InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 4051. |
Solve : Fist timer Logs? |
|
Answer» I found this while i was trying to fix a VUNDO trojan I think it was called. These are the logs from my sweeps. If SOMEONE could let me know how I can PREVENT from something like this happening again it would be greatly appreciated. |
|
| 4052. |
Solve : SVCHOST Application Error ANNOYING VIRUSS? |
|
Answer» Hi guys, |
|
| 4053. |
Solve : virus and spyware help? |
|
Answer» have been getting random PORN in recent documents and also in search bar ETC |
|
| 4054. |
Solve : Re: Search Engine Redirecting To Ads? |
|
Answer» I think this is the link you want... |
|
| 4055. |
Solve : Rebooting Problem?? |
|
Answer» My computer keeps rebooting after I log in. Once I got on Safe Mood I ran an Anti-Virus check and no VIRUSES were DETECTED. I NEED to know whats wrong with my computer and how I can FIX it. |
|
| 4056. |
Solve : Infected Computer? |
|
Answer» Hold on I'm having someone else look in on this.Ok thanksUAC is tricky in Vista...
* Copy and paste that log in the next reply jack & diane john mellencamp.mp3;C:\Users\Dennis\Documents\My Music\Downloads;Trojan.WMALoader;Cured.; du david hasselhoff - greatest hits.mp3;C:\Users\Dennis\Documents\My Music\Sara's Music;Trojan.WMALoader;Cured.; jammin bob marley wailers CD quality.mp3;C:\Users\Dennis\Documents\My Music\Sara's Music;Trojan.WMALoader;Cured.; were only gonna die for our[unreleased rare track].mp3;C:\Users\Dennis\Documents\My Music\Sara's Music;Trojan.WMALoader;Cured.; OK try here. http://www.vistarewired.com/2007/07/02/repairing-your-internet-connectionSaid it didn't find anyproblems Have you tried resetting your router? Is it just IE that won't connect? |
|
| 4057. |
Solve : Trojan.WMALoader? |
|
Answer» Quote from: whty99778 on May 24, 2009, 04:22:40 PM jack & diane john mellencamp.mp3;C:\Users\Dennis\Documents\My Music\Downloads;Trojan.WMALoader;Cured.;I'm just curious here, how can music be a trojan?When it has malicious code injected. Limewire, TORRENTS and so on...*censored* Limewire, it's so addictive. Quote from: evilfantasy on May 24, 2009, 07:46:00 PM When it has malicious code injected.But how does it actually damage a computer? What can windows media player do to damage a system?WMP doesnt damage a system. The trojan that is in the file does. That's the name assigned to it by Dr Web. Other COMPANIES will have different names. Look here http://www.virustotal.com/analisis/0007912ceea95ccde0279044e50e36c4Quote from: evilfantasy on May 25, 2009, 01:52:46 PM WMP doesnt damage a system. The trojan that is in the file does.How does the trojan get out? If it opens in windows media player, wouldn't it just give a format ERROR or something about a missing codec?What is a trojan HORSE? Topic split from original...Quote from: evilfantasy on May 25, 2009, 02:04:34 PM What is a trojan horse?Trojan Horses are malicious entities that hide themselves in seemingly legit files...but what I want to know is, how does the file get out, auto execute, via windows media player in a buffer overflow?I don't know. Have never dissected one in FileAlyzer and really wouldn't know what I was looking for anyway. Here is a good article. GetCodec.A says hello to multimedia files |
|
| 4058. |
Solve : malware removal guide? |
|
Answer» Cool
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, IDENTITY theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Hi I found a problem.... after i told you it was running fine my daughter tired to play a video on you tube and got a msg. to load adobe active x or java i downloaded active x 10... but no videos will play from any site , even her school... they all say i need active x or java ....any suggestions? Download DDS by sUBs and save it to your desktop. Alternate DDS download link Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. 1) DDS.txt 2) Attach.txt * Save both logs to your desktop. * Please copy and paste the entire contents of both logs in your next reply. Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copy and pasting it into the reply.here are the logs thank you DDS (Ver_09-05-14.01) - FAT32x86 Run by default at 8:37:39.28 on Mon 05/18/2009 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.239 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k netsvcs SVCHOST.EXE SVCHOST.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe SVCHOST.EXE C:\WINDOWS\Nhksrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\DELLMMKB.EXE C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Documents and Settings\default\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://yahoo.com/ mLocal Page = c:\windows\system\blank.htm mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://cf.icq.com/cf/2000/lost_password.html uInternet Settings,ProxyServer = http=localhost:7171 uInternet Settings,ProxyOverride = *.local; uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\YHEXBMES0411.DLL EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\SHDOCVW.DLL EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [MoneyAgent] "c:\program files\microsoft money\system\Money Express.exe" mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [DellTouch] c:\windows\DELLMMKB.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet mRun: [AS00_Gear511] c:\program files\netgear\wg511scu\utility\Gear511.exe -hide mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun dRun: [MoneyAgent] "c:\program files\microsoft money\system\Money Express.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE dPolicies-explorer: NoSetActiveDesktop = 1 (0x1) dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\YHEXBMES0411.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\SHDOCVW.DLL Trusted Zone: aol.com\free DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {17163BB4-107E-11D4-9B76-006097DF2317} - hxxp://aol.ea.com/downloads/games/common/boot_strap/iegils.cab DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} - hxxp://office.microsoft.com/productupdates/content/opuc.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164998083052 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164998017898 DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - hxxp://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?1038151877710 DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} - hxxp://windowsupdate.microsoft.com/R1044/V31Controls/x86/mil/en/actsetup.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/FLASH/swflash.cab Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5020} - Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: avgrsstarter - avgrsstx.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-15 325896] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-4-3 27784] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-15 108552] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944] R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-19 908568] R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-19 298776] R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2006-12-1 28672] R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2006-12-3 16194] R3 maestro;ESS Maestro Audio Driver (WDM);c:\windows\system32\drivers\es198xdl.sys [2002-6-20 414400] R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2006-12-1 6942] R3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\system32\drivers\wg511nd5.sys [2006-12-3 449888] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408] =============== Created Last 30 ================ 2009-05-16 22:55410,984a-------c:\windows\system32\deploytk.dll 2009-05-16 14:00--d-----c:\program files\EsetOnlineScanner 2009-05-15 01:19a-dshr--C:\cmdcons 2009-05-11 23:59--d-----c:\program files\Trend Micro 2009-05-11 23:19--d-----c:\docume~1\default\applic~1\Malwarebytes 2009-05-11 23:1915,504a-------c:\windows\system32\drivers\mbam.sys 2009-05-11 23:1938,496a-------c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-11 23:19--d-----c:\program files\Malwarebytes' Anti-Malware 2009-05-11 23:19--d-----c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-05-11 21:22--d-----c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-05-11 21:22--d-----c:\program files\SUPERAntiSpyware 2009-05-11 21:22--d-----c:\docume~1\default\applic~1\SUPERAntiSpyware.com 2009-05-11 14:24--d-----c:\program files\CCleaner 2009-05-09 16:46--d-----c:\documents and settings\default\Apps 2009-05-09 15:35--d-----c:\docume~1\alluse~1\applic~1\WEBREG 2009-05-09 14:4916,496a----r--c:\windows\system32\drivers\HPZipr12.sys 2009-05-09 14:4949,920a----r--c:\windows\system32\drivers\HPZid412.sys 2009-05-09 14:49271,704a----r--c:\windows\system32\hpzids01.dll 2009-05-09 14:49118,272a-------c:\windows\system32\hpz3l5mu.dll 2009-05-09 14:48372,736a----r--c:\windows\system32\hppldcoi.dll 2009-05-09 14:48309,760a----r--c:\windows\system32\difxapi.dll 2009-05-09 14:4821,568a----r--c:\windows\system32\drivers\HPZius12.sys 2009-05-09 14:38--d-----c:\program files\HP 2009-05-09 14:3825,856a-------c:\windows\system32\drivers\usbprint.sys 2009-05-09 14:3825,856a-------c:\windows\system32\dllcache\usbprint.sys 2009-05-09 14:3831,616a-------c:\windows\system32\drivers\usbccgp.sys 2009-05-09 14:3831,616a-------c:\windows\system32\dllcache\usbccgp.sys 2009-05-08 21:29--d-----c:\program files\common files\AOLSHARE 2009-05-07 21:47118a-------c:\windows\system32\MRT.INI 2009-05-07 19:35--d-----c:\windows\pss 2009-05-07 11:07283,648--------c:\windows\system32\dllcache\pdh.dll 2009-05-07 11:0760,416--------c:\windows\system32\dllcache\colbact.dll 2009-05-07 11:07473,088--------c:\windows\system32\dllcache\fastprox.dll 2009-05-07 11:07453,120--------c:\windows\system32\dllcache\wmiprvsd.dll 2009-05-07 11:07399,360--------c:\windows\system32\dllcache\rpcss.dll 2009-05-07 11:07227,840--------c:\windows\system32\dllcache\wmiprvse.exe 2009-05-07 11:07110,592--------c:\windows\system32\dllcache\services.exe 2009-05-07 11:07616,960--------c:\windows\system32\dllcache\advapi32.dll 2009-05-07 11:07714,752--------c:\windows\system32\dllcache\ntdll.dll 2009-05-07 11:051,193,414--------c:\windows\system32\dllcache\sysmain.sdb 2009-05-07 11:05215,552--------c:\windows\system32\dllcache\wordpad.exe 2009-05-06 20:44--d-----c:\program files\RegistryRepair 2009-05-04 10:28--d-----c:\program files\TeaTimer (Spybot - Search & Destroy) 2009-05-04 10:28--d-----c:\program files\SDHelper (Spybot - Search & Destroy) 2009-05-04 10:28--d-----c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-05-04 10:28--d-----c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-05-04 10:21--d-----c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-05-04 10:21--d-----c:\program files\Spybot - Search & Destroy 2009-04-26 21:1528,776a-------C:\vffbvrg.jpg ==================== Find3M ==================== 2009-05-17 10:25325,896a-------c:\windows\system32\drivers\avgldx86.sys 2009-05-17 10:2511,952a-------c:\windows\system32\avgrsstx.dll 2009-05-17 10:25108,552a-------c:\windows\system32\drivers\avgtdix.sys 2009-05-16 23:3217,015a-------c:\windows\system32\nvModes.dat 2009-05-15 00:2990,112a-------c:\windows\DUMP88cc.tmp 2009-04-14 09:1674,352a-------c:\docume~1\default\applic~1\GDIPFONTCACHEV1.DAT 2009-03-28 18:5561,224a-------c:\windows\java\GoToAssistDownloadHelper.exe 2009-03-21 10:18986,112--------c:\windows\system32\dllcache\kernel32.dll 2009-03-06 10:44283,648a-------c:\windows\system32\pdh.dll 2009-03-02 19:271,499,136--------c:\windows\system32\dllcache\shdocvw.dll 2009-02-20 17:443,067,904--------c:\windows\system32\dllcache\mshtml.dll 2009-02-19 05:5018,432--------c:\windows\system32\dllcache\iedw.exe 2004-07-04 21:0275a-------c:\docume~1\default\applic~1\fusioncache.dat 2000-10-13 16:56271---sh---c:\program files\desktop.ini 2000-10-13 16:5623,357----h---c:\program files\folder.htt ============= FINISH: 8:38:41.74 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-05-14.01) Microsoft Windows XP Home Edition BOOT Device: \Device\HarddiskVolume1 Install Date: 12/1/2006 11:33:09 AM System Uptime: 5/18/2009 8:26:23 AM (0 hours ago) Motherboard: Dell Computer Corporation | | Inspiron 8100 Processor: Intel(R) Pentium(R) III Mobile CPU 1000MHz | Microprocessor | 996/133mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (FAT32) - 19 GiB total, 10.36 GiB free. D: is CDROM () E: is Removable ==== Disabled Device Manager Items ============= ==== System RESTORE Points =================== RP299: 5/16/2009 1:48:47 PM - System Checkpoint RP300: 5/16/2009 10:54:14 PM - Installed Java(TM) 6 Update 13 RP301: 5/17/2009 10:12:29 AM - Avg8 Update RP302: 5/17/2009 10:26:06 AM - Avg8 Update RP303: 5/17/2009 11:44:39 AM - Removed Java(TM) 6 Update 13 ==== Installed Programs ====================== 32 Bit HP CIO Components Installer Ad-Aware Adobe Flash Player 10 ActiveX Adobe Photoshop 6.0 Adobe Reader 7.0.8 Adobe SVG Viewer 3.0 AOL Coach Version 2.0(Build:20041026.5 en) AOL Deskbar AOL You've Got Pictures Screensaver AVG Free 8.5 BarSim 1.5.2 CCleaner (remove only) Dell