Explore topic-wise InterviewSolutions in .

Hi,

my computer has been giving me trouble for a while now...just as soon as I fix one problem, another problem is created.
I will SKIP ahead to now.

So, after reinstalling the operating system on my computer, most everything worked fine again, except my internet explorer wasn't working, but my firefox was.
Soon enough, my unprotected computer started getting viruses and trojans and such. then, i used Spyware Doctor with Antivirus. Did a scan, removed threats. Now, when I open firefox, the page is blank. And, when I try to go to any other SITE with firefox, it is still blank. So, now my internet explorer doesn't WANT to open, and my firefox opens, but shows nothing.

I am definitely sure that somehow scanning and removing threats on my computer also affected my firefox.

I just really need to find a way to get onto the internet somehow from home. can someone PLEASE help me figure out how to make internet explorer and/or firefox work?

thanksNo need to double-postwell, i wasnt sure which section it fit in. (spyware or internet BROWSERS)

Just wanting to know what free Spyware programs/Virus programs you all are running I personly am running Avast like it better van AVG but I am wanting a good spyware/malware program any suggestions between
Spydoctor
Spybot S&D
Ad-Aware
Malwarebytes Anti-Malware
any other suggestions

and my mothers computer has Spybot Sand D running with Avast and she gets a popup telling her virtual mem is running low every so often is that because I hav S&D and Avast running at same time?
Windows XP machine

Is that Spyware Doctor, or Spydoctor the rogue?SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

You can also use Windows Defender which is also a full-time scanner. SAS and MBAM are not full-time scanners. You have to update them and run them unless you have the paid versions. These scanners should not interfere with your AV program. Just last month, I was running Avast, Threatfire, Spybot S&D and SpywareBlaster with no problems. Since then I've switched to MicroSoft Security Essentials for my AV which is free from MS and is not a resource hog and it's running smoothly with it's neighbours.
Here's some information about virtual memory

And no protection would be complete without a third-party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) COMODO Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. SIMPLY put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a DEDICATED software solution. Remember to use only one firewall at the same time.Spyware blaster
Comodo
and MicroSoft Security Essentials installed
seems faster than Ad-Aware and Avast
Thank you DaveHope this is not classed as hijacking the original post.
Interesting to read about Microsoft Security Essentials.
I use, and really like Avast, but it now seems to be a bit resource hungry (well, for me anyway).
Apart from SuperDave and now zodiacmaster, can anyone else recommend MSE or should l stick with Avast.
Thank you
I've used MSE since it went final and like it. I don't see myself switching any time soon.Thanks evil, that seems a good enough excuse for me.
Will temporarily disable avast,download MSE, and give it a whirl.
ThanksI think you will like it.

Just be warned. It's a lot like Windows Defender in that everything it does, like updating and so on, is all in the background. It only makes itself known when it blocks something. And there is only one instance of it in Task Manager. 4,260k. Very lightweight. Cor blimey!
Have got rid of Avast (knowing that it can always be freely downloaded again if needed), and am now using MSE!
Wow, for me, what a difference in speed upon STARTUP!
The interface seems brilliant. Pleasing on the eye and really simple to use. Your comments noted, so I'll stick with it and see how it performs. Thanks for that.
I also have Spywareblaster running in background, so should l stick with this or get rid?
And that's about it! I have the usual Superantispyware and Malwarebytes programs, but these are only run on demand.
Regards
WTC

Quote

I also have Spywareblaster running in background, so should l stick with this or get rid?

Over the last month or two my computer has been slowing down. This must be because of some mess GONG on somewhere on it. I have run scans only to see that they have not found a thing. I have everything updated. As you can see in my specs, I do not have a slow pc. I am runnin gwindows 7 32 bit. If I am ever watchin gflash videos, they seem to lag and then the video and audio is off. Very annoying.... I want this to go back to normal without reinstalling......AGAIN! sorry to make eveything into small sentences. It's a NEW habit. got any plans for me here?

thx in advance
Please download Cheetah-Anti-Rogue, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
• Double-click on Cheetah-Anti-Rogue.cmd to start.
• It will finish quickly and launch a log.
• Post the contents of it in your next reply.

• Download Win32kDiag from any of the following locations and save it to your Desktop.
  
  • Download Win32kDiag (Win32kDiag.exe) - #1
    
  • Download Win32kDiag (Win32kDiag.exe) - #2
    
  • Download Win32kDiag (Win32kDiag.exe) - #3
    
• Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  
• When it STATES "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  
• Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
  

I need to help reinstalling a VGA Card from Dell.............I got my
service tag number and pull it up with no problem and download
the Dell Driver..........

once the download goes through what do you do next.........is it just
over then??

in other words, I download the VIDEO Driver and then what do I do?If you click on the driver directly below "File Title(s)" (ex. intel-driver) , the next page will have "Installation Instructions" . If you still need help post back with your Service Tag number and I will help you look up the instructions.

[Saving space, attachment deleted by admin]Service Tag is.........52H89C1

I have the driver downloaded so now I need to know what to do
next......there are kinds of downloads available under my
Service Tag at Dell......are these updates to my current video
card etc.....I have already downloaded several from video
and diagnosticsI have the files in my computer but when I TRY and run them
it asks for ADMINSTRATOR or Owner.......I use my normal
password and it DOESNT work......do I need to try and run these
to actually have them installed???It looks like your video driver is the ATI-Driver
Quote

Download

1.Click Download Now, to download the file.
2.When the File Download window appears, click Save (Windows XP
users will click Save) this program to disk and click OK. The Save In:
window appears.
3.From the Save In: field, click the down arrow then click to
select Desktop and click Save. The file will download to your desktop.
4.If the Download Complete window appears, click Close. The file
icon appears on your desktop.

Install

1.Double-click the new icon on the desktop labeled R168684.EXE.
2.The Self-Extracting window appears and prompts you to extract or
unzip to C:\DELL\DRIVERS\R168684. WRITE down this path so the executable (I.e.
Setup.exe) file can be found later.
3.The Self-Extractor window appears.
4.Click OK.
5.After completing the file extraction, if the Self-Extractor
window is still open, close it.
6.Click the Start button and then click Run.
7.Type C:\DELL\DRIVERS\R168684 in the Open textbox and then click OK.
8.Follow the on-screen installation instructions.

Quote

Only question I have left is what do I do with the TFC program that's still on my desktop?

Thank you so much! I'm a HAPPY camper today.

I'm trying, I really am. This is my first virus/malware/spyware problem, and I'm in tears. I'm pretty good with computers that work, but this has me in tears. I'm running Vista Business. I have Norton antivirus, but it can't do an update. I can't run programs, so I can't use the ones listed in the READ This First. I keep getting porn crap/*censored* dysfunction ads on IE (which I don't EVER use) popping up, and all these warnings that I don't think are legit. Things keep opening and it's very hard to get them closed. I'm scared to do ANYTHING at this point. Trying to figure out the instructions while dealing with all the other stuff is like trying to read Latin in the dark. Please, can anyone who can translate this stuff to SIMPLE english, and help me with a computer that can not download/run programs, I will be grateful!!!
Thanks in advance, REBECCA Rosego to a clean pc and do this

Download a boot time anti virus scanner (pick one: http://www.google.com/search?hl=en&rlz=1T4GGLL_enUS304US305&ei=WHFCS-DZLMW8lAeTsP2fBw&sa=X&oi=spell&resnum=0&ct=result&cd=1&ved=0CAYQBSgA&q=download+boot+time+av+scanner&spell=1). Burn it to a cd and put the cd in the infected computer. Make sure the cd is at the top of the boot order in bios, then boot to the cd and run the scan.

try to re-name high jack this to snipper.exe and run first of allGive me a few minutes to get to the link--how do I get to the bios? As I said, I'm fine when the computer works--but I stay away from the inner workings stuff....when you put the cd in it should show on the screen Quote from: harry 48 on January 17, 2010, 05:38:23 PM

when you put the cd in it should show on the screen

I have a virus which does not let me look at anti-virus websites or download anything or open more than 2 windows at a time. I have windows XP and have tried McAfee, MalwareBytes and a dozen other virus protectors. Help!!!?Hello z2667.

Try this please.

