InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 3851. |
Solve : VBS:Obfuscated-gen trj problem? |
|
Answer» Hello,
I suggest uninstalling a-squared and PC-Doctor 5. Use Malwarebytes and SUPERAntiSpyware for on-demand scanning. a-squared is known for false positives and PC-Doctor 5 is not very reliable in my opinion. Also uninstall J2SE Runtime Environment 5.0 Update 6 ---------- Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop DO NOT run it yet! Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: DDS:: BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Folder:: c:\docume~1\alluse~1\applic~1\NortonInstaller 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze I'm sorry I've got a question. This step requires me to install ComboFix, isn't it? I must look for it online? Since it doesn't seem to be present in my desktop.Sorry I copied the wrong speech. I edited the above instructions.Here is the log. Was my computer severely contaminated? ComboFix 09-07-05.01 - HP_Administrateur 06/07/2009 3:02.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1447 [GMT 2:00] Lancé depuis: c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090705-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\alluse~1\applic~1\NortonInstaller c:\docume~1\alluse~1\applic~1\NortonInstaller\Logs\07-05-2009-22h41m25s\SymNRT-07-05-2009-22h41m25s.log c:\docume~1\alluse~1\applic~1\NortonInstaller\Logs\07-05-2009-22h41m25s\SymNRT.1.mft.7z c:\docume~1\alluse~1\applic~1\NortonInstaller\Settings\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z c:\docume~1\HP_ADM~1.NOM\LOCALS~1\Temp\tmp1.tmp c:\docume~1\HP_ADM~1.NOM\LOCALS~1\Temp\tmp2.tmp C:\Documents c:\program files\messenger\msmsgs.exe c:\recycler\NPROTECT c:\recycler\S-1-5-21-25602794-1062246565-3331014846-1007 c:\recycler\S-1-5-21-2631055522-4284232903-2707980172-1007 c:\recycler\S-1-5-21-2631055522-4284232903-2707980172-500 c:\recycler\S-1-5-21-3208901557-1489751670-1171760114-1007 c:\recycler\S-1-5-21-4147084904-3235195045-2169894318-1007 c:\windows\desktop c:\windows\desktop\IRcap.lnk c:\windows\Installer\101420.msi c:\windows\Installer\122fe5.msi c:\windows\Installer\122fe9.msi c:\windows\Installer\122ff0.msi c:\windows\Installer\1291ec4.msi c:\windows\Installer\1345b1e.msp c:\windows\Installer\1345b23.msi c:\windows\Installer\14174e0.msp c:\windows\Installer\14f79ca.msi c:\windows\Installer\1752119.msi c:\windows\Installer\17ec23d.msi c:\windows\Installer\180998d.msp c:\windows\Installer\1c14a14.msi c:\windows\Installer\1f712d.msi c:\windows\Installer\1f8515e.msi c:\windows\Installer\207722e.msp c:\windows\Installer\20a41e.msi c:\windows\Installer\23c2e86.msi c:\windows\Installer\2a05f8.msi c:\windows\Installer\2a05ff.msi c:\windows\Installer\2a0628.msi c:\windows\Installer\2a0634.msi c:\windows\Installer\2bd3ee9.msi c:\windows\Installer\2cbdc55.msi c:\windows\Installer\2d751ee.msi c:\windows\Installer\2e1d7f7.msi c:\windows\Installer\2e24c2c.msi c:\windows\Installer\2f6d251.msi c:\windows\Installer\2f6d253.msi c:\windows\Installer\3037834.msp c:\windows\Installer\343cf.msi c:\windows\Installer\378191e.msi c:\windows\Installer\378195e.msi c:\windows\Installer\3781978.msp c:\windows\Installer\378197f.msi c:\windows\Installer\378198a.msp c:\windows\Installer\3b768cc.msi c:\windows\Installer\3ddbb2b.msi c:\windows\Installer\3ebcb1.msi c:\windows\Installer\434684.msi c:\windows\Installer\472fd7.msi c:\windows\Installer\4ad34da.msi c:\windows\Installer\4ad34db.msp c:\windows\Installer\4ad34dc.msp c:\windows\Installer\4ad34dd.msp c:\windows\Installer\4ad34de.msp c:\windows\Installer\4ad34df.msp c:\windows\Installer\4ad34e0.msp c:\windows\Installer\4ad34e1.msp c:\windows\Installer\4ad34e2.msp c:\windows\Installer\4ad34e3.msp c:\windows\Installer\571a62e.msi c:\windows\Installer\6696d.msi c:\windows\Installer\6697a.msi c:\windows\Installer\683998a.msi c:\windows\Installer\69b5f9b.msi c:\windows\Installer\6d641a.msi c:\windows\Installer\7378d2d.msi c:\windows\Installer\783269.msi c:\windows\Installer\798d75e.msp c:\windows\Installer\7e837.msi c:\windows\Installer\800b1.msp c:\windows\Installer\864935.msi c:\windows\Installer\8a950.msi c:\windows\Installer\8a955.msi c:\windows\Installer\911a0e1.msi c:\windows\Installer\911a0e9.msi c:\windows\Installer\93bd6d.msi c:\windows\Installer\9ff10.msi c:\windows\Installer\a73455.msi c:\windows\Installer\c69b55.msi c:\windows\Installer\d333d3.msi c:\windows\Installer\e13c5.msi c:\windows\Installer\e795b7b.msp c:\windows\Installer\f1698c.msi c:\windows\Installer\f2b19a.msi c:\windows\Installer\fc34f.msi c:\windows\Installer\fc35f.msi c:\windows\Installer\fc374.msi c:\windows\Installer\fc37c.msi c:\windows\Installer\fc38d.msi c:\windows\kb913800.exe E:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2009-06-06 au 2009-07-06 )))))))))))))))))))))))))))))))))))) . 2009-07-05 16:25 . 2009-07-05 16:28--------d-----w-c:\program files\Trend Micro 2009-07-05 16:10 . 2009-07-05 16:12410984----a-w-c:\windows\system32\deploytk.dll 2009-07-05 14:14 . 2009-07-05 15:52117760----a-w-c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-07-05 14:13 . 2009-07-05 14:13--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-07-05 14:13 . 2009-07-05 14:13--------d-----w-c:\program files\SUPERAntiSpyware 2009-07-05 14:13 . 2009-07-05 14:13--------d-----w-c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\SUPERAntiSpyware.com 2009-07-05 14:12 . 2009-07-05 14:12--------d-----w-c:\program files\Fichiers communs\Wise Installation Wizard 2009-07-05 13:58 . 2009-07-05 13:58--------d-----w-c:\program files\CCleaner 2009-07-05 12:27 . 2009-07-05 12:273561743----a-w-c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-22 20:48 . 2009-06-22 20:48--------d-----w-c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-06-22 13:19 . 2009-07-02 23:30314712----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe 2009-06-22 13:19 . 2009-07-02 23:3025440----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll 2009-06-22 13:19 . 2009-07-02 23:30169312----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll 2009-06-22 13:18 . 2009-07-02 23:30348496----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll 2009-06-22 13:18 . 2009-07-02 23:30298336----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll 2009-06-22 13:18 . 2009-07-02 23:301630560----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll 2009-06-22 13:17 . 2009-07-02 23:3085352----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe 2009-06-22 13:17 . 2009-07-02 23:30664424----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll 2009-06-22 13:17 . 2009-07-02 23:30563064----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe 2009-06-22 13:16 . 2009-07-02 23:30566632----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe 2009-06-22 13:16 . 2009-06-29 14:112352968----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe 2009-06-22 13:14 . 2009-06-29 14:10629072----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe 2009-06-22 13:14 . 2009-07-02 23:30520024----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe 2009-06-22 13:14 . 2009-07-02 23:301029456----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe 2009-06-09 22:15 . 2009-06-09 22:15--------d-----w-c:\program files\Fichiers communs\DivX Shared 2009-06-09 22:15 . 2009-06-09 22:15--------d-----w-c:\documents and settings\LocalService\Local Settings\Application Data\Google 2009-06-08 13:07 . 2009-06-08 13:0715688----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe 2009-06-08 13:07 . 2009-07-02 23:3084832----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-06 01:21 . 2008-07-24 19:42--------d-----w-c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\OpenOffice.org2 2009-07-06 01:18 . 2008-07-27 23:59--------d-----w-c:\program files\Transcode360 2009-07-06 00:38 . 2006-01-02 20:13--------d-----w-c:\program files\Java 2009-07-05 20:42 . 2006-01-02 20:57--------d-----w-c:\program files\Fichiers communs\Symantec Shared 2009-07-05 14:03 . 2008-07-24 22:50--------d-----w-c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Azureus 2009-07-05 12:28 . 2008-12-30 02:14--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2009-07-02 23:30 . 2009-06-01 13:24246128----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll 2009-07-02 23:30 . 2009-06-01 13:2440288----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll 2009-06-17 09:27 . 2008-12-30 02:1438160----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 09:27 . 2008-12-30 02:1419096----a-w-c:\windows\system32\drivers\mbam.sys 2009-06-11 15:37 . 2008-07-26 21:33--------d-----w-c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Free Download Manager 2009-06-09 22:24 . 2006-09-08 21:18--------d-----w-c:\documents and settings\All Users\Application Data\Apple Computer 2009-06-09 22:17 . 2006-01-02 20:41--------d-----w-c:\program files\DivX 2009-06-09 22:16 . 2006-01-02 20:52--------d-----w-c:\program files\Google 2009-06-08 13:07 . 2009-01-24 19:1315688----a-w-c:\windows\system32\lsdelete.exe 2009-06-04 16:53 . 2009-06-04 16:53--------d-----w-c:\program files\Apple Software Update 2009-06-04 16:53 . 2009-06-04 16:53--------d-----w-c:\documents and settings\All Users\Application Data\Apple 2009-06-02 12:16 . 2009-06-02 12:16--------d-----w-c:\program files\HP Wireless Keyboard 2009-05-31 23:04 . 2008-08-04 18:23--------d-----w-c:\program files\Azureus Games 2009-05-31 15:28 . 2009-05-31 15:28--------d-----w-c:\program files\Western Digital 2009-05-26 18:29 . 2008-10-28 11:59265----a-w-c:\windows\system32\qwavecache.dat 2009-05-07 15:33 . 2004-08-10 11:00348672----a-w-c:\windows\system32\localspl.dll 2009-04-29 04:34 . 2004-08-10 11:00670720----a-w-c:\windows\system32\wininet.dll 2009-04-29 04:34 . 2004-08-10 11:0081920----a-w-c:\windows\system32\ieencode.dll 2009-04-25 17:05 . 2009-04-25 17:0564160----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys 2009-04-25 17:05 . 2009-01-24 18:0564160----a-w-c:\windows\system32\drivers\Lbd.sys 2009-04-19 19:50 . 2004-08-10 11:001847296----a-w-c:\windows\system32\win32k.sys 2009-04-18 10:56 . 2005-10-10 11:3964724----a-w-c:\windows\system32\perfc00C.dat 2009-04-18 10:56 . 2005-10-10 11:39446984----a-w-c:\windows\system32\perfh00C.dat 2009-04-15 14:53 . 2004-08-10 11:00585216----a-w-c:\windows\system32\rpcrt4.dll 2006-11-04 10:09 . 2006-11-04 10:09251----a-w-c:\program files\wt3d.ini 2009-05-01 21:02 . 2009-05-01 21:021044480----a-w-c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02200704----a-w-c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-05-01 21:02 . 2009-05-01 21:021044480----a-w-c:\program files\opera\program\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02200704----a-w-c:\program files\opera\program\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-28 7573504] "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856] "EPSON Stylus DX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE" [2005-03-08 98304] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "Transcode360"="c:\program files\Transcode360\Transcode360Tray.exe" [2006-05-02 192512] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-02 520024] "BtcMaestro"="c:\program files\HP Wireless Keyboard\KMaestro.exe" [2005-06-13 278528] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-05 148888] "ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-14 16239616] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-28 1519616] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-2 27136] PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-2 27136] c:\documents and settings\MCX1\Menu D‚marrer\Programmes\D‚marrage\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-2 27136] PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-2 27136] c:\documents and settings\MCX2\Menu D‚marrer\Programmes\D‚marrage\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-2 27136] PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-2 27136] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-2 27136] PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-2 27136] c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Moniteur de ressources Extender.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\AutorunsDisabled MaxiMemo.lnk - c:\program files\MaxiMemo\MaxiMemo.exe [2008-1-19 828928] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-2 27136] PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-2 27136] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05356352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.sys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= "c:\\mIRC\\mirc.exe"= "c:\\Program Files\\Transcode360\\Transcode360Tray.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Ares Ultra\\Ares Ultra.exe"= "c:\\Program Files\\Valve\\Half-Life\\hl.exe"= "d:\\Games\\Unreal Tournament\\System\\UnrealTournament.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3776:UDP"= 3776:UDP:Service de Media Center Extender "3390:TCP"= 3390:TCP:Services Media Center à distance R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [24/01/2009 20:05 64160] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22/09/2008 17:22 114768] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11:01 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11:01 72944] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22/09/2008 17:22 20560] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456] R2 R54G Wireless Service;R54G Wireless Service;c:\program files\Wireless 802.11g Monitor\WLService.exe [15/01/2009 12:21 49152] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [02/01/2006 22:28 2829696] R3 rt2571;Wireless 802.11g USB Adapter Driver;c:\windows\system32\drivers\rt2571.sys [28/02/2007 22:41 79616] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11:01 7408] S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [02/01/2006 22:28 468768] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - GTNDIS5 *Deregistered* - uphcleanhlp [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVEREG_MULTI_SZ QWAVE . Contenu du dossier 'Tâches planifiées' 2009-06-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 23:30] 2009-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-07-05 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-PCDrProfiler - (no file) . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm FF - ProfilePath - c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Mozilla\Firefox\Profiles\5axz8c0l.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-06 03:15 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(992) c:\program files\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'explorer.exe'(3328) c:\windows\system32\nview.dll c:\windows\system32\NVWRSFR.DLL c:\program files\HP Wireless Keyboard\HidKeybd.dll c:\windows\system32\eappprxy.dll c:\windows\system32\nvwddi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Fichiers communs\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\windows\ehome\RMSvc.exe c:\program files\Wireless 802.11g Monitor\WLanCfgG.exe c:\program files\UPHClean\uphclean.exe c:\windows\ehome\McrdSvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\rundll32.exe c:\windows\system\hpsysdrv.exe c:\program files\OpenOffice.org 2.4\program\soffice.exe c:\program files\OpenOffice.org 2.4\program\soffice.bin . ************************************************************************** . Heure de fin: 2009-07-06 3:33 - La machine a redémarré ComboFix-quarantined-files.txt 2009-07-06 01:33 Avant-CF: 91259133952 octets libres Après-CF: 95215472640 octets libres 359--- E O F ---2009-07-06 01:00 Quote from: TMNT on July 05, 2009, 07:36:23 PM Was my computer severely contaminated? Yes and I'm not sure it's all gone yet. Go to Start > Run and type notepad.exe then click OK Copy and paste the below into Notepad and save as fixme.reg to Your Desktop Code: [Select]REGEDIT4 [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry. Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work. Delete the fixme.reg from the Desktop. ---------- * Click START then RUN * Now type Combofix /u in the runbox * Make sure there's a space between Combofix and /u * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the CLOCK settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ---------- Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ---------- Use the Kaspersky Lab Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. If needed, this animation will guide you through the process.Does this mean I should change important passwords just in case? fixme.reg was succesfully added to the registry. Here is the requested log: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Monday, July 6, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Monday, July 06, 2009 03:33:55 Records in database: 2430652 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan statistics: Files scanned: 166837 Threat name: 1 Infected objects: 2 Suspicious objects: 0 Duration of the scan: 02:25:17 File name / Threat name / Threats count C:\mIRC\mirc.exeInfected: not-a-virus:Client-IRC.Win32.mIRC.6031 C:\Program Files\mIRC\mirc.exeInfected: not-a-virus:Client-IRC.Win32.mIRC.6031 The selected area was scanned. Quote Does this mean I should change important passwords just in case? It's always a good idea to do that now and then. You use mIRC so those are false positives. Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. Thank you very much evilfantasy for your valuable help! |
