Explore topic-wise InterviewSolutions in .

You're WELCOME. I will LOCK this THREAD. If you need it re-opened, PLEASE send me a pm.

Ok, let's do some clean up.

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you.

*************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free SPACE in C drive)
*************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free INTERNET security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Check out Keeping Yourself Safe On The Web for tips and free TOOLS to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!Dave as usual you've earned the "Super" Moniker. lol

All fixed, all celaned up and read one of the articles so far.
Always something new to learn.

Again thanks so much,
Happy Holidays if I don't have another problem before then.
MP.You're welcome. I will LOCK this THREAD. If you need it re-opened, please send me a pm.

This is not a request for help. I just now restored my Windows XP tfrom an image made a MONTH ago. For some reason the past 30 days of system restore is missing. So I had to use the image I made last month. Maybe I need to make an image every week!

Anyway,. what got my attention was MalwareBytes (MBAM). Some way It got smashed. I did an UN install and installed from a copy. Same thing. I GET a message saying there was a run-time error. Also, my accessibility wizard was missing. I attempted to do a repair of Windows XP, but that did not resolve the issues.

That is way I did an images restore form last month. Now the PROBLEM gone. But I lost some settings I had in my browser. Oh WELL. MBAM now works fine.

So my question is this: Has anybody every had this happen? Has MalwareBytes (MNAM)all of a sudden got a run time error?


There are a number of reason for a run time error as explained here.You certainly know how to keep a reader entertained.Quote from: milano1234 on November 10, 2013, 09:06:02 PM

You certainly know how to keep a reader entertained.

So in the past when dealing with virus removal, I generally took the hard drive out of the affected machine and placed it into an IDE or SATA dock to turn it into an external hard drive and have the virus non functional outside of its "startup and infected/affect state" rooted to the root OS of the drive it is on.

I have seen online people claim to use tools like creating a Bart PE startup CD or DVD with an antivirus on that to clean the systems as well as SOMEONE else on another google hit claimed to use a Linux Live CD with an Antivirus on that to clean the drive of malware.

Question I have is ... What are the best bootable tool methods of attacking the removal of the malware?

I am guessing its the bootable CD or DVD METHOD which introduces a read-only source to the equation of which the system also boots off of so that any viruses would not START up, cant infect the disc, and they can be detected dormant and removed. I tried to make a Bart PE disc once placing Norton Antivirus on it, but it doesnt function, and then if it did function, how do you update the DEFINITIONS on a read-only disc.

* I understand that there is the potential to infect my test station ( workstation I use for projects and data recovery and malware removal ) using my current malware/virus removal method. This is one reason why I never use my important systems to perform interaction with foreign drives to contain any infection to that of the test station which can be wiped out clean via a ghost image etc to start clean again at a baseline for next project etc. This test station is also running Windows XP Pro because Ghost 2003 works with Windows XP, but Ghost 2003 doesnt WORK with any newer OS than XP. So until I find the need to leave XP such as if the HDD becomes too big to access etc, I am sticking with XP, however if there is a good Linux option for a test station for malware removal etc, I am open at trying a distro and tool or two.

Hi,

Ran a scan and found she was infected with GamePlay Lab Adware. I just want to be sure it is cleaned and nothing else hanging around since there have been infections on the network.

Here are the files:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.22.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ADMINISTRATOR :: MICHELE-6273CB9 [administrator]

7/22/2013 2:57:47 PM
mbam-log-2013-07-22 (14-57-47).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 291550
Time elapsed: 58 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory MODULES Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-------------------------------------

# AdwCleaner v2.306 - Logfile created 07/22/2013 at 13:33:30
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - MICHELE-6273CB9
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zj5c0w0m.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zj5c0w0m.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\ilividtoolbarguid
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zj5c0w0m.default\ilividtoolbarguid
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Ilivid
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Program Files\file scout
Folder Deleted : C:\Program Files\Search Results Toolbar
Folder Deleted : C:\Program Files\Yontoo

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\SimplyGen
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/?l=dis&o=41648106&gct=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zj5c0w0m.default\prefs.js

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zj5c0w0m.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "Search Results");
Deleted : user_pref("browser.search.order.1", "Search Results");

-\\ Google Chrome v28.0.1500.72

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5362 octets] - [22/07/2013 13:33:30]