RootRepeal - Rootkit Detector

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program FILE to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start SCANNING your system.
* If you have multiple drives you only NEED to check the C: drive or the one Windows is installed on.
* When DONE, click on Save Report
* Save it to the same location where you RAN it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

I am at step 1 of your forum and I cannot down load AVG Free, or AvantFree for some reason. I also have no access to Control Panel. I am running Vista 64 bit
Thanks
16.01.2010 21:53:54 general: Started: 16.01.2010, 21:53:54
16.01.2010 21:53:54 system: Operating system: Windows Vista ver 6.0, build 6001, sp 1.0 [Service Pack 1] AMD64
16.01.2010 21:53:54 system: Memory: 40% load. Phys:2351536/3928996K free, Page:4194303/4194303K free, Virt:2022112/2097024K free
16.01.2010 21:53:54 system: Computer WinName: SUZANNE-PC
16.01.2010 21:53:54 system: Windows Net User: Suzanne-PC\Suzanne
16.01.2010 21:53:54 general: Old version: ffffffff (-1)
16.01.2010 21:53:54 system: Using temp: C:\Users\Suzanne\AppData\Local\Temp\_av_inet.tm~a02956 (47587M free)
16.01.2010 21:53:54 internet: SYNCER: Type: use IE settings
16.01.2010 21:53:54 internet: SYNCER: Auth: another authentication, use WinInet
16.01.2010 21:53:54 general: Install check: Program folder does NOT exist in registry
16.01.2010 21:53:54 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 0
16.01.2010 21:53:58 general: progress thread start
16.01.2010 21:53:58 general: Destination: C:\Users\Suzanne\AppData\Local\Temp\_av_inet.tm~a02956
16.01.2010 21:53:58 general: Starting download: http://www.avast.com/go.php?verb=get-avast-home&type=cnet&langid=eng
16.01.2010 21:53:58 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
16.01.2010 21:53:58 general: Download finished from server www.avast.com, result: 0x20000004, server RESPONSE: 12029
16.01.2010 21:53:58 general: STATS www.avast.com, server response: 536870916
16.01.2010 21:53:58 general: POST result: 0x20000004, server response: do as many and what ever steps you can to the end and post any logs

re-name mbam.exe to mbam2.exe and run

re-name hjt to sniper.exe and run

don't worry about avg run avast which you have

what are some good anti VIRUS and spy ware free hopefullyGee, that's never been asked before. Oh wait - it has. Here and on every other support forum. Once a week. PLEASE - do a search on the site.Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly RECOMMENDED that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.Quote from: SuperDave on January 16, 2010, 01:38:18 PM

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

AVG, MS Security Essentials and PC Tools AV? If I were recommending the best available solutions I certainly would not include any of those. And I would include the best PAID solutions as options.

Hello everyone,

Yesterday, my desktop pc running windows xp sp 3 became infected with what seemed like multiple viruses. I saw numerous symptoms:

A) my ability to connect to the internet was gone
B) my wallpaper changed to a green SCREEN with a black warning message about spyware
C) constant popup messages - one mentioned something about the Worm.Win32.Netsky infecting my computer; another said "click here to protect your computer from spyware!" and another said "Attention! SYSTEM detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. You private information and PC safety is at risk."

Luckily, I was able to get internet access on a friend's computer to read the malware removal guide posted here. After following all of the steps, it seems that most, but not all, of the malware is gone on my pc. My internet connection is now working on my pc, and all of the popups have disappeared. The green screen on my desktop wallpaper is gone as well. However, now all of my icons there are highlighted for some unknown reason (although the icons all work fine). I just wanted to be sure that all the bad stuff is gone.

Attached are my SAS, MBAM, and HJT logs. I actually did 2 scans w/ MBAM - I did the quick scan FIRST, which hardly found anything, and then a full scan which found more malware. Both logs are attached.





[Saving space, attachment deleted by admin]These are the same logs I attached in my first post, but I am copy and pasting them this time since I noticed that most people seem to use this method.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/26/2010 at 09:34 PM

Application Version : 4.23.1006

Core Rules Database Version : 4521
Trace Rules Database Version: 2333

Scan type : Complete Scan
Total Scan Time : 03:38:10

Memory items scanned : 174
Memory threats detected : 0
Registry items scanned : 7216
Registry threats detected : 1
File items scanned : 87828
File threats detected : 4

Rogue.Agent/Gen
[Wallpaper] C:\WINDOWS\SYSTEM32\WARNING.HTML
C:\WINDOWS\SYSTEM32\WARNING.HTML

Adware.Tracking Cookie
C:\Documents and Settings\Ralph\Cookies\[emailprotected][3].txt

Trojan.Agent/Gen
C:\WINDOWS\system32\41.exe

Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\SYSTEM32\SNDIPAVI32.DLL


Malwarebytes' Anti-Malware 1.44
Database version: 3585
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/26/2010 4:58:18 PM
mbam-log-2010-01-26 (16-58-18).txt

Scan type: Quick Scan
Objects scanned: 126171
Time elapsed: 6 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Malwarebytes' Anti-Malware 1.44
Database version: 3585
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

1/26/2010 11:22:36 PM
mbam-log-2010-01-26 (23-22-36).txt

Scan type: Full Scan (A:\|C:\|)
Objects scanned: 211833
Time elapsed: 1 hour(s), 32 minute(s), 28 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 10
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
C:\WINDOWS\SYSTEM32\smss32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUN\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\SDFix\dummy.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\SDFix\apps\dummy.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\helper32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\Winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\IS15.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:53, on 1/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
O2 - BHO: File Print FedEx Kinko's - {9566395F-43D2-4c64-B525-B501FFA276E2} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229540297140
O16 - DPF: {69432678-2906-2705-1128-068943397621} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263759585985
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8771 bytes
Hello.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that.Just ran combofix. I also ran it yesterday after finishing the first 6 steps, but I was missing some of the instructions and forgot to install the windows recovery console. This time I did it right. I should also mention that I installed Avast before running combofix the second time.


Here are my 2 combofix logs. For some reason, internet explorer keeps freezing when I try to copy and paste them. I can only attach them.



[Saving space, attachment deleted by admin]Ok, here is the copy and pasted version of my second (most recent) log for combofix. Internet explorer still freezes whenever I try and copy and paste my first log - I am guessing because that one is too large. It is still attached in my post before this one.



ComboFix 10-01-27.06 - Ralph 01/28/2010 15:48:16.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.321 [GMT -5:00]
Running from: c:\documents and settings\Ralph\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ralph\Application Data\ibunuqul.inf
c:\documents and settings\Ralph\Start Menu\Programs\AVI Codec Pack +
c:\documents and settings\Ralph\Start Menu\Programs\AVI Codec Pack +\Check For Updates.lnk
c:\documents and settings\Ralph\Start Menu\Programs\AVI Codec Pack +\Uninstall.lnk
c:\program files\AVI Codec Pack
c:\program files\AVI Codec Pack\AC3\ac3filter.ax
c:\program files\AVI Codec Pack\AC3\dialog_patch.exe
c:\program files\AVI Codec Pack\DivX 3.11\DivX.inf
c:\program files\AVI Codec Pack\DivX 3.11\DIVX_c32.ax
c:\program files\AVI Codec Pack\DivX 3.11\DivXa32.acm
c:\program files\AVI Codec Pack\DivX 3.11\DivXc32.dll
c:\program files\AVI Codec Pack\DivX 3.11\DivXc32f.dll
c:\program files\AVI Codec Pack\DivX 3.11\L3codeca.acm
c:\program files\AVI Codec Pack\divx.chm
c:\program files\AVI Codec Pack\ffdhow\ffdshow.ax
c:\program files\AVI Codec Pack\ffdhow\ffdshow.ax.manifest
c:\program files\AVI Codec Pack\ffdhow\libavcodec.dll
c:\program files\AVI Codec Pack\ffdhow\libmpeg2_ff.dll
c:\program files\AVI Codec Pack\ffdhow\libmplayer.dll
c:\program files\AVI Codec Pack\ffdhow\TomsMoComp_ff.dll
c:\program files\AVI Codec Pack\LAYER-3\L3CODECP.ACM
c:\program files\AVI Codec Pack\LAYER-3\RaMp3Cfg.exe
c:\program files\AVI Codec Pack\uninstall.exe
C:\s
c:\windows\cycoku.scr
c:\windows\system32\_003819_.tmp.dll
c:\windows\system32\_003820_.tmp.dll
c:\windows\system32\_003821_.tmp.dll
c:\windows\system32\_003822_.tmp.dll
c:\windows\system32\_003829_.tmp.dll
c:\windows\system32\_003830_.tmp.dll
c:\windows\system32\_003831_.tmp.dll
c:\windows\system32\_003833_.tmp.dll
c:\windows\system32\_003834_.tmp.dll
c:\windows\system32\_003837_.tmp.dll
c:\windows\system32\_003838_.tmp.dll
c:\windows\system32\_003840_.tmp.dll
c:\windows\system32\_003841_.tmp.dll
c:\windows\system32\_003842_.tmp.dll
c:\windows\system32\_003844_.tmp.dll
c:\windows\system32\_003847_.tmp.dll
c:\windows\system32\_003848_.tmp.dll
c:\windows\system32\_003852_.tmp.dll
c:\windows\system32\_003853_.tmp.dll
c:\windows\system32\_003855_.tmp.dll
c:\windows\system32\_003858_.tmp.dll
c:\windows\system32\_003860_.tmp.dll
c:\windows\system32\_003861_.tmp.dll
c:\windows\system32\_003862_.tmp.dll
c:\windows\system32\_003863_.tmp.dll
c:\windows\system32\_003866_.tmp.dll
c:\windows\system32\_003867_.tmp.dll
c:\windows\system32\_003868_.tmp.dll
c:\windows\system32\_003869_.tmp.dll
c:\windows\system32\_003870_.tmp.dll
c:\windows\system32\_003875_.tmp.dll
c:\windows\system32\_003877_.tmp.dll
c:\windows\system32\camenot.vbs
c:\windows\ygunoqe._sy

.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-28 )))))))))))))))))))))))))))))))
.