AccessDirect Dell Dock Quick Install for Windows Dell Internal Modem Diagnostics Tool Dell Solution Center DellTouch DivX Codec DivX Player EACOM Game Installer ESET Online Scanner FoneSync Google Toolbar for Internet Explorer HijackThis 2.0.2 Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB928388) Hotfix for Windows XP (KB952287) Image Expert 2000 v3.2 Intel SpeedStep technology Applet Intel(R) PRO Ethernet Adapter and Software Internet Explorer Q903235 iTunes Learn2 Player (Uninstall Only) LiveInfoPro Malwarebytes' Anti-Malware MathPlayer Microsoft .NET Framework (English) Microsoft .NET Framework (English) v1.0.3705 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Data Access Components KB870669 Microsoft Money 2001 Microsoft Office 2000 Premium Microsoft Picture It! Publishing 2001 Microsoft Visual C++ 2005 Redistributable Microsoft Works 2001 Setup Launcher Microsoft XML Parser and SDK MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML4 Parser NETGEAR 108 Mbps Wireless PC Card WG511T NVIDIA Windows 2000/XP Display Drivers OS Updates for WinME and Win2K QuickTime RealPlayer Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944338) Security Update for Windows XP (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB947864) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB963027) Shockwave Snood for Windows version 3.0-W Softex BayManager Spybot - Search & Destroy 1.3 SUPERAntiSpyware Free Edition Synaptics TouchPad Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB900930) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Update for Windows XP (KB946627) Update for Windows XP (KB955839) Update for Windows XP (KB967715) User's Guides Verizon Yahoo! Applications Viewpoint Media Player WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 10 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Service Pack 2 WinRAR archiver Works Suite OS Pack Works Synchronization Yahoo! Toolbar ==== Event Viewer Messages From Past Week ======== 5/17/2009 11:45:12 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found. 5/15/2009 1:41:31 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 7F3300AEC5DB29D6F7AE8C96105DD640 service to connect. 5/15/2009 1:41:06 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 0624B29CDD53C5C2B4D49AC9BAC6B32F service to connect. 5/15/2009 1:37:12 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 7D9761E0E5600B6001EDFB377419661E service to connect. 5/14/2009 9:55:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 5/14/2009 9:51:01 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 5/14/2009 8:50:59 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 5/14/2009 8:20:58 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 5/14/2009 8:05:58 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 5/14/2009 6:34:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT P3 RasAcd Rdbss SASDIFSV SASKUTIL Tcpip 5/14/2009 6:34:33 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning. 5/14/2009 6:34:33 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 5/14/2009 6:34:33 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 5/14/2009 6:34:33 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 5/14/2009 6:33:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 5/14/2009 3:25:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips P3 SASDIFSV SASKUTIL 5/13/2009 10:53:07 AM, error: E100B [4] - Adapter Intel 8255x-based PCI Ethernet Adapter (10/100): Adapter Link Down 5/13/2009 10:49:01 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 5/13/2009 10:36:38 AM, error: System Error [1003] - Error code 1000000a, parameter1 000000b1, parameter2 00000002, parameter3 00000000, parameter4 8050af1a. 5/12/2009 7:45:12 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000018, parameter2 00000002, parameter3 00000000, parameter4 8050af20. 5/11/2009 4:53:27 PM, error: System Error [1003] - Error code 1000000a, parameter1 bad0b0c8, parameter2 00000002, parameter3 00000000, parameter4 8050af20. ==== End Of File =========================== Go to Add or Remove Programs and uninstall Spybot - Search & Destroy 1.3 <- This is about 3 years out of date. ---------- Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop DO NOT run it yet! Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: DDS:: TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Handler: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5020} - 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezeCombofix log ComboFix 09-05-18.02 - default 05/18/2009 21:25.2 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.243 [GMT -4:00] Running from: c:\documents and settings\default\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\default\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\messenger\msmsgs.exe . ((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 ))))))))))))))))))))))))))))))) . 2009-05-17 15:37 . 2009-05-17 15:37--------d-----wc:\windows\Sun 2009-05-17 03:28 . 2009-05-17 03:28--------d-----wc:\documents and settings\Guest\Local Settings\Application Data\Google 2009-05-17 02:55 . 2009-05-17 02:54410984----a-wc:\windows\system32\deploytk.dll 2009-05-16 18:00 . 2009-05-16 18:00--------d-----wc:\program files\EsetOnlineScanner 2009-05-14 21:10 . 2009-05-14 21:10--------d-----wc:\documents and settings\Administrator\Application Data\Malwarebytes 2009-05-14 21:08 . 2009-05-14 21:08--------d-----wc:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2009-05-14 02:18 . 2009-05-14 02:1874352----a-wc:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-12 03:59 . 2009-05-12 03:59--------d-----wc:\program files\Trend Micro 2009-05-12 03:19 . 2009-05-12 03:19--------d-----wc:\documents and settings\default\Application Data\Malwarebytes 2009-05-12 03:19 . 2009-05-12 03:19--------d-----wc:\documents and settings\default\Application Data\Malwarebytes 2009-05-12 03:19 . 2009-04-06 19:3215504----a-wc:\windows\system32\drivers\mbam.sys 2009-05-12 03:19 . 2009-04-06 19:3238496----a-wc:\windows\system32\drivers\mbamswissarmy.sys 2009-05-12 03:19 . 2009-05-12 03:19--------d-----wc:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-12 03:19 . 2009-05-12 03:19--------d-----wc:\program files\Malwarebytes' Anti-Malware 2009-05-12 01:22 . 2009-05-12 01:22--------d-----wc:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-05-12 01:22 . 2009-05-12 01:22--------d-----wc:\program files\SUPERAntiSpyware 2009-05-12 01:22 . 2009-05-12 01:22--------d-----wc:\documents and settings\default\Application Data\SUPERAntiSpyware.com 2009-05-12 01:22 . 2009-05-12 01:22--------d-----wc:\documents and settings\default\Application Data\SUPERAntiSpyware.com 2009-05-11 18:24 . 2009-05-11 18:24--------d-----wc:\program files\CCleaner 2009-05-09 20:46 . 2009-05-09 20:46--------d-----wc:\documents and settings\default\Apps 2009-05-09 19:35 . 2009-05-09 19:35--------d-----wc:\documents and settings\All Users\Application Data\WEBREG 2009-05-09 18:51 . 2009-05-09 18:51--------d-----wc:\documents and settings\default\Application Data\HP 2009-05-09 18:51 . 2009-05-09 18:51--------d-----wc:\documents and settings\default\Application Data\HP 2009-05-09 18:49 . 2008-01-24 21:2916496----a-rc:\windows\system32\drivers\HPZipr12.sys 2009-05-09 18:49 . 2008-01-24 21:2949920----a-rc:\windows\system32\drivers\HPZid412.sys 2009-05-09 18:49 . 2009-05-09 18:49--------d-----wc:\documents and settings\All Users\Application Data\Hewlett-Packard 2009-05-09 18:49 . 2008-01-24 21:31271704----a-rc:\windows\system32\hpzids01.dll 2009-05-09 18:49 . 2007-10-20 22:25118272----a-wc:\windows\system32\hpz3l5mu.dll 2009-05-09 18:48 . 2008-01-24 21:30309760----a-rc:\windows\system32\difxapi.dll 2009-05-09 18:48 . 2008-01-24 21:30372736----a-rc:\windows\system32\hppldcoi.dll 2009-05-09 18:48 . 2008-01-24 21:3021568----a-rc:\windows\system32\drivers\HPZius12.sys 2009-05-09 18:41 . 2009-05-09 18:41--------d-----wc:\documents and settings\All Users\Application Data\HP 2009-05-09 18:39 . 2009-05-09 18:39--------d-----wc:\windows\system32\DRVSTORE 2009-05-09 18:38 . 2009-05-09 18:38--------d-----wc:\program files\HP 2009-05-09 18:38 . 2004-08-04 05:0125856----a-wc:\windows\system32\dllcache\usbprint.sys 2009-05-09 18:38 . 2004-08-04 05:0125856----a-wc:\windows\system32\drivers\usbprint.sys 2009-05-09 18:38 . 2004-08-04 05:0831616----a-wc:\windows\system32\dllcache\usbccgp.sys 2009-05-09 18:38 . 2004-08-04 05:0831616----a-wc:\windows\system32\drivers\usbccgp.sys 2009-05-09 01:29 . 2009-05-09 01:29--------d-----wc:\program files\Common Files\AOLSHARE 2009-05-07 15:07 . 2009-03-06 14:44283648------wc:\windows\system32\dllcache\pdh.dll 2009-05-07 15:07 . 2005-07-26 04:3960416------wc:\windows\system32\dllcache\colbact.dll 2009-05-07 15:07 . 2009-02-09 10:20399360------wc:\windows\system32\dllcache\rpcss.dll 2009-05-07 15:07 . 2009-02-06 17:14110592------wc:\windows\system32\dllcache\services.exe 2009-05-07 15:07 . 2009-02-09 10:20473088------wc:\windows\system32\dllcache\fastprox.dll 2009-05-07 15:07 . 2009-02-06 16:39227840------wc:\windows\system32\dllcache\wmiprvse.exe 2009-05-07 15:07 . 2009-02-09 10:20453120------wc:\windows\system32\dllcache\wmiprvsd.dll 2009-05-07 15:07 . 2009-02-09 10:20616960------wc:\windows\system32\dllcache\advapi32.dll 2009-05-07 15:07 . 2009-02-09 10:20714752------wc:\windows\system32\dllcache\ntdll.dll 2009-05-07 15:05 . 2008-04-21 10:02215552------wc:\windows\system32\dllcache\wordpad.exe 2009-05-07 00:44 . 2009-05-07 00:44--------d-----wc:\program files\RegistryRepair 2009-05-04 14:28 . 2009-05-04 14:28--------d-----wc:\program files\TeaTimer (Spybot - Search & Destroy) 2009-05-04 14:28 . 2009-05-04 14:28--------d-----wc:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-05-04 14:28 . 2009-05-04 14:28--------d-----wc:\program files\SDHelper (Spybot - Search & Destroy) 2009-05-04 14:28 . 2009-05-04 14:28--------d-----wc:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-05-04 14:21 . 2009-05-04 14:21--------d-----wc:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-05-04 14:21 . 2009-05-04 14:21--------d-----wc:\program files\Spybot - Search & Destroy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-19 01:23 . 2006-12-03 15:3374352----a-wc:\documents and settings\default\Application Data\GDIPFONTCACHEV1.DAT 2009-05-19 01:23 . 2006-12-03 15:3374352----a-wc:\documents and settings\default\Application Data\GDIPFONTCACHEV1.DAT 2009-05-17 14:25 . 2008-05-15 15:1711952----a-wc:\windows\system32\avgrsstx.dll 2009-05-17 14:25 . 2008-05-15 15:17325896----a-wc:\windows\system32\drivers\avgldx86.sys 2009-05-17 14:25 . 2008-05-15 15:17108552----a-wc:\windows\system32\drivers\avgtdix.sys 2009-05-17 03:32 . 2006-12-02 17:5817015----a-wc:\windows\system32\nvModes.dat 2009-05-15 04:29 . 2006-12-01 14:4990112----a-wc:\windows\DUMP88cc.tmp 2009-03-23 21:48 . 2009-03-23 21:48--------d-----wc:\program files\Common Files\Wise Installation Wizard 2009-03-06 14:44 . 2006-12-02 19:01283648----a-wc:\windows\system32\pdh.dll 2009-02-20 08:14 . 2006-06-23 15:33668160----a-wc:\windows\system32\wininet.dll 2009-02-20 08:14 . 2004-08-04 06:5681920------wc:\windows\system32\ieencode.dll 2000-10-13 20:56 . 2000-10-13 20:56271--sh--wc:\program files\desktop.ini 2000-10-13 20:56 . 2000-10-13 20:5623357---h--wc:\program files\folder.htt . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2000-07-19 176183] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2001-10-08 110592] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2001-10-08 401408] "DellTouch"="c:\windows\DELLMMKB.EXE" [2001-09-23 163840] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-06-24 4800512] "AS00_Gear511"="c:\program files\NETGEAR\WG511SCU\Utility\Gear511.exe" [2006-01-20 1122412] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-17 1947928] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-07 68592] "nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2003-06-24 323584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2000-07-19 176183] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05356352----a-wc:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-17 14:2511952----a-wc:\windows\SYSTEM32\avgrsstx.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="c:\program files\MESSENGER\MSMSGS.EXE" /background "Mirabilis ICQ"=c:\program files\ICQ\NDetect.exe "Weather"=c:\program files\AWS\WEATHERBUG\WEATHER.EXE 1 "Microsoft Works Update Detection"=c:\program files\Microsoft Works\WkDetect.exe "Yahoo! Pager"=c:\program files\Yahoo!