|
| 3852. |
Solve : What do the experts on CH suggest about this?? |
Answer» http://www.microsoft.com/technet/security/advisory/972890.mspx My question is how does one know if they should take any action (corrective or preventative) and if action is taken apart from the removal of the threat what other impact will it have on computer programs? truenorthQuoteWhat do the experts on CH suggest about this? Use Firefox...ActiveX has always been a security mess. BIG part of the reason I originally moved away from IE. If you for some reason need to use IE, apply the WORKAROUND Microsoft have come up with. http://support.microsoft.com/kb/972890For Internet Explorer you can also use SpywareBlaster to block known bad ActiveX. How to use SpywareBlaster to protect your computer from Spyware, Hijackers, and MalwareActiveX is great on the client but the extension to the net was a bit ill-thought out by MS. |
|
| 3853. |
Solve : UIPOPUPHIDDEN? |
|
Answer» FOR INFORMATION : This forum search did not identify subject so I think it useful for ANYONE else searching. When turning off my PC, Windows XP SP3 with Virgin Media PC Guard Total AV Suite, I got a popup box titled 'Uipopuphidden' stating that I would loose all unsaved data if I closed it. This box only appeared when I replaced my AVG 8.0 with PC guard 6 weeks AGO. Also since Saturday 30th May, my optical mouse pointer has been jerking around the screen/freezing. SOLUTION: I telephoned VM this morning and they confirmed that Uipopuphidden is SPYWARE, instructed me to uninstall PC Guard and reinstall it to Fix the problem. I have done so, and now when I turn off the PC everything appears to be OK. My mouse pointer is behaving normally. I have posted here in addition to other PC forums where the problem was STILL unresolved within their postings. Thanks for sharing. I will remember this.Thanks for the warning, if I ever get anything LIKE I will go straight the the malware section Quote from: John A Taylor on June 01, 2009, 06:35:25 AM .........Also since Saturday 30th May, my optical mouse pointer has been jerking around the screen/freezing. Mouse gave up last night, following a restart I got the message " mouse not detected" etc. Took it to local PC repair shop and told it was 'banjacked'. Got a new mouse, working perfectly so unlikely the Uipopuphidden problem had any affect on mouse pointer. The PC shop advisor also said he did not think Uipopuphidden was spy or malware but was a small 'user interface' piece of software which was created by PC Guard. The 'fix' now prevents it showing on PC shutdown. Sorry if I misled anyone but I took the VM Indian call-centre operative's word for it.Ya, it seems to be a problem with the Bell Sympatico Security Manager software as well. I spent most of today on the phone with them. They seemed to be either unaware of it, or in denial. Blaming conflicting programs on my computer or saying I needed a system CLEAN for my problems. |
|
| 3854. |
Solve : My search engines get rerouted. Posted my HJT log? |
|
Answer» Everytime I do a search from google it reroutes me to random sites. Also, when I go to yahoo, it redirects me to m.yahoo.com. |
|
| 3855. |
Solve : CPU running at 100% with no applications open? |
|
Answer» When I start up my Laptop I see the power indicator light flashing, but it doesn't stay lit. go to task manager , proccess , and take a photo of everything thats there so an expert can see it Make sure that you get all of the processes, if you can't fit them all in one image scroll down and take a second. Also make sure that you enable 'Show Processes For All Users'. quantos , when you open task manager it opens at processes , where do you enable " show processes for all " Also make sure that you enable 'Show Processes For All Users'Thanks, Quantos and harry 48; hectic weekend so I didn't get a chance to jump online and work on this... I'll take the screen shot(s) tonight when I get home from work and will post. I've attached the two shots taken with Screencapture. As indicated, I took these shots with 'Show Processes For All Users' enabled. (harry, at the bottom right of the task manager processes screen, you can check a box to 'Show Processes For All Users') I'm not sure if this will be helpful also, but in case it is, I have also attached the last HJT Log I'd saved before this problem started - I haven't compared the two HJT Logs yet as this thought just occurred to me. Thank you in advance for the assistance. [attachment deleted by admin]Hi Dues12, Have you tired SAS and MBAM?Quote from: randysilverio on July 02, 2009, 09:55:25 PM Hi Dues12, Randy, I am not familiar with either program, but can look into downloading and running them today. I'm also starting to move the few files I do have on my hard drive to an external hard drive so I'm ready to do a destructive system restore if need be to fix my problem...but first let me try the PROGRAMS you'd mentioned. Thank you. Forgive my ignorance here, but I'm assuming I cannot run all the virus/etc scans when my computer is started in safe mode, and instead I need to run the virus/etc scans in normal mode (which will take FOREVER...) - is this correct? *Also, I just compared the two HJT Logs I have, I noticed a few inconsistencies, some which can be explained...others though...here are all the inconsistencies found: Processes that were running on 6/25, but not on 6/5: C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ssstars.scr C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE Reg Entries not found on 6/25, but found on 6/5: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 (This was an old entry I had removed) O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" (I'd decided since I wasn't starting up more than a couple of programs now, I no longer needed to run SUD) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Didn't look like I needed this - I don't use excel much - so I removed it) If you already have Malwarebytes be sure to update it before running the scan! Download Malwarebytes' Anti-Malware (MBAM) Alternate MBAM download link
---------- Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop. Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. 1) DDS.txt 2) Attach.txt * Save both logs to your desktop. * Please copy and paste the entire contents of both logs in your next reply. Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copy and pasting it into the reply.Thank you to everyone for your comments and help. I'm pleased to announce my issue has been resolved. After installing, updating, and running a couple Anti-Spyware programs I was able to remove 8 traces of a Trojan Horse - progdav or something like that - and my cpu is now back to running as it should. Thank you!!!! Josh Lack of symptoms doesn't always mean all of the malware is gone. Without posting the logs we can't know if everything was actually removed or not.Quote from: evilfantasy on July 06, 2009, 02:03:53 PM Lack of symptoms doesn't always mean all of the malware is gone. Without posting the logs we can't know if everything was actually removed or not. Good point; thank you, evilfantasy. What logs in specific should I post? I'm pretty sure it was Spysweeper out of the 3 I ran that located the traces and removed them... Let me know and I should be able to post any needed logs tonight after work. Thank you, Josh If you already have Malwarebytes be sure to update it before running the scan! Download Malwarebytes' Anti-Malware (MBAM) Alternate MBAM download link
---------- Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop. Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. 1) DDS.txt 2) Attach.txt * Save both logs to your desktop. * Please copy and paste the entire contents of both logs in your next reply. Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copy and pasting it into the reply. |
|
| 3856. |
Solve : Virus has disabled all my protection programs? |
|
Answer» Click START then RUN
Database version: 2384 Windows 5.1.2600 Service PACK 2 07/07/2009 12:13:56 AM mbam-log-2009-07-07 (00-13-56).txt Scan type: Full Scan (C:\|F:\|L:\|Z:\|) Objects scanned: 248359 Time elapsed: 1 hour(s), 27 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ----- Windows can't find "Combo-Fix". Another way to uninstall?Go to C:\Combo-Fix and delet ethe entire folder. Also delete the Qoobox folder. Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop. Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. 1) DDS.txt 2) Attach.txt * Save both logs to your desktop. * Please copy and paste the entire contents of both logs in your next reply. Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copy and pasting it into the reply. ------- DDS (Ver_09-06-26.01) - NTFSx86 Run by justin at 16:52:04.15 on 07/07/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.311 [GMT -7:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Sprint\Sierra Wireless\Sprint PCS CONNECTION Manager\SPCSUtilityService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Airlink101\AWLH4030\WLService.exe C:\Program Files\Airlink101\AWLH4030\WLanCfgAG.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\Logi_MwX.Exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\hphmon04.exe C:\Program Files\Mediafour\XPlay 3\XPlay.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe C:\Program Files\Launchy\Launchy.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\VirtuaWin\VirtuaWin.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\WINDOWS\system32\hpoipm07.exe C:\Program Files\VirtuaWin\modules\WinList.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\justin\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://my.yahoo.com/index.html BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Mediafour XPlay Explorer notifications: {4907c0ad-874d-44d9-b13e-7b0a4d8b9d3e} - c:\program files\mediafour\xplay 3\XPBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.23.0\gears.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\justin\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey mRun: [RaidTool] c:\program files\via\raid\raid_tool.exe mRun: [VTTimer] VTTimer.exe mRun: [VTTrayp] VTtrayp.exe mRun: [SoundMan] SOUNDMAN.EXE mRun: [Logitech Utility] Logi_MwX.Exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe mRun: [HPHmon04] c:\windows\system32\hphmon04.exe mRun: [{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}] "c:\program files\mediafour\xplay 3\XPlay.exe" mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet g series\bin\hpoavn07.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\virtua~1.lnk - c:\program files\virtuawin\VirtuaWin.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.23.0\gears.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: turbotax.com DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: {A315D4DD-5828-447F-BB9F-2F1F4CFD6E9C} = 68.28.50.91 68.28.58.92 Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\justin\applic~1\mozilla\firefox\profiles\2iky4cir.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|https://mail.google.com/mail/?nsr=0&zx=1x6pno7em8jhx&shva=1#inbox/11d75484357f61b2 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=chrff-brandt_off&type=000123X001US&p= FF - component: c:\documents and settings\justin\application data\mozilla\firefox\profiles\2iky4cir.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\EbayAccessService.dll FF - component: c:\documents and settings\justin\application data\mozilla\firefox\profiles\2iky4cir.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\EbayFormSubmitObserver.dll FF - component: c:\program files\google\google gears\firefox\components\gears.dll FF - plugin: c:\documents and settings\justin\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\justin\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 FF - user.js: browser.tabs.tabMinWidth - 125 ============= SERVICES / DRIVERS =============== R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2008-10-24 293632] R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2009-2-22 136744] R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-1-25 58048] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-1-7 10384] R2 M4iPodWPDService;M4iPodWPDService;c:\program files\common files\mediafour\ipod\M4iPodWPDService.exe [2008-10-6 211456] R2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2004-9-22 221191] R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2004-9-22 28672] R2 Super G Wireless Cardbus Service;Super G Wireless Cardbus Adapter Service;c:\program files\airlink101\awlh4030\WLService.exe [2006-2-19 49152] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-25 24652] R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-1-25 108256] R3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\vnetusbl.sys [2006-3-11 107648] S2 gupdate1c9e5f3fd5fd1fe;Google Update Service (gupdate1c9e5f3fd5fd1fe);c:\program files\google\update\GoogleUpdate.exe [2009-6-5 133104] S2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-1-25 102463] S3 PsSdk30;PsSdk30;\??\c:\windows\system32\drivers\pssdk30.drv --> c:\windows\system32\drivers\PsSdk30.drv [?] S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-2-1 29824] S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-2-1 41344] S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-2-1 39936] S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-2-1 59776] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096] =============== Created Last 30 ================ 2009-07-06 17:37--d-----C:\32788R22FWJFW.0.tmp 2009-07-06 16:12388,608a-------c:\windows\system32\cmd.execf 2009-07-06 14:43a-dshr--C:\cmdcons 2009-07-06 14:42161,792a-------c:\windows\SWREG.exe 2009-07-06 14:42155,136a-------c:\windows\PEV.exe 2009-07-06 14:4298,816a-------c:\windows\sed.exe 2009-07-06 14:41388,608a-------c:\windows\system32\CF21703.exe 2009-07-05 15:42--d-----c:\program files\CCleaner 2009-07-01 16:53--d-----c:\program files\Trend Micro 2009-06-26 15:31--d-----c:\docume~1\justin\applic~1\VirtuaWin 2009-06-26 15:31--d-----c:\program files\VirtuaWin 2009-06-25 22:00--d-----c:\docume~1\justin\applic~1\Launchy 2009-06-25 22:00--d-----c:\program files\Launchy 2009-06-24 14:26--d-----c:\program files\DVD-Cloner Platinum 2009-06-20 00:37--d-----c:\program files\Pod to PC 2009-06-18 22:04--d-----c:\program files\DVDFab 6 2009-06-17 12:11--d-----c:\docume~1\justin\applic~1\GrabIt 2009-06-12 22:20--d-----c:\program files\Western Digital Technologies 2009-06-12 00:24--d-----c:\program files\WBFS 2009-06-09 21:02--d-----c:\program files\AMT 2009-06-09 09:30--d-----c:\program files\iTunes ==================== Find3M ==================== 2009-06-25 21:5447,360a-------c:\docume~1\justin\applic~1\pcouffin.sys 2009-06-17 11:2738,160a-------c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 11:2719,096a-------c:\windows\system32\drivers\mbam.sys 2009-06-05 11:422,060,288a-------c:\windows\system32\usbaaplrc.dll 2009-06-05 11:4239,424a-------c:\windows\system32\drivers\usbaapl.sys 2009-06-01 01:31359,808a-------c:\windows\system32\drivers\TCPIP.SYS 2009-05-28 22:0347,360a-------c:\windows\system32\drivers\pcouffin.sys 2009-05-21 15:12359,808a-------c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2007-07-30 16:3332,968ac------c:\docume~1\justin\applic~1\GDIPFONTCACHEV1.DAT 2006-05-03 22:20454a-------c:\program files\Shortcut to games.lnk 2006-02-19 17:371,117,491ac------c:\program files\DVD_Shrink_v3[1].2_Install.exe ============= FINISH: 16:53:11.75 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-06-26.