2010-01-28 01:09 . 2010-01-19 11:4219024----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2010-01-28 01:09 . 2010-01-19 13:13162640----a-w-c:\windows\system32\drivers\aswSP.sys
2010-01-28 01:09 . 2010-01-19 11:4323248----a-w-c:\windows\system32\drivers\aswRdr.sys
2010-01-28 01:09 . 2010-01-19 11:4646544----a-w-c:\windows\system32\drivers\aswTdi.sys
2010-01-28 01:09 . 2010-01-19 11:43100304----a-w-c:\windows\system32\drivers\aswmon2.sys
2010-01-28 01:09 . 2010-01-19 11:4394672----a-w-c:\windows\system32\drivers\aswmon.sys
2010-01-28 01:09 . 2010-01-19 11:4228240----a-w-c:\windows\system32\drivers\aavmker4.sys
2010-01-28 01:09 . 2010-01-19 11:5738848----a-w-c:\windows\system32\avastSS.scr
2010-01-28 01:09 . 2010-01-19 11:57152672----a-w-c:\windows\system32\aswBoot.exe
2010-01-28 01:09 . 2010-01-28 01:09--------d-----w-c:\program files\Alwil Software
2010-01-28 01:09 . 2010-01-28 01:09--------d-----w-c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-27 20:18 . 2010-01-27 20:18--------d-----w-c:\program files\Common Files\Java
2010-01-27 18:33 . 2010-01-27 18:33578560----a-w-c:\windows\system32\dllcache\user32.dll
2010-01-27 18:29 . 2010-01-27 18:29--------d-sh--w-c:\documents and settings\Administrator\IETldCache
2010-01-17 22:57 . 2009-11-21 15:51471552------w-c:\windows\system32\dllcache\aclayers.dll
2010-01-17 21:05 . 2010-01-17 21:05--------d-----w-c:\program files\Windows Resource Kits
2010-01-17 20:28 . 2009-02-09 12:10617472----a-w-c:\windows\system32\advapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 20:57 . 2004-11-19 19:35--------d-----w-c:\documents and settings\All Users\Application Data\DIGStream
2010-01-28 20:41 . 2010-01-26 22:3952224----a-w-c:\documents and settings\Ralph\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-28 20:41 . 2009-03-28 21:36117760----a-w-c:\documents and settings\Ralph\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-28 20:40 . 2008-05-11 16:23--------d---a-w-c:\documents and settings\All Users\Application Data\TEMP
2010-01-28 14:31 . 2009-09-19 02:29--------d-----w-c:\program files\SpywareBlaster
2010-01-27 20:18 . 2010-01-27 20:1861440----a-w-c:\documents and settings\Ralph\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-48cdcd29-n\decora-sse.dll
2010-01-27 20:18 . 2010-01-27 20:18503808----a-w-c:\documents and settings\Ralph\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40458530-n\msvcp71.dll
2010-01-27 20:18 . 2010-01-27 20:18499712----a-w-c:\documents and settings\Ralph\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40458530-n\jmc.dll
2010-01-27 20:18 . 2010-01-27 20:18348160----a-w-c:\documents and settings\Ralph\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40458530-n\msvcr71.dll
2010-01-27 20:18 . 2010-01-27 20:1812800----a-w-c:\documents and settings\Ralph\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-48cdcd29-n\decora-d3d.dll
2010-01-27 20:17 . 2008-12-27 04:50411368----a-w-c:\windows\system32\deploytk.dll
2010-01-17 23:17 . 2009-09-30 13:373695616----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2010-01-17 23:17 . 2009-09-30 13:372353992----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2010-01-17 23:13 . 2008-12-26 23:40--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2010-01-17 23:12 . 2010-01-17 23:125115824----a-w-c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-17 21:24 . 2003-04-19 00:40143712----a-w-c:\documents and settings\Ralph\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-08 23:16 . 2003-04-14 22:52--------d--h--w-c:\program files\InstallShield Installation Information
2010-01-07 21:07 . 2009-09-19 02:3338224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-09-19 02:3319160----a-w-c:\windows\system32\drivers\mbam.sys
2010-01-04 22:19 . 2006-06-05 01:504700----a-w-c:\documents and settings\Ralph\Application Data\ViewerApp.dat
2009-12-23 04:49 . 2009-06-10 16:15256----a-w-c:\windows\system32\pool.bin
2009-12-23 04:34 . 2009-12-23 04:34--------d-----w-c:\documents and settings\Ralph\Application Data\Blackberry Desktop
2009-12-03 19:45 . 2007-11-28 01:25--------d-----w-c:\documents and settings\Ralph\Application Data\LimeWire
2009-12-03 19:37 . 2008-09-24 00:14--------d-----w-c:\program files\Incomplete
2009-12-03 19:37 . 2007-11-28 01:17--------d-----w-c:\program files\LimeWire
2009-12-02 23:26 . 2007-11-28 01:18--------d-----w-c:\program files\Java
2009-11-03 01:42 . 2009-12-02 16:51195456------w-c:\windows\system32\MpSigStub.exe
2009-10-14 00:28 . 2009-10-14 00:28187150----a-w-c:\program files\log.txt
2004-07-25 01:46 . 2004-05-17 19:150--sh--r-c:\program files\q330994.exe
2004-05-24 04:32 . 2004-05-23 15:500--sh--r-c:\program files\power scan
2004-07-25 01:46 . 2004-05-17 19:150--sha-r-c:\windows\nem216.dll
2004-07-25 01:46 . 2004-05-28 11:360--sha-r-c:\windows\SYSTEM\wmscrop.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2003-04-14 26112]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"MPTBox"="c:\progra~1\Canon\MULTIP~1\MPTBox.exe" [2002-11-09 172032]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-21 49152]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"DIGStream"="c:\program files\DIGStream\digstream.exe" [2005-05-18 282624]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-6-4 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-6-4 106496]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk *\0stera\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Kinko's\\FPFK\\FPKMain.exe"=
"c:\\Program Files\\Kinko's\\FPFK\\Kinkos.Jupiter.GUI.Queue.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [9/30/2009 8:37 AM 64160]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [1/27/2010 8:09 PM 162640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 1:50 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 1:50 PM 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [1/27/2010 8:09 PM 19024]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 1:01 PM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1028432]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 1:50 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]

2010-01-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {69432678-2906-2705-1128-068943397621}
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-AVI Codec Pack - c:\program files\AVI Codec Pack\uninstall.exe
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-28 15:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3728)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE\ophook32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Canon\MultiPASS4\MPSERVIC.EXE
c:\windows\System32\nvsvc32.exe
c:\windows\BCMSMMSG.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2010-01-28 16:05:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-28 21:04
ComboFix2.txt 2010-01-27 18:23
ComboFix3.txt 2009-10-14 00:26
ComboFix4.txt 2008-12-27 05:32

Pre-Run: 6,692,040,704 bytes free
Post-Run: 6,607,384,576 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 04B28143226CD4BC3F9B780E7780095A
Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky.fr and save it to your Desktop.

• Please close all other applications running on your system.
• Please double click GetSystemInfo.exe to open it.
  
• Click the Settings button.
  
• Set it to Maximum
  
• IMPORTANT! Then please click Customize - choose Driver / Ports tab and
• Uncheck Scan Ports.
  
• Click Create Report to run it.
  
• It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.
  

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
• Click CREATE

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's FINISHED it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Quote from: evilfantasy on January 27, 2010, 01:34:20 PM

Looks good.

time to finish up.

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before IMMUNIZING. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

What browser were you using?

