFX\\3dsMax8\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8" "C:\\Program Files\\Autodesk\\backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor" "C:\\Program Files\\Autodesk\\backburner\\manager.exe"="C:\\Program Files\\Autodesk\\backburner\\manager.exe:*:Enabled:backburner 2.3 manager" "C:\\Program Files\\Autodesk\\backburner\\server.exe"="C:\\Program Files\\Autodesk\\backburner\\server.exe:*:Enabled:backburner 2.3 server" "C:\\Games\\Steam\\Steam.exe"="C:\\Games\\Steam\\Steam.exe:*:Enabled:Steam" "C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"="C:\\Program Files\\Sierra On-Line\\SIGSPat.exe:*:Enabled:Update Counter-Strike" "C:\\Mitch and Greg\\Greg\\Miller Stuff\\weird al\\Weird\\CounterStrike2D.exe"="C:\\Mitch and Greg\\Greg\\Miller Stuff\\weird al\\Weird\\CounterStrike2D.exe:*:Enabled:CounterStrike2D" "C:\\Games\\Silver\\Silverfall Demo\\Silverfall.exe"="C:\\Games\\Silver\\Silverfall Demo\\Silverfall.exe:*:Enabled:Silverfall" "C:\\Games\\Mechcommander Gold\\MCX.EXE"="C:\\Games\\Mechcommander Gold\\MCX.EXE:*:Enabled:MechCommander Desperate Measures" "C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "C:\\Program Files\\MicroProse\\MCX\\MCX.EXE"="C:\\Program Files\\MicroProse\\MCX\\MCX.EXE:*:Enabled:MechCmdr Expansion" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5" "C:\\Games\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Games\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader" "C:\\Games\\World of Warcraft\\WoW.exe"="C:\\Games\\World of Warcraft\\WoW.exe:*:Enabled:World of Warcraft" "C:\\Games\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Games\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader" "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:xpsp2res.dll,-22019" "C:\\Games\\Soldat\\Soldat.exe"="C:\\Games\\Soldat\\Soldat.exe:*:Enabled:Soldat" "C:\\Mitch and Greg\\Greg\\ChiChi\\Torrent\\bittorrent.exe"="C:\\Mitch and Greg\\Greg\\ChiChi\\Torrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Mitch and Greg\\Greg\\Bittorent\\BitTorrent\\bittorrent.exe"="C:\\Mitch and Greg\\Greg\\Bittorent\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Games\\Fury\\Binaries\\Fury.exe"="C:\\Games\\Fury\\Binaries\\Fury.exe:*:Enabled:Fury" "C:\\Games\\Fury\\Binaries\\DiamondWare\\dwTVC.exe"="C:\\Games\\Fury\\Binaries\\DiamondWare\\dwTVC.exe:*:Enabled:Fury VOIP" "C:\\Games\\Warcraft III\\GG-Client\\GGclient.exe"="C:\\Games\\Warcraft III\\GG-Client\\GGclient.exe:*:Enabled:GG E-Sports Platform Client" "C:\\Games\\Ventrilo\\ventrilo_srv.exe"="C:\\Games\\Ventrilo\\ventrilo_srv.exe:*:Enabled:ventrilo_srv" "C:\\Mitch and Greg\\Greg\\Veoh\\VeohClient.exe"="C:\\Mitch and Greg\\Greg\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client" "C:\\Games\\AOWSM\\Age of Wonders Shadow Magic\\AoWSM.exe"="C:\\Games\\AOWSM\\Age of Wonders Shadow Magic\\AoWSM.exe:*:Enabled:Age of Wonders: Shadow Magic" "C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server" "C:\\Games\\MC2\\Mc2Rel.exe"="C:\\Games\\MC2\\Mc2Rel.exe:*:Enabled:MechCommander 2 Game EXECUTABLE" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 9 Nov 2006 1,649,152 A..H. --- "C:\Games\Jumper.exe" Wed 31 Jul 2002 104 ..SH. --- "C:\WINDOWS\WSYS049.SYS" Mon 29 Aug 2005 121,240 A..HR --- "C:\Games\DoW\Disk1CheckW40k.EXE" Fri 19 Aug 2005 121,237 A..HR --- "C:\Games\DoW\Disk1Check.EXE" Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Wed 4 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 16 Nov 2003 137,728 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL0221.tmp" Sun 16 Nov 2003 140,800 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL0248.tmp" Sat 15 Nov 2003 28,672 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL0461.tmp" Sat 15 Nov 2003 28,672 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL1292.tmp" Sat 15 Nov 2003 26,112 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL1463.tmp" Sat 15 Nov 2003 26,112 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL1531.tmp" Mon 11 Nov 2002 71,680 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL1674.tmp" Sat 15 Nov 2003 25,088 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL1831.tmp" Sat 15 Nov 2003 28,672 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL3070.tmp" Sat 19 Feb 2005 29,696 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL3185.tmp" Sat 15 Nov 2003 29,184 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL3309.tmp" Mon 11 Nov 2002 72,192 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL3649.tmp" Mon 11 Nov 2002 75,264 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL3799.tmp" Mon 14 Mar 2005 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" Mon 28 Feb 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\uinstrsc.dll" Sun 4 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 9 Nov 2006 1,649,152 A..H. --- "C:\Documents and Settings\User\Desktop\Stuff on USB\Jumper.exe" Sat 3 Jun 2006 56,320 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\Chemistry\~WRL0707.tmp" Sat 3 Jun 2006 25,600 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\Chemistry\~WRL1009.tmp" Sat 3 Jun 2006 50,688 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\Chemistry\~WRL1453.tmp" Sat 3 Jun 2006 47,104 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\Chemistry\~WRL2735.tmp" Sat 3 Jun 2006 25,088 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\Chemistry\~WRL3719.tmp" Sat 3 Jun 2006 44,032 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\Chemistry\~WRL3918.tmp" Wed 17 May 2006 24,576 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\SOR2U\~WRL0003.tmp" Thu 18 May 2006 26,624 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\SOR2U\~WRL2813.tmp" Thu 18 May 2006 26,112 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\SOR2U\~WRL3638.tmp" Thu 18 May 2006 25,600 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\SOR2U\~WRL3722.tmp" Thu 16 Jun 2005 32,768 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\english\~WRL0001.tmp" Thu 16 Jun 2005 33,280 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\english\~WRL3862.tmp" Thu 16 Jun 2005 33,280 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\english\~WRL4052.tmp" Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe" Sat 19 Jan 2008 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg" Sat 19 Jan 2008 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg" Fri 9 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT5.tmp" Sat 30 Aug 2008 1,390,120 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6d60af59b300e891ebe3b192b8cb9849\BIT6.tmp" Mon 1 Sep 2008 249,881 ...HR --- "C:\WINDOWS\system32\drivers\etc\Hosts.bak" Sat 3 Jun 2006 39,424 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0527.tmp" Sat 3 Nov 2007 1,745 ...HR --- "C:\Documents and Settings\User\Application Data\SecuROM\UserData\securom_v7_01.bak" Sun 18 May 2008 26,112 ...H. --- "C:\Mitch and Greg\Greg\School\Year 11\Physics\~WRL3103.tmp" Finished! Now go HERE and follow the steps and post the 3 logs when complete.Ok I will just paste them in that i dont want the attachment (the logs )to be corripted or something SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/03/2008 at 10:22 AM Application Version : 4.20.1046 Core Rules Database Version : 3584 Trace Rules Database Version: 1572 Scan type : Complete Scan Total Scan Time : 01:38:50 Memory items scanned : 519 Memory threats detected : 0 Registry items scanned : 6713 Registry threats detected : 0 File items scanned : 155158 File threats detected : 0 MALWARE BYTES SCAN************************** Malwarebytes' Anti-Malware 1.28 Database version: 1226 Windows 5.1.2600 Service Pack 2 3/10/2008 11:09:46 AM mbam-log-2008-10-03 (11-09-46).txt Scan type: Quick Scan Objects scanned: 48302 Time elapsed: 3 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No MALICIOUS items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:15:50 AM, on 3/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Cannon MF5700\Software 1\OpwareSE2.exe C:\Games\Mechcommander Gold\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Profiler\lwemon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Demos\UltimateZip\uzqkst.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Documents and Settings\User\Desktop\HiJackThis.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\Cannon MF5700\Software 1\OpwareSE2.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Games\Mechcommander Gold\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Mitch and Greg\Greg\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360 Premier Edition\osCheck.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Steam] "c:\games\steam\steam.exe" -silent O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Veoh] "C:\Mitch and Greg\Greg\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: UltimateZip Quick Start.lnk = C:\Demos\UltimateZip\uzqkst.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user') O4 - .DEFAULT Startup: UltimateZip Quick Start.lnk = C:\Demos\UltimateZip\uzqkst.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: UltimateZip Quick Start.lnk = C:\Demos\UltimateZip\uzqkst.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Mitch and Greg\Greg\pics\ImagineFX\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 10470 bytes THANKS FOR THE HELP!! I ran a scan with spydoctor and it still detected tdsserv in the registry....Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.ComboFix 08-10-02.04 - User 2008-10-03 12:35:48.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.569 [GMT 10:00] Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\User\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\MSINET.oca . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MCHINJDRV -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 ))))))))))))))))))))))))))))))) . 2008-10-03 12:25 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-10-03 12:24 . 2008-10-03 12:25 d-------- C:\Program Files\Java 2008-10-03 12:24 . 2008-10-03 12:24 d-------- C:\Program Files\Common Files\Java 2008-10-03 08:35 . 2008-10-03 08:35 d-------- C:\Program Files\CCleaner 2008-10-02 19:29 . 2008-10-02 19:58 d-------- C:\WINDOWS\system32\CatRoot_bak 2008-10-02 18:54 . 2008-10-02 18:54 d-------- C:\WINDOWS\ERUNT 2008-10-02 18:30 . 2008-10-03 12:13 d-------- C:\SDFix 2008-10-02 11:32 . 2008-10-02 11:32 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files 2008-10-02 11:01 . 2008-10-02 12:10 d-------- C:\Documents and Settings\User\Application Data\Symantec 2008-10-02 10:59 . 2008-10-02 10:59 d-------- C:\Program Files\Windows Sidebar 2008-10-02 10:58 . 2008-10-02 11:39 d-------- C:\Program Files\Norton 360 Premier Edition 2008-10-02 10:57 . 2008-10-02 11:18 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-10-02 10:57 . 2008-10-02 11:18 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-10-02 10:57 . 2008-10-02 11:18 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-10-02 10:57 . 2008-10-02 11:18 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-10-02 10:56 . 2008-10-02 11:18 d-------- C:\Program Files\Symantec 2008-10-02 10:56 . 2008-10-02 13:42 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-10-02 10:55 . 2008-10-03 12:40 d-------- C:\Program Files\Common Files\Symantec Shared 2008-09-06 15:31 . 2008-09-06 15:31 d-------- C:\Documents and Settings\LocalService\Application Data\Avanquest 2008-09-06 15:30 . 2008-09-06 15:30 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software 2008-09-06 15:29 . 2008-09-06 15:29 dr-hs---- C:\_Backup.RC 2008-09-06 15:29 . 2008-10-02 10:40 d--h----- C:\_Backup 2008-09-06 15:27 . 2008-09-06 15:27 d-------- C:\Program Files\Avanquest 2008-09-06 15:27 . 2008-09-06 15:27 d-------- C:\Documents and Settings\User\Application Data\Avanquest 2008-09-05 09:39 . 2008-09-05 09:39 d-------- C:\Documents and Settings\All Users\Application Data\f-secure 2008-09-05 08:50 . 2008-09-05 08:50 d-------- C:\Documents and Settings\Administrator 2008-09-05 07:57 . 2008-09-05 07:57 d-------- C:\Documents and Settings\All Users\Application Data\ESET . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-03 02:42 --------- d-----w C:\Documents and Settings\User\Application Data\Skype 2008-10-03 02:14 --------- d-----w C:\Documents and Settings\User\Application Data\skypePM 2008-10-02 22:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-02 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-02 09:39 --------- d-----w C:\Program Files\Spyware Doctor 2008-09-27 04:05 77,824 ----a-w C:\WINDOWS\system32\kdfapi.dll 2008-09-27 04:05 722,472 ----a-w C:\WINDOWS\system32\kdfmgr.exe 2008-09-27 04:05 53,248 ----a-w C:\WINDOWS\system32\Kdfhok.dll 2008-09-27 04:05 192,512 ----a-w C:\WINDOWS\system32\kdfvmgr.exe 2008-09-27 01:14 81,288 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys 2008-09-27 01:14 66,952 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys 2008-09-27 01:14 40,840 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-09-27 01:14 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-09-09 14:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-09 14:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-09-06 05:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-01 11:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-01 11:17 --------- d-----w C:\Program Files\Lavasoft 2008-09-01 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-01 10:38 --------- d-----w C:\Program Files\RegFix Mantra 2008-09-01 10:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-09-01 06:29 --------- d-----w C:\Documents and Settings\User\Application Data\Malwarebytes 2008-09-01 06:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-31 06:41 --------- d-----w C:\Program Files\DNA 2008-08-31 02:12 --------- d-----w C:\Program Files\Exterminate It! 2008-08-31 01:59 --------- d-----w C:\Documents and Settings\User\Application Data\Sunbelt 2008-08-31 01:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sunbelt 2008-08-31 01:58 --------- d-----w C:\Program Files\Sunbelt Software 2008-08-30 13:54 --------- d-----w C:\Program Files\Enigma Software Group 2008-08-30 13:46 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-08-30 13:46 --------- d-----w C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com 2008-08-30 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-08-30 13:33 --------- d-----w C:\Documents and Settings\User\Application Data\PC Tools 2008-08-30 12:06 --------- d-----w C:\Documents and Settings\User\Application Data\Uniblue 2008-08-30 12:05 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151} 2008-08-30 12:05 --------- d-----w C:\Program Files\Uniblue 2008-08-30 08:29 846,336 ----a-w C:\WINDOWS\system32\kdfinj.dll 2008-08-30 07:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro 2008-08-30 07:40 --------- d-----w C:\Program Files\Trend Micro 2008-08-26 07:20 59,176 ----a-w C:\WINDOWS\system32\sbbd.exe 2008-08-04 01:30 --------- d-----w C:\Documents and Settings\User\Application Data\SPORE Creature Creator 2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 12:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 12:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 12:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 12:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 12:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-14 08:35 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-04-15 03:20 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-01-06 05:33 1 ----a-w C:\Documents and Settings\User\SI.bin 2005-03-31 11:17 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded] ="{4433A54A-1AC8-432F-90FC-85F045CF383C}" [HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}] 2008-02-26 18:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending] ="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}" [HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}] 2008-02-26 18:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected] ="{476D0EA3-80F9-48B5-B70B-05E677C9C148}" [HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}] 2008-02-26 18:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 1694208] "Steam"="c:\games\steam\steam.exe" [2008-03-28 1271032] "Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2004-04-23 77824] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "Veoh"="C:\Mitch and Greg\Greg\Veoh\VeohClient.exe" [2008-02-22 3537968] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-03 21898024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 8466432] "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-06-11 1397760] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248] "OpwareSE2"="C:\Program Files\Cannon MF5700\Software 1\OpwareSE2.exe" [2003-05-08 49152] "VirtualCloneDrive"="C:\Games\Mechcommander Gold\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208] "QuickTime Task"="C:\Mitch and Greg\Greg\Quick Time\qttask.exe" [2007-02-16 282624] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 257088] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 81920] "UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024] "SBAMTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2008-08-26 677160] "VirusScannerPro"="C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe" [2007-10-12 173312] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-19 51048] "osCheck"="C:\Program Files\Norton 360 Premier Edition\osCheck.exe" [2008-02-27 988512] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "nwiz"="nwiz.exe" [2007-06-29 C:\WINDOWS\system32\nwiz.exe] C:\Documents and Settings\User\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] UltimateZip Quick Start.lnk - C:\Demos\UltimateZip\uzqkst.exe [2005-02-26 303616] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] ="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] ="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Demos\\Battlefield 2\\BF2.exe"= "C:\\Demos\\Bet on Soldier Single Player Demo\\BoS.exe"= "C:\\Games\\Game Spy\\Aphex.exe"= "C:\\Games\\Little Fighter\\LF2_v1.9c\\lf2.exe"= "C:\\Demos\\Battlefield 2\\Bf2_w32ded.exe"= "C:\\Demos\\Battlefield 2\\BF2VoipServer_w32ded.exe"= "C:\\Demos\\Battlefield 2\\BF2VoipServer.exe"= "C:\\Games\\Steam\\SteamApps\\audio_stream\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Caplio Software\\RGateLXP.exe"= "C:\\Games\\X Fire\\Xfire\\Xfire.exe"= "C:\\Demos\\LimeWire\\LimeWire.exe"= "C:\\Mitch and Greg\\Mitch\\LimeWire\\LimeWire.exe"= "C:\\Demos\\firefox.exe"= "C:\\Mitch and Greg\\Greg\\ChiChi\\Comet\\BitComet\\BitComet.exe"= "C:\\Program Files\\Windows Media Player\\wmplayer.exe"= "C:\\Games\\Never Winter Nights 2\\nwn2main.exe"= "C:\\Games\\Never Winter Nights 2\\nwn2main_amdxp.exe"= "C:\\Games\\Never Winter Nights 2\\nwupdate.exe"= "C:\\Games\\Never Winter Nights 2\\nwn2server.exe"= "C:\\Games\\Counter-Strike\\cstrike.exe"= "C:\\Mitch and Greg\\Greg\\pics\\ImagineFX\\3dsMax8\\3dsmax.exe"= "C:\\Program Files\\Autodesk\\backburner\\monitor.exe"= "C:\\Program Files\\Autodesk\\backburner\\manager.exe"= "C:\\Program Files\\Autodesk\\backburner\\server.exe"= "C:\\Games\\Steam\\Steam.exe"= "C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"= "C:\\Mitch and Greg\\Greg\\Miller Stuff\\weird al\\Weird\\CounterStrike2D.exe"= "C:\\Games\\Mechcommander Gold\\MCX.EXE"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Program Files\\MicroProse\\MCX\\MCX.