########## EOF - C:\AdwCleaner[S1].txt - [5422 octets] ##########


--------------------------------------

Results of screen317's Security Check version 0.99.70
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
a
v
a
s
t
!
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.75.0.1300
HijackThis 2.0.2
CCleaner
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Mozilla Firefox (22.0)
Google Chrome 27.0.1453.116
Google Chrome 28.0.1500.72
````````Process Check: objlist.exe by Laurent````````[/u]
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]
Quote

Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)

• Download RogueKiller on the desktop
  
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  
• Otherwise just double-click on RogueKiller.exe
  
• Pre-scan will start. Let it finish.
• Click on SCAN button.
  
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

• Leave the check mark next to Remove found threats.
  

Also, I don't have a system repair disk. I only have a recovery disk. Is it possible to actually burn one and use that? Or is that illegal.
If you have a Recovery Disk, boot your computer with it and see if there is a Repair option.Hello,

I got my hands on Linux and booted my PC with it. Now I can recover all my files, so I figured that I will just do a recovery.
Unfortunately, my recovery CD that came with my laptop doesn't have a repair option, here are it's options:
Recover Windows to FIRST partition only.
Recover Windows to entire HD.
Recover Windows to entire HD with 2 partitions.
What exactly do they MEAN, and what will they do?Quote

Unfortunately, my recovery CD that came with my laptop doesn't have a repair option, here are it's options:
Recover Windows to first partition only.
Recover Windows to entire HD.
Recover Windows to entire HD with 2 partitions.
What exactly do they mean, and what will they do?

I have a C and a D partition, each 500 GB. Also a 26 GB recovery drive, what does this do?
To be honest, I would like to get the stuff out of there and do a full recovery as I don't need 500 GB for my C drive. 200 GB will suffice.
Also, if I recover it to a single partition, do I have to partition myself a recovery drive?

Recover Windows to first partition only.

So if I use "Recover Windows to first partition only." only my first partition will be recovered? I will go ahead and do the recovery tomorrow, sort of busy today.

Thanks so much for your help, I appreciate the time and effort you've put in.

Actually, there was a error code when recovering. My sister took over after I travelled to Canada to visit her.
Thanks for your help.

OK don't chastise me I know I shouldn't have done it, but I ran Combofix and now I can't open my COMPUTER or programs FOLD etc. it says no such interface supported. Everything else works fine like I was able to use Firefox to open this topic. I should also add that even though it won't let me double click and open folders on my desktop it will allow me to left click and open them. The funny part is the bug I was trying to get rid of with Combofix is still there lol. Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. ABSENCE of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*******************************************************
ComboFix is a powerful tool and should only be used under the guidance of an expert. I'm not sure that I can help fix this problem. These instructions may be different for Windows 7. Also, can you TRY booting your computer in Safe Mode and see how it's working there?

I'd like to see the removals performed by ComboFix. Click Start > Run and TYPE the following bold text into the Run box and click OK:

C:\Qoobox\ComboFix-quarantined-files.txt

The report should open for you. Please post the contents of that report in the next reply.

I was in the process of buying (online as a download) security software (Trend Micro Titanium Maximum Security @ $44.95/yr) for my laptop computer. Of course, once I got to the billing page, more add-ons were offered. These included "Download Protection Service," to access the software and serial key @ $8.95; "Virus Removal Service," @ $9.95; and "Protect Your Investment," - which is a back-up CD, @ $9.95. I consider myself a novice and "computer challenged," and don't know if I should purchase or need these extras. I thought that in buying this software part of its job was to block viruses, so why would I need to add-on a virus removal service? Please help!!!

Thanks,
Jacqueline This area is notably for making recommendations, not asking.
My recommendation is to sat with what is free and go from there.

Microsoft Security Essentials is free.
Malware bytes has a free version.
Personally, I like Avast.

Avoid offers that promise a lot but have no reputation.
You can do a search on Bing for:
most popular AV programs
and find out what other people are using.



Quote from: Geek-9pm on October 31, 2013, 09:52:22 PM

This area is notably for making recommendations, not asking.

Combofix is telling me that it wont run with AVG installed. That's CORRECT. Please download MicroSoft Security Essentials from the link below. Make sure that you install the 64 bit one. Once it's installed, remove AVG with the AVG tool REMOVER below. Now try to run ComboFix.

Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
*************************************************
AVG Antivirus - AVG Antivirus Remover utilityQuote from: SuperDave on February 11, 2011, 05:05:37 PM

That's correct. Please download MicroSoft Security Essentials from the link below. Make sure that you install the 64 bit one. Once it's installed, remove AVG with the AVG tool remover below. Now try to run ComboFix.

Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
*************************************************
AVG Antivirus - AVG Antivirus Remover utility

I have a problem. CommandPrompt, stops working while Combofix is running. It wont let me use it! What can i do now?

Why do you want to run CommandPrompt? I specifically asked you not to run anything other than the scans I requested. Please run ComboFix and post the log.

Please try this:

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now

i have the "run" window open..and im putting that command in. nothing is happening though. What am i doing wrong?

If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

When the Save file box opens up you can change the name down at the bottom of the box.

Microsoft Security Essentials has not auto-updated in the past 5 days. I only get the pop-up icon in the task bar saying updates are available. I TELL it to update, the icon goes away & nothing happens. If I open MSE & click on Update tab, & tell it to update, within a minute is says: MSE error code0x80240022

If I go here: https://www.microsoft.com/security/portal/definitions/adl.aspx
& download & save the latest update, double-click file, it updates with no problem.

Before updating, MSE taskbar icon never goes orange, indicating an update is needed.

Have you seen this on Windows XP Pro-SP3?
MBAM results:
--------------------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.21.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: GIGABYTE [administrator]

10/21/2013 2:18:07 PM
mbam-log-2013-10-21 (14-18-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223210
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Documents and Settings\All Users\Application Data\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{F60A62FE-7EBF-4A93-A889-0BDE5212A62F} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

Files Detected: 4
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{F60A62FE-7EBF-4A93-A889-0BDE5212A62F}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{F60A62FE-7EBF-4A93-A889-0BDE5212A62F}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{F60A62FE-7EBF-4A93-A889-0BDE5212A62F}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{F60A62FE-7EBF-4A93-A889-0BDE5212A62F}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

(END)
--------------------------------------------------------------------------------------
MBAM says it's a PUP. I deleted them. Could this be the cause?

MBAM required computer restart. Update appears in icon tray. Click download, icon disappears.

Current Client Version is: Antimalware Client Version: 4.3.216.0
Update says: 4.3.219.0

Will try to get download applied through IE Microsoft Updates. If that doesn't work, then, I believe only option is to download MSE, uninstall MSE & reinstall with new version. This happened about 2 weeks ago, maybe have to get rid of MSE & go to Avast.

Microsoft Update found it. Update failed to install.

Downloaded MSE installer. It actually asked to upgrade whereas in the past, it said MSE was already installed. It is now asking for a restart. After restart, MSE is now updated to 4.3.216.0

Don't think the MSE issue had anything to do with the PUP. Won't know for at least another 24 hrs & the next MSE DEFINITION update.

[recovering disk space, attachment deleted by admin]MBAM found the same errors on the Win-64 machine. MSE was already updated to the latest Client Version, but had to manually update the virus defs.

This would seem to indicate a Microsoft issue with WinXP & MSE. Have they started to drop support for WinXP? Or maybe just relegated it to secondary or low priority status?My MSE on XP is up-to-date. The latest update is listed at 21/10/2013 @ 07:46 pm.

•Please download Dial-A-Fix from one of the following mirrors:

Primary mirror
Secondary mirror

•Extract the zip file to your desktop.

•Double click Dial-a-Fix.exe to start the program. Dial-A-Fix might give you a lot errors, just ignore them and Click
to continue.

•Press the green double checkmark box (Looks like this:


UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:





•Click on Go

•Wait for Dial-A-Fix to finish (All the checks marks will be all gone)

•Close Dial-A-Fix
I got 1 error after starting the program, the 1st attachment.
When it reached Group #5 - Registration Center, I had maybe 10 of the 2nd attachment.
Hit OK on each of these until completion.

Will now run from Start---Run
regsvr32 iesetup.dll

Got error in 3rd attachment.

I have IE8, but default browser is FF24.

Tried update from MSE again today, same error.
the latest definitions are: 1.161.458.0, Oct 22, 2013 01:50 PM UTC

This now does appear to be a registry error (4th attachment).

The only fix I can think of is an Admin reinstall of IE8. I have the full download of 16,488kB

Ran sfc /scannow inserted Windows CD as instructed. Kept asking to reinsert CD, maybe 15 times. Didn't say to Restart, MSE still won't update. Maybe a reboot?


[recovering disk space, attachment deleted by admin]Reinstalled IE8, then tried to update MSE. No error message this time, but it took a very long time. Still can't register iesetup.dll.
Notifier popped up in taskbar, told it to download, nothing happened. Went to Microsoft Update & it's doing nothing there, either. It's now hung, will have to kill the it with Task Manager. Send Error Report...Useless.

Is it possible you don't have enough space on your harddrive to handle the updates?

Please download and run MS Fix-it from here. Partition #1 - OS - 20GB, 3.4GB Free
Partition #2 - Data - 17.6GB, 4.1GB Free
Partition #3 - Downloads - 15.6GB, 4.1GB Free
Partition #4 - VM File, Temp Files - 7.8GB, 4.1GB Free
Partition #5 - Macrium Image storage - 171.8GB

Coincidently, just ran MS-Fixit.

I have 3 Macrium images saved:
10/18/2013 (the same issues probably exist in this one)
10/4/2013
9/20/2013

This is not good:
BITS service is not listed as a Service.
Ran msconfig, it's on selective startup. I didn't change it.
Changed to normal startup, will have to restart.

[recovering disk space, attachment deleted by admin]You really should increase the size of your OS drive. 20gb is stretching the limits. Did you run the fixes in MS-Fixit?Thanks, SD:

Yes, I ran those fixes in MS-Fixit. Didn't fix it!!
I found what the problem was, but don't know how it happened.
There was no BITS listed in SERVICES. Googled for fix, but all were for XP3-SP2 or Vista or Win7, nothing for WinXP-SP3. I tried several different ones, but nothing would return BITS to services.

I restored the 10/4/2013 image & immediately looked at Services (see pic); now it's listed as it's supposed to be. It's no wonder nothing was updating.

Updates popped right up, downloaded & then installed, so have been busy for the past couple hours. MSE updated, too. After last reboot, MSE wants to do a scan, running now.

I have no idea what killed the Background Intelligent Transfer Service (BITS) & why there is no fix for it for WinXP-SP3.

MSE finished, all MS monthly Tuesday updates installed, all other updates for the past 18 days installed. All appears to be working, now.

This isn't the fastest XP machine in the world, but not a dog either. See specs under my pic.

I don't really need Partition #5, but backing up the images from the USB 3.0 drive to the older USB 2.0 drive is faster if copied to the hard drive first. Hard Drive is 250GB, I have a spare 250GB, so can add that for image storage.

These OS folders can be safely deleted:
Software Downloads are 100MB
Update folders are 10MB

I created an image before the restore, now will create another after the restore. I've spent waaay too much time on this.

Thanks, hope I didn't waste too much of you time.

Found this (after Googling "why is BITS missing"): http://steveit.ca/2012/07/09/windows-update-fails-missing-bits-service/
He did everything I tried, except exporting from another computer.

He provides link to this site: http://www.smartestcomputing.us.com/files/file/9-registry-network-keys/
Is this "our" Broni?
Yes it is. That's his home page. http://www.smartestcomputing.us.com/index.php?app=uportal
Go figure!! Where was he when I needed him? LOL.

[recovering disk space, attachment deleted by admin]

A friend gave me his tower to work on that was running Vista SP1 32bit that was inoperable. Instantly suspected malware due to nature of how it would boot and never get to desktop, basically black screen and pointer and never got past that point.

Steps I have done so far:

Step #1 - Removed the hard DRIVE from this computer and connected it to my SATA USB dock to turn this drive into an external and be able to work with this drive with malware dormant.

Step #2 - Scanned this 500GB drive with MSSE and it found 9 malware items, mostly trojans. Told MSSE to clean this drive and it did.

Step #3 - Placed this drive back into the Dell tower with it disconnected from the internet and turned it on. Windows Vista now came up with a message giving boot options because of an improper shutdown. This is probably because I had to force a shutdown due to the fact that while it was infected it was just a black screen with white pointer and CTRL + ALT + Delete and nothing ELSE functioned and I forced it to shutdown by holding in power button.