Hi, This MORNING I was reading a major US Newspaper online when a box popped up warning me that Firefox recommended against installing Metastream 3 plugin. The box offered two options cancel or restart Firefox (I clicked the X on the box). I checked on the Mozilla forum and although people are reporting similar messages no one has offered an explanation. I did not try to install metastream 3, don't even know what it is. Is this likely to be a malware problem and what should I do about it. Thank youPlease Download Kenco.exe by jpshortstuff and save it to your Desktop.

• Close all other programs before executing!.
• Double click Kenco.exe, to begin execution. Scan should only take a few minutes.
• When FINISHED, the log file " Kenco.log" will OPEN in Notepad.

• Please post the contents of that log in your next reply.

Hey guys i recently booted up my work PC to find the my background is changed to all green, black box in the middle saying my computer is infected.

First thing i did is pulled this forum up and started READING away at a thread somebody had posted a while back about the same thing. Well i tried running CC first, then moved on to trying adaware. Neither worked so i tried a suggestion off of this website. They told the person to TRY downloading this http://www.the-pc-guru.com/files/dwpfix.reg ... Well i RAN that program and it seemed to do nothing. So i then downloaded AVG and gave it a run. EVERYTHING on the computer was fixed and running great. So i gave it a quick restart just to be sure. Now the computer is stuck at the welcome screen, when i click my user name for it to log in it starts to load. Then i believe it tells me it is closing all connections, then stops loading and is just at the welcome screen again. I click it again the same thing happens. I have tried everything you can do with a windows disc and its repair options. If i try to boot into safe mode i get a blue screen of death (i think computer was doing this before i had this problem). Also i believe that my computer is still running behind the welcome screen, this computer is linked via my router wirelessly to ANOTHER computer. The second computer will pull up the shared files, and run a certain program we use for work. It will not do this unless the stuck computer is connected to the internet and has linksys's software up and running. If you have any ideas PLEASE let me know. Thanks guys

Was BIOS altered?
I just did this today, 16 Jan 2010 about 7 PM pst.
My BIOS is listed as a "701' by a program that IDs BIOS.
My Motherboard is a ASUS P4V8X-MX
On their web SITE I got the latest download, which is a P4V8X701.ROM and I also got their software for this board.
I did a dump of the ROM before burn and named it OLDROM.
(That part has to be done in MS DOS booted from floppy.)
I later rebooted, all is well. Now I go to the directory where I put the downland. Next I fetch the SAVED file off the floppy.

OK, now are you with me up to this point?
There is a program called FC that you can use at the command prompt. Both the old file and the new file are exactly the same size. Using the /b option thee are many areas in the two file that differ. Some differences are significant. It is actual code, not jsut FF and 00 stuff.

Now then, because the two fines have the same revision ID, how come there are significant differences?
Or to put it another WAY,
Did a virus get into my BIOS?


Yes. and it's setting up a ROGUE DNS server in your living room.Not just the rogue DNS, I saw it stealing your neighbors car.IT'Z IN YUR CUPBOARDZ
EATIN YUR FOOD

Any assistance is greatly appreciated. I have read the protocols for posting for removal assistance however I am unable to carryout the steps.

The infection is on our laptop and will not allow CONNECTION to internet to access any of the recommended tools. Further, in attempting to install a Kaspersky anti-virus program I was instructed to remove the McAfee APPLICATION that is part of the Yahoo suite. Then Kaspersky kept saying there was also an Avast program that had to be removed. I searched for any files that looked anything like Avast but Kaspersky stills says it is there and therefore can not be installed. So at the moment I have no anti-virus tools and as I said am unable to connect to Internet to download any.

The laptop is connected via wireless router to my desktop. Does that offer any options?

Any sugestions on how to rid this beast?

ThanksAt the top of this forum there are 'sticky post' by Evansville, an expert on Mal Ware removal. We trust you have read over very carefully his instructions.

To get files on and off of you laptop you could use a USB flash drive, about $10 at you local Wallchart store. Or Radio Shack. Watch Out! When using Flash drives on an either PC, be sure the auto-run option is off. Flsh drives can ACTUALLY infect a PC with the Auto-Run thing.

You will need Mal ware BYTES tool.
http://www.malwarebytes.org/
Use that latest version.

Load onto you good PC and transfer it to a flash drive. Then you can put it on the infected laptop.

Avoid putting more post here until one of the trained experts gets to you. This is not a chat room.

Some of the best volunteers have other things they have to take care of first.
This is not a commercial site. In the sense that you are not expected to pay anything for the services of a volunteer. Ads on this site help pay for the cost of the web traffic, which gets to be rather high.
You said any suggestions.
When thes problem happens to me I just workaround it and avoid going into the registry.
I make sure my TASK bar is always visible. From the task bar you can do a restore, maximize or minimize. Also, you can changes display settings on the fly. Current versions of windows do not require a reset. By changing the resolution you can force the maximize thing to fix itself. Also, you may need to check for the latest updates for the drivers. An another thing, your monitor, if the old analog type, may be out of adjustment.

Also, when I have this problem with some programs i just avoid maximize. Instead I use restore and the size to where I want it and never use maximize in the current session.

You said any suggestions. Works for me.


Go to this link to create a Rescue CD or to this site to create a Rescue USB. Carefully follow all the instructions for whichever method you choose.

whenever i click F8 and then click on safe mode in dos, the computer after a few seconds all of a sudden restarts improperly automatically. i think it maybe a virus. here is my hijack log . help me out please .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:54, on 30/01/2010
Platform: WINDOWS XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global STARTUP: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

--
End of file - 3105 bytes
Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger or Windows LIVE Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

----------

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as ADMINISTRATOR (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

Turns out that the error message I receive when updating to READER 8.2 is the same ONE I receive when attempting to uninstall reader 8.1.1. If I "OK" out of it and LET the rest of the uninstall continue, I get 395 LEFTOVER files and REG entries. Is it possible to need to uninstall this many entries???

If you use Revo it should get all of the leftovers.Things are looking pretty good here on my end.

Evil, I WANT to thank you for all of your dilligent work on this issue. I sincerely appreciate the time and effort you put into helping me resolve this!

You are FANTASTIC!

Yours,
Zippy2 Your welcome.

Safe surfing..

Okay. Here we go.


Download JAVARA
* Unzip the file and open the JavaRa.exe
* Click Remove Older Versions
* JavaRa will search for and remove any outdated version of Java and remove any that are found.
* Click Additional Tasks
* Place a check next to Remove Useless JRE Files and click Go
* Exit JavaRa
* Delete the JavaRa files from the desktop

----------

Download The Avenger by Swandog46 and save it to your desktop.

* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Code box below, and paste it into the Input script here window:

Code: [Select]Comment:

Files to delete:
C:\found.000

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the "Reboot now?" question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will pop-up for you to view when you login after reboot.

* Add the Avenger log in your next post.

----------

Scan your computer with Panda ActiveScan

* Once you are on the Panda site click the Scan your PC now button.
* A new window will open...click the Scan Now button.
* If it wants to install an ActiveX component allow it.
* It will start downloading the files it requires for the scan. (Note: It may take a couple of minutes)
* You may get a warning from Internet Explorer that Panda is ready to install, please allow it.
* The scan will begin. Please be patient as it can take an hour or more to complete.
* When the scan COMPLETES, if anything malicious is detected, click the Export to: button (looks like a little Notepad).
* Save the ActiveScan.txt to a convenient location like your desktop.
* Note: You do not need to select any of the Disinfect options. We will remove any threats manually.

* Post the contents of the ActiveScan report in your next reply.ok am just on the panda scan, but it's gonna take a while.

Is there anyway a virus could get from my computer onto my reuter and slow down the internet speed in my house? only my housemates and me are all experiencing really slow internet. They say it's happened in the last few days since I've known there's been a problem... our area is well known for having slow internet though so it might not be connected.

thanks

Lj

will post the logs as soon as the scan completeshere are the logs

[Saving space, attachment deleted by admin]* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Code box below, and paste it into the Input script here window:

Code: [Select]Comment:

Files to delete:
c:\$recycle.bin\s-1-5-21-2848911874-2998251934-89243116-1006\$r9jybkn\catchme.cfxxe

Folders to delete:
C:\found.000

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the "Reboot now?" question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will pop-up for you to view when you login after reboot.

* Add the Avenger log in your next post.


Also let me know how the computer is running now.Here's the avenger script

My computer's running a *censored* of a lot faster now. Start up times were getting ridiculously lengthy and now it's just a few seconds! Plus the DOS window's gone away! Thankyou very much

Lj

[Saving space, attachment deleted by admin]also my internet speed has gone back to normal! not sure if this was ever connected to the virus/malware issue but thank you once again! Please HANG around so Evilfantasy can do some clean-up. Thankssure, no worriesIf there are no more malware issues we can finish up now.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /Uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Download OTC by OldTimer and save it to your desktop.