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install DATE: 10/19/2005 4:44:32 AM System Uptime: 07/07/2009 4:38:31 PM (0 hours ago) Motherboard: ECS | | P4M800-M7 Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | CPU 1 | 2659/133mhz ==== Disk Partitions ========================= ==== Installed Programs ====================== µTorrent Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader 8.1.1 Adobe Reader 9.1 Adobe Setup Adobe Shockwave Player Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Airlink101 SuperG Wireless Adapter AnswerWorks 4.0 Runtime - English Apple Mobile Device Support Apple Software Update Audacity 1.2.6 Bonjour C-Media WDM Audio Driver CCleaner (remove only) CDDRV_Installer CloneDVD2 DVD Decrypter (Remove Only) DVD Shrink 3.2 DVDFab 6.0.1.0 (May 15, 2009) Google Gears Google Talk Plugin Google Update Helper HandBrake 0.9.3 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Windows XP (KB926239) hp officejet g series ImagXpress Instant Wireless USB Adapter iTunes Java Adapter for Mobile Java(TM) 6 Update 13 Java(TM) 6 Update 5 Java(TM) 6 Update 7 KhalInstallWrapper Launchy 2.1.2 LG PC Suite II LG USB Modem driver Logitech iTouch Software Logitech MouseWare 9.79 Logitech Resource Center Logitech SetPoint Machinist2DLL Macromedia Flash Player 8 Malwarebytes' Anti-Malware McAfee VirusScan Enterprise Merriam-Webster Metafile Companion Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.7 Microsoft Visual C++ 2005 Redistributable Microsoft XML Parser Mozilla Firefox (3.0.11) MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) MSXML4 Parser Musicnotes Player V1.23.0 Nero 8 Ultra Edition HD neroxml overland PAC7302 PANTECH UM175 Driver PartitionMagic PartyPokerNet PDF Settings Photosmart 130,230,7150,7345,7350,7550 (Remove only) Platform Pod to PC 2.6 PowerDVD PowerISO PowerQuest PartitionMagic 8.0 QuickTime Real Alternative 1.9.0 Realtek AC'97 Audio Revo Uninstaller 1.80 Rosetta Stone 2.1.5.1A Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Sibelius Scorch (Firefox, Opera, Netscape only) Sprint Mobile Broadband (Sierra) Spybot - Search & Destroy SUPERAntiSpyware Free Edition Sure Cuts A Lot 1.016 TI Connect 1.6 Total Video Converter 3.10 TotalAudioConverter TuneUp Utilities 2008 Ultra Video Converter 4.4.0329 Universal Media Player Unlocker 1.8.7 Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB936357) Update for Windows XP (KB938828) VCRedistSetup VIA Platform Device Manager VIA Rhine-Family Fast Ethernet Adapter VIA/S3G Display Driver Viewpoint Manager (Remove Only) Viewpoint Media Player VirtuaWin v4.0.1 VZAccess Manager WBFS Manager 3.0 WD Diagnostics WebFldrs XP Windows Genuine Advantage v1.3.0254.0 Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin Windows Rights Management Client Backwards Compatibility SP2 Windows Rights Management Client with Service Pack 2 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Service Pack 2 WinRAR archiver XML Paper Specification Shared Components Pack 1.0 XPlay 3 ==== End Of File =========================== Go to Add or Remove Programs and uninstall:
---------- Download OTM by OldTimer to your desktop. Note: If you are running on Vista, right-click on OTM.exe and choose Run As Administrator. * Save it to your Desktop. * Double-click OTM.exe to run it. * Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy) Code: [Select]:Processes explorer.exe :services Viewpoint Manager Service :reg :files C:\Program Files\Viewpoint C:\32788R22FWJFW.0.tmp c:\windows\system32\cmd.execf C:\cmdcons c:\windows\SWREG.exe c:\windows\PEV.exe c:\windows\sed.exe c:\windows\system32\CF21703.exe :Commands [purity] [emptytemp] [start explorer] [Reboot] * Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. * Click the red Moveit! button. * Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTM Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway. ---------- Use the ESET Online Antivirus Scanner This scanner requires Internet Explorer 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== SERVICES/DRIVERS ========== Service\Driver Viewpoint Manager Service not found. Service\Driver Viewpoint Manager Service not found. ========== REGISTRY ========== ========== FILES ========== C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\VMgr_Win moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\AxMetaStream_Win moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player\Components moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player moved successfully. C:\Program Files\Viewpoint moved successfully. C:\32788R22FWJFW.0.tmp moved successfully. c:\windows\system32\cmd.execf moved successfully. Folder move failed. C:\cmdcons\SYSTEM32 scheduled to be moved on reboot. Folder move failed. C:\cmdcons scheduled to be moved on reboot. c:\windows\SWREG.exe moved successfully. c:\windows\PEV.exe moved successfully. c:\windows\sed.exe moved successfully. c:\windows\system32\CF21703.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->TEMP folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: Application Data User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 39940 bytes User: justin ->Temp folder emptied: 64185532 bytes ->Temporary Internet Files folder emptied: 2420411 bytes ->Java cache emptied: 5035 bytes ->FireFox cache emptied: 617298332 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 49286 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 482310 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 2775569 bytes File delete failed. C:\WINDOWS\temp\WFV3.tmp scheduled to be deleted on reboot. Windows Temp folder emptied: 52650027 bytes RecycleBin emptied: 25711730 bytes Total Files Cleaned = 730.15 mb OTM by OldTimer - Version 3.0.0.4 log created on 07072009_174324 Files moved on Reboot... C:\cmdcons\SYSTEM32 moved successfully. Folder move failed. C:\cmdcons scheduled to be moved on reboot. File C:\WINDOWS\temp\WFV3.tmp not found! Registry entries deleted on Reboot... [emailprotected] as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) # OnlineScanner.ocx=1.0.0.5886 # api_version=3.0.2 # EOSSerial=095d76691df05a4498bd7a723464f1fc # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-07-08 08:56:23 # local_time=2009-07-08 01:56:23 (-0700, US Mountain Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # scanned=141587 # found=6 # cleaned=6 # scan_time=26750 C:\Documents and Settings\justin\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAVCD_RETAIL\20070826\CDStart.exea variant of Win32/Injector.FN trojan (deleted - quarantined)00000000000000000000000000000000C C:\Documents and Settings\justin\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAVCD_RETAIL\20070826\Setup.exea variant of Win32/Injector.FN trojan (deleted - quarantined)00000000000000000000000000000000C C:\Documents and Settings\justin\Desktop\16gb\Nero 8.3.2.1 Ultra Edition HD -Eng-\Nero-8.3.2.1_eng.exeWin32/Toolbar.AskSBar application (deleted - quarantined)00000000000000000000000000000000C C:\Program Files\BitLord\Downloads\FruityLoops Studio.rarprobably a variant of Win32/Delf trojan (deleted - quarantined)00000000000000000000000000000000C C:\Program Files\BitLord\Downloads\Nero 8.3.2.1 Ultra Edition HD -Eng-\Nero-8.3.2.1_eng.exeWin32/Toolbar.AskSBar application (deleted - quarantined)00000000000000000000000000000000C C:\Program Files\BitLord\Downloads\Rosetta\Rosetta Application.isoWin32/HackTool.Patcher.A application (deleted - quarantined)00000000000000000000000000000000C 1. Double click OTM to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTM will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. When finished exit out of OTM. ---------- How is the computer running now?My computer is free from all known symptoms! Thank you, thank you, a million times thank you. Ironically, your name doesn't suit the good that you have done and are doing, nevertheless please continue to help those of us who need it. Any recommendations to keep my computer protected and up to par?Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also STOP certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 3857. |
Solve : Problem with USB sticks after infection? |
|
Answer» Hello, |
|
| 3858. |
Solve : Still infected?? |
|
Answer» So I ran Kaspersky and deleted some trojans that came up. Then ran the other steps in order including Super Anti-spyware and Malwarebytes and Hijack this. Internet Explorer is still infected or hijacked or whatever because google search results pull up BS sites and not what I am looking for. Also many of my programs all of a sudden can't find the liscence installed or won't open up at all. I am wondering if a virus or trojan has done irreversable damage to my computer? Anyways here are the specs and logs: Trojan.Agent/Gen This is from Koobface, better known as the Faceboof trojan. Be careful what you click on from facebook. --- Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop DO NOT run it yet! Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: DDS:: mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe, mRun: [<NO NAME>] IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze By the way thank you so much for doing this!!! People like you give me hope for our species. ComboFix 09-07-07.A2 - Bingo 07/07/2009 21:08.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.3100 [GMT -7:00] Running from: c:\documents and settings\Bingo\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bingo\Desktop\CFScript.txt AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk c:\documents and settings\Bingo\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk c:\documents and settings\Bingo\Application Data\wiaserva.log c:\documents and settings\Bingo\nah_thfe.exe c:\program files\messenger\msmsgs.exe c:\recycler\S-1-5-21-1844237615-527237240-1801674531-1003 c:\windows\system32\wbem\proquota.exe c:\windows\system32\proquota.exe was missing Restored copy from - c:\system volume information\_restore{9E1D7E7C-893B-4E75-AF62-DF487307B03E}\RP91\A0019641.exe . ((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 ))))))))))))))))))))))))))))))) . 2009-07-04 21:09 . 2009-07-04 21:09--------d-----w-c:\program files\Trend Micro 2009-07-02 20:23 . 2009-07-02 20:23--------d-----w-c:\documents and settings\Bingo\Application Data\Malwarebytes 2009-07-02 20:06 . 2009-07-02 20:06664----a-w-c:\windows\system32\d3d9caps.dat 2009-06-30 08:53 . 2009-07-08 02:26117760----a-w-c:\documents and settings\Bingo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-30 08:53 . 2009-06-30 08:53--------d-----w-c:\documents and settings\Bingo\Application Data\SUPERAntiSpyware.com 2009-06-29 11:45 . 2008-04-14 12:0057398-c--a-w-c:\windows\system32\dllcache\imjpdadm.exe 2009-06-29 10:20 . 2009-06-23 20:5257344----a-w-c:\documents and settings\Bingo\Application Data\Mozilla\Firefox\Profiles\xuba6wew.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll 2009-06-28 10:54 . 2009-06-28 10:54--------d-----w-c:\program files\Replay Media Splitter 2009-06-28 10:53 . 2009-06-28 10:53--------d-----w-c:\program files\YouSendIt 2009-06-28 10:52 . 2009-06-28 10:52--------d-----w-c:\program files\WinPcap 2009-06-28 10:51 . 2009-06-28 10:51--------d-----w-c:\windows\Replay Converter 3 2009-06-28 10:51 . 2009-06-28 10:53--------d-----w-c:\program files\Replay Converter 3 2009-06-28 10:51 . 2009-06-28 10:54737280----a-w-c:\windows\iun6002.exe 2009-06-28 10:50 . 2009-06-28 10:51--------d-----w-c:\program files\Replay AV 8 2009-06-28 10:49 . 2009-06-28 10:49--------d-----w-c:\program files\Replay Music 3 2009-06-28 10:49 . 2009-06-28 10:49--------d-----w-c:\windows\Replay Music 2009-06-28 10:48 . 2009-07-03 21:24--------d-----w-c:\program files\Replay Video Capture 2009-06-28 10:48 . 2009-06-28 10:48--------d-----w-c:\windows\Replay Video Capture 2009-06-28 10:22 . 2009-06-28 10:22--------d-----w-c:\program files\mp4UI 2009-06-28 10:09 . 2009-06-28 10:09--------d-----w-c:\documents and settings\Bingo\Application Data\Ahead 2009-06-28 08:25 . 2009-06-28 10:48237568----a-w-c:\windows\system32\rmc_rtspdl.dll 2009-06-28 08:25 . 2009-06-28 10:48156672----a-w-c:\windows\system32\rmc_fixasf.exe 2009-06-28 08:24 . 2009-06-28 10:47323584----a-w-c:\windows\system32\AUDIOGENIE2.DLL 2009-06-28 08:24 . 2009-06-28 10:48--------d-----w-c:\program files\Replay Media Catcher 2009-06-28 08:24 . 2009-06-28 08:24--------d-----w-c:\windows\Replay Media Catcher 2009-06-28 05:46 . 2009-06-28 05:46--------d-----w-c:\documents and settings\Bingo\Application Data\Red Kawa 2009-06-27 22:42 . 2009-06-27 22:42--------d-sh--w-c:\documents and settings\Bingo\IECompatCache 2009-06-27 06:43 . 2009-07-01 19:31--------d-----w-c:\documents and settings\Bingo\Application Data\Apple Computer 2009-06-27 05:51 . 2009-06-29 12:2729208----a-w-c:\documents and settings\Bingo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-26 22:04 . 2009-07-06 23:12--------d-----w-c:\documents and settings\Bingo\Application Data\uTorrent 2009-06-26 22:01 . 2009-06-26 22:01--------d-----w-c:\documents and settings\Bingo\Application Data\vlc 2009-06-26 21:46 . 2009-06-26 21:46--------d-----w-c:\documents and settings\Bingo\Local Settings\Application Data\Mozilla 2009-06-26 21:45 . 2009-06-26 21:45--------d-sh--w-c:\documents and settings\Bingo\PrivacIE 2009-06-26 19:35 . 2006-11-30 08:54610816----a-r-c:\windows\system32\drivers\BCMWL5.SYS 2009-06-26 17:00 . 2009-06-23 20:5257344----a-w-c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c3zi4u2k.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll 2009-06-20 20:16 . 2009-06-20 20:16--------d-sh--w-c:\windows\system32\config\systemprofile\IETldCache 2009-06-20 20:07 . 2009-06-20 20:07--------d-----w-c:\program files\TRENDnet 2009-06-20 10:34 . 2009-06-26 19:38--------d-----w-c:\documents and settings\Administrator\Application Data\uTorrent 2009-06-18 05:01 . 2009-06-18 05:01--------d-----w-c:\documents and settings\Administrator\Application Data\InstallShield Installation Information 2009-06-18 05:01 . 2009-06-18 04:50331776----a-w-c:\documents and settings\Administrator\Application Data\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe 2009-06-18 05:01 . 2007-10-24 11:474147031----a-w-c:\documents and settings\Administrator\Application Data\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\ISSetup.dll 2009-06-18 04:50 . 2009-06-18 04:50--------d-----w-c:\program files\Unreal Tournament 3 2009-06-18 04:50 . 2007-07-20 01:14444776----a-w-c:\windows\system32\d3dx10_35.dll 2009-06-18 04:50 . 2007-07-20 01:141358192----a-w-c:\windows\system32\D3DCompiler_35.dll 2009-06-18 04:50 . 2007-07-20 01:143727720----a-w-c:\windows\system32\d3dx9_35.dll 2009-06-18 04:50 . 2007-05-16 23:45443752----a-w-c:\windows\system32\d3dx10_34.dll 2009-06-18 04:50 . 2007-05-16 23:451124720----a-w-c:\windows\system32\D3DCompiler_34.dll 2009-06-18 04:50 . 2007-03-15 23:57443752----a-w-c:\windows\system32\d3dx10_33.dll 2009-06-18 04:50 . 2007-03-12 23:421123696----a-w-c:\windows\system32\D3DCompiler_33.dll 2009-06-18 04:50 . 2007-03-12 23:423495784----a-w-c:\windows\system32\d3dx9_33.dll 2009-06-18 04:50 . 2009-06-18 04:50--------d-----w-c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP 2009-06-15 23:16 . 2009-06-15 23:16--------d-sh--w-c:\documents and settings\LocalService\IETldCache 2009-06-14 20:42 . 2009-06-14 20:42--------d-----w-c:\documents and settings\All Users\Application Data\Adobe Systems 2009-06-14 20:41 . 2009-06-14 20:41--------d-----w-c:\program files\Common Files\Adobe Systems Shared 2009-06-14 20:41 . 