\Messenger\ypager.exe -quiet [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "MMTray"=c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe "LapLink Scheduler"="c:\program files\Common Files\LapLink\Scheduler\LLSCHED.EXE" "SynTPLpr"=c:\program files\Synaptics\SynTP\SynTPLpr.exe "SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe "WorksFUD"=c:\program files\Microsoft Works\wkfud.exe "Microsoft Works Portfolio"=c:\program files\Microsoft Works\WksSb.exe /AllUsers "Microsoft Works Update Detection"=c:\program files\Microsoft Works\WkDetect.exe "seticlient"=c:\program files\[emailprotected]\[emailprotected] -min "TkBellExe"=c:\program files\Common Files\Real\Update_OB\realsched.exe -osboot "QuickTime Task"="c:\windows\SYSTEM32\qttask.exe" -atboottime "AOLDialer"=c:\program files\Common Files\AOL\ACS\AOLDial.exe "DadApp"=c:\program files\DELL\AccessDirect\dadapp.exe "BayMgr"=DockApp.exe "AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" "HostManager"=c:\program files\Common Files\AOL\1106251464\EE\AOLHostManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme "Promon.exe"=Promon.exe "CPortPatch"=c:\windows\Quick Install\CPPatch.exe "PRPCMonitor"=PRPCUI.exe "LoadQM"=loadqm.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-] "SchedulingAgent"=mstask.exe "AolAcsDaemon1"="c:\program files\COMMON FILES\AOL\ACS\AOLACSD.EXE" "AOL TopSpeedMonitor"=c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe "NVSvc"=c:\windows\SYSTEM32\NVSVC.EXE -runservice "KB891711"=c:\windows\SYSTEM\KB891711\KB891711.EXE "MSNIA"=c:\progra~1\MSN\MSNIA\MSNIASVC.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [5/15/2008 11:17 AM 325896] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [5/15/2008 11:17 AM 108552] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/19/2009 1:43 PM 908568] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/19/2009 1:43 PM 298776] R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [12/1/2006 12:30 PM 28672] R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\SYSTEM32\AWINDIS5.SYS [12/3/2006 1:40 PM 16194] R3 maestro;ESS Maestro Audio Driver (WDM);c:\windows\SYSTEM32\DRIVERS\es198xdl.sys [6/20/2002 5:53 PM 414400] R3 Msikbd2k;DellTouch;c:\windows\SYSTEM32\DRIVERS\Msikbd2k.sys [12/1/2006 12:30 PM 6942] R3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\SYSTEM32\DRIVERS\wg511nd5.sys [12/3/2006 1:39 PM 449888] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\^RNA] rundll rnasetup.dll,installoptionalcomponent rna [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] "c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] "c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install "c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}] "c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}] "c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install "c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] c:\windows\SYSTEM32\updcrl.exe -e -u c:\windows\SYSTEM\verisignpub1.crl . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uStart Page = hxxp://yahoo.com/ mLocal Page = c:\windows\SYSTEM\blank.htm mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://cf.icq.com/cf/2000/lost_password.html uInternet Settings,ProxyServer = http=localhost:7171 uInternet Settings,ProxyOverride = *.local; uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com Trusted Zone: aol.com\free Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-18 21:32 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(456) c:\program files\SUPERAntiSpyware\SASWINLO.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\LAVASOFT\AD-AWARE\AAWSERVICE.EXE c:\program files\AVG\AVG8\AVGWDSVC.EXE c:\windows\SYSTEM32\NVSVC32.EXE c:\windows\SYSTEM32\WDFMGR.EXE c:\program files\AVG\AVG8\AVGRSX.EXE c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wscntfy.exe c:\program files\Netropa\OSD.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-05-19 21:36 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-19 01:36 Pre-Run: 10,996,350,976 bytes free Post-Run: 11,031,134,208 bytes free 244--- E O F ---2009-05-15 06:00 I'm not seeing anything malware related. How is the computer running now?hi sorry for late reply... . mom in hospital .....thought u were done with me huh? no such luck... any road... sill not playing any vidoes still saying need active x.......i checked video adaters said wroking properly ..went to dell and did a hardware scan everthing passed... with my other cumputers ...2 Dells and an HP ....when i go to boot menu there is a diagnostic scan u can run ..i cant seem to find it on this one.... any suggestions or can u direct me any where? do u think i should update the drivers ? do a system restore ? i'm nowhere near this in my repair course and my pc guy is expensive thank you Try posting in the Windows forum.HI thanks i will ... I went to Abobe support and I found It could be registry permissions ..since it downloaded with no prob... but its not being recognized...makes sense with all the cleaning ... if you'd like I'll let you know what i find and how it was fixed ....might take awhile cuz moms still in hosp. hope soon I can do the malware removal and hijack this SELF help with my other pcs Thank you again for all your help your a godsend |
|
| 4059. |
Solve : Bad Virus---please help? |
|
Answer» I have a BAD virus on my computer that I have been trying to get rid of for 3 days now.
---------- Use the In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. If needed, this animation will guide you through the process.OK, finaly got that done,,,,it did take a while.. It didn't find any malware or anything. here is the log report. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Monday, May 25, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Tuesday, May 26, 2009 02:21:06 Records in database: 2246292 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Files scanned: 75975 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 02:50:39 No malware has been detected. The scan area is clean. The selected area was scanned.Looks good. Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thank you sooooo much Evil.... You have been a life saver, I coul'nt have done it without ya.. Your welcome. Safe surfing.... |
|
| 4060. |
Solve : Help with this nasty infection....? |
|
Answer» Well, no luck... it will not run as well, tried 3 times. I am starting to think I only have one option left Launch Task Manager by pressing Ctrl + ALT + Delete |
|
| 4061. |
Solve : Inbound rules. Windows firewall advanced security? |
|
Answer» HELLO, I was looking through my inbound rules and noticed there was a list of 6 taskpanl and they are all allowed. I am wondering whether or not this is normal/safe? I would appreciate your help. Dana [attachment deleted by admin]taskpanl is ASSOCIATED with EARTHLINK TotalAccess 2003 Internet access software. Are you using Earthlink? BTW, WINDOWS Firewall only protected against incoming. Outgoing traffic can be just as dangerous.No i am not using Earthlink. I don't even recall installing the program. Do you have any suggestions?If you are not using it and you didn't install it just go to Control panel, Add/Remove programs and uninstall it. |
|
| 4062. |
Solve : Help! Viruses/malware/spyware deny acces to usb-sticks and Ipod? |
|
Answer» Hi, |
|
| 4063. |
Solve : Trojan.Packed.NsAnti won't go away!? |
|
Answer» That's not the link.
Check this folder and delete everything in it. C:\Users\kittymaroon\AppData\Local\Temp\ <- Empty all of the files in the Temp folder. ---------- Vista delete temporary files 1. Open Internet Explorer. 2. Click the Tools button, and then click Internet Options. 3. Click the General tab, and then, under Browsing history, click Delete. 4. In the Delete Browsing History dialog box, click Delete all to remove all temporary files. ---------- Flush the old INFECTED restore points. You can find instructions on how to disable and re-enable system restore in Vista here: Disabling System Restore. Be sure to restart the computer and then turn system restore back on. ---------- Is the popup about malware still happening? When deleting, hold the shift key when you press the delete key. It will make the files skip the recycle bin.I flushed my old restore points and did all the other stuff when you told me to a week or two ago. I didnt' get any pop-up warnings from Symantec for a while, but in the last few days, I've gotten a lot (60-70). Ran SuperAntiSpyware again and got this log. What next? [attachment deleted by admin]Quote from: kittymaroon on May 26, 2009, 10:36:52 PM What next? Start a new topic with the 3 logs from the malware removal guide. It's been nearly 3 weeks. Anything could have happened between then and now. |
|
| 4064. |
Solve : open DNS? |
| Answer» HI all , Would our EXPERTS recommend using OpenDNS as my DNS Server? To help protect against Viruses and malware?.I'm not a specialist, but I do highly recommend it. I set it up on my router, and it has BLOCKED a number of 'dangerous' sites. It's also great if you have kids, because it also serves as a filter so your kids can't get themselves into trouble, and they wont KNOW how to get around it as easily as software filters. I've checked it out but am no expert with it but I would say yes also. http://www.opendns.com/Thank you Evilfantasy, Again! LOL | |
| 4065. |
Solve : Keylogger? |
|
Answer» Thanks for all of your help. You have no idea how MUCH folks like me appreciate folks like you who are WILLING to SPEND time and share your knowledge helping those of us who are at times,..........clueless!There are too many tools out there that simply create more confusion than they do ANSWER questions. |
|
| 4066. |
Solve : Inputs for the Safe Browsing Tool you use?? |
|
Answer» Hi Guys!! EVIL , i went to look at norton and got this up on the screen so i must be covered in the pcThat is a feature in almost all browsers. In a secure site (https://), if there is anything from a http:// area, then that box pops up.so are you saying there must have been something in that norton site and what is in my pc will not do the same as wotQuote from: harry 48 on May 26, 2009, 05:20:26 PM so are you saying there must have been something in that norton site That little alert box is not because of any addons you've installed, WOT or Norton. It is the site, as I explained, anything that is not secure (not https://) on a https:// site will BRING up that message.Hey Evilfantasy! That's quite a 'Wonderful' compilation of a whole lot of Safe Surfing Tools! & probably you just missed an another one that I got to know today only through 'Download.com'! Its : Free Dr.Web LinkCheckers; & they offer versions for all the 3 popular Web Browsers viz. IE, FF & Opera & even for Mozilla Thunderbird! Just read out the 'Collection' of Download.com's choice: http://news.cnet.com/8301-17939_109-10249214-2.html?tag=contentMain;contentBody Worth to mention, Dr. Web Linkcheckers offers a unique mechanism(perhaps) to Right Click any link & Scan the same through this tool before you visit the same! However, it DO NOT offers the 'Ready-Made' ratings for Search Engine results unlike its counterparts! Still a 'Good' weapon that beckons to have a place in your armory! Here is another TrendProtect http://www.trendsecure.com/portal/en-US/tools/security_tools/trendprotectYa Man! I have tried that as well....& they still continue to promise the release the FF version soon! One thing...Sitehound(your favourite) website compares both Free & Paid Versions, unfortunately I couldn't locate the 'Download Link' for the Freeware!? Please HELP! Ya me too recall another one>>Scandoo from Scansafe! Added to the list. |
|
| 4067. |
Solve : I need help with Norton Antivirus? |
|
Answer» My MIL got a laptop from her sister. It's running incredibly slow so she asked me to look at it. The first thing that jumped out at me is when you go to add/remove programs Norton Internet SECURITY is listed and last used 3/13/07. No I can't remove it. My MIL's sister has a computer degree and swears MIL has to have Norton so she won't let me remove it. Ask the sister if you may talk to Mil, after all it's Mil's laptop now, not the sister's. !! Mil may like norton off the pc, regardless of what the sister may think. Sister has a computer degree, but whose laptop is it now? |
|
| 4068. |
Solve : XP Freezes at WELCOME? |
|
Answer» Kaspersky says it's clean. Here's the report:
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you INTERACT with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. ALSO stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 4069. |
Solve : search engine redirect virus and the dreaded blue screen? |
| Answer» | |
| 4070. |
Solve : Please Help: Search Engine Redirect, System Restore Disabled? |
|
Answer» Hello. I noticed today that my computer is suffering from some sort of virus/spyware/malware infection. Problems I've noticed: |
|
| 4071. |
Solve : i have spyware? |
|