Step #4 - System booted to desktop but certain windows features seemed to lag, as well as unresponsive. * I thought I was going to have to perform a repair installation at this point. So I shut it down and booted off of the system recovery disc and saw that it had a memory test option. Figured might as well test the RAM before moving on just in case 2 issues since the tower hasnt been really confirmed as good running yet. Ran memtest and at some point it got through this memtest and the system rebooted itself.

Step #5 - I then figured ok its at the logon lets logon and see if the problem is still there. Now the system is very responsive and not lagging and is acting clean. Connected it to the internet over broadband and performed much needed security updates such as Service Pack 2 and all other patches. System still running fast after reboot and no noticable problems.

Step #6 - Installed, updated definitions and started MSSE scan before bed ( first time in this tower scanning itself with its Vista now SP2 OS active ) to make sure nothing is detected.

Step #7 - Woke up and checked the system and its GREEN NO Malware Detected.

---------------------------------------------------------------------------
Here is the list of the Trojans detected and cleaned:

7 Variants of Sirefef

2 Variants of Necurs

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2FSirefef

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=%20Trojan:Win32/Necurs

---------------------------------------------------------------------------------------

Is there any other tools I should run against this system to make sure its really clean and not a gaping hole for infection? I use to use Rootkit Revealer in the past, but its been a while since I have had to remove viruses and not up to date on the latest tools for detection, removal, and prevention. As far as prevention goes, I have had good luck with MSSE and my friend had Norton on this system but the definitions lapsed about 4 years ago.

Thanks for assistance

[recovering disk space, attachment deleted by admin]Very impressive. May I ask a question. Two questions.
Lots of questions
Would you do it again?
Was all this hard work really better that the alternatives?
Such as:

• Buying a new PC?
• Asking your insurance company to fix it?
• Asking a youngster to disinfect it it as part of his/her science project?
• Blame the slowdown non the government?

• Please close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the scan.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the CONTENT of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

• Leave the check mark next to Remove found threats.
  

I ended up installing Malwarebytes and ran the scan and it found some problems that MSSE did not pick up on.

I tried a trial version of an INTERNET program but when the trial was over and I did not purchase the program, an ad keeps appearing on my screen whenever I boot up. I have tried everything I can think of but it still shows up. Is there a solution to this? Title is "Advanced Care System Trial Period Expired" Thank you. I am running WINDOWS 7 Home Premium 64.I have never used it before but a quick Google search provided me this:
http://www.wikihow.com/Uninstall-Advanced-Systemcare-5-from-Windows-7
Please let me know if you can't get rid of it.Well actually, I do use the free Advanced System Ware program to scan my computer..just not this internet thingy. Bob Rankin recommended it that's why I use it. Should I just uninstall the WHOLE program and try to reinstall it again? That is the one thing I did not do....
Quote from: Mi9sDixi on October 20, 2013, 07:11:27 PM

Well actually, I do use the free Advanced System Ware program to scan my computer..just not this internet thingy. Bob Rankin recommended it that's why I use it. Should I just uninstall the whole program and try to reinstall it again? That is the one thing I did not do....

Hello Here,

I want such tool or program by which i can unhide / re-correct hidden files on usb drive by some malware.

there is such problems when i connect usb drive there are everything hidden.

can u help me?

thanks in advanced.Instead you should scan it with your installed security software and / or malwarebytes.Quote from: PCdoc on October 17, 2013, 12:33:37 AM

Instead you should scan it with your installed security software and / or malwarebytes.

• Please download Unhide by Grinler from here and save it to your desktop.
  
• Double click unhide.exe to run the tool.
  
• It will take some time to go through all your files, so please be patient.
• If this tool doesn´t fix the problem, please let me know.

• Please close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[SN].txt as well - n is the order number.
  

You're WELCOME. I will lock this THREAD. If you NEED it re-opened, PLEASE send me a pm.

I have a 250 GB external hard drive lying around my house that's about 4-5 years old and I'm looking to start using it again. The last time I used it, I recall copying some files to it from an old computer, which may have had some viruses on it. I'd like to reformat the drive completely, erasing any virus that would potentially be on it. However, I am hesitant to connect the drive to my current computer because I don't want to risk getting infected from it.

So I guess my questions boil down these:
1. How can I go about clearing this drive to clear it 100% of any viruses/malware that might be on it?
2. How can I clear this drive without potentially infecting my computer in the process? Or should I just reformat it using someone elses Mac (I use Windows 7) and then plug it back into my computer and reformat it again?
3. If possible is there a safe way to see what files are on this drive without potentially infecting my computer? (I'm 99.9% sure anything on this drive is either completely useless to me or already present on my current laptop so BLINDLY reformatting it is no big deal)

I already have SandBoxie installed on my computer if using a Sandbox would help. I also currently own, and use, Norton 360 and have MalwareBytes installed on my computer.

Thanks for the help.A number of Linux live CDs come with disk partitioning TOOLS which can remove, create, resize and format partitions. GParted is the name of ONE such tool, and there is a live CD specifically made for this task.

http://gparted.sourceforge.net/livecd.php

It says on that page it is for x86 computers, so you may NEED to have access to one. Also there are such tools on many Linux bootable CDs including Koppix, Ark Linux Live, Kubuntu, MEPIS, NimbleX, and others.
Make sure your AV is up-to-date, slave the drive to your computer, right-click on the drive and choose Format.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller FOLDER and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
• Click the Report button and copy/paste the contents of it into your next reply
  

If anything it is worse now - two freezes in the last hour - i.e. mouse stops working, keyboard non-responsive and then machine reboots on its own.

Nothing found.
I was prompted to run chkdsk on D:
I now have an awful lot of .chk files to go through, but the computer does seem to be free of malware
What do you reckon?

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

since adding WOT and SpywareBlaster my flashplayer now crashes on every pageload and my sound is completely gone.

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

• Leave the check mark next to Remove found threats.
  

Just because you have been cleaned of an infection, that doesn't always mean the work is over.

If this doesn't remove ComboFix, please let me know.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and RESETS System Restore.
  

So my wife was on her Kindle Fire the other day and a message displayed that her Kindle Fire had a virus. She gave it to me to check it out and I carefully navigated to see what was going on without making MATTERS worse.

It seems as though it was malware pop up for Kindle Fire directed to scare PEOPLE into installing an antivirus application that is not Amazon software approved. I declined the installation of this antivirus software which made claims to an infection and hadn't seen any further pop ups warning of a virus, since after all how can a virus be detected without an antivirus installed to begin with, so it seems like scareware.

Anyone else have a Kindle Fire that has seen this malware type pop up trying to scare people into downloading a questionable antivirus for Kindle Fire's which is more than likely malware itself due to the scare tactics used in trying to get people to select to download and install this non Amazon approved software?

Also is there any antivirus or other security software apps that should be RUNNING on a Kindle Fire that she might not already have running?

My daughter and my wife download all sorts of STUFF for it more games than books etc, and so if there is something that should be added to protect against an infection, they PROBABLY need it.

*My knowledge of the Kindle Fire is pretty basic. I fixed it for my wife when the digitizer got shattered, and I know how to go in and make basic config changes to it such as connect it to my wifi etc, but I have no need for it myself and played with it less than 10 minutes overall since we got it, so I am not a guru with its features etc. But if someone points out what to check out on it, I can poke around and find my way with some direction.

Thanks

I have windows 7 and after scanning & preforming recommended operations on ad aware and restarting my exe files do not work. Please help!Please DOWNLOAD SREng

• Extract it to Desktop and double click SREngLdr.EXE to run it
  
• Select System Repair from the left pane.
  
• Click on File Association
  
• Select all entries that has an Error status click [Repair]
  
• Refer to this image for an example:

• In your case, it would be .EXE
  
• Close SREng now.

i have been having an issue where when I click on something on the screen, my screen freezes and turns multi-colored with a white block, which is the mouse. The only way to make this go away is by restarting the PC. If I just let it sit, the screens will eventually shut off, even though the PC is processing something. I don't know if anyone has seen this before. When I run a boot-scan, with Avast, it doesn't pick anything up. I was recently infected with the conduit virus, which was left some other virus which have been isolated. Attached is a picture of what I am talking about. Didn't know if this was a virus or a hardware issue and wasn't sure where to post this. Thanks!

-Edit-
I forgot to mention that when I am running games, this issue seems to stay inactive.

[recovering disk space, attachment deleted by admin]This certainly looks like a problem with the video card or drivers. Try running your computer in Safe Mode to see how it GOES there. I don't see an issue in safe mode. Then again I really can't run anything. Like I said above, I can run high graphics games with no issue. It seems to happen right after logging in to the desktop or just browsing the Internet.Ok, let's run some scans.

Please download AdwCleaner by Xplode onto your Desktop.

• Please close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has LOADED, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and PASTE the entire report in your next reply.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

I just found this. It SEEMS to be a new list.
Comprehensive List of 26 Bootable Antivirus Rescue CDs for Offline Scanning
Many are Linux based and claim to be useful even for a WINDOWS system.

Does anybody here know more about these? Which ones work well?The only ones I've EVER USED were DOCTOR Web, Avira and OTLPE

Dave,

Is there anything else I need to do? Do I uninstall some of the programs you had me use?

Thanks.We can clean up after we REPAIR that slowness problem. Did you try ending all the processes I described in Reply #9? Yes, I did do that. The laptop got faster when I stopped one of the 4 svchost.exe's that was using about 22K. The others I stopped didn't make much difference.I would like to see what programs you have on your computer.

Please download: HiJackThis to your Desktop.

• Double Click the HijackThis icon, located on your Desktop.
  
• By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
• Accept the license agreement.
• Click the Open the Misc Tools section button.
  
• Click on the Open Uninstall Manager button.
  
• Click on the Save list... button and specify where you would like to save this file. When you press Save button a Notepad will open with the contents of that file. Save the file to your desktop.
  Copy and paste this file in your next reply.
  

Is there any chance I had a bad install of AVG?

Why doesn't Microsoft Security Essentials detect cookies? Because they're not malicious software, and MSE is designed to detect viruses, spyware and other malicious software.
You can clear your cookies from your browser if you like.Here's a good tool to clear unwanted cookies.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click YES
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences BUTTON.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan LOG.

•It will open in your default text editor (preferably Notepad).
•SAVE the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.

Download PROCESS Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.ProcessCPUPrivate BytesWorking SetPIDDescriptionCompany NameCommand Line
System Idle Process23.280 K24 K0
System0.750 K55,732 K4
Interrupts0.380 K0 Kn/aHardware Interrupts and DPCs
smss.exe580 K1,092 K448
csrss.exe3,160 K7,324 K544
wininit.exe1,960 K5,296 K632
services.exe0.383,932 K8,872 K688
svchost.exe29.335,204 K9,204 K864Host Process for Windows ServicesMicrosoft CorporationC:\Windows\system32\svchost.exe -k DcomLaunch
mobsync.exe8,928 K9,536 K4196Microsoft Sync CenterMicrosoft CorporationC:\Windows\System32\mobsync.exe -Embedding
wmplayer.exe1.1333,968 K46,216 K4476Windows Media PlayerMicrosoft Corporation"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /SkipFUE /RemoteOCXLaunch /SuppressDialogs
svchost.exe5,532 K9,188 K924Host Process for Windows ServicesMicrosoft CorporationC:\Windows\system32\svchost.exe -k rpcss
MsMpEng.exe0.7579,076 K81,692 K976Antimalware Service ExecutableMicrosoft Corporation"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
atiesrxx.exe1,824 K4,472 K132AMD External Events Service ModuleAMDC:\Windows\system32\atiesrxx.exe
atieclxx.exe3,720 K6,528 K1912
svchost.exe21,348 K20,420 K680Host Process for Windows ServicesMicrosoft CorporationC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe13,400 K16,208 K1076
svchost.exe2.63224,296 K229,760 K908Host Process for Windows ServicesMicrosoft CorporationC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