2009-06-14 20:41282176----a-w-c:\windows\system32\ae700main.dat 2009-06-11 03:00 . 2009-04-30 21:2212800-c----w-c:\windows\system32\dllcache\xpshims.dll 2009-06-11 03:00 . 2009-04-30 21:22246272-c----w-c:\windows\system32\dllcache\ieproxy.dll 2009-06-09 23:04 . 2009-06-09 23:04152576----a-w-c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-09 07:45 . 2009-06-09 07:45--------d--h--r-c:\documents and settings\Administrator\Application Data\SecuROM 2009-06-09 07:45 . 2009-06-09 07:45107888----a-w-c:\windows\system32\CmdLineExt.dll 2009-06-09 07:37 . 2009-06-09 07:37--------d-----w-c:\windows\1C4551A64743409391E41477CD655043.TMP 2009-06-09 06:17 . 2007-04-05 01:5381768----a-w-c:\windows\system32\xinput1_3.dll 2009-06-09 06:17 . 2006-09-28 23:05237848----a-w-c:\windows\system32\xactengine2_4.dll 2009-06-09 06:17 . 2006-09-28 23:052414360----a-w-c:\windows\system32\d3dx9_31.dll 2009-06-09 06:17 . 2006-09-28 23:0315128----a-w-c:\windows\system32\x3daudio1_1.dll 2009-06-09 06:17 . 2006-07-28 16:30236824----a-w-c:\windows\system32\xactengine2_3.dll 2009-06-09 06:17 . 2006-07-28 16:3062744----a-w-c:\windows\system32\xinput1_2.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-08 04:12 . 2009-04-12 08:42884768--sha-w-c:\windows\system32\drivers\fidbox2.dat 2009-07-08 04:12 . 2009-04-12 08:425152--sha-w-c:\windows\system32\drivers\fidbox2.idx 2009-07-08 04:12 . 2009-04-12 08:42--------d-----w-c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-07-08 04:10 . 2009-04-12 08:4215081504--sha-w-c:\windows\system32\drivers\fidbox.dat 2009-07-08 04:10 . 2009-04-12 08:42121000--sha-w-c:\windows\system32\drivers\fidbox.idx 2009-06-26 21:33 . 2009-06-26 21:33--------d-----w-c:\documents and settings\Bingo\Application Data\WTablet 2009-06-26 21:33 . 2009-05-13 13:02--------d-----w-c:\documents and settings\LocalService\Application Data\WTablet 2009-06-26 19:38 . 2009-04-23 09:37--------d-----w-c:\documents and settings\Administrator\Application Data\WTablet 2009-06-26 19:35 . 2009-04-22 23:14117760----a-w-c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-21 08:27 . 2009-04-22 23:12--------d-----w-c:\program files\SUPERAntiSpyware 2009-06-20 20:14 . 2009-05-13 05:52--------d-----w-c:\program files\REALTEK 2009-06-20 20:10 . 2009-04-11 21:08--------d--h--w-c:\program files\InstallShield Installation Information 2009-06-18 04:50 . 2009-04-11 21:38--------d-----w-c:\program files\Common Files\Wise Installation Wizard 2009-06-15 12:32 . 2009-04-15 08:08--------d-----w-c:\documents and settings\All Users\Application Data\FLEXnet 2009-06-14 20:41 . 2009-04-15 07:22--------d-----w-c:\program files\Common Files\Adobe 2009-06-09 23:05 . 2009-04-22 23:15--------d-----w-c:\program files\Java 2009-06-09 08:02 . 2009-06-09 06:16--------d-----w-c:\program files\Common Files\BioWare 2009-06-09 07:30 . 2009-04-17 00:33--------d-----w-c:\program files\SystemRequirementsLab 2009-06-09 06:17 . 2009-06-09 06:02--------d-----w-c:\program files\Mass Effect 2009-06-05 20:19 . 2009-06-05 20:19--------d-----w-c:\program files\iTunes 2009-06-05 20:19 . 2009-06-05 20:19--------d-----w-c:\program files\iPod 2009-06-05 20:19 . 2009-04-13 08:41--------d-----w-c:\program files\Common Files\Apple 2009-06-05 20:18 . 2009-04-13 08:42--------d-----w-c:\program files\QuickTime 2009-06-05 20:17 . 2009-04-13 08:42--------d-----w-c:\documents and settings\All Users\Application Data\Apple Computer 2009-06-05 20:14 . 2009-06-05 20:1475048----a-w-c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-06-05 10:54 . 2009-06-05 08:03--------d---a-w-c:\documents and settings\All Users\Application Data\TEMP 2009-06-05 08:11 . 2009-06-05 08:03--------d-----w-c:\program files\AoA Audio Extractor 2009-06-05 07:38 . 2009-06-05 07:38--------d-----w-c:\program files\Audacity 2009-06-03 22:33 . 2009-06-03 22:33--------d-----w-c:\program files\DVD Decrypter 2009-06-03 22:30 . 2009-06-03 22:30--------d-----w-c:\program files\DVD Wizard Pro 2009-05-28 21:37 . 2009-05-28 21:37--------d-----w-c:\program files\Microsoft Silverlight 2009-05-21 18:33 . 2009-04-22 23:15410984----a-w-c:\windows\system32\deploytk.dll 2009-05-20 19:56 . 2009-04-12 08:4394643----a-w-c:\windows\system32\drivers\klick.dat 2009-05-20 19:56 . 2009-04-12 08:43105395----a-w-c:\windows\system32\drivers\klin.dat 2009-05-13 07:43 . 2009-04-11 21:4821856----a-w-c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-13 05:52 . 2009-05-13 05:52--------d-----w-c:\documents and settings\Administrator\Application Data\InstallShield 2009-05-13 05:15 . 2008-04-14 12:00915456----a-w-c:\windows\system32\wininet.dll 2009-05-12 21:00 . 2009-05-12 21:00--------d-----w-c:\program files\OLYMPUS 2009-05-12 21:00 . 2009-05-12 21:00--------d-----w-c:\program files\MSXML 4.0 2009-05-07 15:32 . 2008-04-14 12:00345600----a-w-c:\windows\system32\localspl.dll 2009-05-01 07:31 . 2009-05-01 07:311657376----a-w-c:\windows\system32\nwiz.exe 2009-05-01 07:31 . 2009-05-01 07:31449056----a-w-c:\windows\system32\nvappbar.exe 2009-05-01 07:31 . 2009-05-01 07:31436768----a-w-c:\windows\system32\keystone.exe 2009-05-01 07:31 . 2009-05-01 07:31466944----a-w-c:\windows\system32\nvshell.dll 2009-05-01 07:31 . 2009-05-01 07:311724416----a-w-c:\windows\system32\nvwdmcpl.dll 2009-05-01 07:31 . 2009-05-01 07:311507328----a-w-c:\windows\system32\nview.dll 2009-05-01 07:31 . 2009-05-01 07:311101824----a-w-c:\windows\system32\nvwimg.dll 2009-05-01 05:02 . 2009-05-01 05:021579630----a-w-c:\windows\system32\nvdata.bin 2009-05-01 05:02 . 2009-05-01 05:021314816----a-w-c:\windows\system32\nvcuvenc.dll 2009-05-01 05:02 . 2009-04-11 21:37457248----a-w-c:\windows\system32\nvudisp.exe 2009-05-01 05:02 . 2009-03-27 17:03663552----a-w-c:\windows\system32\nvcuvid.dll 2009-05-01 05:02 . 2008-11-12 06:549994240----a-w-c:\windows\system32\nvoglnt.dll 2009-05-01 05:02 . 2008-11-12 06:54806912----a-w-c:\windows\system32\nvapi.dll 2009-05-01 05:02 . 2008-11-12 06:548055584----a-w-c:\windows\system32\drivers\nv4_mini.sys 2009-05-01 05:02 . 2008-11-12 06:545896320----a-w-c:\windows\system32\nv4_disp.dll 2009-05-01 05:02 . 2008-11-12 06:541720320----a-w-c:\windows\system32\nvcuda.dll 2009-05-01 05:02 . 2008-11-12 06:54143360----a-w-c:\windows\system32\nvcodins.dll 2009-05-01 05:02 . 2008-11-12 06:54143360----a-w-c:\windows\system32\nvcod.dll 2009-05-01 00:53 . 2009-05-01 00:5362865----a-w-c:\windows\system32\drivers\odysseyIM3.sys 2009-04-27 07:42 . 2009-04-11 21:37457248----a-w-c:\windows\system32\NVUNINST.EXE 2009-04-24 21:45 . 2009-04-24 21:458854----a-r-c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6084D038-3401-4C9D-A216-86E6EEA25AFB}\UNINST_Uninstall_Z_9FB06B5081B842C4B398D85CD33F7F86.exe 2009-04-24 21:45 . 2009-04-24 21:4469632----a-r-c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6084D038-3401-4C9D-A216-86E6EEA25AFB}\ZBrush3.exe1_6084D03834014C9DA21686E6EEA25AFB.exe 2009-04-24 21:45 . 2009-04-24 21:4469632----a-r-c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6084D038-3401-4C9D-A216-86E6EEA25AFB}\ZBrush3.exe_6084D03834014C9DA21686E6EEA25AFB.exe 2009-04-24 21:45 . 2009-04-24 21:4410134----a-r-c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6084D038-3401-4C9D-A216-86E6EEA25AFB}\ARPPRODUCTICON.exe 2009-04-24 21:44 . 2009-04-24 21:448854----a-r-c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6084D038-3401-4C9D-A216-86E6EEA25AFB}\UNINST_Uninstall_Z_6084D03834014C9DA21686E6EEA25AFB.exe 2009-04-22 23:15 . 2009-04-22 23:15152576----a-w-c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-21 10:40 . 2009-05-01 00:312653088-c--a-w-c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe 2009-04-17 12:26 . 2008-04-14 12:001847168----a-w-c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2008-04-14 12:00585216----a-w-c:\windows\system32\rpcrt4.dll 2009-04-12 09:21 . 2009-04-12 09:210----a-w-c:\windows\nsreg.dat 2009-04-12 09:04 . 2008-01-30 01:2933808----a-w-c:\windows\system32\drivers\klbg.sys 2009-04-12 09:04 . 2009-04-12 09:0444808----a-w-c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\fssync.dll 2009-04-12 09:03 . 2009-04-12 09:03206088----a-w-c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\avp.exe 2009-04-12 09:03 . 2009-04-12 09:0333808----a-w-c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\klbg.sys 2009-04-12 09:03 . 2009-04-12 09:03213520----a-w-c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\XP\klif.sys 2009-04-12 09:01 . 2009-04-12 09:018----a-w-c:\windows\system32\nvModes.dat 2009-04-11 20:02 . 2009-04-11 19:4286327----a-w-c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-04-11 19:40 . 2009-04-11 19:4021640----a-w-c:\windows\system32\emptyregdb.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty ENTRIES & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-12 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-12 68592] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-04-12 206088] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152] "EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-4-15 295606] Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 19:05356352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Autodesk\\Maya2009\\bin\\maya.exe"= "c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"= "c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"= "c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 2:07 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 72944] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [4/23/2009 2:36 AM 1373480] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 6:06 PM 24592] R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [4/11/2009 2:09 PM 36864] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [4/11/2009 2:07 PM 222976] S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 10:31 AM 42000] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 7408] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1<mpl=default<mplcache=2 uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:[emailprotected] IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab FF - ProfilePath - c:\documents and settings\Bingo\Application Data\Mozilla\Firefox\Profiles\xuba6wew.default\ FF - component: c:\documents and settings\Bingo\Application Data\Mozilla\Firefox\Profiles\xuba6wew.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-07 21:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(568) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(1096) c:\windows\system32\WININET.dll c:\program files\Google\Quick Search Box\bin\1.2.1137.3514\qsb.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\rundll32.exe c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\WTablet\Wacom_TabletUser.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-07-08 21:15 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-08 04:15 Pre-Run: 176,964,202,496 bytes free Post-Run: 183,685,054,464 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 302--- E O F ---2009-06-11 10:36 Quote from: deebingo on July 07, 2009, 10:17:50 PM By the way thank you so much for doing this!!! People like you give me hope for our species. Your welcome. It looks like everything is gone now. How is the computer running now? * Click START then RUN * Now type Combofix /u in the runbox * Make sure there's a space between Combofix and /u * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ---------- Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.Everything seems to be ok now! Thank you so much! Going to get an internet security suite today to help prevent this from happening again. Sounds good. Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 3859. |
Solve : eBay "Phishing Scam" ... anyone seen this?? |
|
Answer» Quote from: evilfantasy on July 10, 2009, 10:58:52 AM I would also recommend that you Defrag the computer. Actually, I would recommend using IObit's Smart Defrag. Just install, ANALYSE your drive, select Deep Optimize and then start the defrag. http://www.iobit.com/iobitsmartdefrag.htmlIObit is more RAM intensive than Defraggler. The computer is already slow. No need adding to the burden with a "heavier" process.Ran the disc defragmenter .... tried eBay, still asking me for my information. Also, still no sound either. Sounds like this thing is f***d What's funny is that its a SINGLE program somwhere, I tried eBay and Paypal and get the EXACT message and window when I log on, even if I enter the wrong username and/or password it directs me to that screen that says: "We have noticed an increasing fraudulent activity recently. In order to provide your security and protect you from FRAUDSTERS we have introduced a new system of identification that will help us to avoid any kind of fraud or unauthorised access. Please enter as more information as possible to provide your complete identification and to activate all the features of the new system" Any other suggestions?Download GMER and save it to your desktop
GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-07-12 12:40:43 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ZwOpenFile [0xBAAE3080] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\iPod\bin\iPodService.exe[476] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00BA2B80 .text C:\Program Files\iPod\bin\iPodService.exe[476] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00BA2B3D .text C:\Program Files\iPod\bin\iPodService.exe[476] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00BA2B01 .text C:\Program Files\iPod\bin\iPodService.exe[476] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BA2AE6 .text C:\Program Files\iPod\bin\iPodService.exe[476] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BA2972 .text C:\Program Files\iPod\bin\iPodService.exe[476] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BA2A64 .text C:\Program Files\iPod\bin\iPodService.exe[476] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BA29AA .text C:\Program Files\iPod\bin\iPodService.exe[476] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BA29E2 .text C:\WINDOWS\system32\wuauclt.exe[1240] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00EC2B80 .text C:\WINDOWS\system32\wuauclt.exe[1240] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00EC2B3D .text C:\WINDOWS\system32\wuauclt.exe[1240] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00EC2B01 .text C:\WINDOWS\system32\wuauclt.exe[1240] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EC2AE6 .text C:\WINDOWS\system32\wuauclt.exe[1240] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EC2972 .text C:\WINDOWS\system32\wuauclt.exe[1240] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00EC2A64 .text C:\WINDOWS\system32\wuauclt.exe[1240] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00EC29AA .text C:\WINDOWS\system32\wuauclt.exe[1240] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00EC29E2 .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[1336] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 012E2B80 .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[1336] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 012E2B3D .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[1336] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 012E2B01 .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[1336] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 012E2AE6 .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[1336] WS2_32.dll!send 71AB4C27 5 Bytes JMP 012E2972 .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[1336] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 012E2A64 .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[1336] WS2_32.dll!recv 71AB676F 5 Bytes JMP 012E29AA .