Answer» everytime i click on a google search link it gives me another page thats about buying stuff or ads.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. ---------- Download GooredFix from one of the locations below and save it to your Desktop. Link #1 Link #2 * Double-click GooredFix.exe to run it. * Select 1. Find Goored (no fix) by typing 1 and pressing Enter. * A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.Malwarebytes' Anti-Malware 1.36 Database version: 2178 Windows 5.1.2600 Service Pack 3 5/25/2009 7:53:47 PM mbam-log-2009-05-25 (19-53-47).txt Scan type: Quick Scan Objects scanned: 86969 Time elapsed: 6 minute(s), 14 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Inject) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\drivers\svchost.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\svchost.exe) Good: (userinit.exe) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\svchost.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Oscar\Local Settings\Temporary Internet Files\Content.IE5\1JKOCQIC\ccsuper0[1].htm (Rootkit.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Oscar\Local Settings\Temporary Internet Files\Content.IE5\1JKOCQIC\iobpgg[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Oscar\Local Settings\Temporary Internet Files\Content.IE5\GIHSGJPP\voclzzjkg[1].htm (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Oscar\Local Settings\Temporary Internet Files\Content.IE5\L07GOYCF\jyiifgkxhy[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Oscar\Local Settings\Temporary Internet Files\Content.IE5\SLGVZ25I\jtcqqe[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully. GooredFix v1.92 by jpshortstuff Log created at 19:57 on 25/05/2009 running Option #1 (Oscar) Firefox version 3.0.10 (en-US) =====Suspect Goored Entries===== =====Dumping Registry Values===== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions] "Plugins"="D:\Program Files\plugins" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions] "Components"="D:\Program Files\components" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "[emailprotected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" Click Start > Run and then copy/paste the following into the box and then click OK Code: [Select]"%userprofile%\Desktop\GooredFix.exe" /uninstallIf any of your SECURITY PROGRAMS query a new Registry/AutoStart value being added please allow the changes. ---------- Download DDS by sUBs and save it to your desktop. Alternate DDS download link Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. 1) DDS.txt 2) Attach.txt * Save both logs to your desktop. * Please copy and paste the entire contents of both logs in your next reply. Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copy and pasting it into the reply. DDS (Ver_09-05-14.01) - NTFSx86 Run by Oscar at 20:17:09.70 on Mon 05/25/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.453 [GMT 1:00] AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\ASTSRV.EXE svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Tablet.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Oscar\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [AdobeBridge] mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe uPolicies-explorer: NoResolveTrack = 1 (0x1) uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) uPolicies-explorer: NoInstrumentation = 1 (0x1) uPolicies-explorer: NoSMBalloonTip = 1 (0x1) dPolicies-explorer: NoResolveTrack = 1 (0x1) dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) dPolicies-explorer: NoInstrumentation = 1 (0x1) dPolicies-explorer: NoSMBalloonTip = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: {29DBFC70-ADB2-4950-BF32-358273D17553} = 4.2.2.1,4.2.2.2 TCP: {CBFFB94A-B86B-4769-887E-89459223601D} = 4.2.2.1,4.2.2.2 Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Notification Packages = :\WINDOW ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\oscar\applic~1\mozilla\firefox\profiles\tbd6nkx8.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.att.net/ FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\documents and settings\oscar\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll FF - plugin: d:\program files\plugins\noreg\NPVeohVersion.dll FF - plugin: d:\program files\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: d:\program files\plugins\npPandoWebInst.dll FF - plugin: d:\program files\reader 8.0\reader\browser\nppdf32.dll ============= SERVICES / DRIVERS =============== R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944] R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2009-5-23 57344] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-25 101936] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090525.002\NAVENG.SYS [2009-5-25 89104] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090525.002\NAVEX15.SYS [2009-5-25 876144] S1 SASKUTIL;SASKUTIL;\??\d:\program files\ares songs\saskutil.sys --> d:\program files\ares songs\SASKUTIL.sys [?] S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\oscar\locals~1\temp\imspcloj.sys --> c:\docume~1\oscar\locals~1\temp\iMSPCLOj.sys [?] S3 SASENUM;SASENUM;\??\d:\program files\ares songs\sasenum.sys --> d:\program files\ares songs\SASENUM.SYS [?] S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-3-14 1251720] =============== Created Last 30 ================ 2009-05-25 20:16--d-h---c:\windows\PIF 2009-05-24 03:292,440a-------c:\windows\New OpenDocument Text.odt 2009-05-24 03:08107,852a-------c:\windows\system32\drivers\c712b9fe.sys 2009-05-24 03:082a-------C:\-1596348440 2009-05-23 22:34114,048a-------c:\windows\system32\drivers\snapman.sys 2009-05-23 22:03--d-----C:\CPM 2009-05-23 20:37--d-----c:\docume~1\oscar\applic~1\Lucis 2009-05-23 20:3041a-------c:\windows\ars-dat0169.conf 2009-05-23 15:24--d-----c:\docume~1\oscar\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-05-23 00:4257,344a-------c:\windows\system32\ASTSRV.EXE 2009-05-23 00:41--d-----c:\program files\Alien Skin 2009-05-19 20:51--d-----c:\docume~1\alluse~1\applic~1\ALM ==================== Find3M ==================== 2009-04-13 22:5053,248a-------c:\documents and settings\oscar\lametritonus_en.dll 2009-04-13 22:50162,304a-------c:\documents and settings\oscar\lame_enc_en.dll 2009-04-06 15:3238,496a-------c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 15:3215,504a-------c:\windows\system32\drivers\mbam.sys 2009-03-21 20:07410,984ac------c:\windows\system32\deploytk.dll 2008-07-25 22:001,642,385ac-sh---c:\windows\system32\aoortcfq.ini2 2008-07-25 22:00345ac-sh---c:\windows\system32\GOWFffii.ini2 2008-07-21 20:58345ac-sh---c:\windows\system32\iPpYbccf.ini2 2008-07-11 21:521,878,529ac-sh---c:\windows\system32\jmsvgyxq.ini2 2008-07-20 14:01850,459ac-sh---c:\windows\system32\mVutCJjl.ini2 2008-12-12 22:5532,768ac-sh---c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008121220081213\index.dat ============= FINISH: 20:17:34.79 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-05-14.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/14/2008 12:28:25 PM System Uptime: 5/25/2009 7:54:40 PM (1 hours ago) Motherboard: http://www.abit.com.tw/ | | AA8XE (Intel 925XE-ICH6R) Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Socket 775 | 3260/204mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 20 GiB total, 0.374 GiB free. D: is FIXED (NTFS) - 233 GiB total, 169.15 GiB free. E: is FIXED (NTFS) - 213 GiB total, 212.788 GiB free. F: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP109: 5/23/2009 12:25:58 PM - Removed AcronisDisk Director Suite RP110: 5/24/2009 5:06:57 AM - Restore Operation RP111: 5/24/2009 5:24:08 AM - Removed AcronisDisk Director Suite ==== Installed Programs ====================== 3DVIA player 4.1 6200 6200_Help 6200Trb Acrobat.com Adobe After Effects CS4 Third Party Content Adobe AIR Adobe Anchor Service CS4 Adobe Bridge 1.0 Adobe Bridge CS4 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe Common File Installer Adobe Creative Suite 4 Master Collection Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Drive CS4 Adobe Encore CS4 Codecs Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Help Center 1.0 Adobe Help Viewer 1.1 Adobe Illustrator CS4 Adobe InDesign CS4 Adobe InDesign CS4 Application Feature Set Files (Roman) Adobe InDesign CS4 Common Base Files Adobe InDesign CS4 Icon Handler Adobe Linguistics CS4 Adobe Media Encoder CS4 Exporter Adobe Media Encoder CS4 Importer Adobe Media Player Adobe Output Module Adobe PDF Library Files Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Premiere Pro CS4 Third Party Content Adobe Reader 8.1.3 Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe SGM CS4 Adobe Shockwave Player 11 Adobe SING CS4 Adobe Soundbooth CS4 Codecs Adobe Stock Photos 1.0 Adobe Type Support Adobe Type Support CS4 Adobe Update Manager CS4 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB AiO_Scan AiOSoftware Alien Skin Blow Up 2 Alien Skin Bokeh Alien Skin Snap Art 2 AppCore Apple Mobile Device Support Apple Software Update Ares 2.0.9 AV BufferChm ccCommon CCleaner (remove only) CloneCD CloneDVD 3.9.1 Combat Arms Connect Copy CP_AtenaShokunin1Config cp_dwShrek2Albums1 cp_dwShrek2Cards1 CreativeProjects CreativeProjectsTemplates CueTour Defraggler (remove only) Destinations Director DivX Web Player DocProc DocumentViewer Fax Free YouTube to Mp3 Converter version 3.1 GearDrvs getPlus(R)_dll Google Chrome HijackThis 1.99.1 Hotfix for Windows XP (KB952287) HP Image Zone 4.7 HP Product Assistant HP PSC & OfficeJet 4.7 HP Software Update HPSystemDiagnostics InstantShare iTunes Java(TM) 6 Update 12 Java(TM) 6 Update 5 Java(TM) 6 Update 7 kuler LiveUpdate 3.2 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) LucisArt 3 ED/SE Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.0.10) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MyFonts Order M1518563 Norton 360 Norton 360 (Symantec Corporation) Norton 360 Help Norton Confidential Browser Component Norton Confidential Web Authentification Component Norton Confidential Web Protection Component NVIDIA Drivers OpenOffice.org 3.0 Pando Media Booster PanoStandAlone PDF Settings CS4 PhotoGallery Photoshop Camera Raw ProductContext QFolder QuickTime Readme Realtek High Definition Audio Driver Scan ScannerCopy SecondLife (remove only) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) SkinsHP1 SPBBC 32bit Suite Shared Configuration CS4 SUPERAntiSpyware Free Edition SuppSoft Symantec Real Time Storage Protection Component Symantec Technical Support Controls SymNet System Requirements Lab Tablet Topaz Vivacity TrayApp Uninstall 1.0.0.1 Unity Web Player Unload Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) VC80CRTRedist - 8.0.50727.762 WebFldrs XP WebReg Windows Genuine Advantage Notifications (KB905474) Windows Installer Clean Up Windows Internet Explorer 7 Windows Live installer Windows Live Sign-in Assistant Windows XP Service Pack 3 WinRAR archiver ==== Event Viewer Messages From Past Week ======== 5/25/2009 7:55:44 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 5/19/2009 7:52:49 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000056' while processing the file 'luna.mst.new' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. ==== End Of File =========================== Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it) When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFix ---------- Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. First install the new Sun Java Runtime Environment Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update. Be sure to close all browser windows before beginning the install. Remove the old version(s) Download JavaRa
Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.THE JAVAAR LINK DOES NOT SEND ME TO A DOWNLOAD FOR JAVA ComboFix 09-05-25.05 - Oscar 05/25/2009 21:19.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.541 [GMT 1:00] Running from: c:\documents and settings\Oscar\Desktop\ComboFix.exe AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\-1596348440 c:\documents and settings\Oscar\Application Data\wiaserva.log c:\windows\system32\aoortcfq.ini2 c:\windows\system32\aoortcfq.tmp c:\windows\system32\bitusacu.ini c:\windows\system32\bnkecpgi.ini c:\windows\system32\drivers\c712b9fe.sys c:\windows\system32\fgldbddg.ini c:\windows\system32\GOWFffii.ini c:\windows\system32\GOWFffii.ini2 c:\windows\system32\iPpYbccf.ini2 c:\windows\system32\jmsvgyxq.ini2 c:\windows\system32\jmsvgyxq.tmp c:\windows\system32\maooddhx.ini c:\windows\system32\mVutCJjl.ini2 D:\Uninstall.exe . ((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 ))))))))))))))))))))))))))))))) . 2009-05-25 19:48 . 2009-03-19 13:031907712----a-wc:\windows\system32\BootMan.exe 2009-05-25 19:48 . 2009-02-25 19:228704----a-wc:\windows\system32\epmntdrv.sys 2009-05-25 19:48 . 2009-02-25 19:2286408----a-wc:\windows\system32\setupempdrv03.exe 2009-05-25 19:48 . 2009-02-25 19:223072----a-wc:\windows\system32\EuGdiDrv.sys 2009-05-25 19:48 . 2009-02-25 19:2114848----a-wc:\windows\system32\EuEpmGdi.dll 2009-05-25 19:47 . 2009-05-25 19:47--------d-----wc:\program files\EASEUS 2009-05-25 19:16 . 2009-05-25 19:16--------d--h--wc:\windows\PIF 2009-05-23 21:34 . 2009-05-23 21:34114048----a-wc:\windows\system32\drivers\snapman.sys 2009-05-23 21:03 . 2009-05-23 21:03--------d-----wC:\CPM 2009-05-23 19:37 . 2009-05-23 19:37--------d-----wc:\documents and settings\Oscar\Application Data\Lucis 2009-05-23 14:29 . 2009-05-23 14:29--------d-----wc:\program files\Common Files\Adobe AIR 2009-05-23 14:24 . 2009-05-23 14:2838208----a-wc:\documents and settings\Oscar\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-05-23 14:24 . 2009-05-23 14:24--------d-----wc:\documents and settings\Oscar\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-05-22 23:47 . 2009-05-23 00:03--------d-----wc:\documents and settings\Oscar\Application Data\Alien Skin 2009-05-22 23:42 . 2008-05-19 12:1357344----a-wc:\windows\system32\ASTSRV.EXE 2009-05-22 23:41 . 2009-05-22 23:42--------d-----wc:\program files\Alien Skin 2009-05-19 19:51 . 2009-05-19 19:51--------d-----wc:\documents and settings\All Users\Application Data\ALM 2009-05-19 19:31 . 2009-05-19 19:31--------d-----wc:\program files\Adobe Media Player . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-25 20:25 . 2008-04-23 11:13--------d-----wc:\documents and settings\Oscar\Application Data\WTablet 2009-05-25 20:24 . 2008-03-14 12:49--------d-----wc:\program files\Common Files\Symantec Shared 2009-05-25 19:45 . 2008-11-23 22:06410984-c--a-wc:\windows\system32\deploytk.dll 2009-05-25 18:46 . 2008-09-28 20:57--------d-----wc:\program files\Malwarebytes' Anti-Malware 2009-05-25 18:46 . 2008-09-28 20:582967799-c--a-wc:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-05-24 04:07 . 2008-09-28 19:45--------d-----wc:\program files\SUPERAntiSpyware 2009-05-22 16:47 . 2008-03-15 13:0983280-c--a-wc:\documents and settings\Oscar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-19 19:57 . 2008-03-14 12:44--------d-----wc:\program files\Common Files\Adobe 2009-05-19 18:13 . 2008-12-15 22:25--------d-----wc:\program files\Windows Live 2009-04-26 12:59 . 2008-06-01 11:24--------d-----wc:\documents and settings\LocalService\Application Data\WTablet 2009-04-14 20:40 . 2008-04-22 21:23--------d-----wc:\program files\DivX 2009-04-14 20:39 . 2009-04-14 20:39--------d-----wc:\program files\Common Files\DivX Shared 2009-04-13 21:50 . 2009-04-13 21:5053248----a-wc:\documents and settings\Oscar\lametritonus_en.dll 2009-04-13 21:50 . 2009-04-13 21:50162304----a-wc:\documents and settings\Oscar\lame_enc_en.dll 2009-04-11 01:44 . 2008-03-14 13:35--------d-----wc:\program files\Microsoft Works 2009-04-10 16:36 . 2008-06-23 19:4598304-c--a-wc:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll 2009-04-10 16:36 . 2008-06-23 19:4581920-c--a-wc:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll 2009-04-10 16:36 . 2008-06-23 19:45258352-c--a-wc:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll 2009-04-10 16:36 . 2008-06-23 19:45335872-c--a-wc:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll 2009-04-10 16:36 . 2008-06-23 19:45520192-c--a-wc:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll 2009-04-10 16:36 . 2008-06-23 19:45167936-c--a-wc:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe 2009-04-10 16:05 . 2009-04-10 16:04--------d-----wc:\documents and settings\All Users\Application Data\PMB Files 2009-04-10 16:03 . 2009-04-10 16:03--------d-----wc:\program files\Pando Networks 2009-04-06 14:32 . 2008-09-28 20:5738496----a-wc:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 14:32 . 2008-09-28 20:5715504----a-wc:\windows\system32\drivers\mbam.sys 2009-04-06 00:41 . 2008-11-28 23:331----a-wc:\documents and settings\Oscar\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-04-04 14:53 . 2009-04-04 14:531078----a-rc:\documents and settings\Oscar\Application Data\Microsoft\Installer\{C13A8E73-7E98-4295-BA94-6931701CD1F9}\_4ae13d6c.exe 2009-04-04 14:53 . 2009-04-04 14:531078----a-rc:\documents and settings\Oscar\Application Data\Microsoft\Installer\{C13A8E73-7E98-4295-BA94-6931701CD1F9}\_294823.exe 2009-04-04 14:53 . 2009-04-04 14:531078----a-rc:\documents and settings\Oscar\Application Data\Microsoft\Installer\{C13A8E73-7E98-4295-BA94-6931701CD1F9}\_18be6784.exe 2009-03-21 19:10 . 2009-03-21 19:1057344-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-159679b9-n\Decora-SSE.dll 2009-03-21 19:10 . 2009-03-21 19:10499712-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-534157ec-n\msvcp71.dll 2009-03-21 19:10 . 2009-03-21 19:10499712-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-534157ec-n\jmc.dll 2009-03-21 19:10 . 2009-03-21 19:10348160-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-534157ec-n\msvcr71.dll 2009-03-21 19:10 . 2009-03-21 19:1024064-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-36d373a8-n\Decora-D3D.dll 2009-03-21 19:08 . 2009-03-21 19:0857344-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\37\3976f065-746c9cba-n\Decora-SSE.dll 2009-03-21 19:08 . 2009-03-21 19:0824064-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\37\2c4a0065-6f7bc486-n\Decora-D3D.dll 2009-03-21 19:08 . 2009-03-21 19:08315392-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7bb58b64-n\jogl.dll 2009-03-21 19:08 . 2009-03-21 19:0820480-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7bb58b64-n\jogl_awt.dll 2009-03-21 19:08 . 2009-03-21 19:08114688-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7bb58b64-n\jogl_cg.dll 2009-03-21 19:08 . 2009-03-21 19:0820480-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-253d6c9a-n\gluegen-rt.dll 2009-03-21 19:07 . 2009-03-21 19:07503808-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-3eadbfdc-n\msvcp71.dll 2009-03-21 19:07 . 2009-03-21 19:07499712-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-3eadbfdc-n\jmc.dll 2009-03-21 19:07 . 2009-03-21 19:07348160-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-3eadbfdc-n\msvcr71.dll 2009-03-21 19:05 . 2009-03-21 19:05152576-c--a-wc:\documents and settings\Oscar\Application Data\Sun\Java\jre1.6.0_12\lzma.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-01-18 18:27356352----a-wc:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "d:\\Program Files\\SecondLife\\SLVoice.exe"= "c:\\Documents and Settings\\Oscar\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "d:\\Program Files\\Combat Arms\\NMService.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8392:TCP"= 8392:TCP:BitComet 8392 TCP "8392:UDP"= 8392:UDP:BitComet 8392 UDP "57116:TCP"= 57116:TCP:Pando Media Booster "57116:UDP"= 57116:UDP:Pando Media Booster "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/3/2008 2:07 PM 8944] R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [5/23/2009 12:42 AM 57344] S1 SASKUTIL;SASKUTIL;\??\d:\program files\Ares Songs\SASKUTIL.sys --> d:\program files\Ares Songs\SASKUTIL.sys [?] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [5/25/2009 8:48 PM 8704] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [5/25/2009 8:48 PM 3072] S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\Oscar\LOCALS~1\Temp\iMSPCLOj.sys --> c:\docume~1\Oscar\LOCALS~1\Temp\iMSPCLOj.sys [?] S3 SASENUM;SASENUM;\??\d:\program files\Ares Songs\SASENUM.SYS --> d:\program files\Ares Songs\SASENUM.SYS [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST . Contents of the 'Scheduled Tasks' folder 2009-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-492894223-725345543-1003.job - c:\documents and settings\Oscar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-15 23:43] . - - - - ORPHANS REMOVED - - - - HKCU-Run-AdobeBridge - (no file) SafeBoot-ati7qexx.sys SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: {29DBFC70-ADB2-4950-BF32-358273D17553} = 4.2.2.1,4.2.2.2 TCP: {CBFFB94A-B86B-4769-887E-89459223601D} = 4.2.2.1,4.2.2.2 FF - ProfilePath - c:\documents and settings\Oscar\Application Data\Mozilla\Firefox\Profiles\tbd6nkx8.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.att.net/ FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\Oscar\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll FF - plugin: d:\program files\Plugins\noreg\NPVeohVersion.dll FF - plugin: d:\program files\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: d:\program files\plugins\npPandoWebInst.dll FF - plugin: d:\program files\Reader 8.0\Reader\browser\nppdf32.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-25 21:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\run\OptionalComponents\IMAIL] @DACL=(02 0000) @="" "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MAPI] @DACL=(02 0000) @="" "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MSFS] @DACL=(02 0000) @="" "Installed"="1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(756) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\windows\system32\Tablet.exe c:\windows\system32\WTablet\TabUserW.exe c:\windows\system32\wscntfy.exe c:\windows\system32\Tablet.exe . ************************************************************************** . Completion time: 2009-05-25 21:28 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-25 20:28 Pre-Run: 224,926,203,904 bytes free Post-Run: 224,859,955,200 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 248--- E O F ---2009-05-21 18:23 The MajorGeeks server that hosts their downloads crashed the other day and it looks like some things were not added back correctly. Use this one please. http://majorgeeks.com/JavaRA_d5982.html ---------- Please go to VirSCAN.org FREE on-line scan service (If more than one file needs scanned they must be done separately and logs posted for each one) 1. Copy and paste the following file path into the Suspicious files to scan box on the top of the page. Code: [Select]c:\docume~1\Oscar\LOCALS~1\Temp\iMSPCLOj.sys2. At the upload site, click once inside the window next to Browse. 3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window. 4. Click on the Upload button. This will perform a scan across multiple different virus scanning engines. Your file will possibly be entered into a queue which normally takes less than a minute to clear. [color="Red"]Important:[/color] Wait for all of the scanning engines to complete. 5. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard. 6. Paste the contents of the Clipboard in your next reply. Note: If using FireFox you will need to copy the link in the address bar and post it back here instead. The Copy to Clipboard feature will not work. ---------- Also let me know how the computer is running now.the computer doesnt find the file and the computer is working fine now thank you Download OTMoveIt3 by OldTimer to your desktop. Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator. * Save it to your Desktop. * Double-click OTMoveIt3.exe to run it. * Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy) Code: [Select]:Processes explorer.exe :services iMSPCLOj :files c:\docume~1\Oscar\LOCALS~1\Temp\iMSPCLOj.sys :Commands [purity] [emptytemp] [start explorer] * Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. * Click the red Moveit! button. * Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. ----------
. The above procedure will:
---------- 1. Double click OTMoveIt3.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt3 ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.sorry i have been taking long i have been doing all the stuff installing new updates getting my c drive defragmented i wil post when i have an update thnk you |
|
| 4072. |
Solve : Malware Removal Assistance? |
|
Answer» OK what window freezes now?The same window, which is my folder for these anti-malware programs I have been installing.So just right clicking the folder makes the COMPUTER freeze? Even in Safe Mode?I decided to move the rest of the contents to the desktop and delete the entire folder with just the shortcut inside, which worked.Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to MAKE it harder for ActiveX programs to run on your computer. ALSO stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Software and OS updated. Plus WoT and SWB are up and running. I bookmarked the ARTICLES and will read them when I have the time. Judging by the post, I'm guessing that's it?As long as everything is running OK then yes.Just one last thing. I still have the following programs and folders on my computer: Malwarebytes' Anti-malware SUPERAntiSpyware CCleaner Hijack This & sniper.exe OTMoveIt3 regsearch Are any of them unneeded anymore and safe to delete? Plus, do I still need to use them regularly or anything else?Quote Malwarebytes' Anti-malware Keep these. Update and scan with them now and then to be sure nothing nasty has crept in. Quote CCleaner Use this at least once a week to keep your drive clutter free. I usually run it daily. Quote OTMoveIt3 Delete those.I guess thats it. Thanks for so much for the assistance. Pretty cheesy LINE, but not much else I can say.Your welcome. Safe surfing... |
|
| 4073. |
Solve : Re: All of my browers stop working sporadically? |
|
Answer» I followed your directions and I still can not get a log, It says preparing log and it never pops up. I tried more then once. My screen saver has changed though now its the windows media center edition logo before it was a photo. I did download the cobo fix from the link u had given.
---------- Download Alternate download link Note: Vista users must use Run As Administrator
Note that your system will run slower for a reboot or two after having used this tool so don't PANIC. ---------- Download OTCleanIt.exe and save it to your Desktop.