WUDFHost.exe6,352 K10,044 K1292
WUDFHost.exe5,396 K10,868 K3216
dwm.exe1,888 K4,768 K3968Desktop Window ManagerMicrosoft Corporation"C:\Windows\system32\Dwm.exe"
svchost.exe29,100 K41,940 K644Host Process for Windows ServicesMicrosoft CorporationC:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe3,108 K7,768 K2036
taskeng.exe11,224 K13,156 K3792Task Scheduler EngineMicrosoft Corporationtaskeng.exe {7B7A3079-ACFA-41BD-9913-81B9B023BF8E}
wuauclt.exe3,400 K6,680 K5316Windows UpdateMicrosoft Corporation"C:\Windows\system32\wuauclt.exe"
taskeng.exe2,296 K5,788 K480Task Scheduler EngineMicrosoft Corporationtaskeng.exe {ADAFDA34-10D5-428E-8D05-264F4AEA0B69}
runner.exe4,404 K9,052 K6836WebStroller runner moduleWebStroller inc."C:\Program Files (x86)\GC\Runner.exe"
chrome.exe0.7537,636 K50,732 K6888Google ChromeGoogle Inc."C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir=C:\Users\doug\AppData\Local\GC\Horsy
chrome.exe0.3826,320 K34,624 K2344Google ChromeGoogle Inc."C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/Prerender/PrerenderEnabled/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_43/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --user-data-dir="C:\Users\doug\AppData\Local\GC\Horsy" --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="6888.0.2066690245\1669816675" /prefetch:673131151
chrome.exe< 0.0123,664 K21,452 K6812Google ChromeGoogle Inc."C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/Prerender/PrerenderEnabled/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_43/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --user-data-dir="C:\Users\doug\AppData\Local\GC\Horsy" --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="6888.1.435594069\265044850" /prefetch:673131151
chrome.exe8,220 K10,664 K6396Google ChromeGoogle Inc."C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\doug\AppData\Local\GC\Horsy\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin/convenience.dll" --lang=en-US --channel="6888.9.1660304995\784124598" --user-data-dir="C:\Users\doug\AppData\Local\GC\Horsy" /prefetch:-390060480
Clicker.exe< 0.013,756 K6,796 K2540WebStroller STROLLER moduleWebStrollerClicker.exe
svchost.exe3,084 K6,668 K1100Host Process for Windows ServicesMicrosoft CorporationC:\Windows\system32\svchost.exe -k GPSvcGroup
SLsvc.exe9,184 K14,232 K1116Microsoft Software Licensing ServiceMicrosoft CorporationC:\Windows\system32\SLsvc.exe
svchost.exe12,532 K19,900 K1172Host Process for Windows ServicesMicrosoft CorporationC:\Windows\system32\svchost.exe -k LocalService
svchost.exe21,416 K22,792 K1356Host Process for Windows ServicesMicrosoft CorporationC:\Windows\system32\svchost.exe -k NetworkService
spoolsv.exe8,456 K14,064 K1588Spooler SubSystem AppMicrosoft CorporationC:\Windows\System32\spoolsv.exe
svchost.exe26,720 K31,256 K1612Host Process for Windows ServicesMicrosoft CorporationC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
PhotoshopElementsFileAgent.exe4,612 K1,292 K2028Adobe Photoshop Elements 7.0 (component)Adobe Systems IncorporatedC:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
armsvc.exe3,052 K5,932 K1896Adobe Acrobat Update ServiceAdobe Systems INCORPORATED"C:\Program Files (x86)\COMMON Files\Adobe\ARM\1.0\armsvc.exe"
Fuel.Service.exe2,508 K6,524 K956AMD Fuel ServiceAdvanced Micro Devices, Inc.C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService
AppleMobileDeviceService.exe5,012 K10,912 K1212MobileDeviceServiceApple Inc."C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
mDNSResponder.exe2,752 K6,040 K1464Bonjour ServiceApple Inc."C:\Program Files\Bonjour\mDNSResponder.exe"
BrowserDefender.exe3,852 K7,488 K1428Application ManagerPerformerSoft LLCC:\ProgramData\BrowserDefender\2.6.1562.221\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
BrowserDefender.exe0.389,620 K13,556 K3512
cygrunsrv.exe7,688 K8,664 K2016C:\cygwin\bin\cygrunsrv.exe
dragon_updater.exe4,844 K10,884 K2088C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
ETService.exe31,064 K20,392 K2196Acer Empowering Technology Framework ServiceC:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
LMIGuardianSvc.exe2,716 K6,668 K2280LMIGuardianSvcLogMeIn, Inc."C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe"
mbamscheduler.exe4,852 K9,176 K2448Malwarebytes Anti-MalwareMalwarebytes Corporation"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
sqlservr.exe60,820 K1,476 K2504SQL Server Windows NTMicrosoft Corporation"c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
svchost.exe3,416 K7,332 K2576Host Process for Windows ServicesMicrosoft CorporationC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
sqlwriter.exe4,624 K9,196 K2684SQL Server VSS Writer - 64 BitMicrosoft Corporation"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
svchost.exe4.897,156 K10,612 K2744Host Process for Windows ServicesMicrosoft CorporationC:\Windows\system32\svchost.exe -k imgsvc
updateBrowseFox.exe28,332 K26,304 K2828BrowseFoxBrowseFox"C:\Program Files (x86)\BrowseFox\updateBrowseFox.exe"
vmnat.exe4,176 K7,760 K2984C:\Windows\system32\vmnat.exe
svchost.exe1,496 K3,420 K3032Host Process for Windows ServicesMicrosoft CorporationC:\Windows\System32\svchost.exe -k WerSvcGroup
SearchIndexer.exe0.75191,468 K141,972 K2108Microsoft Windows Search IndexerMicrosoft CorporationC:\Windows\system32\SearchIndexer.exe /Embedding
SearchProtocolHost.exe7,652 K12,916 K6436
SearchFilterHost.exe4,716 K8,732 K6388
XAudio64.exe1,664 K3,448 K2544Modem Audio ServiceConexant Systems, Inc.C:\Windows\system32\DRIVERS\xaudio64.exe
rundll32.exe0.385,572 K7,956 K2608RUNDLL32.EXE ykx64coinst,serviceStartProc
vmware-authd.exe7,852 K11,924 K3112VMware Authorization ServiceVMware, Inc."C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe"
vmnetdhcp.exe3,712 K7,076 K3312C:\Windows\system32\vmnetdhcp.exe
vmware-usbarbitrator64.exe5,984 K8,412 K3376VMware USB Arbitration ServiceVMware, Inc."C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"
NisSrv.exe9,920 K4,648 K4056Microsoft Network Realtime Inspection ServiceMicrosoft Corporation"c:\Program Files\Microsoft Security Client\NisSrv.exe"
wmpnetwk.exe8,572 K15,532 K4520Windows Media Player Network Sharing ServiceMicrosoft Corporation"C:\Program Files\Windows Media Player\wmpnetwk.exe"
svchost.exe2,984 K59,448 K1344Host Process for Windows ServicesMicrosoft CorporationC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
lsass.exe5,548 K4,556 K700Local Security Authority ProcessMicrosoft CorporationC:\Windows\system32\lsass.exe
lsm.exe3,412 K5,668 K708
csrss.exe23,832 K25,064 K652
winlogon.exe3,336 K7,968 K520
cygserver.exe5,368 K4,548 K2116
explorer.exe4.1467,584 K85,976 K240Windows ExplorerMicrosoft CorporationC:\Windows\Explorer.EXE
msseces.exe8,812 K15,012 K4020Microsoft Security Client User InterfaceMicrosoft Corporation"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
SetPoint.exe< 0.019,664 K20,076 K4012Logitech SetPoint Event Manager (UNICODE)Logitech, Inc."C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
KHALMNPR.exe< 0.017,596 K12,892 K2628Logitech KHAL Main ProcessLogitech, Inc.KHALMNPR.EXE /API
TSVNCache.exe< 0.014,208 K7,212 K3884TortoiseSVN status cachehttp://tortoisesvn.net"C:\Program Files\TortoiseSVN\bin\TSVNCache.exe"
PrintScreen.exe4,044 K12,824 K2708Gadwin PrintScreenGadwin Systems, Inc"C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
splwow64.exe2,128 K5,024 K4336Thunking Spooler APIS from 32 to 64 ProcessMicrosoft Corporationsplwow64
pidgin.exe16,536 K28,072 K1484PidginThe Pidgin developer community"C:\Program Files (x86)\Pidgin\pidgin.exe"
Skype.exe0.7590,196 K92,008 K1640Skype Skype Technologies S.A."C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
KeePass.exe< 0.017,792 K18,228 K2024KeePass Password Safe 1.26Dominik Reichl"C:\Program Files (x86)\KeePass Password Safe\KeePass.exe"
wmpnscfg.exe2,492 K6,524 K3896Windows Media Player Network Sharing Service Configuration ApplicationMicrosoft Corporation"C:\Program Files\Windows Media Player\wmpnscfg.exe"
SansaDispatch.exe5,716 K8,944 K4236Sansa DispatcherSanDisk Corporation"C:\Users\doug\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe"
Kies.exe0.3826,572 K29,620 K4244KiesSamsung"C:\Program Files (x86)\Samsung\Kies\Kies.exe" /preload
firefox.exe< 0.01354,296 K361,328 K2228FirefoxMozilla Corporation"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
dragon.exe< 0.01100,556 K125,660 K5124Comodo DragonComodo"C:\Program Files (x86)\Comodo\Dragon\dragon.exe"
dragon.exe< 0.01104,304 K108,580 K4780Comodo DragonComodo"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=renderer --disable-databases --lang=en-US --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/Prefetch/ContentPrefetchPrefetchOn/Prerender/PrerenderNoUse/PrerenderLoggedInPredictor/Enabled/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --disable-html-notifications --disable-accelerated-video-decode --channel="5124.0.1751541116\1067586024" /prefetch:673131151
dragon.exe23,884 K28,124 K4556Comodo DragonComodo"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=renderer --lang=en-US --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/Prefetch/ContentPrefetchPrefetchOn/Prerender/PrerenderNoUse/PrerenderLoggedInPredictor/Enabled/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --extension-process --disable-html-notifications --disable-accelerated-video-decode --channel="5124.1.1555051201\492569239" /prefetch:673131151
dragon.exe23,932 K27,972 K4052Comodo DragonComodo"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=renderer --lang=en-US --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/Prefetch/ContentPrefetchPrefetchOn/Prerender/PrerenderNoUse/PrerenderLoggedInPredictor/Enabled/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --extension-process --disable-html-notifications --disable-accelerated-video-decode --channel="5124.2.335876265\322448858" /prefetch:673131151
dragon.exe30,008 K36,252 K2704Comodo DragonComodo"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=renderer --lang=en-US --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/Prefetch/ContentPrefetchPrefetchOn/Prerender/PrerenderNoUse/PrerenderLoggedInPredictor/Enabled/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --extension-process --disable-html-notifications --disable-accelerated-video-decode --channel="5124.3.1012085665\1144532263" /prefetch:673131151
dragon.exe23,944 K28,004 K5496Comodo DragonComodo"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=renderer --lang=en-US --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/Prefetch/ContentPrefetchPrefetchOn/Prerender/PrerenderNoUse/PrerenderLoggedInPredictor/Enabled/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --extension-process --disable-html-notifications --disable-accelerated-video-decode --channel="5124.4.380300272\369878127" /prefetch:673131151
dragon.exe23,752 K27,260 K3436Comodo DragonComodo"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=renderer --lang=en-US --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/Prefetch/ContentPrefetchPrefetchOn/Prerender/PrerenderNoUse/PrerenderLoggedInPredictor/Enabled/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --extension-process --disable-html-notifications --disable-accelerated-video-decode --channel="5124.5.481272259\695965767" /prefetch:673131151
dragon.exe25,512 K30,928 K4856Comodo DragonComodo"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=renderer --lang=en-US --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/Prefetch/ContentPrefetchPrefetchOn/Prerender/PrerenderNoUse/PrerenderLoggedInPredictor/Enabled/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --extension-process --disable-html-notifications --disable-accelerated-video-decode --channel="5124.6.1860942155\79941906" /prefetch:673131151
dragon.exe23,800 K27,220 K6092Comodo DragonComodo"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=renderer --lang=en-US --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/Prefetch/ContentPrefetchPrefetchOn/Prerender/PrerenderNoUse/PrerenderLoggedInPredictor/Enabled/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --extension-process --disable-html-notifications --disable-accelerated-video-decode --channel="5124.7.134441649\12151953" /prefetch:673131151
dragon.exe63,772 K69,768 K4808Comodo DragonComodo"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=renderer --lang=en-US --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/Prefetch/ContentPrefetchPrefetchOn/Prerender/PrerenderNoUse/PrerenderLoggedInPredictor/Enabled/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --extension-process --disable-html-notifications --disable-accelerated-video-decode --channel="5124.8.1688867690\110531675" /prefetch:673131151
dragon.exe23,948 K27,580 K4392Comodo DragonComodo"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=renderer --lang=en-US --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/Prefetch/ContentPrefetchPrefetchOn/Prerender/PrerenderNoUse/PrerenderLoggedInPredictor/Enabled/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --extension-process --disable-html-notifications --disable-accelerated-video-decode --channel="5124.9.586991473\168513548" /prefetch:673131151
dragon.exe25,396 K29,948 K4692Comodo DragonComodo"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=renderer --lang=en-US --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/Prefetch/ContentPrefetchPrefetchOn/Prerender/PrerenderNoUse/PrerenderLoggedInPredictor/Enabled/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --extension-process --disable-html-notifications --disable-accelerated-video-decode --channel="5124.10.365712874\644138465" /prefetch:673131151
dragon.exe25,340 K30,960 K3848Comodo DragonComodo"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=renderer --lang=en-US --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/Prefetch/ContentPrefetchPrefetchOn/Prerender/PrerenderNoUse/PrerenderLoggedInPredictor/Enabled/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --extension-process --disable-html-notifications --disable-accelerated-video-decode --channel="5124.11.151482321\1251338912" /prefetch:673131151
dragon.exe58,504 K67,648 K6448Comodo DragonComodo"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=renderer --disable-databases --lang=en-US --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/Prefetch/ContentPrefetchPrefetchOn/Prerender/PrerenderNoUse/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLoggedInPredictor/Enabled/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --disable-html-notifications --disable-accelerated-video-decode --channel="5124.13.73542365\850066563" /prefetch:673131151