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[1336] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 012E29E2 .text C:\WINDOWS\System32\alg.exe[1628] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00AE2B80 .text C:\WINDOWS\System32\alg.exe[1628] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00AE2B3D .text C:\WINDOWS\System32\alg.exe[1628] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00AE2B01 .text C:\WINDOWS\System32\alg.exe[1628] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00AE2AE6 .text C:\WINDOWS\System32\alg.exe[1628] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00AE2972 .text C:\WINDOWS\System32\alg.exe[1628] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00AE2A64 .text C:\WINDOWS\System32\alg.exe[1628] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00AE29AA .text C:\WINDOWS\System32\alg.exe[1628] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00AE29E2 .text C:\Program Files\Azureus\Azureus.exe[1668] ADVAPI32.DLL!CryptDestroyKey 77DE9EBC 7 Bytes JMP 03C02B80 .text C:\Program Files\Azureus\Azureus.exe[1668] ADVAPI32.DLL!CryptDecrypt 77DEA129 7 Bytes JMP 03C02B3D .text C:\Program Files\Azureus\Azureus.exe[1668] ADVAPI32.DLL!CryptEncrypt 77DEE360 7 Bytes JMP 03C02B01 .text C:\Program Files\Azureus\Azureus.exe[1668] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 03C02AE6 .text C:\Program Files\Azureus\Azureus.exe[1668] WS2_32.dll!send 71AB4C27 5 Bytes JMP 03C02972 .text C:\Program Files\Azureus\Azureus.exe[1668] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 03C02A64 .text C:\Program Files\Azureus\Azureus.exe[1668] WS2_32.dll!recv 71AB676F 5 Bytes JMP 03C029AA .text C:\Program Files\Azureus\Azureus.exe[1668] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 03C029E2 .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1820] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00702AE6 .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1820] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00702972 .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1820] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00702A64 .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1820] WS2_32.dll!recv 71AB676F 5 Bytes JMP 007029AA .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1820] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 007029E2 .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1820] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00702B80 .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1820] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00702B3D .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1820] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00702B01 .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[1884] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 01B42B80 .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[1884] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 01B42B3D .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[1884] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 01B42B01 .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[1884] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01B42AE6 .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[1884] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01B42972 .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[1884] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01B42A64 .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[1884] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01B429AA .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[1884] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01B429E2 .text C:\Program Files\Common Files\Motive\McciCMService.exe[2028] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00E02B80 .text C:\Program Files\Common Files\Motive\McciCMService.exe[2028] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00E02B3D .text C:\Program Files\Common Files\Motive\McciCMService.exe[2028] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00E02B01 .text C:\Program Files\Common Files\Motive\McciCMService.exe[2028] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E02AE6 .text C:\Program Files\Common Files\Motive\McciCMService.exe[2028] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E02972 .text C:\Program Files\Common Files\Motive\McciCMService.exe[2028] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E02A64 .text C:\Program Files\Common Files\Motive\McciCMService.exe[2028] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E029AA .text C:\Program Files\Common Files\Motive\McciCMService.exe[2028] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E029E2 .text C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe[2364] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 014B2B80 .text C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe[2364] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 014B2B3D .text C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe[2364] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 014B2B01 .text C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe[2364] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 014B2AE6 .text C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe[2364] WS2_32.dll!send 71AB4C27 5 Bytes JMP 014B2972 .text C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe[2364] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 014B2A64 .text C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe[2364] WS2_32.dll!recv 71AB676F 5 Bytes JMP 014B29AA .text C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe[2364] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 014B29E2 .text C:\Program Files\Internet Explorer\iexplore.exe[2488] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 02302B80 .text C:\Program Files\Internet Explorer\iexplore.exe[2488] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 02302B3D .text C:\Program Files\Internet Explorer\iexplore.exe[2488] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 02302B01 .text C:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DC8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2488] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2488] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 02303088 .text C:\Program Files\Internet Explorer\iexplore.exe[2488] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 023030DD .text C:\Program Files\Internet Explorer\iexplore.exe[2488] WININET.dll!HttpOpenRequestA 3D94D5E8 5 Bytes JMP 02302DD5 .text C:\Program Files\Internet Explorer\iexplore.exe[2488] WININET.dll!InternetConnectA 3D94DF8E 5 Bytes JMP 02302B9B .text C:\Program Files\Internet Explorer\iexplore.exe[2488] WININET.dll!HttpSendRequestW 3D94FB9E 5 Bytes JMP 02303A57 .text C:\Program Files\Internet Explorer\iexplore.exe[2488] WININET.dll!HttpSendRequestA 3D95EEB9 5 Bytes JMP 02302F41 .text C:\Program Files\Internet Explorer\iexplore.exe[2488] CRYPT32.dll!CertGetCertificateChain 77A92F67 5 Bytes JMP 023035D4 .text C:\Program Files\Internet Explorer\iexplore.exe[2488] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 5 Bytes JMP 023035DD .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2676] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00F82B80 .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2676] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00F82B3D .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2676] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00F82B01 .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2676] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F82AE6 .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2676] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F82972 .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2676] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F82A64 .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2676] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F829AA .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2676] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F829E2 .text C:\WINDOWS\Explorer.EXE[3160] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00E42B80 .text C:\WINDOWS\Explorer.EXE[3160] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00E42B3D .text C:\WINDOWS\Explorer.EXE[3160] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00E42B01 .text C:\WINDOWS\Explorer.EXE[3160] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E42AE6 .text C:\WINDOWS\Explorer.EXE[3160] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E42972 .text C:\WINDOWS\Explorer.EXE[3160] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E42A64 .text C:\WINDOWS\Explorer.EXE[3160] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E429AA .text C:\WINDOWS\Explorer.EXE[3160] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E429E2 .text C:\Program Files\iTunes\iTunesHelper.exe[3620] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00BD2B80 .text C:\Program Files\iTunes\iTunesHelper.exe[3620] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00BD2B3D .text C:\Program Files\iTunes\iTunesHelper.exe[3620] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00BD2B01 .text C:\Program Files\iTunes\iTunesHelper.exe[3620] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BD2AE6 .text C:\Program Files\iTunes\iTunesHelper.exe[3620] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BD2972 .text C:\Program Files\iTunes\iTunesHelper.exe[3620] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BD2A64 .text C:\Program Files\iTunes\iTunesHelper.exe[3620] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BD29AA .text C:\Program Files\iTunes\iTunesHelper.exe[3620] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BD29E2 .text C:\Program Files\Java\jre6\bin\jusched.exe[3632] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00C42B80 .text C:\Program Files\Java\jre6\bin\jusched.exe[3632] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00C42B3D .text C:\Program Files\Java\jre6\bin\jusched.exe[3632] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00C42B01 .text C:\Program Files\Java\jre6\bin\jusched.exe[3632] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C42AE6 .text C:\Program Files\Java\jre6\bin\jusched.exe[3632] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C42972 .text C:\Program Files\Java\jre6\bin\jusched.exe[3632] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C42A64 .text C:\Program Files\Java\jre6\bin\jusched.exe[3632] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C429AA .text C:\Program Files\Java\jre6\bin\jusched.exe[3632] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C429E2 .text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3704] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 01042B80 .text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3704] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 01042B3D .text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3704] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 01042B01 .text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3704] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01042AE6 .text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3704] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01042972 .text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3704] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01042A64 .text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3704] WS2_32.dll!recv 71AB676F 5 Bytes JMP 010429AA .text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3704] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 010429E2 .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3784] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 01D02B80 .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3784] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 01D02B3D .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3784] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 01D02B01 .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3784] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01D02AE6 .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3784] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01D02972 .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3784] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01D02A64 .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3784] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01D029AA .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3784] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01D029E2 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3804] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00E02B80 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3804] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00E02B3D .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3804] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00E02B01 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3804] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E02AE6 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3804] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E02972 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3804] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E02A64 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3804] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E029AA .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3804] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E029E2 .text C:\Program Files\Internet Explorer\iexplore.exe[5416] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 02682B80 .text C:\Program Files\Internet Explorer\iexplore.exe[5416] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 02682B3D .text C:\Program Files\Internet Explorer\iexplore.exe[5416] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 02682B01 .text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DC8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5416] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5416] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 02683088 .text C:\Program Files\Internet Explorer\iexplore.exe[5416] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 026830DD .text C:\Program Files\Internet Explorer\iexplore.exe[5416] WININET.dll!HttpOpenRequestA 3D94D5E8 5 Bytes JMP 02682DD5 .text C:\Program Files\Internet Explorer\iexplore.exe[5416] WININET.dll!InternetConnectA 3D94DF8E 5 Bytes JMP 02682B9B .text C:\Program Files\Internet Explorer\iexplore.exe[5416] WININET.dll!HttpSendRequestW 3D94FB9E 5 Bytes JMP 02683A57 .text C:\Program Files\Internet Explorer\iexplore.exe[5416] WININET.dll!HttpSendRequestA 3D95EEB9 5 Bytes JMP 02682F41 .text C:\Program Files\Internet Explorer\iexplore.exe[5416] CRYPT32.dll!CertGetCertificateChain 77A92F67 5 Bytes JMP 026835D4 .text C:\Program Files\Internet Explorer\iexplore.exe[5416] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 5 Bytes JMP 026835DD .text C:\Program Files\Internet Explorer\iexplore.exe[5752] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 02A32B80 .text C:\Program Files\Internet Explorer\iexplore.exe[5752] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 02A32B3D .text C:\Program Files\Internet Explorer\iexplore.exe[5752] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 02A32B01 .text C:\Program Files\Internet Explorer\iexplore.exe[5752] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5752] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5752] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5752] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5752] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5752] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5752] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5752] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5752] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5752] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 02A33088 .text C:\Program Files\Internet Explorer\iexplore.exe[5752] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 02A330DD .text C:\Program Files\Internet Explorer\iexplore.exe[5752] WININET.dll!HttpOpenRequestA 3D94D5E8 5 Bytes JMP 02A32DD5 .text &nbI'm not seeing anything. Download Lop S&D by Eric_71 and save it to your Desktop. Lop S&D will only run on Windows XP and Windows Vista Disable your antivirus and antimalware programs so they do not INTERFERE with the running of Lop S&D. If needed see: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Double click LopSD.exe - If you are using Windows Vista, right-click on the LopSD icon and select Run as administrator to perform this scan.
A copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt ---------- Download GooredFix from one of the locations below and save it to your Desktop. Link #1 Link #2 * Double-click GooredFix.exe to run it. * Select 1. Find Goored (no fix) by typing 1 and pressing Enter. * A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet. |
|
| 3860. |
Solve : My computer was in a battle and i shutdown its shield? |
|
Answer» NEVER MIND I fixed with malwarebytes, then i installed avg. Not there are no more traces or anything So me, being very idiotic, wanted to speed up my computer and all, so i figure since theres no viruses or anything from scans, i could uninstall with no worry. So i did....now i regret it, after i restarted my computer, it ran very....lagging-ly so i check my task MANAGER, i find: a.exe b.exe and a Few others. This is now starting to get serious, because its saying explorer.exe needs to close etc etc So without going any further: i am running Windows xp Pro with SP2(i have read that sp3 isn't ready for hp's) 448 mb of physical ram with 2056 mb of virtual ram. Currently i have no antiviruses Besides the ones needed to post logs. This is not an epidemic but last time i messed with infections, i ended up buying a completely new harddrive. SuperAntiSpyware: I need to do this in the morning... Malwarebyte's Anti Malware: Code: [Select]Malwarebytes' Anti-Malware 1.37 Database version: 2182 Windows 5.1.2600 Service Pack 2 7/8/2009 12:40:29 AM mbam-log-2009-07-08 (00-40-29).txt Scan type: Quick Scan Objects scanned: 100528 Time elapsed: 56 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 23 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 4 Files Infected: 65 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MRSoft (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ef99d588-3d5f-4194-828a-e03870a57a77} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ef99d588-3d5f-4194-828a-e03870a57a77} (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 (Security.Hijack) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\WINDOWS\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\POL (Keylogger.Ardamax) -> Quarantined and deleted successfully. C:\Program Files\Seekapp (Adware.Seekapp) -> Quarantined and deleted successfully. c:\documents and settings\All Users\Application Data\Seekapp (Adware.Seekapp) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\setup_akl.exe (Keylogger.Ardamax) -> Quarantined and deleted successfully. c:\WINDOWS\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. c:\program files\POL\akv.cfg (Keylogger.Ardamax) -> Quarantined and deleted successfully. c:\program files\POL\key.bin (Keylogger.Ardamax) -> Quarantined and deleted successfully. c:\program files\POL\POL.001 (Keylogger.Ardamax) -> Quarantined and deleted successfully. c:\program files\POL\POL.002 (Keylogger.Ardamax) -> Quarantined and deleted successfully. c:\program files\POL\POL.005 (Keylogger.Ardamax) -> Quarantined and deleted successfully. c:\program files\POL\POL.009 (Keylogger.Ardamax) -> Quarantined and deleted successfully. c:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bb1.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ps1.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rc.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\System32akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32anticipator.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32awtoolb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32bdn.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32bsva-egihsg52.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32dpcproxy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32emesx.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\[emailprotected]k.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32hoproxy.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32hxiwlgpm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32medup012.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32medup020.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32msgp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32msnbho.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32mssecu.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32msvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32mtr2.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32mwin32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32netode.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32newsd32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32psof1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32psoft1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32regc64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32regm64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32Rundl1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32sncntr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32ssurf022.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32ssvchost.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32ssvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32sysreq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32taack.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32taack.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32thun.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32thun32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32VBIEWER.OCX (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32vbsys2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32vcatchpi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32winlogonpc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32WINWGPX.EXE (Fake.Dropped.Malware) -> Quarantined and deleted successfully. c:\documents and settings\Owner\RESULTS.TXT (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cs.dat (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully. c:\WINDOWS\BM53356244.xml (Trojan.Vundo) -> Quarantined and deleted successfully. c:\WINDOWS\BM53356244.txt (Trojan.Vundo) -> Quarantined and deleted successfully. c:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\WINDOWS\system32ps1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temp\b.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\alog.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Hijackthis Log: Code: [Select]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:41:53 PM, on 7/7/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile DEVICE Support\bin\AppleMobileDeviceService.exe C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe C:\Program Files\TeamViewer\Version4\TeamViewer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\NETGEAR\WPN111\WPN111.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Prevx\prevx.exe C:\Program Files\Prevx\prevx.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Owner\My Documents\Downloads\SUPERAntiSpyware.exe C:\WINDOWS\system32\MSIEXEC.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(DEFAULT) = http://www.speedapps.com/search.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2AA0726C-95B7-4216-AA43-B5BDD524892F} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {67775CC4-6A06-465A-8FC9-F1482343E6DD} - (no file) O2 - BHO: (no name) - {AD2C8443-63DD-4953-B2BF-6A0E9891CF2F} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Rmn plugin - {EF99D588-3D5F-4194-828A-E03870A57A77} - gcomd32.dll (file missing) O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - Startup: Lock.lnk = C:\Documents and Settings\Owner\Desktop\Lock.exe O4 - Startup: WPN111.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe O4 - Global Startup: TeamViewer 4.lnk = C:\Program Files\TeamViewer\Version4\TeamViewer.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - UNKNOWN file in WINSOCK LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192053397896 O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O20 - Winlogon Notify: mlJDsRki - mlJDsRki.dll (file missing) O20 - Winlogon Notify: pMdDuUKC - pMdDuUKC.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe O23 - Service: Google Update Service (gupdate1c94846d59c454e) (gupdate1c94846d59c454e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- End of file - 7393 byteshttp://www.free-av.com/ go to above download the anti-virus and run , harry |
|
| 3861. |
Solve : Log-in Information/Cookies get deleted after every startup? |
|
Answer» Sent to this board by BRONI. Posting here in the threat that I have an INFECTION: |
|
| 3862. |
Solve : Cant access many things including some sites and the control panel? |
|
Answer» I don't know if it is a virus but it's something bad i cant access any ANTI virus sites or microsoft.com. Also i cant access the CONTROL panel or anything associated within it. Most of this started happening once my norton ANTIVIRUS subscription ended a COUPLE weeks ago and i can't renew it because i can't access the norton site. Also i can access these sites in the cached version under google search. Please Help...http://www.free-av.com/ |
|
| 3863. |
Solve : hijacked DNS server..please help? |
|
Answer» I have the the scan from SUPERantispyware..I will post the results here.. =============== Created Last 30 ================ 2009-07-08 10:27--d-----c:\program files\Registry Winner 2009-07-05 20:5842,496a-------c:\windows\ld12.exe 2009-07-05 20:58154a-------c:\windows\567788.bat 2009-07-02 12:56-cd-----c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-06-30 14:11--dsh---c:\documents and settings\t brown\IECompatCache 2009-06-30 10:230a-------c:\windows\system32\19.tmp 2009-06-30 10:23360,320a-------c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2009-06-22 13:47--d-----c:\program files\BitLord 2009-06-18 23:38--d-----c:\program files\iPod 2009-06-18 23:38--d-----c:\program files\iTunes 2009-06-10 23:07--dsh---C:\Diskeeper 2009-06-10 21:28--d-----c:\program files\common files\Diskeeper Corporation 2009-06-10 21:28--d-----c:\docume~1\alluse~1\applic~1\Diskeeper Corporation 2009-06-10 21:27--d-----c:\program files\Diskeeper Corporation 2009-06-10 19:151,985,024--------c:\windows\system32\dllcache\iertutil.dll 2009-06-10 19:15246,272--------c:\windows\system32\dllcache\ieproxy.dll 2009-06-10 19:1512,800--------c:\windows\system32\dllcache\xpshims.dll 2009-06-10 19:1511,064,832--------c:\windows\system32\dllcache\ieframe.dll 2009-06-10 10:46--d-----c:\windows\Logs 2009-06-10 10:073,426,072a-------c:\windows\system32\d3dx9_32.dll 2009-06-10 10:07251,672a-------c:\windows\system32\xactengine2_5.dll 2009-06-10 10:07237,848a-------c:\windows\system32\xactengine2_4.dll 2009-06-10 10:0715,128a-------c:\windows\system32\x3daudio1_1.dll 2009-06-10 10:072,414,360a-------c:\windows\system32\d3dx9_31.dll 2009-06-10 10:07236,824a-------c:\windows\system32\xactengine2_3.dll 2009-06-10 10:0762,744a-------c:\windows\system32\xinput1_2.dll 2009-06-10 10:062,297,552a-------c:\windows\system32\d3dx9_26.dll ==================== Find3M ==================== 2009-07-05 20:58360,320a-------c:\windows\system32\drivers\TCPIP.SYS 2009-07-05 20:58360,320a-------c:\windows\system32\dllcache\TCPIP.SYS 2009-06-30 13:4167,190a-------c:\windows\system32\nvModes.dat 2009-06-05 11:422,060,288a-------c:\windows\system32\usbaaplrc.dll 2009-06-05 11:4239,424a-------c:\windows\system32\drivers\usbaapl.sys 2009-05-25 09:5751,712a-------c:\windows\wc98pp.dll 2009-05-13 01:155,936,128a-------c:\windows\system32\dllcache\mshtml.dll 2009-05-13 01:15915,456a-------c:\windows\system32\wininet.dll 2009-05-13 01:15915,456a-------c:\windows\system32\dllcache\wininet.dll 2009-05-12 01:11102,912--------c:\windows\system32\dllcache\iecompat.dll 2009-05-11 19:3011,952a-------c:\windows\system32\avgrsstx.dll 2009-05-11 19:30325,896a-------c:\windows\system32\drivers\avgldx86.sys 2009-05-07 11:44344,064a-------c:\windows\system32\localspl.dll 2009-05-07 11:44344,064--------c:\windows\system32\dllcache\localspl.dll 2009-04-30 17:221,207,808a-------c:\windows\system32\dllcache\urlmon.dll 2009-04-30 17:2225,600a-------c:\windows\system32\dllcache\jsproxy.dll 2009-04-30 17:22385,536--------c:\windows\system32\dllcache\iedkcs32.dll 2009-04-30 07:21173,056--------c:\windows\system32\dllcache\ie4uinit.exe 2009-04-17 05:581,846,656a-------c:\windows\system32\win32k.sys 2009-04-17 05:581,846,656--------c:\windows\system32\dllcache\win32k.sys 2009-04-15 11:11584,192a-------c:\windows\system32\rpcrt4.dll 2009-04-15 11:11584,192--------c:\windows\system32\dllcache\rpcrt4.dll 2009-02-20 13:30208ac------c:\docume~1\tbrown~1\applic~1\wklnhst.dat 2008-12-31 13:4247,360ac------c:\docume~1\tbrown~1\applic~1\pcouffin.sys 1997-05-16 08:5232,528ac------c:\documents and settings\t brown\OLEPRO32.DLL 1997-05-16 08:52271,632ac------c:\documents and settings\t brown\MSVCRT.DLL 1997-05-16 08:52939,792a-------c:\documents and settings\t brown\MFC42U.DLL 1997-05-16 08:52941,840a-------c:\documents and settings\t brown\MFC42.DLL 1997-05-16 08:52352,016a-------c:\documents and settings\t brown\MSPAINT.EXE 2007-12-20 22:3476-c-shr--c:\windows\CT4CET.bin 2008-01-02 23:1410,240ac-sh---c:\windows\rnapxs\rnapxs.dat ============= FINISH: 11:19:48.50 =============== and here is the attachment: DDS (Ver_09-06-26.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 12/27/2007 11:33:22 AM System Uptime: 7/8/2009 10:19:56 AM (1 hours ago) Motherboard: Dell Inc. | | Processor: Intel(R) Core(TM)2 Duo CPU T5270 @ 1.40GHz | Microprocessor | 1396/200mhz Processor: Intel(R) Core(TM)2 Duo CPU T5270 @ 1.40GHz | Microprocessor | 1396/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 146 GiB total, 75.36 GiB free. D: is CDROM () E: is CDROM () F: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP382: 6/30/2009 10:22:59 AM - Installed Java(TM) 6 Update 13 RP383: 6/30/2009 10:23:03 AM - System Checkpoint RP384: 6/30/2009 10:23:10 AM - System Checkpoint RP385: 6/30/2009 10:23:14 AM - System Checkpoint RP386: 6/30/2009 10:23:17 AM - System Checkpoint RP387: 6/30/2009 10:23:20 AM - System Checkpoint RP388: 6/30/2009 10:23:25 AM - System Checkpoint RP389: 6/30/2009 10:23:27 AM - System Checkpoint RP390: 6/30/2009 10:23:28 AM - System Checkpoint RP391: 6/30/2009 10:23:28 AM - System Checkpoint RP392: 6/30/2009 10:23:30 AM - System Checkpoint RP393: 6/30/2009 10:23:34 AM - System Checkpoint RP394: 6/30/2009 10:23:34 AM - System Checkpoint RP395: 6/30/2009 10:23:35 AM - Software Distribution Service 3.0 RP396: 6/30/2009 10:23:35 AM - Avg8 Update RP397: 6/30/2009 10:23:36 AM - System Checkpoint RP398: 6/30/2009 10:23:37 AM - System Checkpoint RP399: 6/30/2009 10:23:37 AM - System Checkpoint RP400: 4/20/2009 11:59:49 PM - System Checkpoint RP401: 4/22/2009 12:52:09 AM - System Checkpoint RP402: 4/23/2009 1:43:40 AM - System Checkpoint RP403: 4/24/2009 2:26:31 AM - System Checkpoint RP404: 4/25/2009 2:36:05 AM - System Checkpoint RP405: 4/26/2009 10:49:42 AM - System Checkpoint RP406: 4/27/2009 5:25:29 PM - System Checkpoint RP407: 4/28/2009 7:40:59 PM - System Checkpoint RP408: 4/29/2009 9:42:56 PM - System Checkpoint RP409: 4/30/2009 11:08:56 PM - System Checkpoint RP410: 5/1/2009 11:21:36 PM - System Checkpoint RP411: 5/2/2009 11:33:57 PM - System Checkpoint RP412: 5/3/2009 11:47:16 PM - System Checkpoint RP413: 5/5/2009 12:32:42 AM - System Checkpoint RP414: 5/6/2009 1:32:58 AM - System Checkpoint RP415: 5/7/2009 2:13:03 AM - System Checkpoint RP416: 5/8/2009 2:41:42 AM - System Checkpoint RP417: 5/9/2009 3:39:53 AM - System Checkpoint RP418: 5/10/2009 6:21:40 PM - System Checkpoint RP419: 5/11/2009 7:29:17 PM - Avg8 Update RP420: 5/11/2009 7:31:07 PM - Avg8 Update RP421: 5/12/2009 11:05:52 PM - System Checkpoint RP422: 5/13/2009 7:01:13 AM - Software Distribution Service 3.0 RP423: 5/14/2009 7:27:47 AM - System Checkpoint RP424: 5/15/2009 5:26:26 PM - Avg8 Update RP425: 5/17/2009 3:17:09 PM - System Checkpoint RP426: 5/18/2009 5:10:12 PM - Avg8 Update RP427: 5/18/2009 5:12:09 PM - Avg8 Update RP428: 5/20/2009 12:01:34 AM - System Checkpoint RP429: 5/21/2009 12:14:34 AM - System Checkpoint RP430: 5/21/2009 9:49:14 AM - Installed Windows Media Format Runtime RP431: 5/22/2009 11:15:01 AM - Software Distribution Service 3.0 RP432: 5/23/2009 11:15:34 AM - System Checkpoint RP433: 5/24/2009 11:40:20 AM - System Checkpoint RP434: 5/26/2009 7:59:08 PM - Removed LightScribe System Software 1.10.19.1. RP435: 5/26/2009 8:00:32 PM - Removed LightScribe System Software 1.10.19.1. RP436: 5/27/2009 8:44:58 PM - System Checkpoint RP437: 5/28/2009 10:07:23 PM - Software Distribution Service 3.0 RP438: 5/29/2009 10:54:25 PM - System Checkpoint RP439: 5/31/2009 9:51:52 PM - System Checkpoint RP440: 