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "C:\\Games\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"= "C:\\Games\\World of Warcraft\\WoW.exe"= "C:\\Games\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Games\\Soldat\\Soldat.exe"= "C:\\Mitch and Greg\\Greg\\Bittorent\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\BitTorrent_DNA\\dna.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Games\\Warcraft III\\GG-Client\\GGclient.exe"= "C:\\Mitch and Greg\\Greg\\Veoh\\VeohClient.exe"= "C:\\Games\\AOWSM\\Age of Wonders Shadow Magic\\AoWSM.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\Games\\MC2\\Mc2Rel.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8940:TCP"= 8940:TCP:BitComet 8940 TCP "8940:UDP"= 8940:UDP:BitComet 8940 UDP "6112:TCP"= 6112:TCP:Port 6112 TCP "6112:UDP"= 6112:UDP:warcraft3(1) "6113:TCP"= 6113:TCP:warcaft3 "6114:TCP"= 6114:TCP:warcaft3 "6115:TCP"= 6115:TCP:warcaft4 "6116:TCP"= 6116:TCP:warcaft3 "6117:TCP"= 6117:TCP:warcraft3 "6118:TCP"= 6118:TCP:warcraft3 "6119:TCP"= 6119:TCP:warcraft3 R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-19 149352] S2 SBAMSvc;Sunbelt VIPRE Antivirus Service;C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2008-08-26 869672] S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888] S3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\Fix-It\MailScan.sys [2007-10-12 20496] S3 SBRE;SBRE;C:\WINDOWS\system32\drivers\SBREdrv.sys [2007-11-06 87848] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdcb93cf-55f8-11dd-b276-0013d3635782}] \Shell\AutoRun\command - H:\LaunchU3.exe -a *Newly Created Service* - COMHOST . - - - - ORPHANS REMOVED - - - - HKCU-Run-PowerBar - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9icl1eap.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.au/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-03 12:41:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-10-03 12:47:29 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-03 02:47:23 Pre-Run: 82,341,744,640 bytes free Post-Run: 82,276,352,000 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 280 --- E O F --- 2008-10-02 11:54:15 here is HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:59:58 AM, on 4/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Cannon MF5700\Software 1\OpwareSE2.exe C:\Games\Mechcommander Gold\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Profiler\lwemon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Demos\UltimateZip\uzqkst.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Spyware Doctor\pctsGui.exe C:\Demos\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Documents and Settings\User\Desktop\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\Cannon MF5700\Software 1\OpwareSE2.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Games\Mechcommander Gold\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Mitch and Greg\Greg\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360 Premier Edition\osCheck.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Steam] "c:\games\steam\steam.exe" -silent O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: UltimateZip Quick Start.lnk = C:\Demos\UltimateZip\uzqkst.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user') O4 - .DEFAULT Startup: UltimateZip Quick Start.lnk = C:\Demos\UltimateZip\uzqkst.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: UltimateZip Quick Start.lnk = C:\Demos\UltimateZip\uzqkst.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Mitch and Greg\Greg\pics\ImagineFX\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe Thank you very much! You don't know how much I owe you!!!Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Driver:: MCHINJDRV 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze ---------- Disable the System Restore Utility to flush infected restore points 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Put a check mark next to Turn off System Restore on All Drives 4) Click the OK button. 5) You will be prompted to restart the computer. Click the Yes button. Now re-enable System Restore To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'. 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Remove the check mark next to Turn off System Restore on All Drives 4) Click the OK button. ---------- Download OTCleanIt.exe and save it to your Desktop.
---------- Run CCleaner. ---------- Run this online scan. This scanner requires Internet Explorer Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply. ---------- How is everything now?I will have the results from your steps tomorrow or later today, I am hung up in arrangements. I appreciate you waiting. Also i will be UNABLE to run the ESET scan due to restrictions (dont ask why). Is there any other scan i could run that would not require the internet? Thankyou very much.You can run Dr Web instead. Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows:
So sorry. If you could tell me how to redo the steps i skipped and what they do. Sorry. Thankyou for all your help. Here is the Dr.Web log. ComboFix.exe\32788R22FWJFW\List-C.bat;C:\Documents and Settings\User\Desktop\ComboFix.exe;Probably BATCH.Virus;; ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\User\Desktop\ComboFix.exe;Program.PsExec.171;; ComboFix.exe;C:\Documents and Settings\User\Desktop;Archive contains infected objects;Moved.; Dc4.exe\SDFix\apps\Process.exe;C:\RECYCLER\S-1-5-21-1614895754-507921405-725345543-1003\Dc4.exe;Tool.Prockill;; Dc4.exe;C:\RECYCLER\S-1-5-21-1614895754-507921405-725345543-1003;Archive contains infected objects;Moved.; Process.exe;C:\RECYCLER\S-1-5-21-1614895754-507921405-725345543-1003\Dc3\apps;Tool.Prockill;Moved.; A0000590.bat;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP5;Probably BATCH.Virus;Moved.; A0000602.EXE;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP5;Program.PsExec.170;Moved.; data007\data001;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7\A0001750.exe\data007;Adware.Shopper;; data007\data002;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7\A0001750.exe\data007;Adware.SaveNow.128;; data007;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7\A0001750.exe;Archive contains infected objects;; A0001750.exe;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7;Archive contains infected objects;Moved.; A0001751.exe\32788R22FWJFW\List-C.bat;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7\A0001751.exe;Probably BATCH.Virus;; A0001751.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7\A0001751.exe;Program.PsExec.171;; A0001751.exe;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7;Archive contains infected objects;Moved.; A0001752.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7\A0001752.exe;Tool.Prockill;; A0001752.exe;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7;Archive contains infected objects;Moved.; Also i will have the next step you give done in the nest 4 four days some more arrangements have popped up and will slow me down in the things i can do on the computer. I appreciate you waiting.It doesn't look like anything new was found. How is the computer running now?My computers running great! Thankyou!!! I owe you a lot. Should i go back and do the combofix steps to delete that file or whatever it does, because i never did it? The notepad code step. If you think the computer is ok i wont bother but if you think it would be good ill do it. But the combofix files got quarantined and now i cant use them, should i redownload ? THANK for all your help! |
|
| 575. |
Solve : Vundo and Trojan Problems? |
|
Answer» After stupidly downloading questionable software I was immediately hit with a virus that changed my displays, throw up pop-ups and disallowed access to my C: drive. As soon as I saw what was happening I disconnected my internet and ran SuperAntiSpyware and CCleaner. I have followed the removing malware guide by whatever I have won't let me open up the sites for Malwarebytes and HijackThis.
Open the SDFix folder and double click RunThis.bat to start the script.
---------- Now go back and download MalwareBytes and HijackThis and post the logs from them.Alright, things are already looking much better. Ran SDFix, MalwareBytes and HijackThis, here are the logs SDFix: Version 1.231 Run by Administrator on Mon 10/06/2008 at 08:41 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Name : tdssserv Path : \systemroot\system32\drivers\TDSSserv.sys tdssserv - Deleted Restoring Default Security Values Restoring Default Hosts File Restoring Default HomePage Value Restoring Default Desktop Components Value Rebooting Checking Files : Trojan Files Found: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted C:\WINDOWS\system32\TFTP3716 - Deleted C:\WINDOWS\fkebanrw.exe - Deleted C:\Documents and Settings\Luna\Application Data\Adobe\crc.dat - Deleted C:\WINDOWS\system32\TDSSerrors.log - Deleted C:\WINDOWS\system32\tdssserf1.dll - Deleted Folder C:\Program Files\MicroAntivirus - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-06 20:53:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:xpsp2res.dll,-22019" "C:\\WINDOWS\\SYSTEM32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\SYSTEM32\\P2P Networking\\P2P Networking.exe:*:Disabled:P2P Networking" "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:TaskPanl" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" "D:\\IVVIEW7.EXE"="D:\\IVVIEW7.EXE:*:Enabled:Image Vault Viewer" "C:\\Program Files\\Team17\\Worms Armageddon\\wa.exe"="C:\\Program Files\\Team17\\Worms Armageddon\\wa.exe:*:Disabled:Worms Armageddon" "C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client" "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk" "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\Program Files\\Common Files\\AOL\\1142993994\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1142993994\\ee\\aolsoftware.exe:*:Enabled:AOL Services" "C:\\Program Files\\Common Files\\AOL\\1142993994\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1142993994\\ee\\aim6.exe:*:Enabled:AIM" "C:\\Program Files\\earthlinkim\\aim.exe"="C:\\Program Files\\earthlinkim\\aim.exe:*:Enabled:AOL Instant Messenger" "C:\\Program Files\\Dell\\Support\\Alert\\bin\\DAMon.exe"="C:\\Program Files\\Dell\\Support\\Alert\\bin\\DAMon.exe:*:Disabled:MessageApp" "C:\\Program Files\\SBC Self Support Tool\\SmartBridge\\MotiveSB.exe"="C:\\Program Files\\SBC Self Support Tool\\SmartBridge\\MotiveSB.exe:*:Enabled:SBC Self Support Tool Alerts" "C:\\Program Files\\Real\\RealOne Player\\trueplay.exe"="C:\\Program Files\\Real\\RealOne Player\\trueplay.exe:*:Enabled:RealPlayer" "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Disabled:AOL Instant Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:xpsp3res.dll,-20000" "C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax" "C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager" "C:\\Program Files\\Yahoo!\\YOP\\yop.exe"="C:\\Program Files\\Yahoo!\\YOP\\yop.exe:*:Disabled:Dashboard Module" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0" "C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Vuze\\Azureus.exe"="C:\\Program Files\\Vuze\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home" "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" "C:\\Program Files\\earthlinkim\\aim.exe"="C:\\Program Files\\earthlinkim\\aim.exe:*:Enabled:AOL Instant Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:xpsp3res.dll,-20000" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 8 Nov 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Thu 7 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Fri 8 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Sun 24 Aug 2008 25,755,448 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d27c2900aa2705e008389ddae7c985e9\BIT22.tmp" Finished! Malwarebytes' Anti-Malware 1.28 Database version: 1134 Windows 5.1.2600 Service Pack 2 10/6/2008 8:06:57 PM mbam-log-2008-10-06 (20-06-57).txt Scan type: Quick Scan Objects scanned: 65460 Time elapsed: 8 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 20 Registry Values Infected: 16 Registry Data Items Infected: 18 Folders Infected: 0 Files Infected: 22 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\qaccess.tchongabho (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a34fa88d-8437-4634-8a60-e913011ef2e5} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a34fa88d-8437-4634-8a60-e913011ef2e5} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yura.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur17.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1f.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur12.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur27.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurf.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yura.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur17.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1f.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur12.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur27.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurf.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55277-OEM-0011903-00102) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. C:\Documents and Settings\Luna\Application Data\sp2\qaccess.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\evbo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\1.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\2.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\browser.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\YUR27.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\YURF.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\tdssadw.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\tdssl.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\tdssserf.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\tdssmain.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\tdssinit.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\tdsslog.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\tdssservers.dat (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\DRIVERS\tdssserv.sys (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully. C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\MicroAntivirus\microAV.ooo (Rogue.MicroAntivirus) -> Quarantined and deleted successfully. C:\Program Files\MicroAntivirus\microAV0.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully. C:\Program Files\MicroAntivirus\microAV1.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:20:18 PM, on 10/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Dell\Support\Alert\bin\DAMon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\Common Files\AOL\1177204184\ee\AOLSoftware.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\hphmon04.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe c:\program files\common files\aol\1177204184\ee\aolsoftware.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\Sniper.exe.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O2 - BHO: ElnkScamBHO Class - {66252F33-BE30-4188-9199-63F2AC8BA137} - C:\Program Files\EarthLink TotalAccess\EScamBlk.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {D628451C-14B1-4ACD-94AD-F871D12B3CAB} - (no file) O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177204184\ee\AOLSoftware.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [] C:\Documents and Settings\Luna\Application Data\Adobe\Player.exe O4 - HKCU\..\Run: [lightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/04a30f04300bfbf27206/netzip/RdxIE2.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: pmnkKAPI - pmnkKAPI.dll (file missing) O21 - SSODL: xgpsarbm - {497091B7-26C9-4AE0-A6CD-268DF4165292} - (no file) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE -- End of file - 13356 bytes Looks pretty good but you are running two antivirus, Yahoo! Antivirus and Avast. This is never good and it is strongly suggested to uninstall one now. I recommend keeping Avast and uninstalling Yahoo! Antivirus. ---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) - O2 - BHO: (no name) - {D628451C-14B1-4ACD-94AD-F871D12B3CAB} - (no file) - O4 - HKCU\..\Run: [] C:\Documents and Settings\Luna\Application Data\Adobe\Player.exe - O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present - O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present - O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) - O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - - O20 - Winlogon Notify: pmnkKAPI - pmnkKAPI.dll (file missing) - O21 - SSODL: xgpsarbm - {497091B7-26C9-4AE0-A6CD-268DF4165292} - (no file) Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.Alright, moving along nicely Here are the ComboFix and new HijackThis logs ComboFix 08-10-06.05 - Luna 2008-10-06 21:32:03.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.135 [GMT -7:00] Running from: C:\Documents and Settings\Luna\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\0000005739.exe C:\Documents and Settings\Luna\Application Data\Adobe\Player.exe C:\WINDOWS\system32\dao350.dll C:\WINDOWS\system32\P2P Networking C:\xcrashdump.dat . ((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 ))))))))))))))))))))))))))))))) . 2008-10-06 20:37 . 2008-10-06 20:37 d-------- C:\WINDOWS\ERUNT 2008-10-06 20:27 . 2008-10-06 20:55 d-------- C:\SDFix 2008-10-06 19:55 . 2008-10-06 19:55 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-06 19:55 . 2008-10-06 19:55 d-------- C:\Documents and Settings\Luna\Application Data\Malwarebytes 2008-10-06 19:55 . 2008-10-06 19:55 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-06 19:55 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys 2008-10-06 19:55 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys 2008-10-06 19:33 . 2008-10-06 19:33 d-------- C:\Program Files\Sun 2008-10-06 19:33 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl 2008-10-06 19:32 . 2008-10-06 19:33 d-------- C:\Program Files\Java 2008-10-06 19:32 . 2008-10-06 19:32 d-------- C:\Program Files\Common Files\Java 2008-10-06 19:12 . 2008-10-06 20:06 d-------- C:\Documents and Settings\Luna\Application Data\sp2 2008-10-06 18:21 . 