1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will CLOSE all programs when run, so make sure you have SAVED all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

i have downloaded HIJACKTHIS and this is my LOGFILE
can you please help me?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:04 PM, on 1/29/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\MSN Toolbar\Platform\5.0.1051.0\mswinext.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1051.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1051.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1051.0\npwinext.dll
O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1051.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1454471165-1757981266-839522115-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Simon')
O4 - HKUS\S-1-5-21-1454471165-1757981266-839522115-1003\..\Run: [HDDHealth] C:\Program Files\HDD Health\HDDHealth.exe -wl (User 'Simon')
O4 - HKUS\S-1-5-21-1454471165-1757981266-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Simon')
O4 - HKUS\S-1-5-21-1454471165-1757981266-839522115-1003\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Simon')
O4 - HKUS\S-1-5-21-1454471165-1757981266-839522115-1003\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Simon')
O4 - HKUS\S-1-5-21-1454471165-1757981266-839522115-1003\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /M "Stylus CX3800" /EF "HKCU" (User 'Simon')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZJxdm025YYCA
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
Hello Rain.

We need more information. Please start here. Malware Removal GuideHello, your comment has been removed. Please do not post malware advice, or post here in the malware FORUM, unless you need help. ~ DragonMaster Jay

This program was noted yesterday on the CH "software" forum by a member as the "giveaway of the day". I have downloaded the file (but have not extracted it for install from it's .zip file as YET because i have some questions).
1. I have read reviews of the product from many on line sources all of which rave about the software and the company. However because of similarities of product names some confusion (in my mind and others) exists as to what it is that was provided. My belief is that it is a combined anti-virus AND a firewall program. Even reading the reviews on the actual product emphasises the "firewall" aspect with little or no mention of the "anti-virus" component. So what is it before i open it?
2. I am using various free anti-virus programs on my computers such as AVG,Avira, and AVAST. If i remove one of them from one of the computers and replace it with On line Armor++ will i have at least the same level of anti-virus protection as with any of the others?
3. Has anyone on this forum determined from actual use that the company does an adequate job of virus definition updates?
4. Is there any probability that this program becomes as invasive as either "Norton" or "Mcafee" anti-virus software?
5. Should one SEEK at some future TIME to desire to "uninstall" it are there any known issues with being able to do that?
Thank you,truenorthYou are using multiple AV's on your system? Hopefully only one is resident. And even then it's a VERY bad idea to have more than one installed since they all hook into various apps. You should uninstall all except the one AV you wish to keep.Allan, Thank you for your concerns on my use of anti-virus programs. You will note in my statement "I am using various free anti-virus programs on my computers " (emphasis on the "s" on "computers") because i have many computers. I have only one on any one of them.My questions are related to user experiences of comparisons with "any" of them. As an example maybe the one in the subject is better than AVG but not as good as Avira.truenorthAhhh - sorry for the misunderstanding No problem and your advice is certainly relevant where it is appropriate and also better to be safe than sorry.Also thank you for bringing that software program to the attention of the forums yesterday.I did have some problems with the download from your link which ultimately were resolved with the assistance of "evilfantasy".Just waiting for some feedback before i move ahead with a likely installation.truenorthWell , I installed it yesterday so this review will be short.....program installed OK, I may have had the same problem you had with the download.....First impressions are favourable .... it is both an AV and a firewall application. The program must have the virus signatures updated before using.....Very detailed information regarding what is blocked and allowed by the firewall....Many features and settings to explore........After initial configuration program runs well, however I noticed a definite lag in the time from when a desktop icon is clicked and the time the page opens....this was longer than ZoneAlarm ..... the AV scan is thorough and quite long, but the quick scan is quick....I'll know more about the AV when it blocks something.Thank you Karnac very informative.Good luck with it. truenorththe free version is just a firewall.

the giveaway was for the full version, the one that, normally WOULD not be free.

that one has a AV in it as well.

I was INFECTED with this virus and after trying several different things a freind of mine who is pretty good with pc's did the following and got it off my pc.
Start task manager
End Control Center Program
go to file/new task ( run)
Type in Explorer.exe
This should BRING up your desktop. Proceed with removial.
I am not in anyway able to do any repairs on my own pc
I am olny telling all of you what he said he did to fix my pc.
It cured my problem and all my files were saved I HOPE this
help's any of you with the same problem.

This is the whole process.
Ytd i dwnloaded a software from the net and unluckily my bitdefender(AV) did not erase it in time.

The virus is called ''Virus.Win32.Neshta.a" This malicious program identifies and infects executable files. making me unable to open any .exe files. more infos here : http://www.viruslist.com/en/viruses/encyclopedia?virusid=105045

I used system restore to an earlier point and it ''somewhat'' do the trick. i was able to run .exe files

therefore, i used spyware doctor to clean any remaining viruses, to my shock, i found 144 infected files including 35 win32 nesha viruses, i succesfuly deleted all the viruses,
however, after i restart my cpu, the computer become extremely slow. i was not able to go in firefox, and im curently using google chrome. games starts very slowly.

Thus, i rescan my whole cpu with spyware doctor. found 4 adware advertising viruses which cant be deleted.

after that my bitdefender(AV) SUDDENLY pop up a win32 nesha virus, it had been deleted by my av for now, however im not too sure it will be permanently deleted. I hope anyone can give me some help.

As ive called the ACER company to come down to help, most likely they just guna factory default my COMP. so i was looking for an alternative.

My OS :

Aspire E560
Vista HOME premium
Intel core2 CPU 4300 @ 1.80Ghz
2gb ram. radeon x1550 series


Hello, your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. ~ DragonMaster Jayso u trying to tell me tat i had to us the window'cd to reinstall windows?
does this mean its factory default?
sry for as i am still a newbHello, your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. ~ DragonMaster JayHello, your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. ~ DragonMaster JayHello, benovelent, and welcome to CH!

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that.Im sry but after looking at the tutorial, im abit afraid that after using the combofix, my comp will hav more problem like the OE stated in the link, eg. internet problem.

Are you sure my computer can take it?

Sry i just wana double check..Yes. I am sure it will be fine. Ok, i will, i will post it latest by tonight

Arghhhh -- MBAM deleted ComboFix again. It is crazy, when the developer of ComboFix works at Malwarebytes' Corporation, and they detect his own product by accident.

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
  
• Select System
  
• On the left select Advance System Settings and accept the warning if you get one
  
• Select System Protection Tab
  
• Select Create at the bottom
  
• Type in a name i.e. Clean
• Select Create

• Go back to the System and Maintenance page
  
• Select Performance Information and Tools
  
• On the left select Open Disk CLEANUP
  
• Select Files from all users and accept the warning if you get one
  
• In the drop down box select your main drive i.e. C
• For a few moments the system will make some calculations
• Select the More Options tab
  
• In the System Restore and Shadow Backups select Clean up
  
• Select Delete on the pop up
  
• Select OK
• Select Delete

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please POST the contents of that document.

OTC does not appear to have removed MBAM, HijackThis, SuperAntiSpyware, or CCleaner. Are any of these useful to run periodically?

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Quote from: SuperDave on January 30, 2010, 07:20:49 PM

Don't worry about it. OTC probably TOOK it AWAY. Did you reset your SYSTEM Restore?

I am going to RUN a Full Scan of McAfee now. Not sure why but everytime i browse a web PAGE, it takes me to a different page or automatically opens a new tab by itself.Please go to Start > Run and copy/paste the following blue text, then press Enter:

C:\QooBox\Add-Remove Programs.txt

A text file should open. Please post the contents of that file in your NEXT reply.



Please hold off on the scan. There will be more instructions that need done after I get the uninstall list.

You are running two antivirus. You should only ever run one at a time. Which one do you want to keep?Quote from: evilfantasy on January 29, 2010, 05:21:39 PM

Please hold off on the scan. There will be more instructions that need done after I get the uninstall list.

You are running two antivirus. You should only ever run one at a time. Which one do you want to keep?

Let me know when you get back up and running.

i tried that but it DIDNT work. thanks for all of your help though, my computer is now working much better Quote from: huyniken on January 31, 2010, 09:44:24 AM

i tried that but it didnt work. thanks for all of your help though, my computer is now working much better

I am at the C:\WINDOWS prompt in Microsoft Windows XP Recovery Console nowGood.

Type cd \ and press "Enter".

Type cd system~1\_resto~1 and press "Enter".

Type dir and press "Enter".

After
you press enter you will see a list of folders (like rp1, rp2) If the
list of restore points has more than one page then press the "Enter" key until you reach the end of the list

Type cd rp {number of the second to last folder in the list} and press "Enter".
Note: Example: cd rp9 if the last restore point is rp10

Type cd snapshot and press "Enter".