6/2/2009 12:30:03 AM - System Checkpoint RP441: 6/3/2009 12:42:22 AM - System Checkpoint RP442: 6/4/2009 1:33:18 AM - System Checkpoint RP443: 6/5/2009 2:38:38 AM - System Checkpoint RP444: 6/6/2009 3:19:02 AM - System Checkpoint RP445: 6/6/2009 9:21:52 AM - Installed Audiosurf. RP446: 6/7/2009 11:41:16 PM - System Checkpoint RP447: 6/8/2009 11:46:32 PM - System Checkpoint RP448: 6/9/2009 11:48:30 PM - System Checkpoint RP449: 6/10/2009 10:06:43 AM - Installed DirectX RP450: 6/10/2009 9:27:52 PM - Installed Diskeeper 2009 Pro Premier. RP451: 6/10/2009 9:43:15 PM - Software Distribution Service 3.0 RP452: 6/12/2009 1:13:36 AM - System Checkpoint RP453: 6/13/2009 1:22:58 AM - System Checkpoint RP454: 6/14/2009 2:23:10 AM - System Checkpoint RP455: 6/15/2009 2:57:18 PM - System Checkpoint RP456: 6/16/2009 3:21:45 PM - System Checkpoint RP457: 6/17/2009 3:58:22 PM - System Checkpoint RP458: 6/19/2009 1:12:16 AM - System Checkpoint RP459: 6/21/2009 4:34:39 PM - System Checkpoint RP460: 6/22/2009 5:33:43 PM - System Checkpoint RP461: 6/23/2009 9:45:40 AM - Avg8 Update RP462: 6/24/2009 9:51:06 AM - System Checkpoint RP463: 6/25/2009 11:57:53 AM - System Checkpoint RP464: 6/26/2009 12:18:36 PM - System Checkpoint ==== Installed Programs ====================== µTorrent AC3Filter (remove only) Ad-Aware Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe LINGUISTICS CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader 8.1.5 Adobe Setup Adobe Shockwave Player Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Advanced Audio FX Engine Advanced Video FX Engine AIM 6 AltoMP3 Gold 5.20 Apple Mobile Device Support Apple Software Update Audiosurf AVG Free 8.5 AVS DVD Copy version 1.3 Bonjour Broadcom Management Programs Browser Address Error Redirector CCleaner (remove only) Conexant HDA D330 MDC V.92 Modem ConvertXtoDVD 2.2.3.258 COWON Media Center - jetAudio Basic Critical Update for Windows Media Player 11 (KB959772) Dell Automated PC TuneUp Dell Touchpad Dell Webcam Center Dell Webcam Manager Dell Wireless WLAN Card Utility Digital Line Detect Diskeeper 2009 Pro Premier Download Updater (AOL LLC) eMusic Download Manager 3.0 GOM Player Guitar Hero III High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB952287) IntelliSonic Speech Enhancement InterVideo Disc Master 2.5 InterVideo DVDCopy 2 InterVideo PhotoAlbum InterVideo WinDVD InterVideo WinDVD Creator 2 IrfanView (remove only) iTunes Java(TM) 6 Update 13 Laptop Integrated Webcam Driver (1.03.02.0719) LimeWire 5.1.2 Live! Cam Avatar Creator Live! Cam Avatar v1.0 Magic Video Converter Trial Version (English) 8.0.2.18 Malwarebytes' Anti-Malware Maxtor Manager MediaMonkey 3.0 Memeo AutoSync Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft IntelliPoint 5.5 Microsoft Office 97, Professional Edition Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Works Microsoft XML Parser MobileMe Control Panel Mozilla Firefox (3.0.11) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6 Service Pack 2 (KB954459) NavNet Nero 8 Essentials neroxml NVIDIA Drivers PCFriendly PDF Settings PeerGuardian 2.0 PowerISO PureSight PC QuickSet QuickTime Registry Winner 5.2 Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Drag-to-Disc Roxio Express Labeler Roxio MyDVD DE Roxio Update Manager Safari SceneCaster SearchAssist Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944338) Security Update for Windows XP (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB947864) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Skype™ 4.0 Sonic Activation Module Sony ACID Music Studio 7.0 SUPERAntiSpyware Free Edition Uniblue DriverScanner 2009 Update for Windows Internet Explorer 8 (KB971180) Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB932823-v3) Update for Windows XP (KB936357) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Update for Windows XP (KB946627) Update for Windows XP (KB951072-v2) Update for Windows XP (KB955839) Update for Windows XP (KB967715) VCRedistSetup Viewpoint Media Player WD Diagnostics WebFldrs XP Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 WinRAR archiver Xbox 360 Controller for Windows Xvid 1.2.1 final uninstall ==== Event Viewer Messages From Past Week ======== 7/8/2009 9:55:59 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service. 7/5/2009 8:28:17 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/5/2009 7:46:51 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 7/5/2009 4:46:51 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 7/5/2009 4:16:51 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 7/5/2009 4:01:51 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 7/5/2009 2:26:40 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 7/5/2009 12:32:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/5/2009 12:29:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 7/5/2009 12:27:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 7/5/2009 12:02:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu Tcpip Tcpip6 WS2IFSL 7/5/2009 12:02:37 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 7/5/2009 12:02:37 PM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/5/2009 12:02:37 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/5/2009 12:02:37 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/5/2009 12:02:37 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 7/5/2009 12:02:37 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/5/2009 12:02:37 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/2/2009 6:08:21 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found. 7/2/2009 6:08:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 7/2/2009 6:06:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 7/2/2009 5:37:06 PM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses. 7/2/2009 1:04:29 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). 7/2/2009 1:03:56 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The requested service provider could not be loaded or initialized. ==== End Of File =========================== thank you! Go to Add or Remove Programs and uninstall: - Browser Address Error Redirector - Registry Winner 5.2 <- See here - SearchAssist - Viewpoint Media Player ----------
Important! Restart the computer. ---------- Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop DO NOT run it yet! Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It MUST be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Driver:: Viewpoint Manager Service Folder:: c:\program files\viewpoint c:\program files\Registry Winner File:: c:\windows\system32\19.tmp DDS:: uInternet Settings,ProxyOverride = *.local mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u Firefox:: FF - ProfilePath - c:\docume~1\tbrown~1\applic~1\mozilla\firefox\profiles\ih8nvsnl.default\ FF - prefs.js: browser.search.selectedEngine - Yoog Search FF - prefs.js: keyword.URL - hxxp://www10.yoog.com/search.php?q= FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - user.js: browser.search.selectedEngine - Yoog Search FF - user.js: keyword.URL - hxxp://www10.yoog.com/search.php?q= 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze Due to only being able to access my computer in safe mode, only three of the four programs I was told to uninstall were able to be uninstalled. The 'Browser Address Error Redirector' was unable to be uninstalled. Regrettably, I was also unable to run ComboFix due to the safe mode option. Any other advice would be greatly appreciated, thank you.Do you have a flash drive and another computer to transfer over the programs? What about Safe Mode With Networking? |
|
| 3864. |
Solve : I get an error message every time i start my computer..?? |
|
Answer» every time WINDOWS loads a pop up BOX SHOWS up and says |
|
| 3865. |
Solve : help! my internet connection got blocked after got infected by dirsystem autorun? |
|
Answer» My connection got lost when I plugged a flashdisk with autorun.inf and dirsystem VIRUS, I already cleaned both and no more autoplay when I dbl click my drive |
|
| 3866. |
Solve : Re: Virus has disabled all my protection programs? |
|
Answer» evilfantasy, hopefully you're still around. |
|
| 3867. |
Solve : I think I conquored the beast myself. Can ya check my logs plz?? |
|
Answer» So it figures that I get sick yesterday, which sucks, but I was kind of happy to have an excuse to just veg out in front of the comp all day and guess what happens? My computer gets sick too. I don't know where this one came from. I was not doing ANYTHING suspect at all. No nudey sites or illegal activity. So if you have any suggestions as to how this might have happened so i may avoid this in the future it would be appreciated. |
|
| 3868. |
Solve : Regedit & task manager disabled? |
|
Answer» Hi |
|
| 3869. |
Solve : Help me! Internet Explorer windows open and sounds? |
|
Answer» Hello friends! |
|
| 3870. |
Solve : help!!! vista contracted a trojan and will not start up.? |
|
Answer» im using windows vista home premium. |
|
| 3871. |
Solve : How to remove Antivirus System Pro? |
|
Answer» Please help. How do I beat this thing and GET rid of it?http://www.spyware-assistance.org/dangerous-trojans/a/Antivirus-System-PRO/Remove-Antivirus-System-PRO.php?gclid=CI2v4JWVzJsCFVUA4wodOVegKQ |
|
| 3872. |
Solve : WMA/TrojanDownloader.GetCodec.C.trojan? |
|
Answer» OK that got the biggest issue now you should run a full virus scan to make sure nothing else is hiding. Better safe than sorry...
There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. If needed, this animation will guide you through the process. |
|
| 3873. |
Solve : Help ||| Windows XP automatically booting || Critical DATA.? |
|
Answer» I have a windows XP based P||| 128 MB RAM system. It is a standalone machine not conectd to the internet & mainly used for accounting purpose (critical data). |
|
| 3874. |
Solve : search hijacked? |
|
Answer» both YAHOO and GOOGLE are sending me to wild search PAGES.. i see US.maxfiles.com pop up repeatedly |
|
| 3875. |
Solve : Can you check this for me?? |
|
Answer» This is from my family's PC, running XP X64 edition SP2, fully updated.
. I would suggest running SuperAntispyware when you get a chance to ensure nothing else is hiding.RogueRemover found nothing. SuperAntispyware ALSO found nothing. And the "dead entry" isn't dead, it's used to start RMClock at startup. Thanks for the help, looks like it's clean then.Quote from: Calum on March 02, 2008, 12:43:12 PM And the "dead entry" isn't dead, it's used to start RMClock at startup. Thanks, I will stash that away in the notes.... Yes I think you are in the clear. If the COMPUTER doesn't already have it I would suggest using SpywareBlaster. It is an awesome tool and uses zero resources. You just have to open it and manually check for updates from time to time with the free version. http://www.javacoolsoftware.com/spywareblaster.htmlQuote Thanks, I will stash that away in the notes....RMClock can be started via a Registry key or the startup folder, in this case it was using the startup folder. Strange that it had a ? next to it, but maybe it's just a peculiarity of XP X64, I know some entries are not detected and files are shown missing using HJT and that OS. Quote Yes I think you are in the clear.Great, thanks. Quote If the computer doesn't already have it I would suggest using SpywareBlaster.What do you take me for? This may not be my PC, but I didn't abandon it to my family without at least basic security in place. AVG, Spybot and Spyware Blaster have been installed from day 1, updated at least once a week. Spyware Blaster has been part of my arsenal for years now, as have most of the tools I use.Yea the = ? is what had me thinking it was an empty startup entry. Have you upgraded SpywareBlaster to the 4.0 version which was released a few days ago? It got a new GUI along with some bug FIXES, seems to load faster when opened also. New in this version: -Full Vista support -Protection for Netscape -Protection for Seamonkey -Protection for Flock -A brand-new user interface -Various feature and protection enhancements -Further optimizations to every part of the program -And lots of other bug fixes and requested tweaks Of course, everything is always updated by either my family or me whenever I use their PC. I don't particularly like the new UI of Spyware Blaster though. |
|
| 3876. |
Solve : Need Information on any good Windows XP Registry Cleaners Software? |
|
Answer» I know I have some errors on my Windows XP Registry, What are or are there any good Windows Registry Cleaners Software that WOULD take care of the errors and make my PC run smooth again?Registry Myths... |
|
| 3877. |
Solve : MSN Photo Album Virus.... Pls Help? |
|
Answer» The log is clean. Any other issues? |
|
| 3878. |
Solve : Free Anti Rootkill?? |
|
Answer» I tried to update my AVG free Anti Rootkill program, but see that they no longer update the free version. Is there another free anti rootkill that you would recommend? A safer alternative is to use SuperAntispyware Free which has rootkit detection included. Or the F-Secure ONLINE Virus SCANNER which has an even better rootkit detection/removal rate. There is also the F-Secure standalone rootkit scan. It has a guide that can be found hereThanks again EVILFANTASY, I will go for the Super Antispyware free. I did not REALIZE that it included an anti rootkill scan. |
|
| 3879. |
Solve : Java Runtime Environment (JRE) 6 Update 5? |
|
Answer» Download page 4th ONE down the list - JAVA Runtime Environment (JRE) 6 Update 5 http://java.sun.com/javase/downloads/index.jsp Update Release Notes http://java.sun.com/javase/6/webnotes/ReleaseNotes.html#160_05 Update also available through Java control panel. Be sure to UNINSTALL the old VERSION after installing the new.Got it. Thanks. |
|
| 3880. |
Solve : Blue screen STOP error when booting? |
|
Answer» Hi, my son was downloading music the other day on our computer, he had installed a USB cord for his mp3 player to record it and after he finished, shut it down. Yesterday, i tried to start it when i got home, and when it gets to the windows boot screen, in changes to a blue screen and says, STOP ERROR...you cannot access, you may have a virus.." it then gives me a LITTLE instruction to fix, but each time i try to boot, even in safe mode, it keeps reverting to this blue screen before i can get to any antivirus applications or cursor..windows will not load for me to do anything even in safe...what can i do to restore my computer? It's running Windows 2000, Pentium 3, 1999 model from DELL, deskpro. ....thanksPost the exact STOP error CODE you're getting and any files mentioned on the blue screen.It would be good to go to this post and scroll down to the HJT instructions and post that log also so someone on the malware team can have a LOOK. |
|
| 3881. |
Solve : HELP WITH TROJAN VIRUS!!!!!!? |
|
Answer» my computer is always popping up a message saying system error and that i have a dangerous trojan file and i can lose key files then it tells me to download this antimalware but i looked up antimalware got 2 free ones ran those got results and i deleted all of the bad files then i checked with mcafee cause thats what we have but its doesnt say anything and that message wont go awayPrint these instructions out. |
|
| 3882. |
Solve : Best virus protection?? |
|
Answer» I posted here before about my computer not STARTING and as it turns out, I had a huge virus and had to get a new computer. I had a huge virus and had to get a new computerIt was pretty drastic solution....SUPERAntiSpyware is NOT an antivirus program.What does EVERYONE think about Spyware Terminator?Spyware Terminator is good for spyware but isn't to be confused with antivirus. There are some advanced features in Spyware Terminator that can be confusing so I rarely recommend it. But it is good.Yea make SURE to understand the difference between spyware and viruses. Those are two completely different things.Kaspersky Go to Google and type 'top 10 antiviruses'I use Dogpile instead of Google but that's just me.Independent tests. http://www.av-comparatives.org/ |
|
| 3883. |
Solve : I'm not sure, but I need help? |
|
Answer» I'm almost COMPLETELY computer ILLITERATE, so I'm not sure where to ask for help with this. |
|
| 3884. |
Solve : Warning! Potential spyware operation? |
|
Answer» Help! I know this has been here before so I did all the requirements I think and below is the notepad from Hijack this. Very frustrating. Thank you in advance. |
|
| 3885. |
Solve : Different Computer Running Very Slow? |
|
Answer» I have another computer that has been quite bothersome.