2008-10-06 18:21 d-------- C:\Program Files\Alwil Software 2008-10-05 21:40 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\SYSTEM32\ShellManager310E2D762.dll 2008-10-05 21:40 . 2008-06-23 17:36 773,120 --a------ C:\WINDOWS\SYSTEM32\NEROINSTAEC43759.DB 2008-10-05 20:16 . 2008-10-05 20:16 d-------- C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\EarthLink Toolbar 2008-10-05 19:11 . 2008-10-05 19:11 d-------- C:\Documents and Settings\Luna\Application Data\AVS4YOU 2008-10-05 19:10 . 2008-10-05 19:10 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2008-10-05 19:08 . 2008-10-05 19:45 d-------- C:\Program Files\Common Files\AVSMedia 2008-10-05 19:08 . 2008-10-05 19:45 d-------- C:\Program Files\AVS4YOU 2008-10-05 19:08 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\SYSTEM32\GdiPlus.dll 2008-10-05 18:50 . 2008-10-05 18:50 d-------- C:\boilsoft_tmp 2008-10-05 18:49 . 2008-10-05 18:57 67 --a------ C:\WINDOWS\AVIConverter.INI 2008-10-05 18:23 . 2008-10-05 18:23 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe 2008-10-05 17:52 . 2008-10-05 22:31 29 --a------ C:\WINDOWS\Irremote.ini 2008-10-05 17:24 . 2008-10-05 17:24 d-------- C:\Program Files\Common Files\LightScribe 2008-10-04 00:51 . 2008-10-04 00:51 d-------- C:\Program Files\DNA 2008-10-04 00:51 . 2008-10-06 21:38 d-------- C:\Documents and Settings\Luna\Application Data\DNA . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-07 02:40 --------- d-----w C:\Program Files\CCleaner 2008-10-06 23:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-10-06 05:46 --------- d-----w C:\Program Files\Common Files\Nero 2008-10-06 04:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-10-06 04:25 --------- d-----w C:\Program Files\InterActual 2008-10-06 04:24 --------- d-----w C:\Documents and Settings\Luna\Application Data\Azureus 2008-10-06 02:03 --------- d-----w C:\Program Files\Soulseek 2008-10-06 01:23 --------- d-----w C:\Documents and Settings\Luna\Application Data\Nero 2008-10-06 00:50 --------- d-----w C:\Program Files\Nero 2008-10-05 22:37 --------- d-----w C:\Program Files\MediaFACE II 2008-09-06 15:29 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-09-02 08:54 1,739,459 ----a-w C:\WINDOWS\Badge 1280x1024.scr 2008-09-02 08:54 --------- d-----w C:\Program Files\Badge 1280x1024 2008-08-31 22:51 --------- d-----w C:\Documents and Settings\Luna\Application Data\Yahoo! 2008-08-23 20:38 --------- d-----w C:\Program Files\Common Files\Ahead 2008-08-23 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-08-23 18:57 --------- d-----w C:\Documents and Settings\Luna\Application Data\Ahead 2008-08-18 06:11 --------- d-----w C:\Program Files\Common Files\Adaptec Shared 2008-08-18 06:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-16 13:24 --------- d-----w C:\Program Files\NOS 2008-08-16 13:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS 2008-08-16 03:38 --------- d-----w C:\Program Files\Common Files\Adobe AIR 2008-08-16 03:37 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-14 01:55 --------- d-----w C:\Program Files\Common Files\AOL 2008-08-14 01:39 --------- d-----w C:\Documents and Settings\Luna\Application Data\Simple Star 2008-08-14 01:35 --------- d-----w C:\Program Files\Common Files\Simple Star Shared 2008-08-10 04:49 --------- d-----w C:\Program Files\Common Files\Voyetra 2008-08-10 03:51 --------- d-----w C:\Documents and Settings\Luna\Application Data\Microsoft Web Folders 2008-08-10 03:50 --------- d-----w C:\Program Files\microsoft frontpage 2008-08-10 03:32 --------- d-----w C:\Documents and Settings\Luna\Application Data\AOL 2008-08-09 13:20 --------- d-----w C:\Program Files\Free Audio Pack 2008-08-09 13:10 --------- d-----w C:\Program Files\Pure Networks 2008-08-09 06:45 --------- d-----w C:\Program Files\Trend Micro 2008-08-09 05:44 --------- d-----w C:\Documents and Settings\Luna\Application Data\Leadertech 2008-08-09 04:44 --------- d-----w C:\Documents and Settings\Luna\Application Data\SUPERAntiSpyware.com 2008-08-09 04:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-08-09 04:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-09 04:35 --------- d-----w C:\Program Files\SBC Self Support Tool 2008-08-09 04:32 --------- d-----w C:\Program Files\Yahoo! 2008-08-09 04:32 --------- d-----w C:\Program Files\Symantec 2008-08-09 04:32 --------- d-----w C:\Program Files\QuickTime 2008-08-09 04:32 --------- d-----w C:\Program Files\Modem Helper 2008-08-08 03:37 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-08-08 02:52 --------- d-----w C:\Program Files\HP Photosmart 11 2008-08-08 02:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2008-08-08 02:05 --------- d-----w C:\Program Files\Vuze 2008-08-08 01:49 --------- d-----w C:\Program Files\Common Files\Motive 2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll 2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll 2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe 2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll 2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll 2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll 2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll 2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll 2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll 2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll 2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll 2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll 2008-07-07 20:32 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll 2004-12-08 13:59 78,712 -c--a-w C:\Documents and Settings\Luna\Application Data\GDIPFONTCACHEV1.DAT 2003-04-14 04:18 10,135,688 -c--a-w C:\Program Files\mpsetupXP.exe 2002-12-30 09:30 3,286,795 -c--a-w C:\Program Files\DivX502Bundle.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-10-26 4662776] "RealPlayer"="C:\Program Files\Real\RealOne Player\realplay.exe" [2006-06-11 1003520] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-06 1576176] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-04 289088] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 5058560] "MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 241714] "Dell|Alert"="C:\Program Files\Dell\Support\Alert\bin\DAMon.exe" [2002-07-11 270336] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-05-22 180269] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416] "HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2004-02-02 495616] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536] "CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2006-05-28 230512] "CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2006-05-28 185456] "YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032] "HostManager"="C:\Program Files\Common Files\AOL\1177204184\ee\AOLSoftware.exe" [2006-09-25 50736] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048] "HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2006-01-06 348160] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "nwiz"="nwiz.exe" [2003-10-06 C:\WINDOWS\SYSTEM32\nwiz.exe] C:\Documents and Settings\Luna\Start Menu\Programs\Startup\ V CAST Music Monitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe [2005-11-30 327680] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2002-11-20 45056] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588] SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2008-08-07 217088] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispSettingPage"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-09-06 08:29 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Dell\\Support\\Alert\\bin\\DAMon.exe"= "C:\\Program Files\\Real\\RealOne Player\\trueplay.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Yahoo!\\YOP\\yop.exe"= "C:\\Program Files\\Soulseek\\slsk.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Vuze\\Azureus.exe"= "C:\\Program Files\\DNA\\btdna.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8097:TCP"= 8097:TCP:EarthLink UHP Modem Support R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 38144] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 tbcspud;Santa Cruz Driver;C:\WINDOWS\system32\drivers\tbcspud.sys [2002-04-03 144768] R3 tbcwdm;Santa Cruz WDM Driver;C:\WINDOWS\system32\drivers\tbcwdm.sys [2002-04-03 545088] S3 VisorUsb;Handspring USB;C:\WINDOWS\system32\DRIVERS\VisorUsb.sys [2001-11-20 19968] *Newly Created Service* - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2008-07-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] 2008-10-07 C:\WINDOWS\Tasks\HP Usg Daily.job - C:\Program Files\hp photosmart 11\printer\Hphusg04.exe [2006-01-06 12:07] 2008-10-07 C:\WINDOWS\Tasks\HP Usg Login.job - C:\Program Files\hp photosmart 11\printer\Hphusg04.exe [2006-01-06 12:07] . - - - - ORPHANS REMOVED - - - - HKLM-Run-windows auto update - (no file) HKLM-Run-NWEReboot - (no file) ShellExecuteHooks-{C7093DB8-D5FB-4FF9-851C-3E4C5C5BD4FD} - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Luna\Application Data\Mozilla\Firefox\Profiles\0thcnx8q.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?fr=ffsp1&p= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-06 21:41:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Dell|Alert = C:\Program Files\Dell\Support\Alert\bin\DAMon.exe?p?o?r?t?\?A?l?e?r?t?\?b?i?n?\?D?A?M?o?n?.?e?x?e???x???X???`???h???x????X???P?(?w'(?w???(?w???0?$?w7(?w?o?wS??w???w???X*???X??%?e?? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-06 21:47:46 ComboFix-quarantined-files.txt 2008-10-07 04:47:24 Pre-Run: 59,436,740,608 bytes free Post-Run: 59,537,301,504 bytes free 225 --- E O F --- 2008-10-06 07:04:41 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:50:18 PM, on 10/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\Common Files\AOL\1177204184\ee\AOLSoftware.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\iPod\bin\iPodService.exe c:\program files\common files\aol\1177204184\ee\aolsoftware.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe c:\program files\common files\aol\1177204184\ee\anotify.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\Sniper.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O2 - BHO: ElnkScamBHO Class - {66252F33-BE30-4188-9199-63F2AC8BA137} - C:\Program Files\EarthLink TotalAccess\EScamBlk.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177204184\ee\AOLSoftware.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [lightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE -- End of file - 11575 bytes Still running two antivirus? I (as well as Microsoft, McAfee and Symantec) recommend that you DO NOT have more than one antivirus product installed and running on your computer at a time. The real-time protection of two antivirus programs may conflict with each other and cause the following: 1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) Conflicts: Your system may lock up due to both products attempting to access the same file at the same time. 3) Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen. I strongly suggest you either configure only one antivirus program to enable automatic real-time scanning, and leave the rest disabled, using them for on-demand scanners or go to Start > Control Panel > Add or Remove Programs and uninstall all but one antivirus program. ----------
---------- Download OTMoveIt2 by OldTimer and save it to your Desktop. Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator. 1. Double-click OTMoveIt2.exe to run it. 2. Copy the lines in the codebox below. Code: [Select][kill explorer] C:\WINDOWS\SYSTEM32\ShellManager310E2D762.dll C:\WINDOWS\SYSTEM32\NEROINSTAEC43759.DB EmptyTemp [start explorer] 3. Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste 4. Click the red Moveit! button. 5. Copy everything in the Results window (under the green bar) and paste it in your next reply. 6. Close OTMoveIt2 Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway. ---------- After posting the OTmoveIt2 log...I probably won't be back online until tomorrow so go ahead and run the ESET scan. First: 1. Double click OTMoveIt2.exe to launch it. If using Vista Right-Click OTMoveIt and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
---------- Next: Run this online scan. This scanner requires Internet Explorer Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply. Also let me know hoe the PC is now.Here is the MoveIt Explorer killed successfully C:\WINDOWS\SYSTEM32\ShellManager310E2D762.dll NOT unregistered. C:\WINDOWS\SYSTEM32\ShellManager310E2D762.dll moved successfully. C:\WINDOWS\SYSTEM32\NEROINSTAEC43759.DB moved successfully. < EmptyTemp > File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_370.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10062008_224309 Files moved on Reboot... C:\WINDOWS\temp\Perflib_Perfdata_370.dat moved successfully. File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.Here is the Eset log: # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3499 (20081007) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=b787b4cf8586ad489e32522b146782ef # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2008-10-07 07:46:48 # local_time=2008-10-07 12:46:49 (-0800, Pacific Daylight Time) # country="United States" # osver=5.1.2600 NT Service Pack 2 # scanned=294414 # found=29 # scan_time=6093 C:\Documents and Settings\Luna\Application Data\Mozilla\Firefox\Profiles\0thcnx8q.default\Cache(3)\B750ACA1d01 Win32/Adware.WBug.A application (deleted) 00000000000000000000000000000000 C:\Documents and Settings\Luna\Application Data\Mozilla\Firefox\Profiles\0thcnx8q.default\Cache(3)\B750ACA1d01 »WISE »WxBug.EXE Win32/Adware.WBug.A application (error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\Documents and Settings\Luna\Application Data\Mozilla\Firefox\Profiles\0thcnx8q.default\Cache(3)\B750ACA1d01 »WISE »WxBug.EXE »WISE »MiniBugTransporter.dll Win32/Adware.WBug.A application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\Documents and Settings\Luna\My Documents\Install_AIM.exe Win32/Adware.WBug.A application (deleted) 00000000000000000000000000000000 C:\Documents and Settings\Luna\My Documents\Install_AIM.exe »WISE »WxBug.EXE Win32/Adware.WBug.A application (error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\Documents and Settings\Luna\My Documents\Install_AIM.exe »WISE »WxBug.EXE »WISE »MiniBugTransporter.dll Win32/Adware.WBug.A application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp\Download Manager\adm.exe Win32/Adware.Altnet application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp\Download Manager\adm25.dll Win32/Adware.BDE application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp\Download Manager\admdata.dll Win32/Adware.Altnet application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp\Download Manager\admdloader.dll Win32/Adware.Altnet application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp\Download Manager\admfdi.dll Win32/Adware.Altnet application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp\adm.exe Win32/Adware.Altnet application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp\adm25.dll Win32/Adware.BDE application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp\admdata.dll Win32/Adware.Altnet application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp\admdloader.dll Win32/Adware.Altnet application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp\admfdi.dll Win32/Adware.Altnet application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp\pmfiles.cab Win32/Adware.BrilliantDigital application (deleted) 00000000000000000000000000000000 C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp\pmfiles.cab »CAB »sysdetect.dll Win32/Adware.BrilliantDigital application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP116\A0008696.exe Win32/Adware.Altnet application (unable to clean - deleted) 00000000000000000000000000000000 C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP116\A0008697.dll Win32/Adware.BDE application (unable to clean - deleted) 00000000000000000000000000000000 C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP116\A0008698.dll Win32/Adware.Altnet application (unable to clean - deleted) 00000000000000000000000000000000 C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP116\A0008699.dll Win32/Adware.Altnet application (unable to clean - deleted) 00000000000000000000000000000000 C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP116\A0008700.dll Win32/Adware.Altnet application (unable to clean - deleted) 00000000000000000000000000000000 C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP116\A0008701.exe Win32/Adware.Altnet application (unable to clean - deleted) 00000000000000000000000000000000 C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP116\A0008702.dll Win32/Adware.BDE application (unable to clean - deleted) 00000000000000000000000000000000 C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP116\A0008703.dll Win32/Adware.Altnet application (unable to clean - deleted) 00000000000000000000000000000000 C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP116\A0008704.dll Win32/Adware.Altnet application (unable to clean - deleted) 00000000000000000000000000000000 C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP116\A0008705.dll Win32/Adware.Altnet application (unable to clean - deleted) 00000000000000000000000000000000 C:\WINDOWS\SYSTEM32\P2P Networking v125.cpl Win32/Adware.P2PNet application (unable to clean - deleted) 00000000000000000000000000000000 After all the scans everything seems to be running smoothly, desktop icons restored and I have access to all drives. I had to unistall Avast as the Yahoo antivirus is blocking me from disabling or uninstalling. Your help has been tremendous I can't thank you enough. Getting the all clear would make my day.Looks good. Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Done and done. Thanks again, you guys are the best.No problem. Safe surfing.... |
|
| 576. |
Solve : Norton Internet Security Will not uninstall!!!? |
|
Answer» I CANT get dang thing to uninstall! I used revo uninstaller to try and uninstall it but STILL WONT uninstall. |
|
| 577. |
Solve : I got nailed by a really bad virus.? |
|
Answer» So I have gotten nailed with a serious trojan. This thing has hijacked my browser so I keep getting redirected to random websites. It has blocked my computer from contacting, or updating, Kaspersky Security Center. I can't access my control panel or any of the options there. It has blocked me from acessing most helpful websites to help me figure this out, thank god I found this one. I found this in which gave me .reg file to replace the ones that got deleted:
Open the SDFix folder and double click RunThis.bat to start the script.