dragon.exe< 0.0162,824 K75,684 K5624Comodo DragonComodo"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=renderer --disable-databases --lang=en-US --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/Prefetch/ContentPrefetchPrefetchOn/Prerender/PrerenderNoUse/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLoggedInPredictor/Enabled/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --disable-html-notifications --disable-accelerated-video-decode --channel="5124.19.1330728909\1442621807" /prefetch:673131151
dragon.exe< 0.0137,252 K40,920 K6328Comodo DragonComodo"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=plugin --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll" --lang=en-US --channel="5124.23.329830406\1095823025" /prefetch:-390060480
dragon.exe22,332 K28,232 K6584Comodo DragonComodo"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=renderer --disable-databases --lang=en-US --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/Prefetch/ContentPrefetchPrefetchOn/Prerender/PrerenderNoUse/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLoggedInPredictor/Enabled/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --disable-html-notifications --disable-accelerated-video-decode --channel="5124.24.1835325372\895175932" /prefetch:673131151
dragon.exe< 0.018,480 K14,088 K6692Comodo DragonComodo"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=plugin --plugin-path="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll" --lang=en-US --channel="5124.25.1151867093\1250965280" /prefetch:-390060480
AcroRd32.exe< 0.018,144 K14,368 K1900Adobe Reader Adobe Systems Incorporated"C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe" /o /eo /L /b /id 6692
AcroRd32.exe< 0.0159,908 K67,528 K5552Adobe Reader Adobe Systems Incorporated"C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe" --channel=1900.0037F6A0.887128957 --type=renderer /o /eo /l /b /id 6692
dragon.exe< 0.0159,368 K68,148 K3720Comodo DragonComodo"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=renderer --disable-databases --lang=en-US --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/Prefetch/ContentPrefetchPrefetchOn/Prerender/PrerenderNoUse/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLoggedInPredictor/Enabled/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --disable-html-notifications --disable-accelerated-video-decode --channel="5124.26.807157130\140228043" /prefetch:673131151
dragon.exe< 0.0140,816 K50,608 K5464Comodo DragonComodo"C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --type=renderer --disable-databases --lang=en-US --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/Prefetch/ContentPrefetchPrefetchOn/Prerender/PrerenderNoUse/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLoggedInPredictor/Enabled/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --disable-html-notifications --disable-accelerated-video-decode --channel="5124.28.459245070\1791278822" /prefetch:673131151
notepad++.exe< 0.0117,076 K23,564 K6204Notepad++ : a free (GNU) source code editorDon HO [emailprotected]"C:\Program Files (x86)\Notepad++\notepad++.exe"
7zFM.exe< 0.018,300 K15,336 K68967-Zip File ManagerIgor Pavlov"C:\Program Files (x86)\7-Zip\7zFM.exe" "C:\Users\doug\Desktop\ProcessExplorer.zip"
procexp.exe6,324 K10,496 K2416Sysinternals Process ExplorerSysinternals - www.sysinternals.com"C:\Users\doug\Desktop\procexp.exe"
procexp64.exe2.2624,328 K36,476 K2020Sysinternals Process ExplorerSysinternals - www.sysinternals.com"C:\Users\doug\Desktop\procexp.exe"
KiesTrayAgent.exe8,404 K17,148 K4432Kies TrayAgent ApplicationSamsung Electronics Co., Ltd."C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
jusched.exe3,436 K6,576 K4504Java(TM) Update SchedulerOracle Corporation"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
KeePass.exe26.3328,748 K21,600 K4660KeePassDominik Reichl"C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mHotkey.exe< 0.018,944 K10,492 K4992Multimedia Keyboard DriverC:\Windows\MHotkey.exe
ChiFuncExt.exe3,292 K6,224 K4300Input Assistant Software KernelChiconyC:\Windows\ChiFuncExt.exe
TSVNCache.exe3,784 K7,040 K5440
MpCmdRun.exe4,876 K9,220 K6012



[recovering disk space, attachment deleted by admin]Dave I had to bail out on this and do an reinstall this morning. The thing was beginning to bog down so badly it barely worked. Thanks for your help and sorry for wasting your time. Quote from: zulubanshee on September 09, 2013, 04:09:47 PM

Dave I had to bail out on this and do an reinstall this morning. The thing was beginning to bog down so badly it barely worked. Thanks for your help and sorry for wasting your time.

Ok, let's do some cleanup.

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you.
*******************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup UTILITY along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
********************************
Go to Microsoft Windows Update and get all critical UPDATES.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will KEEP you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain COOKIES from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't KNOW what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!Thank you so much for all your help. I am extremely grateful, you have a fantastic service here.You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

I've got an external hard disk drive, which has infected Windows XP on it. How to format this disk safely? Maybe using Linux or Windows installation disc?You can safely format it with L:Linux. You can use even a SMALL version pf Puppy Linux off of a USB or CD.
http://www.puppylinux.com/
Quote

Puppy's goals
Easily install to USB, Zip or hard drive media.
BOOTING from CD (or DVD), the CD drive is then free for other purposes.
Booting from CD (or DVD), save EVERYTHING back to the CD.
Booting from USB Flash drive, minimise writes to extend life indefinitely.
Extremely friendly for Linux newbies.
Boot up and run extraordinarily fast.
Have all the applications needed for daily use.
Will just work, no HASSLES.
Will breathe new life into old PCs
Load and run totally in RAM for diskless thin stations
These are extraordinary goals, yet Puppy comes close to achieving them all. The fundamental reason is that Puppy has been built from scratch, file-by-file, and is not based on any other Linux distribution. One of the most amazing features of Puppy is the range of powerful applications yet such tiny size ...and the speed.

The ESET log doesn't show that the infections were removed. Please run it again. There should be a box just above the "Scan archives" box alread checked. Please ensure that this box remains checked and run the scan. I ran the scanner again and selected both boxes this time:

C:\Desktop\Flash_Disinfector.exeprobably a variant of Win32/Agent.BWFKHA trojancleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\setupxv.exe.virprobably a variant of Win32/TrojanDownloader.Banload.KDRCNRT trojancleaned by deleting - quarantined
C:\Program Files\RegistryFix7\UninstlDll.dllWin32/Adware.ErrorClean applicationcleaned by deleting - quarantined
C:\Program Files\Sony\Welcome to VAIO life\Internet Services.exeprobably a variant of Win32/TrojanDropper.Agent.BLQHZVO trojancleaned by deleting - quarantined
C:\Program Files\Sony\Welcome to VAIO life\VAIO zone.exeprobably a variant of Win32/TrojanDropper.Agent.FYKSNPZ trojancleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP15\A0006085.DLLa variant of Win32/Toolbar.MyWebSearch applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP16\A0006125.DLLWin32/Toolbar.AskSBar applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP22\A0007280.exeprobably a variant of Win32/Agent.BWFKHA trojancleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP22\A0007281.dllWin32/Adware.ErrorClean applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP22\A0007282.exeprobably a variant of Win32/TrojanDropper.Agent.BLQHZVO trojancleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP22\A0007283.exeprobably a variant of Win32/TrojanDropper.Agent.FYKSNPZ trojancleaned by deleting - quarantined
Dave, okay so progress update at the ready. Yahoo msg now opens fine....but there are some serious time delays now from the time I startup till my browser opens .....and with closing one webpage and opening another , the closing webpage takes longer to dissappear than before and also the activity light on my pc seems to be working really hard at something all the time....I mean all the time ......what do you think?Download the Fix IE Utility to your desktop.

Before running the utility, make sure that all your Internet Explorer windows are closed!

* Extract the CONTENTS of the .zip file to your desktop.
* Double click the Fix IE Utility button to run the tool.
* Click Run Utility
* Click OK when you see 'Re-registered all files'
* Open Internet Explorer and see how it works.

******************************************
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.The Procexp log as requested:

ProcessPIDCPUPrivate BytesWorking SetDescriptionCompany NameCommand Line
System Idle Process098.460 K28 K
Interruptsn/a0 K0 KHardware Interrupts
DPCsn/a0 K0 KDeferred Procedure Calls
System40 K57,188 K
smss.exe764172 K276 KWindows NT Session ManagerMicrosoft Corporation\SystemRoot\System32\smss.exe
csrss.exe8362,368 K5,928 KClient SERVER Runtime ProcessMicrosoft CorporationC:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe8606,760 K4,048 KWindows NT Logon ApplicationMicrosoft Corporationwinlogon.exe
services.exe9041.541,956 K2,824 KServices and Controller appMicrosoft CorporationC:\WINDOWS\system32\services.exe
svchost.exe10803,288 K3,568 KGeneric Host Process for Win32 ServicesMicrosoft CorporationC:\WINDOWS\system32\svchost -k DcomLaunch
igfxext.exe6681,508 K2,396 Kigfxext ModuleIntel CorporationC:\WINDOWS\system32\igfxext.exe -Embedding
COCIManager.exe3002,848 K2,712 KCamera Control InterfaceLogitech Inc."C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe" -Embedding
wmiprvse.exe59683,092 K8,140 KWMIMicrosoft CorporationC:\WINDOWS\system32\wbem\wmiprvse.exe
SkypeNames2.exe1500888 K3,408 KSkypeNamesSkype Technologies S.A."C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe" -Embedding
svchost.exe11322,144 K3,088 KGeneric Host Process for Win32 ServicesMicrosoft CorporationC:\WINDOWS\system32\svchost -k rpcss
svchost.exe128026,324 K34,664 KGeneric Host Process for Win32 ServicesMicrosoft CorporationC:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe13481,868 K3,208 KGeneric Host Process for Win32 ServicesMicrosoft CorporationC:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe15961,580 K2,692 KGeneric Host Process for Win32 ServicesMicrosoft CorporationC:\WINDOWS\system32\svchost.exe -k LocalService
spoolsv.exe18923,320 K3,268 KSpooler SubSystem AppMicrosoft CorporationC:\WINDOWS\system32\spoolsv.exe
svchost.exe7201,456 K2,400 KGeneric Host Process for Win32 ServicesMicrosoft CorporationC:\WINDOWS\system32\svchost.exe -k LocalService
AOLacsd.exe7565,644 K4,308 KAOL Connectivity ServiceAOL LLCC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
avgwdsvc.exe7884,824 K2,544 KAVG Watchdog ServiceAVG Technologies CZ, s.r.o.C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
avgrsx.exe152815,672 K14,068 KAVG Resident Shield ServiceAVG Technologies CZ, s.r.o.avgrsx.exe
avgnsx.exe31611,276 K792 KAVG Network scanner ServiceAVG Technologies CZ, s.r.o.avgnsx.exe
LVPrcSrv.exe10441,080 K1,864 KLogitech LVPrcSrv Module.Logitech Inc."C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"
McciCMService.exe14922,140 K2,084 Kmcci+McciCMServiceMotive Communications, Inc."C:\Program Files\Common Files\Motive\McciCMService.exe"
RegSrvc.exe1688824 K1,456 KRegSrvc ModuleIntel Corporation"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe"
svchost.exe16082,588 K3,316 KGeneric Host Process for Win32 ServicesMicrosoft CorporationC:\WINDOWS\system32\svchost.exe -k imgsvc
wdfmgr.exe1681,656 K1,100 KWindows User Mode Driver ManagerMicrosoft CorporationC:\WINDOWS\system32\wdfmgr.exe
VESMgr.exe2043,540 K2,668 KVAIO Event Service (Service Module)Sony Corporation"C:\Program Files\Sony\VAIO Event Service\VESMgr.exe"
VCSW.exe2483,096 K3,280 KVAIO Entertainment UPnP Client AdapterSony Corporation"C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe" -RunBySCM
wanmpsvc.exe352916 K340 KWan Miniport (ATW) ServiceAmerica Online, Inc."C:\WINDOWS\wanmpsvc.exe"
YahooAUService.exe4566,420 K6,712 KAutoUpater Service ModuleYahoo! Inc."C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe"
avgemc.exe5364,252 K868 KAVG E-Mail ScannerAVG Technologies CZ, s.r.o.C:\PROGRA~1\AVG\AVG8\avgemc.exe
avgcsrvx.exe22608,912 K3,292 KAVG Scanning Core Module - Server PartAVG Technologies CZ, s.r.o. /pipeName=83687938-965e-4ed7-9ddd-566c19f0c761 /coreSdkOptions=0 /binaryPath="C:\Program Files\AVG\AVG8\"
VzCdbSvc.exe6245,752 K4,256 KVAIO Entertainment Database ServiceSony Corporation"C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe"
VzFw.exe8244,524 K4,408 KVAIO Entertainment File Import ServiceSony Corporation"C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe"
alg.exe25561,292 K1,980 KApplication Layer Gateway ServiceMicrosoft CorporationC:\WINDOWS\System32\alg.exe
lsass.exe9164,112 K1,456 KLSA Shell (Export Version)Microsoft CorporationC:\WINDOWS\system32\lsass.exe
explorer.exe268022,192 K19,532 KWindows ExplorerMicrosoft CorporationC:\WINDOWS\Explorer.EXE
avgtray.exe29603,688 K796 KAVG Tray MonitorAVG Technologies CZ, s.r.o."C:\PROGRA~1\AVG\AVG8\avgtray.exe"
SearchProtection.exe29883,792 K1,524 KYahoo! ApplicationYahoo! Inc"C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
InstallService.exe30081,524 K432 KNetscape Communications Corporation"C:\Program Files\Common Files\ISPCOMP\InstallService.exe"
aolsoftware.exe30248,732 K7,392 KAOLAOL LLC"C:\Program Files\Common Files\AOL\1217722696\ee\AOLSoftware.exe"
LWS.exe304818,972 K2,532 KCamera SoftwareLogitech Inc."C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
Skype.exe138028,152 K16,292 KSkype Skype Technologies S.A."C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
skypePM.exe132816,188 K3,804 KSkype Extras ManagerSkype Technologies"C:\Program Files\Skype\Plugin Manager\skypePM.exe" /SILENT
ctfmon.exe33361,152 K2,228 KCTF LoaderMicrosoft Corporation"C:\WINDOWS\system32\ctfmon.exe"
SSScheduler.exe3360808 K80 KMcAfee Security Scanner SchedulerMcAfee, Inc."C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe"
firefox.exe221685,124 K97,740 KFirefoxMozilla Corporation"C:\Program Files\Mozilla Firefox\firefox.exe"
procexp.exe501610,828 K16,528 KSysinternals Process ExplorerSysinternals - www.sysinternals.com"C:\DOCUME~1\User\LOCALS~1\Temp\Temporary Directory 1 for ProcessExplorer.zip\procexp.exe"
Vid.exe2804619,868 K14,132 KLogitech Vid HDLogitech Inc."C:\Program Files\Logitech\Vid HD\Vid.exe" -installmode
YahooMessenger.exe4264109,724 K48,556 KYahoo! MessengerYahoo! Inc."C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE"
iexplore.exe12966,048 K1,004 KInternet ExplorerMicrosoft Corporation"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