Important: Restart the computer before continuing. ---------- Scan with Panda ActiveScan This scanner requires Internet Explorer
Post the contents of the ActiveScan report in your next reply.;************************************************************************************************** ANALYSIS: 2009-05-20 07:31:00 PROTECTIONS: 2 MALWARE: 2 SUSPECTS: 6*********************************************************************************************** PROTECTIONS Description Version Active Updated ;========================================================================= AVG Anti-Virus Free 8.5 No Yes PC-cillin Internet Security - Virus Protectio14.60.1206 No No ;========================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;============================================================================= 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Colleen murphy\Cookies\[emailprotected][1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Colleen murphy\Cookies\[emailprotected][2].txt ;============================================================================== SUSPECTS Sent Location + ;================================================================================ Yes C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe + Yes C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4\A0000248.exe[32788R22FWJFW\n.com] Yes C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4\A0000248.exe[32788R22FWJFW\NirCmd.cfexe] Yes C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4\A0000249.exe + Yes C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4\A0000292.com + Yes C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4\A0000294.com + ;====================================================================================== VULNERABILITIES Id Severity Description + ;======================================================================================= ;======================================================================================= Here is the report from the activescan, I also used the atf cleaner, and clean it before i scanned.Let me know if you have any questions. Disable/Enable the System Restore Utility to flush old infected restore points 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Put a check mark next to Turn off System Restore on All Drives 4) Click the OK button. 5) You will be prompted to restart the computer. Click the Yes button. Now re-enable System Restore To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'. 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Remove the check mark next to Turn off System Restore on All Drives 4) Click the OK button. ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity THEFT, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - SECURE your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.Ok now where do i post about the cd PLAYER problem now, it was working fine till u told me to shut off the tss stuff. Now what?What is it doing? Or not doing?Try updating your sound drivers or install a codec pack. http://www.free-codecs.com/download/K_lite_codec_pack.htmIt did not work, how do u update the drivers? When i watch movies online its fine, its just from a dvd or when i want to burn a cd or dvd |
|
| 4074. |
Solve : free online antivirus? |
|
Answer» in these days of economic downturn is it possible to get free antivirus from the net?There are MANY very reliable free for home use antivirus and firewalls. Here are a few of the best ones. I tried some of these but the moment they finised the scan and you want to clean or repair you first have to buy the product before this can be done The free ones are free you do not need to buy the productavast is probably the best one there the thing is you could also TRY clam, any how it has a boot scanner and it self auto updates its good if your not the average user.Pay attention to what you are clicking. They have paid versions and free versions. I have not paid for an antivirus in around 7 years. Free for home use means just that. yepQuote from: squall_01 on March 21, 2009, 12:58:08 PM yep He wasn't talking to you...... |
|
| 4075. |
Solve : sremcom.exe program not found skipping auto check.? |
|
Answer» What is this
. The above procedure will:
---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a FREE Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free TOOLS to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thank you for your time and help.Your welcome |
|
| 4076. |
Solve : Hacked?? |
|
Answer» When I play call of duty it says that my keycode is aready is use! Its a legal copy! I didnt give the CODE to anyone! |
|
| 4077. |
Solve : Popups and Softwares self download..? |
|
Answer» Hi, I've been experiencing problems such as pop ups and software that continue to download it selves..
[attachment deleted by admin] |
|
| 4078. |
Solve : BSOD is it a virus?? |
|
Answer» Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from ONLINE scams, identity theft, spyware, SPAM, viruses and unreliable SHOPPING sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running MOZILLA based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 4079. |
Solve : tr/unpacked.gen trojan? |
|
Answer» hi,
---------- Download the Norton Removal Tool (SymNRT) to your Desktop. Once downloaded please close ALL open browsers, also save any work because this may require a restart.
---------- Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFix ---------- Now run a new DDS scan and post the new DDS.txt log only, I won't need the Attach log.sorry i haven reply for a couple of days. fell asleep that night btw the computer is not with me now. i would reply again once i do ur instructions. thanks |
|
| 4080. |
Solve : Kpac help Please? |
|
Answer» After i ran Superantispyware, my internet on my desk top quit working, but my MODEN is still working. |
|
| 4081. |
Solve : Help on some questions? |
|
Answer» NEVERMIND. They're not my questions that need to be answered and I thought I would ask here to help my friend. I didn't realize that it was such a big deal.and you need to answer these because?I need them answered because they are unanswered, which is why I need help in ANSWERING the unanswered questions. That answer your question?unanswered questions from what? I doubt these questions just popped in your HEAD, you must have got them from somewhere- that "somewhere" is what I'm asking about. My friend who goes to school in Cali ASKED me these questions. I'm not sure where he got these questions from. I was just TRYING to help him out. are they homework ?? |
|
| 4082. |
Solve : i got a virus and don't know what to do... i already searched and i am lost? |
|
Answer» ok, i also get the svchost.exe application error. "0x7564d27e" referenced memory at "0x00000000060" the memory could not be "read". click ok to terminate.. |
|
| 4083. |
Solve : HELP!! Virus and Spyware Can someone read my logs? |
|
Answer» From what I have seen from this infection nothing is safe. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) The RED entries are where ComboFix TRIED to find and replace those files with clean ones but none were found. This MEANS that the Virut has GOTTEN through the ENTIRE computer and injected itself into everything. |
|
| 4084. |
Solve : http://smartbizsearch.com/ Redirects.? |
|
Answer» You have to remove the cracks before I can continue helping... --------------------\\ Lop S&D 4.2.5-0 XP/Vista
---------- USE the ESET Online Antivirus Scanner This scanner requires Internet Explorer 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply. ---------- How is the computer running now? --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ ) BIOS : Award Modular BIOS v6.00PG USER : Owner ( Administrator ) BOOT : Normal boot Antivirus : avast! antivirus 4.8.1335 [VPS 090323-0] 4.8.1335 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:465 Go (Free:285 Go) D:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go) E:\ (CD or DVD) F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) G:\ (CD or DVD) H:\ (CD or DVD) I:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( 23/03/2009|21:01 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing folders in APPLIC~1 [22/11/2008|05:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Microsoft [04/12/2008|01:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ {3276BE95_AF08_429F_A64F_CA64CB79BCF6} [18/03/2009|05:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Adobe [20/01/2009|02:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Age of Empires 3 [23/11/2008|04:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Apple [04/12/2008|01:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Apple Computer [22/11/2008|04:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ ATI [23/11/2008|04:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ CanonBJ [04/12/2008|09:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Corel [08/12/2008|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Fallout3 [23/11/2008|04:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ InstallShield [16/03/2009|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Malwarebytes [08/03/2009|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Microsoft [11/12/2008|08:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ NOS [23/11/2008|04:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ ScanSoft [22/11/2008|04:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Windows Genuine Advantage [23/11/2008|07:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ WinZip [24/11/2008|12:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ WLInstaller [22/11/2008|05:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ Microsoft [21/02/2009|09:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\ Microsoft [22/11/2008|05:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\ Microsoft [22/02/2009|03:50] C:\DOCUME~1\Owner\APPLIC~1\ Adobe [23/11/2008|05:14] C:\DOCUME~1\Owner\APPLIC~1\ Ahead [15/02/2009|09:30] C:\DOCUME~1\Owner\APPLIC~1\ Apple Computer [22/11/2008|04:20] C:\DOCUME~1\Owner\APPLIC~1\ ATI [23/03/2009|08:06] C:\DOCUME~1\Owner\APPLIC~1\ BitTorrent [21/02/2009|02:58] C:\DOCUME~1\Owner\APPLIC~1\ Canon [03/12/2008|04:37] C:\DOCUME~1\Owner\APPLIC~1\ Corel [23/11/2008|05:36] C:\DOCUME~1\Owner\APPLIC~1\ DivX [11/03/2009|02:52] C:\DOCUME~1\Owner\APPLIC~1\ DNA [22/03/2009|09:36] C:\DOCUME~1\Owner\APPLIC~1\ dvdcss [05/02/2009|11:43] C:\DOCUME~1\Owner\APPLIC~1\ Help [22/11/2008|05:49] C:\DOCUME~1\Owner\APPLIC~1\ Identities [22/11/2008|05:51] C:\DOCUME~1\Owner\APPLIC~1\ InstallShield [15/02/2009|09:19] C:\DOCUME~1\Owner\APPLIC~1\ LimeWire [28/01/2009|09:39] C:\DOCUME~1\Owner\APPLIC~1\ Macromedia [16/03/2009|12:54] C:\DOCUME~1\Owner\APPLIC~1\ Malwarebytes [20/03/2009|01:01] C:\DOCUME~1\Owner\APPLIC~1\ Microsoft [23/11/2008|05:22] C:\DOCUME~1\Owner\APPLIC~1\ Microsoft Web Folders [22/11/2008|11:55] C:\DOCUME~1\Owner\APPLIC~1\ Mozilla [24/12/2008|12:29] C:\DOCUME~1\Owner\APPLIC~1\ MSNInstaller [17/03/2009|12:31] C:\DOCUME~1\Owner\APPLIC~1\ Neopets Toolbar [23/11/2008|04:56] C:\DOCUME~1\Owner\APPLIC~1\ ScanSoft [23/11/2008|05:42] C:\DOCUME~1\Owner\APPLIC~1\ Sun [14/12/2008|05:55] C:\DOCUME~1\Owner\APPLIC~1\ SystemRequirementsLab [03/12/2008|04:47] C:\DOCUME~1\Owner\APPLIC~1\ vlc [24/02/2009|08:05] C:\DOCUME~1\Owner\APPLIC~1\ Winamp [22/11/2008|05:01] C:\DOCUME~1\Owner\APPLIC~1\ Windows Desktop Search [22/11/2008|10:26] C:\DOCUME~1\Owner\APPLIC~1\ Windows Search [23/11/2008|04:58] C:\DOCUME~1\Owner\APPLIC~1\ WinRAR --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [18/03/2009 05:37 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT [28/02/2006 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [18/03/2009|05:22] C:\Program Files\ Adobe [23/11/2008|05:30] C:\Program Files\ Alcohol Soft [22/11/2008|04:43] C:\Program Files\ Alwil Software [22/11/2008|05:51] C:\Program Files\ AMD [23/11/2008|04:46] C:\Program Files\ Apple Software Update [23/11/2008|05:40] C:\Program Files\ Ares [22/11/2008|04:18] C:\Program Files\ ATI Technologies [13/03/2009|03:47] C:\Program Files\ Aurora MPEG To DVD Burner [08/12/2008|11:55] C:\Program Files\ Bethesda Softworks [05/02/2009|11:21] C:\Program Files\ BitPim [23/11/2008|05:41] C:\Program Files\ BitTorrent [11/03/2009|03:00] C:\Program Files\ Bonjour [22/11/2008|05:51] C:\Program Files\ Browser Configuration Utility [23/11/2008|06:34] C:\Program Files\ Canon [23/11/2008|04:52] C:\Program Files\ CanonBJ [18/03/2009|05:36] C:\Program Files\ Common Files [22/11/2008|05:42] C:\Program Files\ ComPlus Applications [03/12/2008|04:34] C:\Program Files\ Corel [23/11/2008|04:42] C:\Program Files\ DivX [18/03/2009|06:23] C:\Program Files\ EA GAMES [11/03/2009|03:04] C:\Program Files\ InstallShield Installation Information [11/02/2009|11:39] C:\Program Files\ Internet Explorer [04/12/2008|01:27] C:\Program Files\ iPod [01/01/2009|02:40] C:\Program Files\ iTunes [03/12/2008|02:44] C:\Program Files\ Java [18/03/2009|05:45] C:\Program Files\ MagicISO [16/03/2009|12:54] C:\Program Files\ Malwarebytes' Anti-Malware [22/11/2008|04:49] C:\Program Files\ Messenger [08/03/2009|10:51] C:\Program Files\ Microsoft [23/11/2008|07:04] C:\Program Files\ Microsoft CAPICOM 2.1.0.2 [23/11/2008|05:22] C:\Program Files\ microsoft frontpage [20/01/2009|02:11] C:\Program Files\ Microsoft Games [02/02/2009|12:56] C:\Program Files\ Microsoft Games for Windows - LIVE [23/11/2008|05:22] C:\Program Files\ Microsoft Office [05/03/2009|02:39] C:\Program Files\ Microsoft Silverlight [22/11/2008|04:35] C:\Program Files\ Movie Maker [23/03/2009|08:53] C:\Program Files\ Mozilla Firefox [08/12/2008|11:54] C:\Program Files\ MSBuild [24/12/2008|12:28] C:\Program Files\ MSN [22/11/2008|05:41] C:\Program Files\ MSN Gaming Zone [23/11/2008|07:04] C:\Program Files\ MSXML 4.0 [17/03/2009|12:30] C:\Program Files\ Neopets [23/11/2008|05:11] C:\Program Files\ Nero [22/11/2008|04:34] C:\Program Files\ NetMeeting [11/12/2008|08:24] C:\Program Files\ NOS [22/11/2008|05:41] C:\Program Files\ Online Services [22/11/2008|04:34] C:\Program Files\ Outlook Express [05/02/2009|11:41] C:\Program Files\ QPST [23/11/2008|04:46] C:\Program Files\ QuickTime [22/11/2008|05:54] C:\Program Files\ Realtek [08/12/2008|11:53] C:\Program Files\ Reference Assemblies [23/11/2008|05:00] C:\Program Files\ Samsung [23/11/2008|04:55] C:\Program Files\ ScanSoft [09/01/2009|04:38] C:\Program Files\ SimPE [23/11/2008|07:11] C:\Program Files\ Sims2RoboFileMaid3000 [14/12/2008|05:55] C:\Program Files\ SystemRequirementsLab [15/03/2009|09:37] C:\Program Files\ Trend Micro [22/11/2008|05:49] C:\Program Files\ Uninstall Information [23/11/2008|04:45] C:\Program Files\ VideoLAN [18/02/2009|12:38] C:\Program Files\ Virtools [03/12/2008|02:43] C:\Program Files\ Winamp [22/11/2008|05:01] C:\Program Files\ Windows Desktop Search [08/03/2009|10:50] C:\Program Files\ Windows Live [08/03/2009|10:51] C:\Program Files\ Windows Live SkyDrive [22/11/2008|05:00] C:\Program Files\ Windows Media Connect 2 [01/01/2009|02:40] C:\Program Files\ Windows Media Player [22/11/2008|04:34] C:\Program Files\ Windows NT [22/11/2008|05:44] C:\Program Files\ WindowsUpdate [23/11/2008|04:54] C:\Program Files\ WinRAR [23/11/2008|04:56] C:\Program Files\ WinZip [22/11/2008|05:45] C:\Program Files\ xerox --------------------\\ Listing Folders in C:\Program Files\Common Files [18/03/2009|05:22] C:\Program Files\Common Files\ Adobe [09/12/2008|02:35] C:\Program Files\Common Files\ Adobe AIR [23/11/2008|05:11] C:\Program Files\Common Files\ Ahead [04/12/2008|01:27] C:\Program Files\Common Files\ Apple [03/12/2008|04:34] C:\Program Files\Common Files\ Corel [23/11/2008|05:24] C:\Program Files\Common Files\ Designer [23/11/2008|04:56] C:\Program Files\Common Files\ InstallShield [08/03/2009|10:51] C:\Program Files\Common Files\ Microsoft Shared [22/11/2008|05:43] C:\Program Files\Common Files\ MSSoap [22/11/2008|11:31] C:\Program Files\Common Files\ ODBC [03/12/2008|04:36] C:\Program Files\Common Files\ Protexis [23/11/2008|04:56] C:\Program Files\Common Files\ ScanSoft Shared [22/11/2008|05:43] C:\Program Files\Common Files\ Services [22/11/2008|11:31] C:\Program Files\Common Files\ SpeechEngines [23/11/2008|05:23] C:\Program Files\Common Files\ System [08/03/2009|10:49] C:\Program Files\Common Files\ Windows Live [24/11/2008|12:54] C:\Program Files\Common Files\ WindowsLiveInstaller --------------------\\ Process ( 39 Processes ) ... OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders No Lop folder found ! --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-23 21:02:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\Owner\My Documents\My Music\Electronica\Sets\ADAMZ\110 Wind That Cracks the Leaves.mp3 C:\DOCUME~1\Owner\My Documents\My Music\Electronica\Sets\ADAMZ\111 Wind That Cracks the Leaves.mp3 C:\DOCUME~1\Owner\My Documents\My Music\Electronica\Sets\daves\Pavement Cracks (Scumfrog Vocal Mix).mp3 [F:43][D:8]-> C:\DOCUME~1\Owner\LOCALS~1\Temp [F:95][D:0]-> C:\DOCUME~1\Owner\Cookies [F:301][D:4]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 23/03/2009|10:36 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 23/03/2009|20:07 - Option : [1] 3 - "C:\Lop SD\LopR_3.txt" - 23/03/2009|21:00 - Option : [2] 4 - "C:\Lop SD\LopR_4.txt" - 23/03/2009|21:02 - Option : [2] --------------------\\ Scan completed at 21:02:49 Looks good so far. If anything else is hiding hopefully the ESET scanner will find it.