---------- Now run a new HijackThis scan and post that log also.When I try to reboot in safe mode it gives me the blue screen saying the video drivers could not be activated. Download Malwarebytes' Anti-Malware (MBAM) http://rapidshare.com/files/150037339/mbam-setup.exe.html
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. ---------- Now run a new HijackThis scan and post that log also.When I try to intstall Malwarebytes' Anti-Malware (MBAM) it nearly completes the istallation and then windows says it has encountered a problem and has to close. Every time I try to launch it it does the same. I seriously appreciate your help. Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) - O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe - O4 - HKCU\..\Run: [monchk] C:\WINDOWS\system32\kzajyjuv.exe - O4 - HKLM\..\Policies\Explorer\Run: [lc7fRtr4aR] C:\Documents and Settings\Administrator\Desktop\AdobeFlashPlayerHD.exe - O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present - O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present - O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present - O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present - O21 - SSODL: AplMsgEn - {547E1BBF-035D-53FF-C5E1-07EDDC286C1F} - C:\Program Files\lfutfvf\AplMsgEn.dll Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Download OTMoveIt2 by OldTimer and save it to your Desktop. Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator. 1. Double-click OTMoveIt2.exe to run it. 2. Copy the lines in the codebox below. Code: [Select][kill explorer] C:\WINDOWS\system32\sysrest32.exe C:\WINDOWS\system32\kzajyjuv.exe C:\Documents and Settings\Administrator\Desktop\AdobeFlashPlayerHD.exe C:\Program Files\lfutfvf\AplMsgEn.dll EmptyTemp [start explorer] 3. Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste 4. Click the red Moveit! button. 5. Copy everything in the Results window (under the green bar) and paste it in your next reply. 6. Close OTMoveIt2 Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway. ---------- Now try to install and run MalwareBytes again.It won't let me contact the site to download OTMoveIt2 by OldTimer. RapidShare works but it has blocked me from contacting many, many sites. Download.com works. FileHippo works as well. But I did do what you said with HijackThis...probably won't help but here is the new log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:06:28 PM, on 10/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\RCrawler\RCrawler.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe 1 O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Registry Crawler] C:\PROGRA~1\RCrawler\RCrawler.exe -TRAYONLY O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by133fd.bay133.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: WBSYS.DL C:\PROGRA~1\KASPER~1\KASPER~1\MZVKBD.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\MZVKBD3.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\ADIALHK.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\KLOEHK.DLL C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Google Desktop Manager 5.8.809.8522 (GoogleDesktopManager-090808-172447) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 8353 bytes Get OTMoveIt2 here and do the instructions. http://rapidshare.com/files/150639580/OTMoveIt2.exe Then run HostsXpert and try to download/run MBAM again. Download HostsXpert http://rapidshare.com/files/150146135/HostsXpert.zip.html * Unzip HostXpert to your Desktop * Open up the HostXpert program. * Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled. * Click Create Back Up * Then click on Restore Microsoft's Host Files * Close the HostXpert program . Note: if you use SpywareBlaster, Spybot and/or IE-SPYAD, it will be necessary to re-install the protection they afford. For SpywareBlaster, run the program and select Enable all protection. For Spybot run the program and select Immunize. For IE-SPYAD, run the batch file and reinstall the protection.ok...so I ran the OTMoveIt2, rebooted and it said it moved the files successfully. Then I ran HostsXpert and it gave me this error: Quote Error: Cannot create file C:Windows\system32\Drivers\ETC\hosts I then tried to run MBAM again with the same results. There was an error and it had to close. Man is this thing a really bad one, or what? In HostsXpert did you make sure that the "Make Hosts Writable?" button in the upper right corner was enabled?This is what I am seeing: I am guessing you mean the upper left corner. The way you see it is the way I ran it. I tried clicking it and it just asks me another question which is: Make files readable? So I clicked it back to this again. Did I do something wrong? You need to click Make Hosts Writable. It shouldn't be highlighted in red. Ok, this is what I see when that is done: I then closed this, used Revo Uninstaller to unistall MBMA, rebooted and tried to install it again. I still got the same error message. Error and had to close. |
|
| 578. |
Solve : Computer resets itself!!! problem?? |
|
Answer» I just installed the full version Folder Lock (from a friend). after INSTALLATION at the next boot. the computer resets itself, after ten full seconds on desktop. i can't do anything and it was like it was on a countdown, e.g. no matter what program i run (itunes, word, or internet explorer.) the computer STILL resetsAny error messages or anything? Any error messages or anything? No error message at all, but haven't tried with safe mode (fresh problem)are there any more suggestions to the problem? Can you boot into Safe Mode and see what happens? (Keep pressing F8 on startup.) Quote from: Carbon Dudeoxide on October 01, 2008, 07:58:30 AM Can you boot into Safe Mode and see what happens? Unfortunately, since my desktop is kind of fast, it'll be hard to press F8 on startup. (only got three seconds before the startup dissappears.). in addition, i'm using one of the LCD screens that only starts up after startup. so i'll be kinda blindjust keep tapping it, it doesn't matter how fast your desktop is!!Ok Boris, once you press the Power Button on the computer, keep tapping F8. It will get you to a menu. In the menu, choose Safe Mode. Is this your Laptop? Quote from: Carbon Dudeoxide on October 01, 2008, 08:07:07 AM Ok Boris, once you press the Power Button on the computer, keep tapping F8. no, my other desktop that happens to have videos that i need to lock up... Oh ok. As for the current problem, we need to know if you can get into Safe Mode as we won't be able to do anything in Normal Mode if it keeps restarting. Quote from: Carbon Dudeoxide on October 01, 2008, 08:13:03 AM Oh ok. Oh, i forgot the most important detail: after installation on my laptop and gaming desktop, no problem occured at all. it runs PERFECTLY fine on my USB. that's why i can post on this forum!!! OK, never mind. i found what the problem was... Well, when i opened the case, i found that the heatsink/fan has broken off, and the little plastics securer have melted... And so, the problem was a hardware problemHeh, wow. At least you've got the problem under control. Quote from: Carbon Dudeoxide on October 02, 2008, 07:06:53 AM Heh, wow. All thanks to you Can you show us some possibilities that make a computer keep restarting? Btw, how can we force PC under Microsoft XP platform (especially SP2) to halt at the "death blue screen"? Sometimes, I know, it's a "blue screen" error but the PC keeps restarting at the blue screen, so bad! |
|
| 579. |
Solve : Virus infection removes my C: Drive!? |
|
Answer» Ok this nasty virus that infected my computer has MADE my C: Drive disappear when I rebooted. I see this strange message next to my date and time saying "Virus Alert" and my C Drive is missing from My Computer but I did find my C Drive when I logged into safe mode. I ran Super AntiSpyware and Malware bytes Anti-Malware and here are the logs attached below. I still have the virus problems after I ran both of those programs in safe mode. Please help!
Open the SDFix folder and double click RunThis.bat to start the script.
[Saving space - attachment deleted by admin]I ran another Malware bytes Anti-Malware again in normal Windows mode. Heres the log. Please someone help! My computer is dying!! [Saving space - attachment deleted by admin]You need to update Malwarebytes and run it again. The Database version is over a month old. After you have that log and the computer has been restarted run a new HijackThis scan and post that log also.Do you want me to do this in Windows or Safe mode?Normal mode.Ok its done. The Hijackthis file and Malware Log are attached below. Please tell me how to proceed from here. [Saving space - attachment deleted by admin]Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis and restart the computer to register the changes made by HijackThis. ---------- Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. First install the new Sun Java Runtime Environment Be sure to close all browser windows before beginning the install. Remove the old version(s)
---------- Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not MOUSECLICK ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.Heres the combofix log thank you. [Saving space - attachment deleted by admin]
---------- Download ATF Cleaner by Atribune to your Desktop. Alternate download link Note: Vista users must use Run As Administrator
---------- Download OTCleanIt.exe and save it to your Desktop.
Important: Restart the computer before continuing. ---------- Run this online scan. This scanner requires Internet Explorer Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply. ---------- How is everything now?Thanks. They still found some threats to my computer. Please tell me what you think. [Saving space - attachment deleted by admin]What was found was really not a threat. I'm not sure what's going on still that is blocking your access to the drive. It's not malware. Do you have an XP CD?Oh sorry I forgot to mention I got my drive back. It was in the last scan I did. I just wanted to make sure there were no remnants of the virus lhding in my computer. Thank you so much for your help! |
|
| 580. |
Solve : Annoying Earthlink Problem? |
|
Answer» Description:
[Saving space - attachment deleted by admin] Quote from: evilfantasy on October 01, 2008, 03:04:57 PM How long have you used eAcceleration/Stop Sign?I removed it after doing the uninstall list so it was still their when I did the uninstall list. I am installing Avira and Zone Alarm for him. The earthlink bug is still here though. Please help .Run this online scan. This scanner requires Internet Explorer Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.Ok It didn't detect any viruses so I will still post it. [Saving space - attachment deleted by admin]OK, wanted to make sure there would be no malware possibly interfering with us. Run a fresh HijackThis scan and post the log please.Ok I finally got a chance to do the hijackthis log I was busy last night trying to fix his other laptop aswell. Anyways heres the updated log. [Saving space - attachment deleted by admin]Download Disable/Remove Windows Messenger to the Desktop to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups. Unzip the file on the Desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply. Exit out of MessengerDisable then delete the two files that were put on the Desktop. ---------- Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. First install the new Sun Java Runtime Environment Be sure to close all browser windows before beginning the install. Remove the old version(s)
Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) - R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) - R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) - O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll - O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis and restart the computer to register the changes made by HijackThis. ---------- Right click Internet Explorer on the desktop and choose Properties then select the connections tab. Can you adjust anything in there? I'm having a hard time finding anything solid on the accelerator issue. What about re-installing it and then using the un-installer to remove it? EarthLink Stand Alone Accelerator - How to Install EarthLink Stand Alone Accelerator - How to UninstallOk I did everything but the earthing install and uninstall thing wont work as we are missing the cd because its been over a year or 2 ago. Anyways what should we test for next? And I still cant believe I couldn't fix this problem myself seeing as ive been enrolled in one of the malware removal univeristies and haven't managed to be able to remove these problems with any of the tools that you can use including the expert ones lol. I suspect earthlink hooked into windows system files. [Saving space - attachment deleted by admin]I wonder if you can find and disable or delete it with Autoruns? Download Autoruns for Windows and search for the related entry and then delete it.
|
|
| 581. |
Solve : Got symptoms of AntiVirus 2008 and firewall warning? Logs attached? |
|
Answer» My computer started acting up on me again today. I had connected with evilfantasy before about this computer, and had fixed the problems, but I confess I didn't follow up with them after symptoms were fixed. Now I am having even worse stuff going on.
---------- Disable the System Restore Utility to prevent re-infection from an old one 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Put a check MARK next to Turn off System Restore on All Drives 4) Click the OK button. 5) You will be prompted to restart the computer. Click the Yes button. Now re-enable System Restore To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'. 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Remove the check mark next to Turn off System Restore on All Drives 4) Click the OK button. ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are BASED on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thanks for all your help, I have installed all the suggested items, and feel much better about my protection levels now. Thanks again, hopefully I won't need you again anytime soon.Your welcome. Safe surfing... |
|
| 582. |
Solve : A Bad Rootkit Problem? |
|
Answer» Hello
Open the SDFix folder and double click RunThis.bat to start the script.