iexplore.exe466822,604 K912 KInternet ExplorerMicrosoft Corporation"C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:1296 CREDAT:14337
iexplore.exe33005,584 K884 KInternet ExplorerMicrosoft Corporation"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
iexplore.exe591613,372 K700 KInternet ExplorerMicrosoft Corporation"C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:3300 CREDAT:14337
iexplore.exe18325,636 K896 KInternet ExplorerMicrosoft Corporation"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
iexplore.exe580813,336 K548 KInternet ExplorerMicrosoft Corporation"C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:1832 CREDAT:14337
iexplore.exe51885,580 K888 KInternet ExplorerMicrosoft Corporation"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
iexplore.exe490413,512 K544 KInternet ExplorerMicrosoft Corporation"C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:5188 CREDAT:14337
iexplore.exe32325,592 K896 KInternet ExplorerMicrosoft Corporation"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
iexplore.exe406813,580 K544 KInternet ExplorerMicrosoft Corporation"C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:3232 CREDAT:14337
iexplore.exe49165,632 K904 KInternet ExplorerMicrosoft Corporation"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
iexplore.exe43613,516 K540 KInternet ExplorerMicrosoft Corporation"C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:4916 CREDAT:14337
iexplore.exe40005,536 K1,824 KInternet ExplorerMicrosoft Corporation"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
iexplore.exe330416,040 K2,008 KInternet ExplorerMicrosoft Corporation"C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:4000 CREDAT:14337
iexplore.exe42085,600 K1,756 KInternet ExplorerMicrosoft Corporation"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
iexplore.exe510013,488 K1,704 KInternet ExplorerMicrosoft Corporation"C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:4208 CREDAT:14337
waol.exe1444118,588 K11,248 KAOL SoftwareAOL, LLC. -Brestart
shellmon.exe5716656 K2,632 KwaolmonAOL, LLC."C:\Program Files\AOL 9.1\shellmon.exe"
aoltpsd3.exe44082,456 K5,680 KAOL TopSpeedAOL LLC -p11535 -q"11536,11537,11538,11539,11540,11541,11542,11543" -S256 -G"C:\Documents and Settings\All Users\Application Data\AOL\Topspeed\3.0\vph.ph" -g"{9C6D947A-D1B5-4271-A40A-7EFA70080F11}" -e1

A quick update for you . I booted up my pc this morning and some little gremlin must have got into my system last night. My yahoo msg will not open now and it was working perfectly yesterday. I did gather this info from the error msg box in yahoo :

Checking virtual IP servers...
[VIP Raw] Connecting to Virtual IP server 98.136.48.32...
[VIP Raw] Connecting to Virtual IP server 67.195.186.241...
[VIP Raw] Connecting to Virtual IP server 68.180.217.15...
[VIP Raw] Connecting to Virtual IP server 76.13.15.38...
[VIP Raw] FAILED
*** 'COMPONENT_TYPE_YCP' YCPError: 'YMSG.ColoSelectionTimeout' ***

Checking HTTP virtual IP servers...
[VIP Http] Connecting to HTTP Virtual IP server 216.155.194.34...
[VIP Http] Connecting to HTTP Virtual IP server 98.136.112.56...
[VIP Http] Connecting to HTTP Virtual IP server 216.155.194.137...
[VIP Http] Connecting to HTTP Virtual IP server 98.136.112.142...
[VIP Http] FAILED
*** 'COMPONENT_TYPE_YCP' YCPError: 'YMSG.ColoSelectionTimeout' ***

What could have happened to the connection as my firefox is working fine . However, my aol hompage is static and as for now just shows a white screen upon sign on . The status bar at the top of the aol screen shows connected and signed on.. I wonder if the rereg of files performed yesterday had anything to do with it ?

Please re-run RootRepeal again and post the log as instructed in Reply # 9Rootrepeal log just run:


ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:2010/09/17 11:16
Program Version:Version 1.3.5.0
Windows Version:Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9BFE000Size: 98304File Visible: NoSigned: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BD0000Size: 8192File Visible: NoSigned: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8AA7000Size: 49152File Visible: NoSigned: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\user\application data\skype\etilqs_qfyjmfnvxg56fsf6sbxi
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\documents and settings\user\application data\skype\etilqs_ywj25zmdo50r3v004jnd
Status: Allocation size mismatch (API: 8192, Raw: 0)

==EOF==Your copy of ComboFix has passed it's shelf life. Please delete it, download a new one and run another scan.

Download ComboFix by sUBs from one of the below links.

Important! You MUST save ComboFix to your desktop

link # 1
Link # 2

Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on ComboFix.exe & follow the prompts.

Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may CAUSE it to stall.

When the scan completes it will open a text window.

Post the contents of that log in your next reply.

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.ComboFix 10-09-17.04 - User 09/18/2010 16:09:28.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.402 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\ComboFix1.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-18 to 2010-09-18 )))))))))))))))))))))))))))))))
.

2010-09-18 23:05 . 2010-09-18 23:05--------d-----r-C:\32788R22FWJFW
2010-09-17 18:06 . 2010-09-17 18:0642816----a-w-c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-17 04:25 . 2010-09-17 04:25--------d-----w-c:\documents and settings\User\Application Data\Registry Mechanic
2010-09-17 04:21 . 2010-08-05 15:4637336----a-w-c:\windows\system32\CleanMFT32.exe
2010-09-17 04:21 . 2010-09-17 04:21--------d-----w-c:\program files\Common Files\PC Tools
2010-09-15 21:28 . 2010-09-16 03:16--------d-----w-c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-09-15 21:25 . 2010-09-16 03:11--------d-----w-c:\windows\SxsCaPendDel
2010-09-12 00:29 . 2010-09-12 00:29--------d-----w-c:\program files\ESET
2010-09-10 19:58 . 2010-09-10 19:580----a-w-c:\documents and settings\User\settings.dat
2010-09-09 21:55 . 2009-10-07 08:47266008----a-r-c:\windows\system32\drivers\lvrs.sys
2010-09-09 21:55 . 2009-10-07 08:2434068----a-r-c:\windows\system32\Repository.reg
2010-09-09 21:55 . 2009-10-07 08:48539160----a-r-c:\windows\system32\LVUI2RC.dll
2010-09-09 21:55 . 2009-10-07 08:48539160----a-r-c:\windows\system32\LVUI2.dll
2010-09-09 21:55 . 2009-10-07 08:43199192----a-r-c:\windows\system32\lvci12101110.dll
2010-09-09 21:55 . 2009-10-07 08:43416280----a-r-c:\windows\system32\lvcodec2.dll
2010-09-09 21:55 . 2009-10-07 08:496756632----a-r-c:\windows\system32\drivers\lvuvc.sys
2010-09-09 21:41 . 2010-09-09 21:41--------d-----w-c:\documents and settings\User\Local Settings\Application Data\LogiShrd
2010-09-09 21:39 . 2009-10-07 08:4923832----a-r-c:\windows\system32\drivers\lvuvcflt.sys
2010-09-09 21:39 . 2010-09-09 21:40--------dc----w-c:\windows\system32\DRVSTORE
2010-09-09 21:37 . 2010-09-09 21:55--------d-----w-c:\program files\Common Files\LogiShrd
2010-09-09 21:37 . 2010-09-10 22:29--------d-----w-c:\documents and settings\All Users\Application Data\LogiShrd
2010-09-09 21:37 . 2010-09-16 03:11--------d-----w-c:\program files\Logitech
2010-09-09 21:37 . 2008-04-13 18:395504-c--a-w-c:\windows\system32\dllcache\mstee.sys
2010-09-09 21:37 . 2008-04-13 18:395504----a-w-c:\windows\system32\drivers\MSTEE.sys
2010-09-09 21:37 . 2008-04-13 18:4610880-c--a-w-c:\windows\system32\dllcache\ndisip.sys
2010-09-09 21:37 . 2008-04-13 18:4610880----a-w-c:\windows\system32\drivers\NdisIP.sys
2010-09-09 21:36 . 2008-04-13 18:4615232-c--a-w-c:\windows\system32\dllcache\streamip.sys
2010-09-09 21:36 . 2008-04-13 18:4615232----a-w-c:\windows\system32\drivers\StreamIP.sys
2010-09-09 21:36 . 2008-04-13 18:4611136-c--a-w-c:\windows\system32\dllcache\slip.sys
2010-09-09 21:36 . 2008-04-13 18:4611136----a-w-c:\windows\system32\drivers\SLIP.sys
2010-09-09 21:36 . 2008-04-13 18:4619200-c--a-w-c:\windows\system32\dllcache\wstcodec.sys
2010-09-09 21:36 . 2008-04-13 18:4619200----a-w-c:\windows\system32\drivers\WSTCODEC.SYS
2010-09-09 21:36 . 2008-04-13 18:4685248-c--a-w-c:\windows\system32\dllcache\nabtsfec.sys
2010-09-09 21:36 . 2008-04-13 18:4685248----a-w-c:\windows\system32\drivers\NABTSFEC.sys
2010-09-09 21:36 . 2008-04-13 18:4617024-c--a-w-c:\windows\system32\dllcache\ccdecode.sys
2010-09-09 21:36 . 2008-04-13 18:4617024----a-w-c:\windows\system32\drivers\CCDECODE.sys
2010-09-09 21:36 . 2008-04-13 18:4560032-c--a-w-c:\windows\system32\dllcache\usbaudio.sys
2010-09-09 21:36 . 2008-04-13 18:4560032----a-w-c:\windows\system32\drivers\USBAUDIO.sys
2010-09-09 21:35 . 2008-04-14 00:1253760-c--a-w-c:\windows\system32\dllcache\vfwwdm32.dll
2010-09-09 21:35 . 2008-04-14 00:1253760----a-w-c:\windows\system32\vfwwdm32.dll
2010-09-09 21:35 . 2008-04-13 18:4532128-c--a-w-c:\windows\system32\dllcache\usbccgp.sys
2010-09-09 21:35 . 2008-04-13 18:4532128----a-w-c:\windows\system32\drivers\usbccgp.sys
2010-09-09 00:12 . 2010-09-09 00:12--------d-----w-c:\program files\MetaStream
2010-09-07 23:48 . 2010-09-07 23:48--------d-----w-c:\documents and settings\LocalService\Application Data\McAfee
2010-09-07 03:49 . 2010-04-29 22:3938224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 03:49 . 2010-04-29 22:3920952----a-w-c:\windows\system32\drivers\mbam.sys
2010-09-07 03:49 . 2010-09-07 03:49--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2010-09-07 01:09 . 2010-09-07 01:09--------d-----w-c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2010-09-07 01:09 . 2010-09-07 01:09--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-07 01:09 . 2010-09-07 01:09--------d-----w-c:\program files\SUPERAntiSpyware
2010-08-25 04:31 . 2010-08-25 04:31--------d-----w-c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-25 04:30 . 2010-08-25 04:3056---ha-w-c:\windows\system32\ezsidmv.dat
2010-08-25 04:30 . 2010-09-18 23:04--------d-----w-c:\documents and settings\User\Application Data\skypePM
2010-08-25 04:26 . 2010-09-18 23:14--------d-----w-c:\documents and settings\User\Application Data\Skype
2010-08-25 04:26 . 2010-09-18 22:31--------d-----w-c:\documents and settings\User\Local Settings\Application Data\Temp
2010-08-25 04:26 . 2010-09-08 00:28--------d-----w-c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-25 04:25 . 2010-08-25 04:25--------d-----w-c:\program files\Common Files\Skype
2010-08-25 04:25 . 2010-08-25 04:26--------d-----r-c:\program files\Skype
2010-08-25 04:25 . 2010-08-25 04:25--------d-----w-c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 04:25 . 2008-08-03 02:45--------d---a-w-c:\documents and settings\All Users\Application Data\TEMP
2010-09-16 00:18 . 2010-09-09 21:550----a-w-c:\windows\system32\drivers\lvuvc.hs
2010-09-16 00:17 . 2010-09-09 21:390----a-w-c:\windows\system32\drivers\logiflt.iad
2010-09-15 21:32 . 2009-06-06 21:24--------d-----w-c:\documents and settings\User\Application Data\Yahoo!
2010-09-15 21:28 . 2008-08-30 21:40--------d-----w-c:\program files\Yahoo!
2010-09-14 02:30 . 2001-01-02 07:46--------d-----w-c:\program files\RegistryFix7
2010-09-13 00:34 . 2010-09-17 19:1858368----a-w-c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\{23256f20-0d9b-4323-b005-6e5de569c4b7}\components\FFExternalAlert.dll
2010-09-13 00:34 . 2010-09-17 19:18101376----a-w-c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\{23256f20-0d9b-4323-b005-6e5de569c4b7}\components\RadioWMPCore.dll
2010-09-11 14:46 . 2001-02-23 06:38--------d-----w-c:\program files\Microsoft Silverlight
2010-09-07 23:26 . 2001-01-31 21:18--------d-----w-c:\program files\McAfee Security Scan
2010-09-07 03:28 . 2008-08-03 02:22--------d-----w-c:\documents and settings\User\Application Data\Comodo
2010-09-07 03:28 . 2008-08-03 02:22--------d-----w-c:\program files\COMODO
2010-09-07 01:10 . 2010-09-07 01:1063488----a-w-c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-07 01:10 . 2010-09-07 01:1052224----a-w-c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-07 01:10 . 2010-09-07 01:10117760----a-w-c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-05 23:42 . 2010-09-17 19:1858368----a-w-c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\[emailprotected]\components\FFExternalAlert.dll
2010-09-05 23:42 . 2010-09-17 19:18101376----a-w-c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\[emailprotected]\components\RadioWMPCore.dll
2010-08-25 04:31 . 2004-11-21 02:35--------d-----w-c:\program files\Google
2010-08-23 05:46 . 2008-08-03 02:13--------d-----w-c:\documents and settings\All Users\Application Data\avg8
2010-08-17 13:17 . 2004-11-21 00:0458880----a-w-c:\windows\system32\spoolsv.exe
2010-07-31 05:47 . 2010-07-31 05:47--------d-----w-c:\program files\Microsoft CAPICOM 2.1.0.2
2010-07-22 15:49 . 2004-11-21 00:04590848----a-w-c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-14 20:085120----a-w-c:\windows\system32\xpsp4res.dll
2010-06-30 12:31 . 2004-11-21 00:04149504----a-w-c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-11-21 00:04916480----a-w-c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-11-21 00:041851904----a-w-c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-11-21 00:04354304----a-w-c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2001-02-18 2048352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-06 5406720]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Netscape"="c:\program files\Common Files\ISPCOMP\InstallService.exe" [2005-09-07 173568]
"HostManager"="c:\program files\Common Files\AOL\1217722696\ee\AOLSoftware.exe" [2007-05-25 42032]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

c:\documents and settings\User\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2001-01-02 16:0811952----a-w-c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 23:4073728----a-w-c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-10-14 00:0057344-c--a-w-c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2008-06-03 05:3550528----a-w-c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:5071216----a-r-c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-11-08 00:21114688-c--a-w-c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO SafeSurf]