Type copy _registry_machine_system c:\windows\system32\config\system and press "Enter".

Type copy _registry_machine_software c:\windows\system32\config\software and press "Enter".

Type exit and press "Enter".

Your PC will reboot.

=======================

If you get an access denied error when doing the above, then do the following at the recovery console:

Type cd \ and press "Enter".

Type cd windows\system32\config and press "Enter".

Type ren system system.bak and press "Enter".

Type exit and press "Enter".

Your PC will reboot, go back into the Recovery Console and start from the beginning.After typing ren system system.bak

it said a file or directory with the name system.bak already exists

Access is still deniedPlease save the following instructions into Notepad and print it out as this webpage would not be available when you're carrying out the process.

1.Please reboot into Recovery Console as you did before.

2.You must enter which Windows installation to log onto. Type 1 and press Enter.

3.At the C:\Windows prompt, type the following bolded command, and press Enter:

set allowallpaths = TRUE

4.At the next prompt type without the quotes "cd erdnt\subs" and hit Enter.

5.At the next prompt, please type in the following without the quotes: "batch erdnt.con" and hit Enter.

The erunt BACKUPS should begin copying backup FILES. At the next prompt after it is complete, Type exit.

kindly reboot your pc and tell me if Windows is loading nowI tried to enter the set allowallpaths = true command, but I got this message:-

The SET command is currently DISABLED. The SET command is an optional Recovery Console command that can only be enabled by using the Security Configuration and Analysis snap in No biggie. Go ahead and try the commands after that.Nope. Still GETTING the same blue screen error as before :-(I only have access to this (my friends) PC for another hour or so today. Can my system be restored? :-/Cannot be restored. We tried two paths.

I would say a reinstall of Windows might work.

Use Windows disc, and do a repair install (data-safe)

See: http://support.microsoft.com/kb/978788Okay - I'll try thatHello. If you need help, please start a new topic. This topic is for Deckfitz only. ~DragonMaster JayI couldn't repair Windows - I had to do a complete reinstall. At least now I know my machine is clean again.Alright, thanks for letting me know.

I see that others have reported same problem. It has got to be the most disruptive and stubborn virus I have so far come across. When the "Antivirus software alert" pop-ups appear, they look suspiciously unauthentic.

I have tried to work through what you advise before posting a help request, but every stage is prevented, informed by the "Security Warning" message in the subject LINE. The Windows Security Alert goes to scan, then informs me of over 30 horrid viruses, trojans, worms etc on my computer, but when GOING to cleanse/remove, it directs me to stump up $49.95 for the upgrade. I suspect this isn't authentic either!

I am absolutely stuck, if you could possibly help at all. Thanks for a GREAT forum.

TomJust to add, I have been able to download the AVG and CCleaner to the infected PC, and install them, but the virus then prevents me from opening/running them. I using Mozilla Firefox to use this website, IE is another that is blocked by the virus.did you try and run them in safe mode


re-name HJT to snipper.exe and try

re-name mbam.exe to mbam2.exe and try

Hey sd , Computer is running great . the gmer.exe wouldn't uninstall said it couldnt find the file and the defogger would not uninstall I am ATTACHING the log .
Thanks again
Helpme 220

[Saving space, attachment deleted by admin]I'm concerned about DeFogger re-enabling your virtual drives. Did all this happen?
QUOTE

* The application window will appear.
* Click the Re-enable button to re-enable your CD Emulation drivers.
* Click Yes to continue.
* A 'Finished!' message will appear.
* Click OK
* DeFogger will now ask to reboot the machine, click OK

When I try to open the topic "My computer" that was started by stevener11, my anti virus produces a pop-up that says the accessed file is infected, threat name EXPLOIT Rouge scanner. Has this happened to anyone else? It blocks me from seeing what is written. I see the topic is up to 2 pages so obviously people are able to get in and post. Maybe a BUG with AVG? This is the only topic it does this to. This has already been brought up and it seems that it is a bug with AVG.

If you scan the web page with AVG's online scanner, nothing appears.
http://www.avg.com.au/resources/web-page-scanner/I did the scan thing and it did not find anything so everything is good.

I still can not open that link with AVG running, but my main concern was other people getting a virus.

Thanks for the helpThanx for the heads up DAN...
It does appear to be on AVG's end.Quote from: hejlik on January 06, 2010, 08:44:16 AM

When I try to open the topic "My computer" that was started by stevener11, my anti virus produces a pop-up that says the accessed file is infected, threat name Exploit Rouge scanner. Has this happened to anyone else? It blocks me from seeing what is written. I see the topic is up to 2 pages so obviously people are able to get in and post. Maybe a bug with AVG? This is the only topic it does this to.

Would I be correct in assuming that you have AVG's LinkScanner enabled?

...AVG responded quickly and they have informed me that the issue should be resolved with the next database update....

Why is this thread still in the 'Computer Hardware' section, can't somebody move it?

Yes.

* Click START then RUN
* Now type Combofix /Uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter.

The above procedure will:
* Delete: ComboFix and its ASSOCIATED files and folders.
* Reset the clock SETTINGS.
* Hide file extensions, if required.
* Hide SYSTEM/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Disable/Enable the System Restore Utility to flush old infected restore points

1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Put a check mark next to Turn off System Restore on All Drives
4) Click the OK button.
5) You will be PROMPTED to restart the computer. Click the Yes button.

Now re-enable System Restore

To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.

1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Remove the check mark next to Turn off System Restore on All Drives
4) Click the OK button.Okay then, I'll do that tomorrow. THANKS for the help.

Thanks Karnac.

No sweat I haven't had that PC on for a few days anyway so I'll boot it up over the weekend and FOLLOW your instructions.

Thanks again for all your HELP you've SAVED my system from what I thought was OBLIVION. You're most welcome....

hi every one i just have installed windows 7 the beta version
on my windows xp pro

well i have some problems with it cuase my pc is what older
well i have orderd the problems here so if soemone can help me out with this that would be great

1.after i installed windows 7 i my divece centr i have got 2 devicec that the drivers cant be found
- video controller and pci simple communications controller
i have found the driver for the pci simple communications controller but the other video controllet i didint find it on the net i have a ati radeon 9250 its a older version so i dont know if there is a solution for that but if there is please let me know

2. second problem is after i dont know a virus or something was getting in to my computer every time i WANT to launch google chrome it says
a eroor with some kinf of code like (0x0000005)
i really have no idea why i have started google chrome before and was working fine but now it cant.

3. well this problem has been going on after a virus was detect everytime i start up my pc the pc gets a blackscreen before the desktop launch
i have tried to get in with the taskmanger and then run explorer.exe
it worked well but after that i was ALSO going into regedit to solve the problem with winlogon/shell/explorer.exe
i had changed explorer.exe to Explorer.exe and after that iw roked really good after restartin the pc there where no problemes but after i installed ESET smart security i was getiing al these warnings of viruses i think there where 121 virus detected by eset and he ofcourse deleted them but after that i had to restart my pc and again the same problme with the black screen but this time even if a click run on the taskmanager with explorer.exe IM getting noting

i really dont know if tis is a virus that al doing that or is ti windows 7 i really dont know but if soemone can help me out that would be great

im sorry for the spelling i was typing so fast that i didnt pay atention to the spelling

if i hope this problems are cleared what kinf of internet security or antivirus can i use what kind of virusscanner is good and works with windows 7
i dont have a budget so be my quest

again please if soemone can help me out

thanks

Harry 48 here are all the logs I have, thanks for your help. I also ran CCleaner and updated my Java and have SP2

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/03/2010 at 04:53 PM

Application Version : 4.32.1000

Core Rules Database Version : 4441
Trace Rules Database Version: 2265

Scan type : Complete Scan
Total Scan Time : 04:43:00

Memory items scanned : 585
Memory threats detected : 0
Registry items scanned : 6988
Registry threats detected : 0
File items scanned : 71524
File threats detected : 5

Adware.Tracking Cookie
C:\Documents and Settings\Dan\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Kristy\Cookies\[emailprotected][1].txt

Trojan.Agent/Gen
C:\WINDOWS\system32\lowsec\local.ds
C:\WINDOWS\system32\lowsec\user.ds
C:\WINDOWS\system32\lowsec

mbam log

Malwarebytes' Anti-Malware 1.43
Database version: 3490
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