I downloaded SDFix and saved it to my desktop, but when I tried to reboot in safe mode the computer restarts and keeps taking me to the beginning?! I was beginning to think I was never going to get back on. I use Antivir now. I used Norton before but not any more.Download Malwarebytes' Anti-Malware (MBAM) http://rapidshare.com/files/150037339/mbam-setup.exe.html
Database version: 1225 Windows 5.1.2600 Service Pack 3 10/1/2008 5:45:34 PM mbam-log-2008-10-01 (17-45-34).txt Scan type: Quick Scan Objects scanned: 54682 Time elapsed: 7 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 40 Registry Values Infected: 2 Registry Data Items Infected: 3 Folders Infected: 2 Files Infected: 68 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{2A65F79B-A157-D356-BF64-0BD6F22D960D} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\chilkatmail2.chilkatemail2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\chilkatmail2.chilkatemail2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\chilkatmail2.chilkatemailbundle2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\chilkatmail2.chilkatemailbundle2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\chilkatmail2.chilkatmailman2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\chilkatmail2.chilkatmailman2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\mntapp (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\qdacqzc\MntApp.dll (Trojan.FakeAlert.H) -> Delete on reboot. C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\ (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\[email protected]k.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Documents and Settings\Lone Wolf\Local Settings\temp\smchk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Lone Wolf\Local Settings\temp\lwpwer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssinit.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssmain.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssserf.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\tdssserv.sys (Rootkit.Agent) -> Delete on reboot.Download HostsXpert
Note: if you use SpywareBlaster, Spybot and/or IE-SPYAD, it will be necessary to re-install the protection they afford. For SpywareBlaster, run the program and select Enable all protection. For Spybot run the program and select Immunize. For IE-SPYAD, run the batch file and reinstall the protection. ---------- Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.Hello, When I try to download HostsXpert I get this error message: "Welcome to www.funkytoad.com! Unfortunately we can't process your request because it simply doesn't exist. You can head to the Home Page: www.funkytoad.com or Go directly to the ZonedOut page: --ZonedOut-- or were you looking for HostsXpert the Hosts file editor? : --HostsXpert-- or perhaps Homer, the most excellent localhost webserver found here: --Homer--"This page. http://www.funkytoad.com/index.php?option=com_content&task=view&id=13&Itemid=&28d444df85eb4f435055ed9d39c02f03=2762e1da6db9163fc17720a8dfac5b6eComboFix Log ComboFix 08-10-01.06 - Lone Wolf 2008-10-02 12:33:55.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.913 [GMT -5:00] Running from: C:\Documents and Settings\Lone Wolf\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\start.exe C:\WINDOWS\system32\TDSSerrors.log C:\WINDOWS\system32\TDSSl.dll C:\WINDOWS\system32\tdsslog.dll C:\WINDOWS\system32\TDSSserf1.dll C:\WINDOWS\system32\tdssservers.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MCHINJDRV ((((((((((((((((((((((((( Files Created from 2008-09-02 to 2008-10-02 ))))))))))))))))))))))))))))))) . 2008-10-01 15:00 . 2008-10-01 15:01 d-------- C:\327882R2FWJFW 2008-10-01 01:33 . 2008-10-01 01:33 d-------- C:\Documents and Settings\Lone Wolf\Application Data\Avira 2008-09-30 21:05 . 2008-10-02 02:09 d-------- C:\Program Files\qdacqzc 2008-09-30 21:05 . 2008-09-30 21:45 d-------- C:\Documents and Settings\All Users\Application Data\nqrobmhw 2008-09-30 20:57 . 2008-09-30 22:10 d-------- C:\Program Files\Super_DVD_Creator_9.8 2008-09-30 19:24 . 2008-09-30 19:24 d-------- C:\Program Files\Common Files\DirectX 2008-09-29 21:31 . 2008-09-29 21:31 d-------- C:\WINDOWS\system32\QuickTime 2008-09-29 21:31 . 2008-09-29 21:31 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith 2008-09-29 21:31 . 2008-01-18 03:36 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll 2008-09-29 21:30 . 2008-09-29 21:30 d-------- C:\Program Files\TechSmith 2008-09-29 21:30 . 2008-09-29 21:30 d-------- C:\Program Files\Common Files\TechSmith Shared 2008-09-29 19:12 . 2008-09-15 02:19 389 -rahs---- C:\BOOT.INI.backup 2008-09-29 19:10 . 2008-09-29 19:10 d-------- C:\symserver 2008-09-29 19:10 . 2008-09-29 19:10 d-------- C:\Program Files\Compuware 2008-09-29 19:10 . 2008-09-29 19:10 d-------- C:\Program Files\Common Files\Compuware 2008-09-29 19:08 . 2005-02-09 01:15 1,457 --a------ C:\WINDOWS\system32\drivers\compuware.dat 2008-09-29 18:18 . 2008-09-29 18:18 d-------- C:\Program Files\Novasoft Inc 2008-09-27 01:00 . 2008-09-27 01:08 d-------- C:\Program Files\AnMing 2008-09-22 11:48 . 2008-09-22 11:48 203 --a------ C:\WINDOWS\GSdx9 sse2.INI 2008-09-21 20:56 . 2008-09-21 20:56 33,368 --a------ C:\Documents and Settings\Lone Wolf\Application Data\GDIPFONTCACHEV1.DAT 2008-09-21 18:11 . 2008-09-21 18:11 d-------- C:\Documents and Settings\Lone Wolf\Application Data\fltk.org 2008-09-21 11:38 . 2008-09-21 11:38 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-09-21 02:56 . 2008-09-21 02:56 d-------- C:\ProgramData 2008-09-21 02:56 . 2008-09-22 00:29 d-------- C:\Program Files\Electronic Arts 2008-09-21 02:56 . 2008-09-21 02:56 662 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg 2008-09-21 02:53 . 2008-09-21 02:53 d-------- C:\WINDOWS\Logs 2008-09-17 02:25 . 2008-07-01 09:00 1,642,496 --a------ C:\WINDOWS\system32\ChilkatMail_v7_9.dll 2008-09-17 02:25 . 2008-03-12 22:55 1,294,336 --a------ C:\WINDOWS\system32\ChilkatXml.dll 2008-09-17 02:25 . 2007-12-28 13:16 1,122,304 --a------ C:\WINDOWS\system32\ChilkatHttp.dll 2008-09-17 02:25 . 2008-03-12 22:54 1,085,440 --a------ C:\WINDOWS\system32\ChilkatSocket.dll 2008-09-17 02:25 . 2006-10-26 22:17 765,736 --a------ C:\WINDOWS\system32\MSWORD.OLB 2008-09-17 02:25 . 2008-07-01 11:04 659,456 --a------ C:\WINDOWS\system32\ChilkatCharset.dll 2008-09-17 02:25 . 2008-03-26 08:20 569,344 --a------ C:\WINDOWS\system32\CkString.dll 2008-09-17 02:25 . 2008-01-29 04:32 140,488 --a-s---- C:\WINDOWS\system32\comdlg32.ocx 2008-09-15 14:39 . 2008-09-15 14:39 d-------- C:\Program Files\Avira 2008-09-15 14:39 . 2008-09-15 14:40 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-09-14 15:22 . 2008-10-01 17:35 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-14 15:22 . 2008-09-14 15:22 d-------- C:\Documents and Settings\Lone Wolf\Application Data\Malwarebytes 2008-09-14 15:22 . 2008-09-14 15:22 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-14 15:22 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-14 15:22 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-14 04:46 . 2008-09-14 04:46 d-------- C:\Program Files\UberIcon 2008-09-14 04:28 . 2008-09-14 04:28 d-------- C:\Program Files\RocketDock 2008-09-14 04:26 . 2008-09-14 04:26 0 --a------ C:\WINDOWS\WB.ini 2008-09-14 04:23 . 2008-09-15 01:30 27 --a------ C:\WINDOWS\SDAddressBox16827d0561119.ini 2008-09-14 03:51 . 2008-09-14 04:17 27 --a------ C:\WINDOWS\SDAddressBox1633cb8581916.ini 2008-09-14 02:49 . 2008-09-14 02:49 2,359,350 --a------ C:\WINDOWS\Quest1024.bmp 2008-09-14 02:46 . 2008-09-14 02:46 7,852 --a------ C:\WINDOWS\system32\mcdmsg7.dll 2008-09-14 02:45 . 2008-09-14 02:45 d-------- C:\Program Files\Object Desktop 2008-09-14 02:38 . 2008-09-14 03:34 d-------- C:\Program Files\Common Files\Stardock 2008-09-14 02:28 . 2008-09-14 02:49 d-------- C:\Program Files\Stardock 2008-09-14 02:28 . 2007-07-11 15:06 42,672 --a------ C:\WINDOWS\system32\wbsys.dll 2008-09-13 01:12 . 2008-09-13 01:12 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-09-13 01:02 . 2008-09-13 01:02 d--hs---- C:\WINDOWS\ftpcache 2008-09-13 00:34 . 2008-09-13 19:42 2,328,704 --a------ C:\WINDOWS\system32\TUKernel.exe 2008-09-12 20:45 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-09-12 13:33 . 2008-09-12 13:33 50 --a------ C:\WINDOWS\MegaManager.INI 2008-09-10 17:51 . 2008-09-10 17:51 d-------- C:\Program Files\iTunes 2008-09-10 17:51 . 2008-09-10 17:51 d-------- C:\Program Files\iPod 2008-09-10 17:51 . 2008-09-10 17:51 d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-10 17:51 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll 2008-09-10 17:51 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 2008-09-10 17:49 . 2008-09-10 17:50 d-------- C:\Program Files\QuickTime 2008-09-08 21:05 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2008-09-08 20:32 . 2008-09-08 20:32 d-------- C:\Documents and Settings\Lone Wolf\Application Data\Notrivia 2008-09-08 16:51 . 2008-09-08 16:54 41,008 --a------ C:\WINDOWS\system32\DCSysTray.ocx 2008-09-07 11:03 . 2008-09-07 11:03 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-09-07 10:54 . 2008-09-07 10:54 d-------- C:\Program Files\SUPERAntiSpyware 2008-09-07 10:54 . 2008-09-07 10:54 d-------- C:\Documents and Settings\Lone Wolf\Application Data\SUPERAntiSpyware.com 2008-09-07 00:05 . 2008-09-07 00:05 d-------- C:\VersalSoft 2008-09-07 00:05 . 2008-09-07 00:05 d-------- C:\Program Files\VersalSoft 2008-09-07 00:05 . 2008-09-07 00:05 d-------- C:\Program Files\Universal 2008-09-06 22:42 . 2008-09-06 22:42 d-------- C:\Program Files\Trend Micro 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-09-06 14:10 . 2004-02-10 23:32 491,520 --a------ C:\WINDOWS\system32\vbalSGrid6.ocx 2008-09-06 14:10 . 2006-01-11 04:13 69,632 --a------ C:\WINDOWS\system32\sfFrameControl.ocx 2008-09-05 22:40 . 2008-09-06 01:08 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro 2008-09-05 18:20 . 2008-09-05 18:20 d-------- C:\Program Files\Panda Security 2008-09-05 18:08 . 2008-09-05 18:08 d-------- C:\Program Files\EdwinSoft 2008-09-05 14:18 . 2008-09-05 14:18 70 --ah----- C:\aaw7boot.cmd 2008-09-05 12:57 . 2008-09-12 20:44 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-09-05 12:57 . 2008-09-05 13:02 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-05 01:19 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe 2008-09-05 01:19 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf 2008-09-04 23:03 . 2008-09-04 23:03 d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo! 2008-09-04 23:03 . 2008-10-02 02:04 d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\MEGAUPLOADTOOLBAR 2008-09-04 23:03 . 2008-09-04 23:03 d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\EmailNotifier . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-01 22:59 --------- d-----w C:\Documents and Settings\Lone Wolf\Application Data\Apple Computer 2008-10-01 22:07 --------- d-----w C:\Documents and Settings\Lone Wolf\Application Data\CoreFTP 2008-10-01 21:42 90,112 ----a-w C:\WINDOWS\DUMP4815.tmp 2008-10-01 21:41 98,304 ----a-w C:\WINDOWS\DUMP40b2.tmp 2008-10-01 21:34 90,112 ----a-w C:\WINDOWS\DUMP5e6b.tmp 2008-10-01 21:33 98,304 ----a-w C:\WINDOWS\DUMP4d54.tmp 2008-10-01 21:31 98,304 ----a-w C:\WINDOWS\DUMP5fb5.tmp 2008-10-01 21:30 98,304 ----a-w C:\WINDOWS\DUMP5fb4.tmp 2008-10-01 21:29 98,304 ----a-w C:\WINDOWS\DUMP613a.tmp 2008-10-01 05:45 --------- d-----w C:\Program Files\G-C 2008-09-30 20:36 --------- d-----w C:\Documents and Settings\Lone Wolf\Application Data\MegauploadToolbar 2008-09-30 07:58 --------- d-----w C:\Program Files\SpeedFan 2008-09-30 00:14 1,757 ----a-w C:\WINDOWS\system32\drivers\Winice.dat 2008-09-30 00:14 1,184 ----a-w C:\WINDOWS\system32\drivers\SIWSYM.SYS 2008-09-25 19:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-09-25 06:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-09-21 07:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-20 09:36 --------- d-----w C:\Documents and Settings\Lone Wolf\Application Data\Microsoft Corporation 2008-09-12 18:35 --------- d-----w C:\Documents and Settings\Lone Wolf\Application Data\Viewpoint 2008-09-12 18:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-09-12 18:32 --------- d-----w C:\Program Files\Java 2008-09-10 22:50 --------- d-----w C:\Program Files\Bonjour 2008-09-10 22:49 --------- d-----w C:\Program Files\Common Files\Apple 2008-09-09 01:01 --------- d-----w C:\Documents and Settings\Lone Wolf\Application Data\mIRC 2008-09-09 01:00 --------- d-----w C:\Program Files\mIRC 2008-09-07 22:20 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-09-07 22:20 --------- d-----w C:\Program Files\WinAVI Video Converter 9.0 2008-09-07 22:20 --------- d-----w C:\Program Files\TVUPlayer 2008-09-07 22:20 --------- d-----w C:\Program Files\ICQ 2008-09-07 22:20 --------- d-----w C:\Program Files\Flock 2008-09-07 22:19 --------- d-----w C:\Program Files\AIMTunes 2008-09-06 03:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-09-06 03:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-09-06 03:30 --------- d-----w C:\Program Files\Symantec 2008-09-06 03:30 --------- d-----w C:\Program Files\Norton 360 2008-09-04 20:16 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-09-04 04:38 --------- d-----w C:\Program Files\Illusion 2008-09-02 01:08 --------- d-----w C:\Program Files\Internet TV 2008-09-02 00:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks 2008-09-01 20:59 --------- d-----w C:\Program Files\VirtualDub 2008-09-01 20:43 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe 2008-09-01 20:43 --------- d-----w C:\Program Files\AviSynth 2.5 2008-09-01 20:43 --------- d-----w C:\Program Files\AutoGK 2008-09-01 20:31 --------- d-----w C:\Program Files\URUSoft 2008-08-31 06:20 --------- d-----w C:\Documents and Settings\Lone Wolf\Application Data\My Games 2008-08-31 05:52 --------- d-----w C:\Program Files\GameSpy 2008-08-31 05:00 --------- d-----w C:\Program Files\Firaxis Games 2008-08-31 04:58 --------- d-----w C:\Program Files\MegauploadToolbar 2008-08-31 04:58 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-30 05:49 --------- d-----w C:\Documents and Settings\Lone Wolf\Application Data\EmailNotifier 2008-08-30 05:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Megaupload 2008-08-30 05:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\EmailNotifier 2008-08-29 15:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe 2008-08-29 14:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll 2008-08-28 01:25 434,688 ----a-w C:\WINDOWS\system32\ss2uinst.exe 2008-08-25 18:43 --------- d-----w C:\Documents and Settings\Lone Wolf\Application Data\MSN6 2008-08-25 18:28 361,600 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL 2008-08-25 18:28 361,600 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2008-08-25 17:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6 2008-08-24 05:59 4 ----a-w C:\results.bin 2008-08-23 20:59 --------- d-----w C:\Program Files\HyperYM 2008-08-21 02:57 --------- d-----w C:\Documents and Settings\Lone Wolf\Application Data\Uniblue 2008-08-21 02:49 --------- d-----w C:\Documents and Settings\Lone Wolf\Application Data\AVS4YOU 2008-08-21 02:48 --------- d-----w C:\Program Files\AVS4YOU 2008-08-21 02:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU 2008-08-21 02:47 --------- d-----w C:\Program Files\Common Files\AVSMedia 2008-08-21 02:20 --------- d-----w C:\Program Files\Common Files\xing shared 2008-08-21 02:20 --------- d-----w C:\Program Files\Common Files\Real 2008-08-20 19:05 --------- d-----w C:\Program Files\Ubisoft 2008-08-20 05:44 --------- d-----w C:\Documents and Settings\Lone Wolf\Application Data\TVU Networks 2008-08-20 05:42 --------- d-----w C:\Program Files\SopCast 2008-08-20 05:42 --------- d-----w C:\Documents and Settings\Lone Wolf\Application Data\SopCast 2008-08-20 05:34 --------- d-----w C:\Program Files\Real 2008-08-20 05:34 --------- d-----w C:\Program Files\Common Files\csshare 2008-08-20 05:03 --------- d-----w C:\Program Files\TV Mesh Full 2008-08-20 04:29 --------- d-----w C:\Documents and Settings\Lone Wolf\Application Data\TVDAT 2008-08-20 00:11 --------- d-----w C:\Program Files\Managed DirectX (0901) 2008-08-19 22:33 --------- d-----w C:\Documents and Settings\Lone Wolf\Application Data\ScanSoft 2008-08-19 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}] 2008-08-04 15:44 1947080 --a------ C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL" [2008-08-04 1947080] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL" [2008-08-04 1947080] [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}] [HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2007-08-17 159744] "Messenger (Yahoo!)"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2008-09-19 4347120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 1197648] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-03-26 210472] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "Nuance PDF Professional 5-reminder"="C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe" [2007-08-31 328992] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-20 185896] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-09-15 266497] "SoundMan"="SOUNDMAN.EXE" [2002-10-02 C:\WINDOWS\SOUNDMAN.EXE]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] 2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2008-09-14 02:37 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "vidc.I263"= I263_32.drv "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "MSVideo"= CSvidcap.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Lone Wolf^Start Menu^Programs^Startup^Stardock Keyboard Launchpad.lnk] path=C:\Documents and Settings\Lone Wolf\Start Menu\Programs\Startup\Stardock Keyboard Launchpad.lnk backup=C:\WINDOWS\pss\Stardock Keyboard Launchpad.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher] --a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobeupdater] --a------ 2007-02-28 23:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] --a------ 2008-09-03 20:12 111936 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] --a------ 2007-05-27 03:19 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6] --a------ 2008-06-10 16:18 785520 C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface] --a------ 2007-12-25 16:25 937984 C:\Program Files\FileZilla Server\FileZilla Server Interface.