2008-08-03 02:23278264-c--a-w-c:\program files\COMODO\SafeSurf\cssurf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2004-07-16 19:1753248-c--a-w-c:\windows\SONYSYS\VAIO Recovery\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:1215360----a-w-c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 19:3219456-c--a-w-c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 19:3219968-c--a-w-c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2007-05-25 17:1642032----a-w-c:\program files\Common Files\AOL\1217722696\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-10-08 15:27126976-c--a-w-c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-10-08 15:31155648-c--a-w-c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 22:1232768-c--a-w-c:\program files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-11-06 05:055406720----a-w-c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2007-09-04 21:5254576-c--a-w-c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-08-02 20:5026112----a-w-c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2007-04-09 19:1928672-c--a-w-c:\windows\system32\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2004-10-22 03:12184320----a-w-c:\program files\Sony\VAIO Power Management\SPMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2004-10-26 06:20167936----a-w-c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:0828672-c--a-w-c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2004-09-22 02:54151552----a-w-c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2010-06-01 17:175252408----a-w-c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1217722696\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Downloads\\SweetImSetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/2/2008 7:13 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/2/2008 7:13 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/2/2008 7:13 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/2/2008 7:13 PM 297752]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [9/16/2010 9:21 PM 583640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2010 9:26 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
.
Contents of the 'Scheduled Tasks' folder

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 04:26]

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 04:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642707&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - TranslatorBar 5.2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2642707&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\{23256f20-0d9b-4323-b005-6e5de569c4b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\{23256f20-0d9b-4323-b005-6e5de569c4b7}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\[emailprotected]\components\FFExternalAlert.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\[emailprotected]\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-18 16:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(5696)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\igfxext.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AOL 9.1\waol.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\AOL 9.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2010-09-18 16:31:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-18 23:31
ComboFix2.txt 2010-09-11 05:26
ComboFix3.txt 2010-09-09 00:22
ComboFix4.txt 2010-09-08 18:27

Pre-Run: 41,830,486,016 bytes free
Post-Run: 42,044,772,352 bytes free

- - End Of File - - 3E5B0F3FE448F4C9FD26029C9B93F9C4
Quote

What could have happened to the connection as my firefox is working fine . However, my aol hompage is static and as for now just shows a white screen upon sign on . The status bar at the top of the aol screen shows connected and signed on

Just delete it.ok, i deleted it and installed and ran all of those programs. my computer is working great now. but next should i get all of the files out of the backup that i need and then delete it because its taking up a lot of space.What backup files?it was CREATED when i reinstalled windows, it has every thing in it that was on my computer be for i reinstalled it.Keeping this kind of backup file on your computer sort of defeats the purpose. If something happens then you can't get to it to restore. Iy needs to be on a CD or flash drive or somewhere.i just had it put in a backup because there were a few things that i hadnt put on a cd yet. it copied the ENTIRE C drive so now i have a bunch of backed up system filesDo you have your Windows INSTALL CD?yeaOK that contains all of your system files so all you really need to backup are documents, pictures, music etc and put that on a DISK.so should i just delete all of the extra system files and stuff thats taking up space in the backup driveYes you can since you have the install CD they are all on that already.

Just backup to a disk all of your personal files.

Free backup software

• Cobian Backup
  
• Karen's Replicator
  
• SyncBack

I WENT through Step 1, Add/Remove Programs and found nothing suspicious.

I got through Step 2, ran CCleaner OK.

In Step 3, everything seemed to go well until I tried to Perform Complete Scan. I got a blank window and hourglass. After a few minutes I tried to close it and got "ERROR. This PROGRAM cannot be closed because it is locked by the system." Of course, I had to try more than once, including from the Task Manager.

Eventually I restarted, during which I got an "ending program" window and progress BAR. It was ending program CiceroUIWndFrame.

And of course, once rebooted, I tried the scan again with the same results.

Advice, please? thanks, Mike.If for some reason you cannot perform one of the steps, move on to the next step and make note of what happened when POSTING your LOGS.
OK.
I was able to run Malwarebytes, updated Java and ran HJT.

Here are my logs. thanks, Mike

[attachment deleted by admin]

LOL Whoops. I USED APT To kill the process and it stopped blocking my ACCESS... Should have done that in the FIRST place. Sorry for the random thread SPAM.

I BELIEVE A VIRUS HAS INFECTED MY COMPUTER, IS THERE ANYWAY TO GET TO YOUR CONTROL PANEL EVEN IF YOU DO NOT HAVE ANY ICONS SHOWING ON SCREEN?

You MUST get into safe mode by tapping F8 or whatever key gets you into safe mode. Then you can access control panel hopefully.

And please lose the CAPs, no one yells in here.this happened to me - you can access the control panel by hitting START button - I also found that if I right click on the screen and click on view, I have the option to "show desktop icons" - I had to unclick it and then reopen it and click it again - icons came back.

Hi - my XP OS computer got a nasty virus that has cut me off the internet - some kind of backdoor trojan thing. so my anitvirus is out of date. I was told by the geek squad i needed to wipe my hard drive and start over - I have the OS disk and know how to get a ms-dos prompt - when I asked it to format the c drive it told me i couldn't because "the volume is in use by another process" (I'm doing the ms-dos prompt while in windows because I don't know any other way) - can someone tell me - step by step because I'm kinda slow - how i can format my c drive so I can get rid of this nasty virus? Many thanks.Put your OS disk in, and reboot your computer. Up in the right-hand corner, there should be a message of what keys to press to enter the boot options menu, USUALLY F8 or F12. Press the key indicated (the "F" keys are in a row at the top of your keyboard) until you get to the boot options menu. Then, select to boot from "CD/DVD drive" or a similar option. A blue screen with a grey bar at the bottom should come up, SHOWING the various files it is loading. After it finishes this, it will show the options to format your drive, and to install windows. First, use the format option on the partition that windows is installed on, (it should be MARKED as having the windows installation), then select to install windows when it is done formatting.awesome - thank you so much - am going to try it now I'm actually a little surprised the "Geek Squad" didn't do it for you. My local repair GUY is only too happy to wipe my disk and make a clean install instead of fix the actual problem.Quote

I'm actually a little surprised the "Geek Squad" didn't do it for you.

"Malware holds endless possibilities as to what it might do. Some is easy to fix and others take some time, trial and error..."
'
EXACTLY
and the key issue is settled--by microsoft. It is done!

Kaspersky is running.

oh,and microsoft said combofix took out all infected files. So it took out some validation files for windows and for AVG. I also lost my address book and google earth.
I am not a comuter expert. I either MADE mistakes with combofix like BaRR said or it took out files like microsoft said.
evilfantasy,I am sure you are a good person, but I do not want you
doing this; "If I thought you were lying I do have ways of finding out if it is legit or not. I didn't do that so I must believe you."
That is a violation . So, thank you for not doing it without me knowing. BaRR I appreciated your post. It helped me alot.

evilfantasy, I appreciate you helping meget rid of those trojans.Quote

oh,and microsoft said combofix took out all infected files. So it took out some validation files for windows and for AVG. I also lost my address book and google earth.

• Go to Start > Programs > Accessories > System Tools and CLICK System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

Hi all experts..
KINDLY check my logs.
im pissed off by this sedoparking.
Ive performed the necessary steps posted by evilfantasy (as i remember the name).

THANKS

[ATTACHMENT deleted by ADMIN]you have no SAS log , run it post it to , did you run ccleaner , an expert will have a look , harry

No it wasn't lost due to the format; the "corrupt" folders and files just plain won't open or copy, etc. The only folders on the hard drive that came up as "corrupt" (that was not an anti-virus folder or exe) was these:

C:\Documents and Settings\TJ\Documents\Programming\
C:\Documents and Settings\TJ\Documents\Programming_Backup.7z
C:\Documents and Settings\TJ\Documents\Visual Studio 2008\
C:\Documents and Settings\TJ\Documents\Website\

And on my backup drives:

(Drive Letter):\Backups.7z
(Drive Letter):\Source\

Hence the reason I think somebody targeted me. How, I don't know. But I sure as am pissed off. I mean really, I don't DESIGN anything important, I just had a few encryption algorithms stored there, and my website doesn't have any "amazing" code, it's just a games website so I can play games past the firewall at work. Jeez, someone's either a REAL jerk or I'm really unlucky.

I guess it is a good IDEA to try and see if it will break another computer by plugging in my USB drive to another computer.

I'll post the results in a few minutes, I have an OLD laptop from 5 or 6 years ago I haven't used.

Okay, here's a pic of the first computer to fail, It's being formatted but it's still showing errors...



And here's a pic of the self test done by a computer that I plugged the USB hard drive into. (Sorry about the angle)



Somehow, some way, someone's managed to get the drive to physically fail (or at least think it's failed) and they put it on my computer. Curses.the first thing you should do is try to copy your source and such.


Also, when you plug in the drive, Hold shift to prevent autorun from occuring.I tried that at one point, it doesn't seem to make a difference. It apparently happens while it's installing the USB drivers for the device... So I guess the USB drive is probably a brick now, since I can't get it to format.

Well, although my problem isn't solved I'm guessing there's nothing more I can do other than buy new hard drives. Thanks for the help, at least I feel better.

EDIT: DBAN Just finished and saved the log to the A:\ drive. I don't have an A:\ drive.

Also, it sounded like it was still using the hard drive after DBAN had stopped running.

Is it possible somehow it's fooling the software into thinking it's on the A:\ drive, so the software isn't formatting a drive that would be considered a floppy? Something like that?doubt it.


Here's something you can try- most external drives simply have an IDE or SATA drive inside. You could open it up and put it inside a PC, see of that helps. Could be an issue with the USB board, since it seems to have issues after connection.


You did hold shift, right?


The A:\ drive was probably a RAM drive the boot disc created to save files.Yeah, but usually DBAN says "No removable device found" then some error about not saving the log. I've used DBAN ALOT because I'm constantly screwing up my computers with random code. I program random programs (not necessarily stable) to play with sometimes for fun. Hence the multiple backups, which I screwed up... The fact that it saved the log to a non-existent location scares me a bit lol. However, it does make me think I might be able to recover the DATA from one of my undamaged drives, if I can kill whatever the thing is running off of!!

Oh, and thanks for the tip about the external drive. That's great I had no idea you could just take it out and use it like a normal hard drive.

hello there...i'm just new here... I just wana ask how to determine what to fix on "HiJack this" software...I can't determie which of those are virusses...Here's the info...
Code: [Select]Logfile of Trend Micro HIJACKTHIS v2.0.2
Scan saved at 16:32, on 2009-04-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\GOOGLE\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\YAHOO!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.70.0\Weather.exe" -auto
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: ¡¡¡¡¡¡.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\CONTROL Panel present
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Family Feud 2\Images\stg_drm.ocx
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.ph/com/EGamesPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mystery P.I. - The Lottery Ticket\Images\armhelper.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Update Service (gupdate1c967eb181c4090) (gupdate1c967eb181c4090) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7406 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32, on 2009-04-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.70.0\Weather.exe" -auto
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: ¡¡¡¡¡¡.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Family Feud 2\Images\stg_drm.ocx
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.ph/com/EGamesPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mystery P.I. - The Lottery Ticket\Images\armhelper.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Update Service (gupdate1c967eb181c4090) (gupdate1c967eb181c4090) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7406 bytes

k??? i still have all the same probs tho ok now my comp keeps shuttin down and a pop up saying windows has expeierenced an unexpected error needs to shut down........... my comp only stays running about 15 mins and restarts...
Aslo my GREEN light that shows something is running, will not stop.... wat is GOING on?? I'm not sure but I don't think it is a malware issue. Try here http://www.bleepingcomputer.com/tutorials/tutorial148.htmli would love to try that other site, but i cant...
i need to activate my email and password, and i cant becuz my email is "sucure server...." i cant SIGN in to check emails..................