# version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3956 (20090323) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=a09d889860779a44a0edaba65d162451 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2009-03-24 02:31:05 # local_time=2009-03-23 09:31:05 (-0600, Central Daylight Time) # country="Canada" # osver=5.1.2600 NT Service Pack 3 # scanned=205597 # found=0 # scan_time=1352 The computer seems to be running just great! Its stopped doing the redirects! Thank you thank you so much!Unistall LOP S&D Click START then RUN Now type C:\Lop SD\Uninstal.exe in the runbox. Then click OK. ----------
. The above procedure will:
---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 4085. |
Solve : Help svchost.exe problem? |
|
Answer» First of all thanks Broni for pointing me in the right direction. |
|
| 4086. |
Solve : svchost.exe - Application error HELP please?? |
| Answer» | |
| 4087. |
Solve : Computer is slow...? |
|
Answer» I went through all the steps and have created the necessary logs. My computer problems are that it is very hesitant and when it does this it really slows down. When I play onine games or watch video or listen to music it always is slow and then freezes and I usually have to restart to get it functioning again. My computer is somewhat old I bought it in 2002 but I would like to see if I can get it somewhat funtional without having to take a sledgehammer to it. I went through all the steps and have created the necessary logs.What logs? You really haven't told us much about your system. OS? Hardware specs? Has it been getting gradually slower or is this a sudden problem? Sorry about neglecting to give you more information. Compaq Presario 5320 Pentium 4 512 MB SyncDRAM 40GB Hard Drive Windows XP My C drive has 33.3GB Capacity and Free space of 15.7GB The computer has gradually gotten slow. I had received some HELP with it BACK in July 2008 and it was working pretty good after that a little improvement. I have kept up with updates and run scans frequently but it is getting bad again. I attached 3 logs to my original post as per the instructions in "Read This before requesting malware removal help" but please let me know if you need me to attach them again. Oh, sorry, I was not logged on to the forum when I first read your post; the logs are not visible unless logged on. I'll leave this up to the guys that usually reply to posts in this section of the forum. Besides, I'll be away from my computer a good while later today.Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-ENABLE your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFix Good Afternoon, Attached is the requested log from ComboFix. Thank You. [attachment deleted by admin]Download the OTMoveIt3 by OldTimer Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator. * Save it to your Desktop. * Double-click OTMoveIt3.exe to run it. * Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy) Code: [Select]:Processes explorer.exe :services :reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{060a871c-db70-11dd-88f1-0002a5e4d168}] :files :Commands [purity] [emptytemp] [start explorer] * Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. * Click the red Moveit! button. * Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. ----- How is the computer running now?Here is the OTmoveIT log as you requested. The computer is a little improved but still hesitates intermittently. I tried making figure 8's with the mouse and it did hesitate a lot less as quick motions with the mouse usually made it hesitate in the past. [attachment deleted by admin]
---------- Download Alternate download link Note: Vista users must use Run As Administrator
Note that your system will run slower for a reboot or two after having used this tool so don't panic. ---------- Download OTCleanIt.exe and save it to your Desktop.
Important: Restart the computer before continuing. ---------- Use the ESET Online Antivirus Scanner This scanner requires Internet Explorer 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.Good Morning, The log file from ESET Scan is below as requested. Thank You # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3956 (20090323) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=9bb8e5b8ba794d4eb243d05c15c39aa8 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2009-03-24 08:39:17 # local_time=2009-03-24 04:39:17 (-0500, Eastern Daylight Time) # country="United States" # osver=5.1.2600 NT Service Pack 3 # scanned=444255 # found=4 # scan_time=31225 C:\WINDOWS\system32\mtmc.exeWin32/Lowzones.NAX trojan (unable to clean - deleted)00000000000000000000000000000000 C:\WINDOWS\system32\ncase.dlla variant of Win32/Adware.180Solutions application (unable to clean - deleted)00000000000000000000000000000000 C:\WINDOWS\system32\ncase2.dlla variant of Win32/Adware.180Solutions application (unable to clean - deleted)00000000000000000000000000000000 C:\WINDOWS\system32\newnet.dlla variant of Win32/Adware.NdotNet application (unable to clean - deleted)00000000000000000000000000000000 OK how is it running now? Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.It has improved. Thank You very much. Due to the age of the computer 2002....should I still expect some hesitation when navigating on my computer? Thank YOuHardware will usually last a very long time when taken care of but yes with age things will slow down a little. You might consider upgrading RAM if you need to. The more you install, add ONS and such will impact performance slightly. |
|
| 4088. |
Solve : Computer Slow, mwsbar.dll error on start up? |
|
Answer» Hello,
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. ---------- Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved DIRECTLY to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFix evilfantasy, Thank You for your time. I have run the suggested fixes see logs below. Please let me know if there are additional steps that need to be taken. It seems that things are running better now but I have had little interaction with PC due to work schedule. Thanks Again Pug Malwarebytes' Anti-Malware 1.34 Database version: 1889 Windows 5.1.2600 Service Pack 3 3/23/2009 6:33:24 PM mbam-log-2009-03-23 (18-33-24).txt Scan type: Quick Scan Objects scanned: 73200 Time elapsed: 9 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 14 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Infected: (No malicious items detected) ComboFix 09-03-23.01 - Mike 2009-03-24 16:12:05.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.237 [GMT -4:00] Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 ))))))))))))))))))))))))))))))) . 2009-03-24 15:18 . 2009-03-24 15:18d--------c:\windows\LastGood 2009-03-23 18:20 . 2009-03-23 18:20d--------c:\program files\Malwarebytes' Anti-Malware 2009-03-23 18:20 . 2009-03-23 18:20d--------c:\documents and settings\Mike\Application Data\Malwarebytes 2009-03-23 18:20 . 2009-03-23 18:20d--------c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-23 18:20 . 2009-02-11 10:1938,496--a------c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-03-23 18:20 . 2009-02-11 10:1915,504--a------c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-03-22 09:48 . 2009-03-22 09:48d--------c:\program files\Trend Micro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-23 21:56---------d-----wc:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-23 21:55---------d-----wc:\program files\Spybot - Search & Destroy 2009-03-23 02:0931,232----a-wc:\program files\assignment5b_report_template.doc 2009-03-16 23:30---------d-----wc:\program files\Google 2009-03-14 01:27---------d-----wc:\program files\WebEx 2009-03-10 22:21---------d-----wc:\program files\Java 2009-02-26 21:03---------d--h--wc:\program files\InstallShield Installation Information 2009-02-09 11:131,846,784----a-wc:\windows\SYSTEM32\win32k.sys 2009-02-09 11:131,846,784------wc:\windows\SYSTEM32\DLLCACHE\win32k.sys 2009-01-24 13:59---------d-----wc:\program files\Coupons 2009-01-17 02:353,594,752----a-wc:\windows\SYSTEM32\DLLCACHE\mshtml.dll 2006-02-10 00:4713,824-c--a-wc:\documents and settings\Mike\atwbxdet.dll 2005-10-16 15:31774,144-c--a-wc:\program files\RngInterstitial.dll 2008-08-20 03:2832,768--sha-wc:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-14 68856] "ShutterflyStudio"="c:\program files\Shutterfly\Studio\BIN\SFlyStudio.exe" [2008-05-06 2500096] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 57344] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592] "tgcmd"="c:\program files\support.com\bin\tgcmd.exe" [2002-04-24 1544192] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-19 11776] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-01 185896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] c:\documents and settings\Mike\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-07-30 344064] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-07 180224] Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecuteREG_MULTI_SZ autocheck autochk *\0SsiEfr.ex [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "c:\\Program Files\\support.com\\bin\\tgcmd.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Shutterfly\\Studio\\Bin\\SFlyStudio.exe"= "c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b78d9788-5ba4-11da-9b00-00038a000015}] \Shell\AutoRun\command - E:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c54579f6-446c-11dc-9e01-001111854683}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2009-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2007-12-15 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2008-09-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] . - - - - ORPHANS REMOVED - - - - HKLM-Run-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mWindow Title = Microsoft Internet Explorer provided by Comcast uInternet Settings,ProxyOverride = *.local IE: &Search - ?p=ZU IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\3lei2oif.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/home.html FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmnqmp07010901.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee PRIVACY Service FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE 0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE 0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-24 16:13:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run tgcmd = "c:\program files\support.com\bin\tgcmd.exe" /server?cmd.exe" /server HKCU\Software\Microsoft\Windows\CurrentVersion\Run ShutterflyStudio = c:\program files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly?mmand:?10????ALLUSERSPROFILE=c:\documents and settings\All Users??CLASSPATH=.;c:\program files\Java\jre6\l scanning hidden files ... ************************************************************************** . Completion time: 2009-03-24 16:17:41 ComboFix-quarantined-files.txt 2009-03-24 20:16:21 Pre-Run: 39,000,006,656 bytes free Post-Run: 39,459,241,984 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot LOADER] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 159--- E O F ---2009-03-24 02:50:51 Looks pretty good so far. * Click START then RUN * Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there. ---------- Download CCleaner Slim and save it to your Desktop. When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe Follow the prompts to install the program. Complete the installation then:
Use the Kaspersky Lab Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. |
|
| 4089. |
Solve : virus help--- I DON'T KNOW WHAT TO DO? |
|
Answer» ok, i also get the svchost.exe application error. "0x7564d27e" referenced memory at "0x00000000060" the memory could not be "READ". click ok to terminate.. |
|
| 4090. |
Solve : win.32.Tolone!IK? |
|
Answer» I am using AVG 8.5/Super Anti-Spyware/Spywareblaster/Spybot S&D. AVG runs EVERY day, & the SAS/Spybote I usually run at least once a week. |
|
| 4091. |
Solve : Redirects and I can't find the issue? |
|
Answer» Hi all. I'm usually pretty good with cleaning this stuff up so I'm a little befuddled because I can't seem to figure out the issue. I'm GETTING random redirects in Firefox and IE. I can do a google search and that loads up fine. The second I click a link from the google search, it redirects me (or tries to redirect me) to toseeka.com or bestwebchoices.com. It won't let me run malwarebytes. I've been trying all morning and I'm actually not seeing what the issue can be in HijackThis. It also won't let me install Super Anti Spyware. Here is my HijackThis log: |
|
| 4092. |
Solve : windows clash with avg? |
|
Answer» hi there i have recently downloaded windows security but it did not give me any virus protection so i d/loaded avg virus protection and i got a HUGE FREE monthly package with it. now when i turn my computer on i get the avg popup SAYING block all so i have to correct and save each time to (allow all ) then an automatic avg popup appears and states avg has changed your settings to (stand alone) and also shows avg firewall.. so my windows firewall is (not ACTIVE) so do i delete avg so i can keep my auto updates with windows or delete windows to have A++ security ?? or can they work together as windows gave me options of different virus protection sites so i went the best i HOPE .. |
|
| 4093. |
Solve : Firewall keeps turning off and Google keeps redirecting me? |
|
Answer» I have a few problems with my system. Every time I boot up my computer the firewall is turned off. I have to turn it on every time. Also, I keep getting redirected to different web pages from Google. I ran a scan with AVG and Lavasoft, and I only found a few tracking cookies. I ran a "Hijack This" scan and attached it. I am not sure if this is the problem, but two of the results are unknown files. Is this the problem?