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hyperym] --a------ 2005-11-03 16:59 172032 C:\Program Files\HyperYM\HyperYM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-02-16 16:15 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-02-16 16:15 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-09-08 23:02 289576 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 19:12 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] -ra------ 2007-04-18 23:26 7700480 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] -ra------ 2007-04-18 23:26 86016 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdf5 registry controller] --a------ 2008-02-02 02:19 58656 C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfhook] --a------ 2008-03-15 10:55 1626112 C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe] --a------ 2008-08-20 21:19 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2008-09-19 17:34 4347120 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey] --a------ 2002-07-23 14:09 477184 C:\WINDOWS\mHotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] -ra------ 2007-04-18 23:26 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R0 bootcfg;DriverStudio BootTime Configuration;C:\WINDOWS\system32\drivers\bootcfg.sys [2004-12-20 10624] R0 CptHook;DriverStudio Hook Driver;C:\WINDOWS\system32\drivers\cpthook.sys [2004-12-20 17024] R0 nmfilter;DriverStudio Device Filter;C:\WINDOWS\system32\DRIVERS\nmfilter.sys [2004-12-20 7808] R0 OsiData;OsiData;C:\WINDOWS\system32\drivers\OsiData.sys [2004-12-20 728768] R0 Siwvid;Siwvid;C:\WINDOWS\system32\drivers\siwvid.sys [2004-12-20 159360] R2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-09-15 164097] R2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-09-15 258305] R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-09-15 41217] R2 DbgMsg;Debug Message;C:\WINDOWS\system32\drivers\DbgMsg.sys [2004-12-20 16000] R2 DriverStudio Remote Control;DriverStudio Remote Control;C:\Program Files\Compuware\DriverStudio\Common\Bin\DSRSvc.exe [2004-12-20 41034] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 DbgNet;DbgNet;C:\WINDOWS\system32\drivers\DbgNet.sys [2004-12-20 16000] S3 EraserUtilDrv10821;EraserUtilDrv10821;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10821.sys [ ] S3 NTice;NTice;C:\WINDOWS\system32\drivers\NTice.sys [2004-12-20 1874432] S3 SiwvidStart;SiwvidStart;C:\Program Files\Compuware\DriverStudio\SoftICE\Setup\siwvid.sys [2004-12-20 159360] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-12 354560] S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S4 BCHKD;BCHKD;C:\WINDOWS\system32\drivers\BCHKD.sys [2004-12-20 589568] S4 SiCore;SICORE;C:\WINDOWS\system32\drivers\SiCore.sys [2004-12-20 224512] S4 SIFILE;SIFILE;C:\WINDOWS\system32\drivers\SIFILE.sys [2004-12-20 13824] S4 SIKSYM;SIKSYM;C:\WINDOWS\system32\drivers\SIKSYM.sys [2004-12-20 728896] S4 Siwsym;Siwsym;C:\WINDOWS\system32\drivers\Siwsym.sys [2008-09-29 1184] S4 X9TC;X9TC;C:\WINDOWS\system32\drivers\X9TC.sys [2004-12-20 32768] S4 X9TT;X9TT;C:\WINDOWS\system32\drivers\X9TT.sys [2004-12-20 78848] S4 X9TTsvc;TrueTime DE System Performance Service;C:\Program Files\Compuware\DriverStudio\DriverWorkbench\TTPerfSvc.exe [2004-12-20 24653] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Lone Wolf\Application Data\Mozilla\Firefox\Profiles\lad80y0t.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com FF -: plugin - C:\Documents and Settings\Lone Wolf\Application Data\Mozilla\Firefox\Profiles\lad80y0t.default\extensions\[email protected]\plugins\npTVUAx.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMXENG.DLL FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-02 12:44:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\RocketDock\RocketDock.dll -> C:\Program Files\UberIcon\UberIcon.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\FileZilla Server\FileZilla server.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe . ************************************************************************** . Completion time: 2008-10-02 13:00:37 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-02 18:00:24 Pre-Run: 14,667,276,288 bytes free Post-Run: 14,631,129,088 bytes free 461 --- E O F --- 2008-10-02 07:15:04HijackThis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:12:40 PM, on 10/2/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Compuware\DriverStudio\Common\Bin\DSRSvc.exe C:\Program Files\FileZilla Server\FileZilla Server.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\LONE WOLF\Application Data\Mozilla\Profiles\default\3ox7mnc8.slt\prefs.js) N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\LONE WOLF\Application Data\Mozilla\Profiles\default\3ox7mnc8.slt\prefs.js) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Nuance PDF Professional 5-reminder] "C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\PDF Professional 5\Ereg\Ereg.ini" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with Nuance PDF Converter 5.0 - res://C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll /100 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Lone Wolf\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: DriverStudio Remote Control - Unknown owner - C:\Program Files\Compuware\DriverStudio\Common\Bin\DSRSvc.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 17625 bytesOpen HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) - R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm - O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) - O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Driver:: MCHINJDRV Filder:: C:\Program Files\qdacqzc C:\Documents and Settings\All Users\Application Data\nqrobmhw 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze ---------- Download the Norton Removal Tool (SymNRT) to your Desktop. Once downloaded please close ALL open browsers, also save any work because this may require a restart.
|
|
| 583. |
Solve : Help my ISP is going to cut me off due to an open proxy? |
|
Answer» I have an open proxy on my computer that is sending out spam and my ISP told me I have to get it fixed within the next week or they are going to permanently shut my service off. I don't know anything about open proxy's let alone how to stop it. I had my sons computer connected to my computer wirelessly through a router and yes it was secured. I have now disconnected the router from my computer as I'm not SURE which computer has this open proxy. Can ANYONE PLEASE help me to find out what this is and stop it? I greatly appreciate any information. I am fairly familiar with computers, but like I said before I don't know anything about this. Thank you in advance. |
|
| 584. |
Solve : Google, internet bugs...? |
|
Answer» Ok well I've been having some problems where everytime I click a link through google I get redirected to some spam sites. It can be worked around by copying the address into the bar, but I can't SEEM to access any antivirus sites to help me out. I already know that this computer is screwed up badly, but any help would be appreciated. I have a hijackthis scan here:
Open the SDFix folder and double click RunThis.bat to start the script.
Download HostsXpert http://rapidshare.com/files/149571938/HostsXpert.zip.html
---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) - F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\Media\csrss.exe - F3 - REG:win.ini: load= - F3 - REG:win.ini: run= - O1 - Hosts: <- If there are any 01 - Hosts left then place a check mark next to ALL of them - O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file) - O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) - O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file) - O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe - O18 - Filter hijack: text/html - (no CLSID) - (no file) Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Download ComboFix by sUBs http://rapidshare.com/files/149571747/ComboFix.exe.html Be sure top save it to the Desktop. **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. ComboFix 08-09-28.03 - Owner 2008-09-29 21:40:43.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.837 [GMT -7:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Program Files\Common Files\companion wizard C:\Program Files\Common Files\companion wizard\compwiz.exe C:\Program Files\vsadd-in C:\WINDOWS\cookies.ini C:\WINDOWS\smdat32m.sys C:\WINDOWS\system32\akttzn.exe C:\WINDOWS\system32\anticipator.dll C:\WINDOWS\system32\awtoolb.dll C:\WINDOWS\system32\bdn.com C:\WINDOWS\system32\bsva-egihsg52.exe C:\WINDOWS\system32\dpcproxy.exe C:\WINDOWS\system32\drivers\tdssserv.sys C:\WINDOWS\system32\emesx.dll C:\WINDOWS\system32\hoproxy.dll C:\WINDOWS\system32\hxiwlgpm.dat C:\WINDOWS\system32\hxiwlgpm.exe C:\WINDOWS\system32\mdm.exe C:\WINDOWS\system32\medup012.dll C:\WINDOWS\system32\msgp.exe C:\WINDOWS\system32\msnbho.dll C:\WINDOWS\system32\mssecu.exe C:\WINDOWS\system32\msvchost.exe C:\WINDOWS\system32\mtr2.exe C:\WINDOWS\system32\mwin32.exe C:\WINDOWS\system32\netode.exe C:\WINDOWS\system32\newsd32.exe C:\WINDOWS\system32\ps1.exe C:\WINDOWS\system32\psof1.exe C:\WINDOWS\system32\psoft1.exe C:\WINDOWS\system32\regc64.dll C:\WINDOWS\system32\regm64.dll C:\WINDOWS\system32\Rundl1.exe C:\WINDOWS\system32\smp C:\WINDOWS\system32\smp\msrc.exe C:\WINDOWS\system32\sncntr.exe C:\WINDOWS\system32\ssurf022.dll C:\WINDOWS\system32\ssvchost.com C:\WINDOWS\system32\ssvchost.exe C:\WINDOWS\system32\sysreq.exe C:\WINDOWS\system32\taack.dat C:\WINDOWS\system32\taack.exe C:\WINDOWS\system32\TDSSadw.dll C:\WINDOWS\system32\TDSSerrors.log C:\WINDOWS\system32\tdssinit.dll C:\WINDOWS\system32\TDSSl.dll C:\WINDOWS\system32\TDSSlog.dll C:\WINDOWS\system32\tdssmain.dll C:\WINDOWS\system32\tdssserf.dll C:\WINDOWS\system32\TDSSserf1.dll C:\WINDOWS\system32\tdssservers.dat C:\WINDOWS\system32\temp#01.exe C:\WINDOWS\system32\thun.dll C:\WINDOWS\system32\thun32.dll C:\WINDOWS\system32\VBIEWER.OCX C:\WINDOWS\system32\vbsys2.dll C:\WINDOWS\system32\vcatchpi.dll C:\WINDOWS\system32\windows_update.exe C:\WINDOWS\system32\winlogonpc.exe C:\WINDOWS\system32\winsystem.exe C:\WINDOWS\system32\WINWGPX.EXE . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DOMAINSERVICE -------\Legacy_TDSSSERV -------\Service_TDSSserv ((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 ))))))))))))))))))))))))))))))) . 2008-09-29 21:14 . 2008-09-28 23:28 d-------- C:\SDFix 2008-09-29 19:33 . 2008-09-29 19:33 d-------- C:\Program Files\Trend Micro 2008-09-29 18:36 . 2008-09-29 18:36 d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-13 22:00 . 2008-06-13 04:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-09-13 21:58 . 2008-04-11 12:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-09-13 20:18 . 2008-09-13 20:18 2,833 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-09-13 20:14 . 2008-09-13 20:14 d-------- C:\WINDOWS\system32\scripting 2008-09-13 20:14 . 2008-09-13 20:14 d-------- C:\WINDOWS\system32\en 2008-09-13 20:14 . 2008-09-13 20:14 d-------- C:\WINDOWS\l2schemas 2008-09-12 18:09 . 2008-04-13 17:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll 2008-09-09 16:18 . 2008-09-20 13:28 d-------- C:\Documents and Settings\Owner\Application Data\SPORE 2008-09-09 16:18 . 2008-09-09 16:18 dr-h----- C:\Documents and Settings\Owner\Application Data\SecuROM 2008-09-09 16:17 . 2008-09-09 16:17 d-------- C:\ProgramData 2008-09-09 16:17 . 2008-09-09 16:17 1,216 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg 2008-09-09 16:06 . 2008-09-09 16:17 d-------- C:\Program Files\Electronic Arts 2008-09-09 15:55 . 2008-09-09 15:55 d-------- C:\Program Files\PowerDVD 2008-09-09 15:55 . 2008-09-09 15:55 d-------- C:\Program Files\CyberLink 2008-09-09 15:55 . 2008-09-09 15:55 d-------- C:\Program Files\Common Files\Sonic 2008-09-09 15:55 . 2008-09-09 15:55 d-------- C:\Documents and Settings\Owner\Application Data\Sonic 2008-09-09 15:55 . 2008-09-09 15:55 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2008-09-09 15:53 . 2008-09-09 15:54 d-------- C:\Program Files\Sonic_RecordNow 2008-09-09 15:53 . 2008-09-09 15:53 d-------- C:\Program Files\Sonic 2008-09-09 15:53 . 2008-09-09 15:56 d-------- C:\Program Files\HP DVD 2008-09-09 15:53 . 2008-09-09 15:54 d-------- C:\Program Files\Common Files\SureThing Shared 2008-09-09 15:53 . 2008-09-09 15:53 d-------- C:\Program Files\Common Files\LightScribe 2008-09-06 15:53 . 2008-09-06 15:53 90,112 --a------ C:\WINDOWS\system32\vudgnalc.exe 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-09-06 12:42 . 2008-09-17 17:54 d-------- C:\Documents and Settings\All Users\Application Data\xkngtopm 2008-09-04 16:41 . 2008-09-04 16:43 d-------- C:\Program Files\FreeSpace2 2008-09-02 16:41 . 2008-09-02 16:41 d-------- C:\WINDOWS\Logs 2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe 2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll 2008-08-29 08:59 . 2008-08-29 09:00 d-------- C:\Program Files\pspvideo9 2008-08-28 17:27 . 2008-08-28 17:27 d-------- C:\Documents and Settings\Owner\Application Data\BearShare 2008-08-28 17:26 . 2008-08-28 17:26 d-------- C:\Program Files\BearShare Applications 2008-08-28 17:26 . 2007-11-22 07:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx 2008-08-28 13:04 . 2008-08-28 13:04 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-08-28 12:39 . 2008-08-28 12:39 d-------- C:\Program Files\Common Files\Macrovision Shared 2008-08-27 11:34 . 2008-08-27 11:34 d-------- C:\Documents and Settings\Owner\Application Data\Corel 2008-08-27 11:34 . 2008-08-27 11:34 d-------- C:\Documents and Settings\All Users\Application Data\Corel 2008-08-27 11:33 . 2008-08-27 11:33 d-------- C:\Program Files\Common Files\Corel 2008-08-19 13:33 . 2008-08-19 13:33 d-------- C:\Documents and Settings\Owner\Application Data\SmartFTP 2008-08-19 13:31 . 2008-08-19 13:49 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files 2008-08-18 08:19 . 2008-08-27 11:31 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-08-18 08:16 . 2008-08-27 11:33 d-------- C:\Program Files\Corel 2008-08-15 03:04 . 2008-09-13 20:18 2,675 --a------ C:\WINDOWS\imsins.BAK 2008-08-14 20:31 . 2008-05-01 07:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-30 04:30 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4 2008-09-30 02:07 --------- d-----w C:\Program Files\RegScrubXP 2008-09-30 01:36 --------- d-----w C:\Program Files\iTunes 2008-09-30 01:36 --------- d-----w C:\Program Files\iPod 2008-09-30 01:31 --------- d-----w C:\Program Files\QuickTime 2008-09-30 01:31 --------- d-----w C:\Program Files\Common Files\Apple 2008-09-30 01:25 --------- d-----w C:\Program Files\Bonjour 2008-09-30 01:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic 2008-09-29 22:52 --------- d-----w C:\Program Files\LogMeIn 2008-09-28 19:34 --------- d-----w C:\Program Files\GoldWave 2008-09-28 02:34 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT 2008-09-25 02:35 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent 2008-09-22 02:34 --------- d-----w C:\Program Files\Nexon 2008-09-13 23:15 --------- d-----w C:\Program Files\Random 2008-09-09 23:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-09-09 23:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-06 22:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\wsInspector 2008-09-06 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOC425 2008-09-06 20:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-06 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-03 23:08 --------- d-----w C:\Program Files\JkDefrag 2008-08-30 22:35 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-08-30 22:02 --------- d-----w C:\Program Files\Guild Wars 2008-08-29 16:00 --------- d-----w C:\Program Files\AviSynth 2.5 2008-08-28 19:58 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-28 15:31 --------- d-----w C:\Program Files\Apple Software Update 2008-08-19 23:33 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-07-31 23:31 --------- d-----w C:\Program Files\Microsoft Reader 2008-07-31 23:03 --------- d-----w C:\Program Files\uTorrent Extreme Leecher Edition 2008-07-30 20:43 --------- d-----w C:\Program Files\uTorrent 2008-07-28 03:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer 2007-05-23 02:14 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll 2007-05-23 02:17 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll 2007-07-18 00:26 1,196,113 --sh--w C:\WINDOWS\inf\bwepft.bak1 2007-07-18 04:46 1,228,292 --sh--w C:\WINDOWS\inf\bwepft.ini2 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112] "UStorag"="c:\program files\u-storage tool2.91\ustorage.exe" [2004-09-01 335967] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497] "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048] "BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [2007-08-08 338432] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "DVDTray"="C:\Program Files\HP DVD\Umbrella\DVDTray.exe" [2004-09-03 57344] "DVDBitSet"="C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" [2003-12-18 184320] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-01-18 41041] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 01000000 "NoRecentDocsNetHood"= 01000000 "NoUserNameInStartMenu"= 01000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\winaw32.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\softnyx\\Rakion\\Bin\\Rakion.bin"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\BearShare Pro\\Bearshare.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2008-04-14 22336] R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-07-17 45376] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848] S3 Apache2.2;Apache2.2;C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-01-18 24635] S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys [ ] S3 dump_wmimmc;dump_wmimmc;C:\Nexon\MapleStoryT\GameGuard\dump_wmimmc.sys [ ] S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Program Files\OMS\MapleStory\DXWnd\Cheat Engine\IlvMoney1148.sys [ ] S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\DRIVERS\libusb0.sys [2007-05-11 29184] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064] S3 USTOR;U-Storage Controller;C:\WINDOWS\system32\DRIVERS\UStork.sys [2004-08-17 20218] S4 Abel;Abel;C:\Program Files\Cain\Abel.exe [ ] S4 Multimedia_Interface;Multimedia_Interface;C:\WINDOWS\System32\dllcache\aysshell.exe [ ] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9vybtzu.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.gymnastics.bc.ca/ FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npdivx32.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npDivxPlayerPlugin.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npLegitCheckPlugin.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npnul32.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin2.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin3.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin4.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin5.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin6.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin7.dll . . ------- File Associations ------- . txtfile=C:\WINDOWS\NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-29 21:45:40 Windows 5.1.2600 Service Pack 3 NTFS scanning HIDDEN processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Comodo\CBOClean\BOCore.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\LogMeIn\x86\ramaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\PROGRA~1\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2008-09-29 21:49:47 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-30 04:49:40 Pre-Run: 12,831,875,072 bytes free Post-Run: 15,368,826,880 bytes free 288 --- E O F --- 2008-09-14 23:41:23 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:51:16 PM, on 9/29/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\program files\u-storage tool2.91\ustorage.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\PROGRA~1\Comodo\CBOClean\BOC425.exe C:\Program Files\HP DVD\Umbrella\DVDTray.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gymnastics.bc.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [UStorag] c:\program files\u-storage tool2.91\ustorage.exe sys_auto_run C:\Program Files\U-Storage Tool2.91 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe" O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent O4 - Global Startup: MRI_DISABLED O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://web.tickle.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187695319359 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://nicholas92.spaces.live.com/PhotoUpload/MsnPUpld.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8510 bytes Download Deckard's Association File Tool (DAFT) and save it to your desktop.