I ran another scan from dr. web, and i cant attach log but i did a print screen of wat it shows, i DONT know where or how to go from that, can you maybe still help PLEASE

[attachment deleted by admin]That's not any threat.

Why do you need your email to visit BleepingComputer?to make an account to ask for help, it says it needs to verfiy my email...
I CANT OPEN IT tho.... and the bottom of that attachment, it says VIRUSes found...........
The longer i cant get this fixed the more shhiiiiiiit, happens to my comp.I wasn't sending you there to ask for help. Read the article on the page in the link. How to automatically repair Windows Vista using Startup Repair - http://www.bleepingcomputer.com/tutorials/tutorial148.html simple but i dont have any disc's for laptop.......it was purchased second You can try posting in the Computer Help forum to see if anyone has any new ideas.

I know you never did, just seems dumb that people are proclaiming it as undetectable just because a patch came out after the WORM, which doesn't preclude detection by any means. In fact, even rootkits are fairly simple to detect.

a rootkit usually patches certain windows functions, such as FindFirstFile,FindNextFile, CreateFile, etc. to make sure that the functions never find the malware folders and files.

However, this is a very trivial thing to check- simply use the GetProcAddress() API to retrieve the API addresses and compare them to the imported Function addresses; if they are different- then we have an issue.

Of course malware could hook GetProcAddress() as well to force them to return the same value as the value they likely soft-patched into the program when it started with a malware appinit_DLL. The answer to this would be to invoke a Callback-accepting API function that would likely be patched, such as EnumWindows or EnumprocessModules. (which would be patched to prevent displaying the malware windows and processes). by carefully double-popping the return addresses one can determine wether the call stack really started with program->EnumprocessModules->Callback routine. In most cases of malware, it would likely actually be program->Malware masker function->EnumprocessModules->Callback. By analyzing and popping stack frames we can go all the way back to the calling function and try to VALIDATE each function in between.

Of course one would then try to restore the stack frame to the way it was... perhaps even using the address of the malware function to grab the Module filename and displaying that as the rootkit.Conficker Botnet Stirs, with a Scareware Business Model

ZDNet Blogs, April 10, 2009
The Conficker botnet has stirred to life, using its peer-to-peer communication system to update itself and download scareware (fake anti-virus programs) to millions of infected Windows machines. The Conficker update comes a week after a heavily-hyped April 1st activation date and provides the first sign of the motivation behind this malware threat — financially motivated cybercrime.


found this to-night , harryno wonder i can't access microsoft website lately.

for those infected also, you probably can't download any fix since the virus blocking access to microsoft website and antivirus website, such as symantec, sophos, avg, etc.
then i google out and found a fix here:
http://depts.drew.edu/cns/FixDownadup.exe
version 1.0.5

download, then double click the file, oops, the virus auto-kill the FixDownadup.exe Process. rename the file so it doesn't contain the string "FixDownadup", renaming it to FixDownadupx.exe won't work, rename to something else like "x.exe" then double-click again, and click start to scan.

scanning in process.... hopefully it work

Edit:
Quote

Scan Result:
W32.Downadup has not been found on your computer

AVG Free anti-virus

AVG Free Edition is the well-known antivirus protection tool. AVG Free is available free of charge to home users for the life of the PRODUCT.

Rapid virus DATABASE updates are available for the lifetime of the product, thereby providing the high level of detection capability that millions of users around the world trust to protect their computers. AVG Free is easy to use and will not slow your system down (low system resource requirements.Highlights include automatic update functionality, the AVG Resident Shield, which provides real-time protection as files are opened and programs are run, free Virus Database Updates for the lifetime of the product, and AVG Virus Vault for safe handling of INFECTED iles.Version 8.5 now includes LinkScanner Active Surf-Shield to check every Web page for threats at the only time that matters.

Jo LYNCH said,AVG has become popular virus cleaner over the past few years, and virus writers will often try to disable or evade widely used programs. That's why it's a good idea to run secondary checks either online or by using an alternative program from time to time.

Fortunately there are at least three good free clean virus programs: AVG, Avast!, and Avira AntiVir. (Comodo is another option, but I have not tried it.) Nowadays, some antivirus programs insist on being the only one installed. If so, turn it off and run Kaspersky's free standalone Virus REMOVAL Tool as a double-check. This is more comprehensive than Microsoft's Malicious Software Removal Tool.

offical site: AVG Free - Download antivirus and antispyware software for Windows XP and Vistai dont think your telling people anything they dont already know

i had avg for years until avg8 came out and now i have avast

i had eset nod 32 and loads of VIRUS,s got on to com so UNINSTALLED it but the ekrn file wont DELETE i think i have the virus,s under control but the auto updates wont come on on computer and the ekrn file keeps restarting this is really annoying so if anyone can help me get RID of these it would be a great help thanks chris

Hello

If I want to use ( file RECOVERY ), is it possible to recover any DELETED VIRUSES?

Yes it is, as well as System RESTORE.

A friend had the Anti-virus Number 1 virus on her computer. I ran Malwarebytes Anti-Malware AND Kaspersky's AVPTool on it, and that seemed to clear it up. Spy Sweeper and McAfee both claim the computer is now clean.

However, when I tried to empty the recycle bin, I got the following error:
"Cannot delete Dc317: The request could not be performed because of an I/O device error."

I installed and ran CCleaner, but it was not able to empty the recycle bin either.

Next, I manually emptied the bin (by opening the bin and selecting files and deleting them). I deleted everything visible, and the bin icon changed to the empty recycle bin. But when I right-clicked on it and selected "empty recycle bin" I got this:

Are you sure you want to delete these two files?

Clicked yes, then got the error message about Dc317 again.

I suspect that Dc317 is left over from the virus, but I have no idea, and I have no idea what else I can do with the recycle bin.

Just for kicks, here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:41:33 PM, on 4/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet EXPLORER v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\FilmLoop Player\FilmLoop.exe
C:\Program Files\Common Files\AOL\1237914022\ee\AOLSoftware.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
D:\Jennilynn's Documents\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/disp...%s&tbid=%tb_id
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.alot.com/sidebar?pr=as...-us/Suite.aspx (obfuscated)
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (FILE missing)
O2 - BHO: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for PX] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\lserver\server.vbs"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1237914022\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Picasa Media Detector] "D:\Jennilynn's Documents\Picasa2\PicasaMediaDetector.exe"
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: is-P7ASA.lnk = C:\Documents and Settings\Jennilyn\Desktop\Virus Removal Tool\is-P7ASA\startup.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6054D082-355D-4B47-B77C-36A778899F48} - http://qmedia.xlontech.net/100348/qm...ll06061501.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1229995969109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1152932425375
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9111 bytes


Thanks for reading. Hope someone can help.
-wynnehttp://ccollomb.free.fr/unlocker/


if you really want it out go to the above DOWNLOAD and follow through its easy , harryThanks for the tip, HARRY. I'll let you know how it goes.You have some issues in the HJT log...might be a good idea to follow the guidelines and post the three logs.

Please respond here if possible to NOTIFY me of any REPLIES to "mareze2".

THANKS...In the topic, scroll down to the last POST and click on the button.

hi folks,
Im running XP pack 3 on a toshiba laptop satelite 85. While searching a sight on auto repairs I got a message pop up from my virus program(avira) telling me there was a virus in the page and did I want to deny access-I said yes and it popped up about 5-6 more times before I could click out of page. I thought by denying access the problem was solved but I ran malwarebytes and avira to be sure.Malware found nothing but avira found 2 viruses which I chose to quarantine.Avira told me I have to restart the computer to complete the action-which I did.When it rebooted and got to my desktop page there were no icons but a small window that said -to protect your computer data execution prevention has closed microsoft front page server administrator client-it gave me no choices except to click close then another window asked if I wanted to send this error to microsoft. I did.
I rebooted in SAFE mode and ran every virus program I have to no avail-I tried backdating to another save point but it kept saying it did not go back to that point so nothing has changed. I cant figure out where to go next so Im coming to the experts for help-HELP
thank you-PeteDo you have a backup method?
At this point it would be a good idea of doing a backup, if yew can.

Other wise, reboot in safe mode. Open task manager & look for any process that MIGHT be bogus and stop it. Suspend all AV and spy ware blockers. Of course, you want to be off the network. Now run just one AV Scan program in Safe mode. Then reboot and tray again with another Scanner.
If you can not get it this way, you will have to do a Hijack log.

But first try a scan in safe mode. Yeah, I know, some will tell you that it don't work that way. Yes, it does. Trust me on this.
I would go with MalwareBytes in safe mode.hey geek
I dont have backup and I ran malwarebytes and avira virus cleaner in safe mode and they found nothing. I looked at task manager processes and they all look Greek to me-sorry. But I do have a popup alert that tells me I have a virus and starts scanning on its own from a site called bonuspromoofer.com.
I may have screwed up big time CUZ I went to safe mode as admin and ran sysdm.cpl and made dep accept front page,rebooted and computer came on perfect again,so I started malwarebytes again and as soon as I did a popup came up and said you have a security prob.-do you want to scan for viruses and before I can react it goes to a scan page and starts scanning-I cannot stop it short of physically turning off the computer.
now I cannot even start in safe mode-it goes to user page and when I click my name it says loading and then jumps to saving settings and it wont go any farther.At this point I do not have any advice.

The virus has taken over your system.

As for me, I keep a backup install for this kind of panic. At this point I would handle it this way. I would use another HDD to boot Windows after making the original DRIVE the slave. Then I would download recent versions of AV scanners and do FULL scans on the slave drive. Sometimes that works.

Others here would recommend doing a Hijack log.
pdudenhefer -
I cleaned it up today on a client's Compaq. Same symptoms as you. Go to <removed> and follow ALL the instructions to download, install, and run Combofix. It did the trick.

BWPS - You can skip the Stopzilla install advert @ <removed>
BWPlease do not send users to that website. It is not the official web site for ComboFix and we do not want users running ComboFix unless advised to do so by someone trained to use it.

Post it again and I will begin removing your posts and request that you are banned. See here > http://www.mywot.com/en/scorecard/combofixdownload.comwell evil fantasy what do you recommend-please.Right now it wont even let me get to safe mode-it comes on and goes off in 2 seconds-logs on then immediately logs off and saves settings
tried using repair disk and it started like it was gonna come on and then it did the same- sign on and offI'm not sure what to do if you can't log on.

You can try this.

Avira AntiVir Rescue System

* Download the Avira AntiVir Rescue System
* Place a blank CD in your burner and double-click on the downloaded file.
* The program will automatically burn the CD for you.
* Place the burned CD into the affected computer and start the computer with the CD in the CD tray.
* On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.
* Click on the Configuration button.

- Select Scan all files
- Select Try to repair infected files and Rename files, if they cannot be removed
- Select Scan for dialers
- Select Scan for joke programs (Jokes)
- Select Scan for games
- Select Scan for spyware (SPR)

* Click on Virus scanner
* Click on Start scanner at the bottom of the screen

Currently the program does not support saving a log. Please write down the list of items for Records, Suspect files, and Warnings then post them back here.My bad. combofix.org is the good site, highly ranked by the reference you provided.-I downloaded the rescue disk and tried to log on but it only got to opening page and then closed and saved my settings. It did this twice and then reverted to welcome user page,but when I click on my name it logs on and off by itself again. Im stymied.BW you did not link to combofix.org you linked to combofix.com - Can you read this? http://www.mywot.com/en/scorecard/combofixdownload.com

Still unless you are trained to use ComboFix and can show it then do not suggest it's use here. And then only use the official ComboFix web site which is neither combofix.org or combofix.com.

@ pdudenhefer - Try posting in the Windows forum. Maybe someone will have some IDEAS there.Yes I can read it and did. That is why I suggested the .org vs. the .com site. I have used combofix on well over 150 computers. Thanks for your Avira suggestion. I'm testing now on a machine that won't let combofix run. It has similar symptoms to the first post.

i RAN 2 SCANS to-night and got this result both times and the 3 scan buttons were pressed before the start , harry

[ATTACHMENT deleted by admin]