1/3/2010 9:26:24 PM
mbam-log-2010-01-03 (21-26-24).txt

Scan type: Quick Scan
Objects scanned: 131940
Time elapsed: 16 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No MALICIOUS items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:00 PM, on 1/3/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\Sniper\Sniper.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" -"http://games.gamesxl.com/6a0807c830b8678509c13917d4600ba1/game.php?file=687474703a2f2f67616d65732e67616d6573786c2e636f6d2f36613038303763383330623836373835303963313339313764343630306261312f313235302e646372&width=100%&height=100%&gamesxl=1&cr=1&ovrprldr=1"
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted IP range: 64.127.104.144
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5121243D-9CF3-41A5-926C-398F7C124993} - http://69.50.182.94/1/gdnUS1735.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231631880312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231631865156
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37670.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - c:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates INTERNATIONAL, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program Files\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Windows Defender Service (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)

--
End of file - 17652 bytes
sorry for being so long but i was in hospital when you sent the reply do you still have a problemHello ocondr. Your log indicates that you have more than one Anti-Virus program running on your computer: AVG and Norton. Since this is a no-no, one will have to be uninstalled.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and CHOOSE the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
(Description: Checks for updates to MS Works. Unnecessary. Removing this entry will free up some system resources. )
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
(Description: For fuji cameras - only needed when you are going to uninstall the software.)
O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)
O4 - HKCU\..\Run: [MoneyAgent] \"C:\Program Files\Microsoft Money\System\Money Express.exe\"
(Description: Microsoft Money agent. If you are not using this feature, removing it will free up a small amount of system resources.)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
(Description: Adobe reader startup - unnecessarily uses system resources.)
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
(Description: Microsoft Office startup assistant. Not necessary. Removing this entry will free up a significant amount of system resources.)
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" -"http://games.gamesxl.com/6a0807c830b8678509c13917d4600ba1/game.php?file=687474703a2f2f67616d65732e
67616d6573786c2e636f6d2f366130383037633 833306238363738353039633133393137643436 30306261312f31323
5302e646372&width=100%&height=100%&gamesxl=1&cr=1&ovrprldr=1"
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)


Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
link #2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

I've got a virus that I keep finding on my FLASH drive. The file is eexyv.exe and it comes with an autorun.inf to get it going when you PLUG in the drive. I have autorun turned off on my computers, so it never really starts up, but I still can't figure out how it keeps getting in there.
My flash drive generally only travels between four computers: Work internet PC, work development pc (no internet), home pc (limited internet), and my wife's laptop. INITIALLY I thought I was getting the malware from the laptop since it is the only one without virus PROTECTION, but I haven't used the laptop in several weeks and the file just now showed up on the flash drive.
Any ideas on how I can find which pc is infecting the drive? I'm getting ready to wipe out the laptop and start over with it, but I don't think it's the one causing the problem, since I haven't used it in a while.Please go to this link and follow the directions and post the required logs. Of course, you will have to do this for each computer. If you decide to go this method, please start a new thread for each computer, otherwise it would be very confusing.Ya, I guess I could do a hjt on each pc. I guess I was more wondering if anyone has ever encountered this file before and if they knew anything about it. I've done a little research on it and haven't found much information on it. Symantec says it's a trojan and that it is dangerous, but not much more.
A bit more info here, I googled it and the first three search results are WOT declared dangerous sites so be careful what you link to.....

http://www.prevx.com/filenames/457954191559027245-X1/EEXYV.EXE.htmlSo apparently it's a rootkit. Do most A/V PROGRAMS scan for those or do they generally only scan files?

It looks good, egon. If there are no other issues, it's time for some clean-up. You can uninstall HJT but you can keep SAS and MBAM. Update them and run them once a week.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* MAKE sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and FOLDERS.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

Clean out your temporary internet files and temp files.

DOWNLOAD TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are RUNNING on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

REMEMBER only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Safe Surfing!
Thank you so, so much, I am really grateful.

Hi, any help on this problem is greatly appreciated.

The first alert picked by avast on-access scanner was FakeAV-NO. I tried a couple rounds of MBAM which usually works for me but to no avail I seem to be getting LOADED with different trojans. I ran avast boot SCAN and it said dllcache\ntsf.sys is infected with cutwail-w. The system is booting and RUNNING fine OTHERWISE.

[attachment deleted by admin]I notice that you've posted some logs, terrific.

Did you TRY what is posted here.

I am NOT a virus guy, I'm just trying to keep you moving.It looks like the combination of MBAM and SAS did the trick. Both are giving clean reports now.

PROBLEM SOLVEDyour problem may be solved but remove this below



You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:
•ViewMgr.exe - Useless

•Viewpoint to Plunge Into Adware
It is suggested to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
•Viewpoint

•Viewpoint Manager

•Viewpoint Media Player

•Viewpoint Toolbar

•Viewpoint Experience Technology



also you cannot have 2 anti-virus on the pc you should keep avast

I've got a nasty variant of the MS-antivirus virus that has completely shut down my computer. It started SUDDENLY with a bunch of pop-ups that tried to get me to pay to activate their scam software, but this variant completely blocked access to any .exe file. I can't install anything or run any program. I ran down the checklist in the top of the forum, but I was only successful in installing hijack this (in safe mode). Nothing else would install. The virus was EVEN present in safe mode giving me pop up windows, but it did not shut down .exe FILES immediately.

I tried system restore but access was blocked in regular mode, and it wouldn't run in safe mode for some reason - not sure if that's typical or not.

The LAST time I tried to restart the computer it hung, so I tried to restart in safe mode, and it started to load then hung, so I restarted and tried to load last known good configuration and it just went blank. I re-tried this a couple of times and could not get beyond the "F8" screen with any option.

Sooooooo... now I'm attempting to make a bit defender BOOT USB. But before I attempt to use it I want to make sure I'm doing the right thing. I'm not sure what other options I have at this point.


Here's the HJT log from safe mode FWIW:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:36 PM, on 1/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\smss32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe bwsb.gio gltbr
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: C:\WINDOWS\system32\tyb4lc.dll - {A5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyb4lc.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [ylljarpb] C:\Documents and Settings\Shaft Family\Local Settings\Application Data\vgjmim\tfgasysguard.exe
O4 - HKLM\..\Run: [tiboyikuv] Rundll32.exe "c:\windows\system32\nunoruzo.dll",a
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ImageMixer 3 SE Camera Monitor for SD.lnk = ?
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} - http://fpams010.ats.iastate.edu/IOWASTATE/en-us/FileTransfer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79023B00-C3D9-4588-A40C-6CB040B4FF2A}: NameServer = 193.104.110.38,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B575154F-E8A4-43D6-8CB2-08A68F64E9BF}: NameServer = 193.104.110.38,4.2.2.1,192.168.0.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll,niyomeku.dll c:\windows\system32\nunoruzo.dll
O21 - SSODL: jogaremag - {9834fb91-c812-44e3-bf37-9b0549946ad1} - c:\windows\system32\nunoruzo.dll
O22 - SharedTaskScheduler: ujhsf879fiosdfhgs98fudifmnddfdfd - {A5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyb4lc.dll
O22 - SharedTaskScheduler: jugezatag - {9834fb91-c812-44e3-bf37-9b0549946ad1} - c:\windows\system32\nunoruzo.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate1c95c5d8d108e9a) (gupdate1c95c5d8d108e9a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeBitDefender USB rescue would be the best thing to start with.

Sine the start of class starts in a week, I thought to get my laptop check out. Aside from it seeming to have issues every now an again an I will need it for codeing this semster.

[attachment deleted by admin]What issues?slowness, connection issues.... what notQuote from: squall_01 on August 15, 2009, 05:05:29 PM

slowness, connection issues.... what not

How about updating HJT to 2.0.2, post a fresh HJT log.

Then use the process tool ....there are 14 threats to remove with the old version log

In the tuneup program it says that VIRUSES use it. http://www.file.net/process/igfxtray.exe.html


http://uk.search.yahoo.com/search?p=intel+common+user+interface+module%3A&fr=yfp-t-501&ei=UTF-8&rd=r1


have a read here and SEE what you find

i have AVG the latest version and for some reason my resident shield became NON active. i am having trouble trying to re ACTIVATE it. any advice?remove and DOWNLOAD againif still having problem, which I doubt you will after you ATTEMPT standard reinstallation, you can try using the AVG Remover, which is the official tool from the AVG guys to completely clean your COMPUTER of AVG before attempting reinstallation.http://www.avg.com/download-tools

well done 2x3i5x , i forgot about it

pc TOOL firewall free version asking for every application for block or allow so which applications i should allow and which should block,applications are
spooler subsystem app
generic host for win32 services
run as dll as an app
lsa shell
acs

thanksAll of these are legitimate services. I don't understand why the firewall is asking you about them. While they are all legitimate, they all also can be ASSOCIATED with various Trojans. I think you should run a check with SuperAntiSpyware and MALWAREBYTES while you are waiting on someone that MAY have more experience with PC tool firewall to help you.