---------- Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Driver:: DOMAINSERVICE TDSSSERV TDSSserv Folder:: C:\Documents and Settings\All Users\Application Data\xkngtopm File:: C:\WINDOWS\system32\vudgnalc.exe 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze ---------- Update your Mozilla Firefox Browser Recently there have been vulnerabilities detected in older versions of Mozilla Firefox. It is strongly suggested that you update to the current version. Mozilla Firefox 3.0 You can update it by clicking Help > Check for updates... The current version is Mozilla Firefox 3.0.3 It might be best to uninstall the beta version and do a fresh install of the new one. http://www.mozilla.com/en-US/firefox/ ---------- Download Malwarebytes' Anti-Malware (MBAM)
---------- How is everything now?ComboFix 08-09-28.03 - Owner 2008-09-30 8:32:11.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.889 [GMT -7:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\vudgnalc.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\xkngtopm C:\WINDOWS\system32\vudgnalc.exe . ((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 ))))))))))))))))))))))))))))))) . 2008-09-29 21:14 . 2008-09-28 23:28 d-------- C:\SDFix 2008-09-29 19:33 . 2008-09-29 19:33 d-------- C:\Program Files\Trend Micro 2008-09-29 18:36 . 2008-09-29 18:36 d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-13 22:00 . 2008-06-13 04:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-09-13 21:58 . 2008-04-11 12:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-09-13 20:18 . 2008-09-13 20:18 2,833 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-09-13 20:14 . 2008-09-13 20:14 d-------- C:\WINDOWS\system32\scripting 2008-09-13 20:14 . 2008-09-13 20:14 d-------- C:\WINDOWS\system32\en 2008-09-13 20:14 . 2008-09-13 20:14 d-------- C:\WINDOWS\l2schemas 2008-09-12 18:09 . 2008-04-13 17:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll 2008-09-09 16:18 . 2008-09-20 13:28 d-------- C:\Documents and Settings\Owner\Application Data\SPORE 2008-09-09 16:18 . 2008-09-09 16:18 dr-h----- C:\Documents and Settings\Owner\Application Data\SecuROM 2008-09-09 16:17 . 2008-09-09 16:17 d-------- C:\ProgramData 2008-09-09 16:17 . 2008-09-09 16:17 1,216 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg 2008-09-09 16:06 . 2008-09-09 16:17 d-------- C:\Program Files\Electronic Arts 2008-09-09 15:55 . 2008-09-09 15:55 d-------- C:\Program Files\PowerDVD 2008-09-09 15:55 . 2008-09-09 15:55 d-------- C:\Program Files\CyberLink 2008-09-09 15:55 . 2008-09-09 15:55 d-------- C:\Program Files\Common Files\Sonic 2008-09-09 15:55 . 2008-09-09 15:55 d-------- C:\Documents and Settings\Owner\Application Data\Sonic 2008-09-09 15:55 . 2008-09-09 15:55 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2008-09-09 15:53 . 2008-09-09 15:54 d-------- C:\Program Files\Sonic_RecordNow 2008-09-09 15:53 . 2008-09-09 15:53 d-------- C:\Program Files\Sonic 2008-09-09 15:53 . 2008-09-09 15:56 d-------- C:\Program Files\HP DVD 2008-09-09 15:53 . 2008-09-09 15:54 d-------- C:\Program Files\Common Files\SureThing Shared 2008-09-09 15:53 . 2008-09-09 15:53 d-------- C:\Program Files\Common Files\LightScribe 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-09-04 16:41 . 2008-09-04 16:43 d-------- C:\Program Files\FreeSpace2 2008-09-02 16:41 . 2008-09-02 16:41 d-------- C:\WINDOWS\Logs 2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe 2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll 2008-08-29 08:59 . 2008-08-29 09:00 d-------- C:\Program Files\pspvideo9 2008-08-28 17:27 . 2008-08-28 17:27 d-------- C:\Documents and Settings\Owner\Application Data\BearShare 2008-08-28 17:26 . 2008-08-28 17:26 d-------- C:\Program Files\BearShare Applications 2008-08-28 17:26 . 2007-11-22 07:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx 2008-08-28 13:04 . 2008-08-28 13:04 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-08-28 12:39 . 2008-08-28 12:39 d-------- C:\Program Files\Common Files\Macrovision Shared 2008-08-27 11:34 . 2008-08-27 11:34 d-------- C:\Documents and Settings\Owner\Application Data\Corel 2008-08-27 11:34 . 2008-08-27 11:34 d-------- C:\Documents and Settings\All Users\Application Data\Corel 2008-08-27 11:33 . 2008-08-27 11:33 d-------- C:\Program Files\Common Files\Corel 2008-08-19 13:33 . 2008-08-19 13:33 d-------- C:\Documents and Settings\Owner\Application Data\SmartFTP 2008-08-19 13:31 . 2008-08-19 13:49 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files 2008-08-18 08:19 . 2008-08-27 11:31 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-08-18 08:16 . 2008-08-27 11:33 d-------- C:\Program Files\Corel 2008-08-15 03:04 . 2008-09-13 20:18 2,675 --a------ C:\WINDOWS\imsins.BAK 2008-08-14 20:31 . 2008-05-01 07:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-30 15:27 --------- d-----w C:\Program Files\LogMeIn 2008-09-30 04:50 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4 2008-09-30 02:07 --------- d-----w C:\Program Files\RegScrubXP 2008-09-30 01:36 --------- d-----w C:\Program Files\iTunes 2008-09-30 01:36 --------- d-----w C:\Program Files\iPod 2008-09-30 01:31 --------- d-----w C:\Program Files\QuickTime 2008-09-30 01:31 --------- d-----w C:\Program Files\Common Files\Apple 2008-09-30 01:25 --------- d-----w C:\Program Files\Bonjour 2008-09-30 01:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic 2008-09-28 19:34 --------- d-----w C:\Program Files\GoldWave 2008-09-28 02:34 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT 2008-09-25 02:35 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent 2008-09-22 02:34 --------- d-----w C:\Program Files\Nexon 2008-09-13 23:15 --------- d-----w C:\Program Files\Random 2008-09-09 23:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-09-09 23:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-06 22:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\wsInspector 2008-09-06 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOC425 2008-09-06 20:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-06 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-03 23:08 --------- d-----w C:\Program Files\JkDefrag 2008-08-30 22:35 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-08-30 22:02 --------- d-----w C:\Program Files\Guild Wars 2008-08-29 16:00 --------- d-----w C:\Program Files\AviSynth 2.5 2008-08-28 19:58 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-28 15:31 --------- d-----w C:\Program Files\Apple Software Update 2008-08-19 23:33 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-07-31 23:31 --------- d-----w C:\Program Files\Microsoft Reader 2008-07-31 23:03 --------- d-----w C:\Program Files\uTorrent Extreme Leecher Edition 2008-07-30 20:43 --------- d-----w C:\Program Files\uTorrent 2008-07-28 03:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer 2007-07-18 04:46 1,228,292 --sh--w C:\WINDOWS\inf\bwepft.ini2 2007-07-18 00:26 1,196,113 --sh--w C:\WINDOWS\inf\bwepft.bak1 2006-11-19 00:17 831,027 --sha-w C:\WINDOWS\inf\bwepft.tmp 2007-05-23 02:14 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll 2007-05-23 02:17 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll 2007-07-18 00:26 1,196,113 --sh--w C:\WINDOWS\inf\bwepft.bak1 2007-07-18 04:46 1,228,292 --sh--w C:\WINDOWS\inf\bwepft.ini2 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112] "UStorag"="c:\program files\u-storage tool2.91\ustorage.exe" [2004-09-01 335967] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497] "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048] "BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [2007-08-08 338432] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "DVDTray"="C:\Program Files\HP DVD\Umbrella\DVDTray.exe" [2004-09-03 57344] "DVDBitSet"="C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" [2003-12-18 184320] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-01-18 41041] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 01000000 "NoRecentDocsNetHood"= 01000000 "NoUserNameInStartMenu"= 01000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\winaw32.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\softnyx\\Rakion\\Bin\\Rakion.bin"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\BearShare Pro\\Bearshare.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2008-04-14 22336] R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-07-17 45376] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848] S3 Apache2.2;Apache2.2;C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-01-18 24635] S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys [ ] S3 dump_wmimmc;dump_wmimmc;C:\Nexon\MapleStoryT\GameGuard\dump_wmimmc.sys [ ] S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Program Files\OMS\MapleStory\DXWnd\Cheat Engine\IlvMoney1148.sys [ ] S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\DRIVERS\libusb0.sys [2007-05-11 29184] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064] S3 USTOR;U-Storage Controller;C:\WINDOWS\system32\DRIVERS\UStork.sys [2004-08-17 20218] S4 Abel;Abel;C:\Program Files\Cain\Abel.exe [ ] S4 Multimedia_Interface;Multimedia_Interface;C:\WINDOWS\System32\dllcache\aysshell.exe [ ] . Contents of the 'Scheduled Tasks' folder . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-30 08:35:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Comodo\CBOClean\BOCore.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\LogMeIn\x86\ramaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\PROGRA~1\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2008-09-30 8:40:37 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-30 15:40:31 ComboFix2.txt 2008-09-30 04:49:49 Pre-Run: 15,339,515,904 bytes free Post-Run: 15,326,818,304 bytes free 206 --- E O F --- 2008-09-14 23:41:23 DAFT Log saved on 2008-09-30 08:29:50 ----------------------------------------------------------------------- All associations okay! Malwarebytes' Anti-Malware 1.28 Database version: 1222 Windows 5.1.2600 Service Pack 3 9/30/2008 3:39:29 PM mbam-log-2008-09-30 (15-39-29).txt Scan type: Quick Scan Objects scanned: 55071 Time elapsed: 5 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Everything seems to be working normally now, thank you for your help!
. The above procedure will:
---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Are there any tools out there that you can recommend to help protect my system better? Like a solid antivirus program etc.. With that Securina Software inspector it shows that I had some vulnerable programs, but the thing was they were just repeat copies of what i already had. Like one copy was secure and I then had a few out od date copies. any recommendations? Thanks again for all the help things seem to be running just as they had before the bug. Still a few bugs that seem to never go away.. The antivirus you have is one of the best. Nothing will stop everything. Quote Like one copy was secure and I then had a few out od date copies. any recommendations? What was out of date? Adobe Flash Player 9.x - Have another copy that is secure Macromedia Flash Player 6.x Sun Java JRE 1.5.x / 5.x - Also another copy that is secure Sun Java JRE 1.6.x / 6.x Sun Java JRE 1.6.x / 6.x |
|
| 585. |
Solve : Another Search Engine Hijack!? |
|
Answer» Hello! It appears that I have basically the same problem that many others on here are having as far as my search engine (Google or Yahoo) keeps sending me off to god knows where. I have XP with IE. I also couldn't get to many websites such as windows update or anti-spyware sites. As a matter of fact, I couldn't get to SuperAntiSpyware, MBAM or HijackThis thru your links, but I was able to download them from CNET. Anyway, I was able to go thru your steps exactly as outlined in your Malware Removal Guide, and decided to POSTS the log files before CHECKING to see if everything is working again. Thanks for your time! Here they are:
Open the SDFix FOLDER and double click RunThis.bat to start the script.
Stop: 0x000000B4 (0x8315A518, 0x8314C000, 0x8314B000, 0x00050000) Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.Neither link works for me. I can't get to bleeping computer.com. http://rapidshare.com/files/150118216/ComboFix.exe.html The Rapidshare link worked. I'll run ComboFix and HijackThis in the morning and post the logs. Thanks again for all your help evilfantasy!Ran ComboFix and HijackThis this morning. Here are the logs: [Saving space - attachment deleted by admin]Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) - O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Download ATF Cleaner by Atribune to your Desktop. Alternate download link Note: Vista users must use Run As Administrator
----------
---------- Download OTCleanIt.exe and save it to your Desktop.