Once you have downloaded ViewpointKiller, unzip it to a convenient location such as your desktop. Run ViewpointKiller, and select File > Do All Killings Follow the prompts, selecting Yes or No, depending on which selection you are most comfortable with. A logfile will be created in the folder you unzipped ViewpointKiller to, please paste the contents here. Your Java is out of date. Go to this THREAD and scroll down to the Updating Java instructions. Have you tried running a disk defrag? How attached are you to the McAfee security suite?Alright...thanks. I followed the guide to getting started AND your suggestions. I have some additional questions. 1) My anti-virus is McAfee...which was the paid edition. Is this sufficient or should I remove and get a different brand? 2) Speaking of anti-virus....I downloaded the dr.web. A. Does this mean I now have TWO anti-virus programs...and wouldn't this conflict? B. It found a trojan....how come McAfee which is paid for DID NOT? 3) I removed ViewPoint...it no longer is on the add/remove programs. However is there a way to confirm? 4) This CPU has been defragged a few weeks ago. 5) Overall...the CPU is running faster. However....it still is noticably slow upon starting. A. I believe one of the causes is when the CPU is started...too many programs are running. Is there anyway I can find out what programs run and which are unnecessary/disable? 6) The windows taskbar...for example...is LOADED with programs I do not want running I unless I specify. These include... -Verizon Yahoo Messenger -Verizon YahooJukeBox -Adobe PhotoDownloader -Quicktime A. How can I make it so these do not start automatically on the CPU or taskbar? 7) Speaking of programs....I do not want Verizon Yahoo messenger or Verizon Yahoo Jukebox....how can I delete these without impacting Verizon internet? Thanks!Alright...thanks. I followed the guide to getting started AND your suggestions. I have some additional questions. 1) My anti-virus is McAfee...which was the paid edition. Is this sufficient or should I remove and get a different brand? What version is it? 2) Speaking of anti-virus....I downloaded the dr.web. A. Does this mean I now have TWO anti-virus programs...and wouldn't this conflict? B. It found a trojan....how come McAfee which is paid for DID NOT? A. Dr Web is an on-demand scanner, it has no real time protection so there will be no conflicts. B.Is your McAfee up to date? Different vendors have different databases. This is pert of the reason why we use other products for removal instead of what is already installed. 3) I removed ViewPoint...it no longer is on the add/remove programs. However is there a way to confirm? Need the logs to see for sure. 4) This CPU has been defragged a few weeks ago. 5) Overall...the CPU is running faster. However....it still is noticably slow upon starting. A. I believe one of the causes is when the CPU is started...too many programs are running. Is there anyway I can find out what programs run and which are unnecessary/disable? 6) The windows taskbar...for example...is loaded with programs I do not want running I unless I specify. These include... -Verizon Yahoo Messenger -Verizon YahooJukeBox -Adobe PhotoDownloader -Quicktime A. How can I make it so these do not start automatically on the CPU or taskbar? 7) Speaking of programs....I do not want Verizon Yahoo messenger or Verizon Yahoo Jukebox....how can I delete these without impacting Verizon internet? Thanks! Lets clear the malware first to make sure it doesn't interfere with anything then work on the startups. I need the logs. 1) McAfee is up to date. 2) CPU is still slow. -Configuered and ran CCleaner -Ran SAS, no viruses came up. -Ran Dr.Web, posted log -Turned off, and then on system restore -Downloaded threatfire -Cleaned the DISC drive -Java is up to date -Ran HiJack this, posted log 3) What else can I do to make the CPU run normal? -What is the problem? 4) The taskbar when the CPU starts has WAAY too many things going on....how can I MINIMIZE the activity? Thanks. Dr. Web Log inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338;Probably BACKDOOR.Trojan;Deleted.; setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\AOL_OpenRide_1.22.61.1;Probably BACKDOOR.Trojan;Incurable.Deleted.; inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.205.7.1_suite;Probably BACKDOOR.Trojan;Incurable.Deleted.; inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.210.2.4_suite;Probably BACKDOOR.Trojan;Incurable.Deleted.; inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4028;Probably BACKDOOR.Trojan;Incurable.Deleted.; setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131;Probably BACKDOOR.Trojan;Incurable.Deleted.; inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1;Probably BACKDOOR.Trojan;Incurable.Deleted.; inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.78.1;Probably BACKDOOR.Trojan;Incurable.Deleted.; inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Probably BACKDOOR.Trojan;Incurable.Deleted.; inst.exe;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.0;Probably BACKDOOR.Trojan;Incurable.Deleted.; inst.exe;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.02;Probably BACKDOOR.Trojan;Incurable.Deleted.; setup.exe;C:\Program Files\AOL\Installers\ASP 2.0;Probably BACKDOOR.Trojan;Incurable.Deleted.; setup.exe;C:\Program Files\AOL\Internet Access Controls\Installer;Probably BACKDOOR.Trojan;Incurable.Deleted.; ppctl.dll;C:\Program Files\Common Files\AOL\1151195914\ee\services\antiSpyware\ver2_4_9_1\resources;Probably DLOADER.Trojan;Incurable.Deleted.; ppctl.dll;C:\Program Files\Common Files\PestPatrol;Probably DLOADER.Trojan;Incurable.Deleted.; ppctl.dll;C:\Program Files\Common Files\Scanner;Probably DLOADER.Trojan;Incurable.Deleted.; Notice how most are AOL...since I have DSL...should I just use the mozilla and NOT the AOL browser?HiJack this Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:00:04 PM, on 4/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\SiteAdvisor\6253\SAService.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ThreatFire\TFService.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Common Files\AOL\1151195914\ee\AOLSoftware.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\WINDOWS\ehome\ehtray.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\Program Files\McAfee\MSK\MskAgent.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ThreatFire\TFTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exeContinued R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/verizon/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/verizon/*http://www.yahoo.com/search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/verizon/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151195914\ee\AOLSoftware.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://remote.segalco.com/wficat81.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} (FlyLoader Class) - http://www.flyword.com/loaderword_win.cab O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE -- End of file - 14114 bytes VerizonServicepoint.exe < What is this for? It is a known memory hog. Download and run Folder Size. See if you find what is taking up space. Download and run StartUpLite. Get rid of unnecessary startups. The reason I mentioned McAfee is because security suites will slow most computers down. A mix of free solutions can drastically improve performance, not always but more often than not. |
|
| 3886. |
Solve : HiJackThisLog , Take a look please.? |
|
Answer» Ok , im pretty sure i have a bad infection on my computer , IVE scanned with avg 8.0 and im very new to the new 8.0 version . it was warning the addware rather than wipeing it from my computer :S . Im pretty sure i have a bad vundo infection as well , as 8.0 was picking up vundo . Ive tried vundofix but it didnt pick anything up . Im getting a loads and loads of system hang on start up and on general use of the computer . |
|
| 3887. |
Solve : PLEASE HELP trojandownloader.xs and god knows what else? |
|
Answer» I have run ccleaner, and super anti spyware attached is a copy of text from super anti spyware: |
|
| 3888. |
Solve : Why Anti-Hacking Software Is A Growing Need Of Todays Bussiness World?? |
|
Answer» Do you all know that orginally "hacker" means a very talented programmer,who is gifted to access various systems.This word has a positive aspect if we look real meaning of the word but now-a -days it has negative implicatons.Why this has happened?A word with positive meaning is now counted in the list of negative words.Why so? |
|
| 3889. |
Solve : Administrator has disabled Task Manager...I'm the Administrator!!? |
| Answer» | |
| 3890. |
Solve : Adware/Spyware Virus Help? |
|
Answer» Hi all, |
|
| 3891. |
Solve : help me clear this up.? |
|
Answer» im cleaning my sisters computer for her and ive ran SuperAntiSpyware and Malwarebytes Anti-Malware and got rid of some adware and trojans but i'm not a genius so thats where you come in. Go to Run --> type msconfig; go to startup tab and uncheck all tabs (or just the ones you don't want, make sure not to disable windows programs).Disregard. |
|
| 3892. |
Solve : i don't know what to do..? |
|
Answer» please HELP me about my problem. the problem is that every time i start my laptap, there is an error. the error is : error loading C:\\windows\system32\rtaicxxe.dll and the specified module could not be found.. i have search the net on how to resolve this problem but it never shows how to fix.. can ANYONE help me? thnxx....Quote from: ran6 on April 16, 2008, 03:15:18 PM my laptap Does it dispense tummy custard? When did you last run a virus check? Neither do I. Need more information. See here for guidance. Specifically interested in: o Make and model number of computer (if brand name) o Operating system (and service pack level) o Does the error prevent you from loading and using the operating system? o What changes were made (hardware or SOFTWARE) before error occurred, if any? o What anti-virus software and is it up to date? o What other security software and do you keep it up to date. |
|
| 3893. |
Solve : annoying virus? |
|
Answer» i have a a virus i have never heard of before it created a file on my in my comps c drive called "1" and filled it with thousands upon thousands of 1 kb files and a few 2 gig files well more or less it took up all my remaining disk space i have successfully solved the space problem by deleting the files inside it but i cant delete the folder as something else is using it and i cant locate an exe that might be doing it nvm i followed steps in the waht to do before asking for help and the programs fixed it apparently i was able to delete the file completely |
|
| 3894. |
Solve : Just ran Dr.Web and got this? |
|
Answer» Just ran Dr.Web and got this message below. I have the option to move it and not cure it. What should i do. |
|
| 3895. |
Solve : Trogan horse? |
|
Answer» Hi |
|
| 3896. |
Solve : Trojan Horses and Spyware!? |
|
Answer» Hey, so I have trojan HORSES, spyware and hijackers taking over my computer. Now I downloaded Spysweeper to it and it really didn't do jack. |
|
| 3897. |
Solve : Help used Avast! now everything gone!!? |
|
Answer» Please help someone. So I downloaded Avast to get rid of the viruses now when I reboot, I get nothing on my MAIN screen. What should I do? Please help. This should all be KEPT in one thread...you now have 3 going. |
|
| 3898. |
Solve : Virus or trojan or spartan or something? |
|
Answer» Hi,
I also rebooted and logged on for each of my separate user accounts, checking for the existence of hmxmnqlq.exe in each one. It's not there in any of them. I've attached a new log from Hijackthis for you to verify. Is my computer now clean? David [recovering space - attachment deleted by admin]evilfantasy, I GOT your message and realized that I sent you the wrong Hijackthis log. The log attached to this message is the one that I created after running Autoruns and rebooting, etc. This one does not have evidence of hmxmnqlq.exe (I think). David [recovering space - attachment deleted by admin]Hello. Sorry it has taken so long to get back to you. Looks like it is gone indeed. Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally and will help secure the work you have done. .
. The above procedure will:
Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it installed) 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Use the Secunia Software Inspector to check for out of date software.
Here are some great tools to help you keep from getting infected again. To prevent unknown applications from being installed on your computer install WinPatrol 2007 Another THING I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Spybot Search & Destroy - A safe and effective spyware scanner. * Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers AVG Anti-Spyware Free Edition - Very reliable with a high detection rate. * AVG Anti-Spyware User Manual SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware Comodo BOClean - Stops trojans and many more malicious attacks. Use a Firewall - It can not be stressed enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. * Click here for a list of free firewalls. * Why would I consider a third party firewall? * Understanding and Using Firewalls UPDATE!!! UPDATE!!! UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com[/b]]http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. * Help with Windows updates Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? Let us know if anything else comes up. |
|
| 3899. |
Solve : Is there a fake Mcafee icon?? |
|
Answer» I started my computer today and now there is an icon next to the time, it will not let me left or right click it but when i point the mouse on it, it says mcafee personal firewall. I do not use mcafee, never have, and did not download this. I went to start-control panel-add/remove programs and there is no mcafee anything there. Can this be a fake icon or some virus? |
|
| 3900. |
Solve : Want to Uninstall Norton AV 2007? |
|
Answer» After using Norton AV for sometime, now, I have decided to remove it and install Avast. What is the proper method to uninstall this so no future problems will arise. Thanks. Quote I have decided to remove itCongratulations!! The best way to get rid of it, is to use this tool: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039The Longer but Fail-Safe Approach.Thanks Broni and Patio. Uh, wait, Broni's post has me confused: What's so bad about Norton? Edit in reply to bottom post: Heh, enough said.What's good about Norton?I prefer to refer to it as Symantec... Peter Norton was an old time hero in my mind. I believe if he had to do it all over again he still may have sold out but not put his name on it. The above is merely opinion and in no way constitutes a statement of fact as interpreted in a legal sense.only thing good with Norton is it's name? AVG or AVAST beats norton since you can get free version of their programs with the automatic scanning and UPDATING (As you probably already knew) Commodo firewall, AVG or AVAST, Microsoft Windows Defender and EITHER spybot or A-squared free or Ad-Aware on hand ---> that is my ARSENAL of computer protection. Enough? My reason to uninstall NortonAV 2007, probably is simplistic. 1. Impossible to contact anyone at Symantec for HELP. Seeking help thru their troubleshooting programs is futile. 2. My problem is: I cannot run their Updates in "Live Updates" When I run the Updates, now for "2 months" I get nothing but Errors, No. 1812 and 1806. 3. Following Norton's procedure: HOT FIX, i GET nothing, only message I get is "USE LIVE UPDATES AGAIN IN TWO WEEKS" @%$#& 4. This is what I pay for! Anyone have anything on this?No. We don't use it |
|