Hello!

After returning to my house after a drill weekend, I was greeted by a black BOX centered on my lime-green desktop. "Your system is infected!", it proclaims.

I've run a full scan with MBAM and it succeeded in cleaning up some of my issues, but the background issue PERSISTS. I have used the available tools on this site and have TRIED running many of the other tools used by those with the same problem. I've had no success and decided to post.

I'll post my HJT log, but I COULD USE some help ridding myself of this annoying desktop background.

Thanks in advance!

Endymion

[Saving space, attachment deleted by admin]

Happy New Year! I hope the holidays were wonderful for you and yours!

You have helped me immeasurably in the past so I value your opinion very much and would like to ask you a question.

My husband bought me a new computer for Christmas (yea!) and it has WINDOWS 7 on it (yea?) My old computer operated with XP and I have never used Vista or 7 before this, but I am finding it easy to navigate.

The new computer is emachines with Athlon II with a bizillion gigs of space.

My question is: do you think I should install CCleaner, Malwarebytes, SuperAntiSpyware, and Deffragler in my new computer? Do you think these programs would be beneficial to me?

Thanks ever so much!

-granny-

hi granny i have seen you here before , download them all to keep your pc safe , i'm not evil Quote from: newgranny on January 12, 2010, 01:40:22 PM

My question is: do you think I should install CCleaner, Malwarebytes, SuperAntiSpyware, and Deffragler in my new computer? Do you think these programs would be beneficial to me?

Hi

I cannot access a site that I used to be able to. I have recently moved and now have wireless BROADBAND using a usb connection.

Request denied by proxy.
Reason: IPS matched signature "BEM sgrunt Dialer User Agent (sgrunt)", id='1000'

--------------------------------------------------------------------------------
Method: GET
Host: www.scouts.org.uk
Path: /


Asked for help on the xp forum and was sent here as they think I may have infection.

Have done all the steps as recommended logs as follows:-

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/18/2009 at 07:46 PM

Application Version : 4.27.1002

Core Rules Database Version : 4061
Trace Rules Database Version: 2001

Scan type : Complete Scan
Total Scan Time : 01:47:19

Memory items scanned : 541
Memory THREATS detected : 0
Registry items scanned : 8484
Registry threats detected : 25
File items scanned : 112333
File threats detected : 3

Trojan.Agent/Gen
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}
HKU\S-1-5-21-3573990178-2462150968-3289835842-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}

Adware.Vundo Variant
HKU\S-1-5-21-3573990178-2462150968-3289835842-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A48FE9AC-DD02-4FF7-9211-B7BA9A2C8BF2}

Rogue.Deus Cleaner
HKU\S-1-5-21-3573990178-2462150968-3289835842-1006\Software\Deus Cleaner

Rogue.Advanced AntiVirus 2008
HKU\S-1-5-21-3573990178-2462150968-3289835842-1006\Software\Antivirus2008y
HKLM\Software\Antivirus2008y
HKLM\Software\Antivirus2008y#VerStr
HKLM\Software\Antivirus2008y#VerInt
HKLM\Software\Antivirus2008y#Cnt
HKLM\Software\Antivirus2008y#Lng
HKLM\Software\Antivirus2008y#UnInsAct
HKLM\Software\Antivirus2008y#MAbbr
HKLM\Software\Antivirus2008y#Type
HKLM\Software\Antivirus2008y#FoundInfo
HKLM\Software\Antivirus2008y#FoundCount
HKLM\Software\Antivirus2008y#PID
HKLM\Software\Antivirus2008y#FirstRun
HKLM\Software\Antivirus2008y#Root
HKLM\Software\Antivirus2008y#ExeFileName
HKLM\Software\Antivirus2008y#TIns
HKLM\Software\Antivirus2008y#lnum
HKLM\Software\Antivirus2008y#affid
HKLM\Software\Antivirus2008y#aid
HKLM\Software\Antivirus2008y#lid

Rogue.AntiVirus XP 2008
C:\Documents and Settings\Della Turnbull\Application Data\Antivirus2008y
C:\Documents and Settings\Della Turnbull\Start Menu\Antivirus2008y

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\PAUL TURNBULL\FAVORITES\ONLINE SECURITY TEST.URL

Malwarebytes' Anti-Malware 1.40
Database version: 2651
Windows 5.1.2600 Service Pack 3

19/08/2009 01:03:09
mbam-log-2009-08-19 (01-03-09).txt

Scan type: Quick Scan
Objects scanned: 115973
Time elapsed: 9 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AlfaAntiVirusDownloader (Rogue.AlfaAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AlfaAntiVirus (Rogue.AlfaAntiVirus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysberay2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysftray2 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\AlfaAntiVirus (Rogue.AlfaAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\890166 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\bemark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\f49f4daa.dat (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:38:41, on 19/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot MODE: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\WORKS Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\F6D4050\v1\BelkinWCUI.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: (no name) - {37840C4C-B6A6-8876-F568-EE2B2690D8EA} - (no file)
R3 - URLSearchHook: (no name) - {E02B07CA-E023-82F4-7D92-B49E8D3904BC} - (no file)
R3 - URLSearchHook: (no name) - {5D329B6F-78D7-1E0B-8B07-2D27C6E9B8EA} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {10C52A42-DB8B-4ade-AA4A-CED6A8282B85} - (no file)
O2 - BHO: (no name) - {37840C4C-B6A6-8876-F568-EE2B2690D8EA} - (no file)
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\DOCUME~1\DELLAT~1\Desktop\FILING~1\POPUPK~1\POPUPP~1\PopLib.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5D329B6F-78D7-1E0B-8B07-2D27C6E9B8EA} - (no file)
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll
O2 - BHO: (no name) - {D47C7882-C961-ABE6-6936-CE29D68B3AE1} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E02B07CA-E023-82F4-7D92-B49E8D3904BC} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Big Fish Games Toolbar - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BCROReminder] C:\Program Files\ByteCrusher\RegistryOptimax\BCRO.exe -rem
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [dvdbold] C:\DOCUME~1\DELLAT~1\APPLIC~1\UPLOAD~1\Surf keep.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Documents and Settings\Della Turnbull\Desktop\filing cabinet\pop up killer\PopupPopper\SiteList.exe (file missing)
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Della Turnbull\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: ppctlcab - http://69.44.122.156/scanner/ppctlcab.cab
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Yahoo! Cribbage - http://download2.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/stg_drm.ocx
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5011/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 15305 bytes

Sorry this is huge amount of info, and way beyond me

I have mcafee anti virus, and having just read some advice given on here I am now really worried that my comp is wide open.

Any help would be gratefully received!!!

Im not very sure what to do , i cannot open anything without this happening and internet explorer is directed to a antivirus SITE. Ive tried rkill and CANT seem to get it to work , pls help me. =(Go to this LINK to create a Rescue CD or to this site to create a Rescue USB. Carefully follow all the instructions for WHICHEVER method you choose.

Hello EVERYONE. I just installed WIN 7 Ultimate and AVG 9.0. I did a scan, because I copied over Izarc, from my other PC. Before i copied over the file I did an antivirus and malwarebytes check on the file, and it came out clean. However, now AVG, with the LATEST updates it is finding trojan HORSE rootkit-pakes u. in the c:\windows\system32\atapi.sys ? can it be a false positive?There's only one way to be sure. Please go to this link and follow the directions and POST the required logs.

I installed Norton 360, because they said it would remove the virus, it found the virus and did remove it, but now the computer won't let me log in, it logs right back out and I can't log into safe MODE, or restart from LAST known working, the only thing I can do is msdos, I tried scandisk but it didn't find anything. Can someone please help? Go to this link to create a Rescue CD or to this site to create a Rescue USB. Carefully follow all the instructions for whichever method you choose.Neither of these worked, when the computer turns on it will go in F2, Safe mode will not work, F10 only goes back to regular log in, and F12 runs a diagnostic tests. The computer will boot, show the windows screen, show my background picture, and then go to log in screen, when I press log in, it immiedately logs me out. I tried the Dr. WEB live and the avira antivirescue and neither work. The computer will not boot them. I put them in shut the unit off and turned it back on, it will not read the disks. Do you know anything else I can try? You have to re-configure your BIOS to look at the disk drive first in Setup.and how do I do that? OK I go into F2 and CHANGE it to read disk first, it still won't read that disk. Are you sure that you CREATED the disk correctly? If you have a memory stick, trying creating a rescue USB.

i have AVG and it isnt detecting anti spyware LIKE it says but my MALWAREBYTES does so i no avg aint workink like it should anyone ELSE have this PROBLEM?if its the free one it may not

download superantispyware free for spyware