---------- Disable the System Restore Utility to prevent re-infection from an old one 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Put a check mark next to Turn off System Restore on All Drives 4) Click the OK button. 5) You will be prompted to restart the computer. Click the Yes button. Now re-enable System Restore To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'. 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Remove the check mark next to Turn off System Restore on All Drives 4) Click the OK button. ---------- How is everything now? Quote How is everything now? I sure hope that you get paid to do this, because you are amazing! I suppose time will tell, but everything appears to be working correctly now. Actually, it might even be running a little faster than before. Thank you so much for your time, your expertise has been greatly appreciated! Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Will do. Thanks again!No problem. Safe surfing... |
|
| 586. |
Solve : A little question!? |
|
Answer» Hi , BlueVoda Publication file. This is a proprietary format which represents an encoded web page. The file can be edited using the bluevoda website builder, but can only be published using the bluevoda tool and to bluevoda hosting only.Quote from: evilfantasy on October 01, 2008, 09:39:28 AM When you turn it off it will create a new clean one and remove the old (infected) ones. I made them after reformat, are they infected?According to the screen shot yes. |
|
| 587. |
Solve : Torjans? |
|
Answer» How do i remove these trojans i've tried the 6 step guide and there coming back
There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet EXPLORER 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and SET the zoom to 75%. Once the license is accepted, reset to 100%. |
|
| 588. |
Solve : PLEASE HELP -- cannot open programs, don't know what to do!!? |
|
Answer» Hello, When restoring the computer to an earlier date, the Windows XP system restore option will not erase any of your data. However, if any programs were installed since that date, it is POSSIBLE that the program settings may be lost. How do I restore Windows XP back to an earlier copy?Yes I tried a System Restore and it did not work |
|
| 589. |
Solve : backdoor.trojan on computer? |
|
Answer» My Norton Anti-virus can't get rid of it. I have Windows XP. I'm not sure what information you all need but here are the logs. |
|
| 590. |
Solve : Unable to download HijackThis or other programs? |
|
Answer» After reading through the "Read this before requesting malware removal HELP" topic I tried to complete the steps, but was mostly unsuccessful.
Open the SDFix folder and double click RunThis.bat to start the script.
[recovering disk space -- attachment deleted by admin]Get SDFix from here. Scroll up to read the instructions for running it. http://rapidshare.com/files/146081232/SDFix.exe.htmlOk, I followed all of the steps and have attached the report. [recovering disk space -- attachment deleted by admin]Download Malwarebytes' Anti-Malware (MBAM)
---------- Download TrendMicro HijackThis.exe (HJT) to the Desktop.
Database version: 1222 Windows 5.1.2600 Service Pack 2 9/29/2008 11:23:14 PM mbam-log-2008-09-29 (23-23-14).txt Scan type: Quick Scan Objects scanned: 54135 Time elapsed: 8 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\[email protected] (Adware.Zango) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\Kristen\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Kristen\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Kristen\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Kristen\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Kristen\Application Data\AdwareAlert\Log\2007 Nov 16 - 07_18_06 PM_998.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Kristen\Application Data\AdwareAlert\Log\2007 Nov 16 - 07_18_20 PM_868.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Kristen\Application Data\AdwareAlert\Log\2007 Nov 17 - 03_00_03 AM_352.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Kristen\Application Data\AdwareAlert\Log\2007 Nov 17 - 03_00_05 AM_245.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Kristen\Application Data\AdwareAlert\Log\2007 Nov 17 - 11_28_20 AM_994.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Kristen\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:24:17 PM, on 9/29/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\HPZinw12.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.treasuretrooper.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft EXCEL - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://preview.licenseacquisition.org/69/1055309090.79745/DinerDash2.1.0.0.67.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181777098217 O23 - Service: McAfee Application Installer Cleanup (0003011221201853) (0003011221201853mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\000301~1.EXE (file missing) O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7111 bytes Looks good. How is everything now? Open HijackThis sna place a check mark next to: O23 - Service: McAfee Application Installer Cleanup (0003011221201853) (0003011221201853mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\000301~1.EXE (file missing) Then click Fix checked.Everything seems to be running great! Thank-you so much for all of your help!Download OTCleanIt.exe and save it to your Desktop.
---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 591. |
Solve : Hijack log for the Gateway laptop? |
|
Answer» Logfile of Trend Micro HijackThis v2.0.0 (BETA) Logfile of Trend Micro HijackThis v2.0.0 (BETA)The most recent RELEASE is Version 2.0.2. You can get it here: http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthisI (as well as Microsoft, McAfee and Symantec) recommend that you DO NOT have more than one antivirus product installed and running on your computer at a time. The real-time protection of two antivirus programs may conflict with each other and cause the following: 1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) Conflicts: Your system may lock up due to both products attempting to access the same file at the same time. 3) Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen. I strongly suggest you either configure only one antivirus program to enable automatic real-time scanning, and leave the rest disabled, using them for on-demand scanners or go to Start > Control Panel > Add or Remove Programs and uninstall all but one antivirus program. Now run a new HJT scan and post the log. Quote I (as well as Microsoft, McAfee and Symantec) recommend that you DO NOT have more than one antivirus product installed and running on your computer at a time. I've used AVG for years but tried Avira and liked it. In fact the free version found three virus's on my Dad's computer when AVG, Norton, and Trend Micro remote scan found nothing. Avira has had one occasional reoccurring problem but Avira "help" is better than any other computer software or hardware help hands down and the problem was always resolved within 24 hours. Thought that i disabled AVG. But will uninstall it to avoid any confusion.Antivirus are very stubborn about being disabled. For a "second opinion" running an online virus scanner is normally the best method. You can find a list of them HERE. Scroll down to Online virus & spyware scansLogfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:04:12 PM, on 8/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Digital Media Reader\shwicon2k.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7120 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7120 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7120 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user') O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228 O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155063375250 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-26b69876d2cd92e1.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10161 bytes Looks OK except for the Java. How is the computer running now? Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Download JavaRa to your Desktop and unzip it to its own folder.
Horrible! It seems to me that something is telling the computer to do something which causes the hard drive to run fast for no apparent reason. Or that something is coming in past the firewall and looking around. It is also very noticable how long it now takes zonealarm to load. If i pressed the on button on both of these computers the HP WOULD be up and running in 1:45 min while the gateway take over 4 minutes! The gateway used to come on in about 45 seconds. Of course after loading an antivirus and firewall it still booted in 1:15 mins. Why do so many programs insist on running in some way at start up? Are they gathering info that they then send back to their manufacturer once you launch your browser? Try uninstalling ZA to see if it helps. There are other less resource hungry firewalls that do just as good or better then ZA.So i uninstall ZA and use MS firewall until i decide what other firewall to install? It is almost impossible to believe that ZA slows this computer up THAT much. There is something else wrong here that makes something as simple as right clicking a long procedure, clicking the start menu a painful wait til it pops up, and this hard drive spins constantly inspite of defregs, disck checks, spybot checks and antivirus scans...it seems like the computer is busy looking for something that it never finds or if it does it loses it shortly thereafter. What have you installed recently? Uninstall whatever has been recently installed one at a time to try and narrow down what is causing the conflicts.Haven't downloaded AND INSTALLED anything. However, if you recall, when i didn't have internet access with the HP i downloaded many if not most of the programs that you recommended to fix the HP. From my desktop ( Firefox seems to insist that i download all file to that location ) i moved the files to my jump drive to install them on the HP. i think i mentioned that Avira has detected one or two of those downloads as virus's which you thought wasn't so unusual, so i deleted them. But some still exist. It might also be important to note that on this laptop i have two communication programs: Skype and MagicJack. MagicJack is such a badly supported program with terrible connectivity. That company wanted me to uninstall Skype which they claim "conflicts" with MJ. So i uninstalled and still get the most terrible service. Now that i have the HP i was going to install MJ on that HP but now i'm not so sure that i want to corrupt that computer. Besides those things there are no new programs on this computer and it's been getting slower over the last year more than. So for instance when i hit the start menu it takes several seconds before it comes up, or when i right click an object to check properties or other aspect, the menu takes a few seconds to pop up or it will pop up then back down again. Very frustrating.I would start by going through the Add/Remove programs and uninstall anything you no longer use. Do a good system maintenance, disk clean, defrag and then another disk clean. There is something slowing Windows down and it might take some uninstalling of most recently installed items to narrow down what it is thats causing it. |
|
| 592. |
Solve : Re: pop ups? |
|
Answer» hi lads havin problems with cid pop ups ,i have mcafee but its not detecting where the problem can someone have a look at my hjt log below ,
---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) - R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm - O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) - O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) - O2 - BHO: (no name) - {DF9BF658-5DEE-46C3-AADD-76B5C9654027} - C:\WINDOWS\system32\actived.dll (file missing) - O4 - HKLM\..\Run: [MATH DOES FIRST MODE] C:\Documents and Settings\All Users\Application Data\live 64 math does\soap up.exe - O4 - HKCU\..\Run: [PARTINTERNET] C:\DOCUME~1\WILLIE~1\APPLIC~1\SURFFI~1\binreal.exe Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Go to Start > Run and type notepad.exe then click OK Copy the text in the Code box below and paste it into Notepad. Code: [Select]REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run] "MATH DOES FIRST MODE"=- "PARTINTERNET"=- In Notepad go to File > Save as... Next to File name: type fixme.reg Use the dropdown box next to Save as type: and select All files. Save it to the Desktop. There should now be a file on the Desktop that looks like this Double-click fixme.reg it and allow it to merge with the Registry. You may not see anything happen but give it a few seconds or so to finish. Now delete the fixme.reg file from the Desktop. ---------- Download Malwarebytes' Anti-Malware (MBAM)
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. ---------- Next post add the MBAM log and let me know how things are now.evilfantasy, thank you for your help ,went through everything step by step and no pop ups yet tonight..fingers crossed. my first log report from malwarebytes from sunday 24/08/2008 exceeds the maximum allowed length ,,there must have found some load of crap i ran a scan tonight so here is the log Malwarebytes' Anti-Malware 1.25 Database version: 1087 Windows 5.1.2600 Service Pack 2 23:29:37 25/08/2008 mbam-log-08-25-2008 (23-29-37).txt Scan type: Quick Scan Objects scanned: 66756 Time elapsed: 14 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: kindest rgds achiman Download ATF Cleaner by Atribune to your Desktop. Alternate download link Note: Vista users must use Run As Administrator
Important: Restart the computer before continuing. ---------- Use the Kaspersky Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon and choose Run as Administrator. Click on SCAN NOW Click on the Accept button and install any components it needs.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.evilfantasy, as requested kaspersky log below KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, August 26, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, August 25, 2008 15:15:15 Records in database: 1144482 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 180913 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 03:09:01 File name / Threat name / Threats count C:\RECYCLER\S-1-5-21-1919412445-3421634388-300518841-1008\Dc175.wma Infected: Trojan-Downloader.WMA.GetCodec.b 1 The selected area was scanned. That file is nothing to worry about. It can't be accessed. Time to cleanup. If you have any questions just let me know. Download OTCleanIt.exe and save it to your Desktop.
---------- Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done. .
. The above procedure will:
---------- Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it installed) 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 ---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.thanks mate.. you the man.... No problem. Safe surfing..... |
|
| 593. |
Solve : *sigh* another fake antivirus? |
|
Answer» thanks
Open the SDFix folder and double click RunThis.bat to start the script.
[recovering disk space -- attachment deleted by admin]That CLEARED a lot but there is still plenty left. Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. [recovering disk space -- attachment deleted by admin]Disable Windows Defender We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) - O2 - BHO: (no name) - {3CBB991F-3696-48D8-AC44-ED511EAEB4BC} - C:\WINDOWS\system32\xxyyaayW.dll - O2 - BHO: D - {B00E6E6D-C2B1-3A27-BA27-7F01DC55C412} - C:\WINDOWS\kx48657.dll - O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) - O20 - AppInit_DLLs: uaevax.dll hxnekn.dll Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad.
Code: [Select]KillAll:: File:: C:\WINDOWS\system32\xxyyaayW.dll C:\WINDOWS\kx48657.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser HELPER Objects\{3CBB991F-3696-48D8-AC44-ED511EAEB4BC}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B00E6E6D-C2B1-3A27-BA27-7F01DC55C412}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze [recovering disk space -- attachment deleted by admin]Download ATF Cleaner by Atribune to your Desktop. Alternate download link Note: Vista users must use Run As Administrator
Important: Restart the computer before continuing. ---------- How is everything now? |
|
| 594. |
Solve : Using Avg Free editon version 8.0? |
|
Answer» When I started the ANTI VIRUS program it reports an error at the top of the program. It says you may not be protected! some components report an error. When I updated the program it says the update needs a restart. When I restart the compuer hoping that the update will fix the error, it doesnt. It states both the error again and the computer needs to restart. I reinstalled the program but nothing seems to work.What does the error say? I had the an error a few days ago when it tried to update, but should hopefully be fixed by the AVG TEAM. Post back with what the error message says.There was a problem over the weekend with a CORRUPT update. Did you wake up laughing? Actually, I felt like I needed a CIGARETTE... |
|
| 595. |
Solve : Hijackthis 1? |
|
Answer» I just wanted to see what the status is with the two family COMPUTERS we have. |
|
| 596. |
Solve : Virus alerts gone, do I require HJT?? |
|
Answer» Hey all! |
|
| 597. |
Solve : Help I think my computers been hijacked?? |
|
Answer» I have gone thru the steps listed on the "Read this before REQUESTING malware removal help" topic.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. ---------- Please keep these programs up-to-date and run them whenever you suspect a problem. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them. Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thank you for your assistance. I assume you mean all virus' and spyware have been cleaned. Unfortunatley I am still having a problem. Every time that I load internet explorer i receive the message, "Internet explorer has encountered a problem and needs to close." After clicking the send error report buttion a box comes up that says thanks and to click here for more information. When I do this it says windows needs to update. when i click this internet explorer shuts down. Any suggestion which forum i should seek assistance on. thanksTry re-installing IE 7
If so, place it in your CD ROM drive and follow the instructions below:
If you want to see what was replaced, right-click My Computer and click on Manage. In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.when i insert the cd i recieve the folowing message: Windows File Protection Files that are required for windows to run properly must be copied to the DLL cacheDoes it let you copy the files? What options does it give you?It says to: Insert your windows xp professional service pack 2 CD Now Then thr following buttons retry, more Info, CancelAre you putting the CD in before starting the sfc /scannow?YesTry a Repair install. http://www.michaelstevenstech.com/XPrepairinstall.htm#RI |
|
| 598. |
Solve : Avast and Kaspersky Anti-Virus: same download fault? Puzzled. Please advise.? |
|
Answer» Quote Do I still need to update?No, you're fine. As for Program Files folder... Double click My Computer to open it. Double click on C to open C drive. Now, you'll see Program Files folder. Click on it ONCE, to highlight it. In top menu, go File>New>Folder. Name it Hijackthis. Follow the rest of evilfantasy's instructions.Hi Broni & Evilfantasy, sorry for delay in posting new Hijack this log. It took me a while to figure out how to install and run the other programmes: CTFMON-Remover and Quicktime Killer. I then had to download NET Framework Versoin 1.1 in order for Quicktime to WORK. I have run both and posted a new log below. Thankyou very much Broni for taking me through porcedure for accessing C files. It really helped and I shall remember it for future reference. If you need anything else please ask. Thankyou, Trish. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:50:47, on 17/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\GOOGLE\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by WHSmithnet R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java(tm) Plug-In SSV HELPER - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [EnGraph QuickTimeKiller] C:\Program Files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4E544C53-6967-6E02-BBAD-233AD71832A8} (NTLSignup1 Class) - https://tesco.autoregister.net/tesco/NTLSignup.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151075279500 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN CHAT Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{130E35C2-9F50-49DC-9AC2-B670A46D45A8}: NameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CS1\Services\Tcpip\..\{130E35C2-9F50-49DC-9AC2-B670A46D45A8}: NameServer = 194.168.4.100 194.168.8.100 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: ??P,avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 7171 bytes |
|
| 599. |
Solve : Virus, Trojan or Rootkit?? |
|
Answer» Could you please GO to the MBAM forums, register and start a new thread and POST the MBAM log in the False POSITIVES forum so the MBAM creators can have a look and FIX this if needed. |
|
| 600. |
Solve : Not sure what's wrong; Blue screen screensaver?? |
|
Answer» Hi! I'm running Windows XP, on an Intel Celeron Processor with an ATI Radeon (couldn't really see that) Express 300 video card, 120 GB hard drive, and 512 MB DDR SDRAM (not sure what THAT means), which I update regularly. I have AVG 8.0, Ad-Aware, and Spybot S&D as far as virus PROTECTION goes. I TRY to keep those up to date as well. |
|