After all of the fixes are complete it is very important that you enable real-time protection again. ---------- Install the new version of HJT and post a log from it. Download TrendMicro HijackThis.exe (HJT) to the Desktop.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:18:56 PM, on 3/25/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files\DigitalPersona\Bin\DpAgent.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe C:\Windows\System32\rundll32.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\System32\p2phost.exe C:\Windows\ehome\ehtray.exe D:\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE C:\Users\Sam Hern\Program Files\DNA\btdna.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Virtual PDF Printer] C:\Program Files\Virtual PDF Printer\VirtualPDFPrinter.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [lightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [L08AXLRD_3627116] "D:\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Sam Hern\Program Files\DNA\btdna.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BD889663-729B-4AD0-9E57-2CB8370BAD94}: NameServer = 85.255.112.225,85.255.112.199 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.225,85.255.112.199 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.225,85.255.112.199 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.225,85.255.112.199 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 9700 bytes Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there)
Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis. ---------- Reset Vista Network Connections 1. Right-click the network icon in the System Tray. 2. From the pop-up menu, select "Diagnose and Repair". 3. Click "Automatically get new IP settings for the network adapter 'Local Area Connection'". At this stage there is annoyingly no "Reset network adapter" option. 4. In the "Windows needs your permission to continue" box, click Continue. 5. Wait for the "Repairing" window to complete (takes a while). 6. In the Windows Network Diagnostics window, click "Reset the network adapter 'Local Area Connection'". 7. You should see "The problem has been resolved". 8. Click Close. ---------- Download GooredFix from one of the locations below and save it to your Desktop. Link #1 Link #2 * Double-click GooredFix.exe to run it. * Select 1. Find Goored (no fix) by typing 1 and pressing Enter. * A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.I did all of the instructions except I was not able to reset Vista Network Connections. When I selected "Diagnose and Repair," a window came up and said that it could not find any problems with my Internet connection. Is there another method for reseting the network connections? I posted the log below. GooredFix v1.92 by jpshortstuff Log created at 14:00 on 26/03/2009 running Option #1 (Sam Hern) Firefox version 3.0.7 (en-US) =====Suspect Goored Entries===== =====Dumping Registry Values===== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions] "Plugins"="C:\Program Files\Mozilla Firefox\plugins" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions] "Components"="C:\Program Files\Mozilla Firefox\components" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" No thats OK. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFixOK I ran the program and here is the log. ComboFix 09-03-25.04 - Sam Hern 2009-03-26 16:24:11.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3070.2277 [GMT -4:00] Running from: c:\users\Sam Hern\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\program files\PlayMe c:\program files\PlayMe\Uninstall.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\PlayMe c:\programdata\Microsoft\Windows\Start Menu\Programs\PlayMe\Uninstall.lnk c:\recycler\S-2-3-73-100018799-100001138-100005680-1890.com c:\users\Sam Hern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMe c:\windows\system32\drivers\gaopdxdrhecxnpiagsrtikhnbokuirjyicmltq.sys c:\windows\system32\gaopdxcounter c:\windows\system32\gaopdxsrfldxbhwmdeoiqqxjpjswpcxpiefmrr.dll c:\windows\system32\KBL.LOG d:\recycler\S-2-3-73-100018799-100001138-100005680-1890.com E:\Autorun.inf e:\recycler\S-2-3-73-100018799-100001138-100005680-1890.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_gaopdxserv.sys ((((((((((((((((((((((((( Files Created from 2009-02-26 to 2009-03-26 ))))))))))))))))))))))))))))))) . 2009-03-25 23:18 . 2009-03-25 23:18d--------c:\program files\Trend Micro 2009-03-24 00:56 . 2009-03-09 15:0615,688--a------c:\windows\System32\lsdelete.exe 2009-03-23 22:37 . 2009-03-09 15:0664,160--a------c:\windows\System32\drivers\Lbd.sys 2009-03-23 22:36 . 2009-03-23 22:36d--h-c---c:\users\All Users\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-03-23 22:36 . 2009-03-23 22:36d--h-c---c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-03-23 22:36 . 2009-03-23 22:36d--------c:\program files\Lavasoft 2009-03-22 20:27 . 2009-03-22 20:27d--h-----C:\$AVG8.VAULT$ 2009-03-22 18:29 . 2009-03-22 21:07d--------c:\windows\System32\drivers\Avg 2009-03-22 18:29 . 2009-03-22 18:29d--------c:\program files\AVG 2009-03-22 18:29 . 2009-03-22 18:29325,640--a------c:\windows\System32\drivers\avgldx86.sys 2009-03-22 18:29 . 2009-03-22 18:29107,912--a------c:\windows\System32\drivers\avgtdix.sys 2009-03-22 18:29 . 2009-03-22 18:2910,520--a------c:\windows\System32\avgrsstx.dll 2009-03-22 18:05 . 2009-03-22 18:29d--------c:\users\All Users\avg8 2009-03-22 18:05 . 2009-03-22 18:29d--------c:\programdata\avg8 2009-03-22 15:02 . 2009-03-23 22:37d----c---c:\windows\System32\DRVSTORE 2009-03-22 14:57 . 2009-03-23 22:36d--------c:\users\All Users\Lavasoft 2009-03-22 14:57 . 2009-03-23 22:36d--------c:\programdata\Lavasoft 2009-03-10 20:01 . 2009-02-08 23:102,033,152--a------c:\windows\System32\win32k.sys 2009-03-10 20:01 . 2008-11-27 00:43268,288--a------c:\windows\System32\schannel.dll 2009-03-01 00:47 . 2009-03-01 00:47d--------c:\program files\SpeedFan 2009-03-01 00:47 . 2009-03-01 00:4745--a------c:\windows\System32\initdebug.nfo 2009-03-01 00:10 . 2009-03-01 00:23d--------c:\program files\Notebook Hardware Control 2009-02-26 18:22 . 2008-06-19 21:14781,344--a------c:\windows\System32\PresentationNative_v0300.dll 2009-02-26 18:22 . 2008-06-19 21:14622,080--a------c:\windows\System32\icardagt.exe 2009-02-26 18:22 . 2008-06-19 21:14326,160--a------c:\windows\System32\PresentationHost.exe 2009-02-26 18:22 . 2008-06-19 21:14105,016--a------c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll 2009-02-26 18:22 . 2008-06-19 21:1497,800--a------c:\windows\System32\infocardapi.dll 2009-02-26 18:22 . 2008-06-19 21:1443,544--a------c:\windows\System32\PresentationHostProxy.dll 2009-02-26 18:22 . 2008-06-19 21:1437,384--a------c:\windows\System32\infocardcpl.cpl 2009-02-26 18:22 . 2008-06-19 21:1411,264--a------c:\windows\System32\icardres.dll 2009-02-26 18:13 . 2008-07-27 14:0396,760--a------c:\windows\System32\dfshim.dll 2009-02-26 18:12 . 2008-07-27 14:03282,112--a------c:\windows\System32\mscoree.dll 2009-02-26 18:12 . 2008-07-27 14:0341,984--a------c:\windows\System32\netfxperf.dll 2009-02-26 18:11 . 2008-07-27 14:03158,720--a------c:\windows\System32\mscorier.dll 2009-02-26 18:11 . 2008-07-27 14:0383,968--a------c:\windows\System32\mscories.dll 2009-02-26 18:08 . 2008-12-15 23:298,147,456--a------c:\windows\System32\wmploc.DLL 2009-02-26 18:08 . 2008-12-16 01:317,680--a------c:\windows\System32\spwmp.dll 2009-02-26 18:08 . 2008-12-16 01:314,096--a------c:\windows\System32\msdxm.ocx 2009-02-26 18:08 . 2008-12-16 01:314,096--a------c:\windows\System32\dxmasf.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-26 20:32---------d-----wc:\users\Sam Hern\AppData\Roaming\DNA 2009-03-25 12:13---------d-----wc:\program files\Java 2009-03-23 02:3228,124----a-wc:\users\All Users\nvModes.dat 2009-03-23 02:3228,124----a-wc:\programdata\nvModes.dat 2009-03-21 17:01---------d-----wc:\users\Sam Hern\AppData\Roaming\BitTorrent 2009-03-11 11:26---------d-----wc:\program files\Windows Mail 2009-03-11 05:26---------d-----wc:\programdata\Microsoft Help 2009-03-09 09:19410,984----a-wc:\windows\System32\deploytk.dll 2009-02-26 22:52---------d-----wc:\program files\Microsoft Silverlight 2009-02-26 22:34---------d-----wc:\program files\Microsoft SQL Server 2009-01-16 14:5973,728----a-wc:\windows\System32\RtNicProp32.dll 2009-01-15 06:11827,392----a-wc:\windows\System32\wininet.dll 2008-06-05 23:3528,124----a-wc:\users\Sam Hern\AppData\Roaming\nvModes.dat 2008-06-03 01:50262,144----a-wc:\programdata\ntuser.dat 2008-01-21 02:41174--sha-wc:\program files\desktop.ini 2003-09-16 05:1999,544----a-wc:\windows\inf\virprn.exe 2003-09-16 05:1990,624----a-wc:\windows\inf\prtproc.dll 2003-09-16 05:1918,950----a-wc:\windows\inf\virpntd.dll 2003-09-16 05:1910,240----a-wc:\windows\inf\virport.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-20 192000] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-20 125952] "L08AXLRD_3627116"="d:\microsoft student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" [2007-05-21 351000] "BitTorrent DNA"="c:\users\Sam Hern\Program Files\DNA\btdna.exe" [2008-12-19 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880] "DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-22 1932568] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 727592] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= l3codecp.acm "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification PackagesREG_MULTI_SZ scecli DPPWDFLT [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Sam Hern^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^YouTube Uploader.lnk] path=c:\users\Sam Hern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YouTube Uploader.lnk backup=c:\windows\pss\YouTube Uploader.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 02:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2008-08-07 23:14 119280 c:\users\Sam Hern\AppData\Local\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay] --a------ 2007-09-04 16:54 554320 c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] --a------ 2007-09-19 17:31 202032 c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{D567C9C4-9372-4263-82E8-5B53DCC4E665}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{22F77B24-07A2-4E74-AEF1-994026E286BA}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{E6B34721-BB08-4E9D-A3FB-DBF3C4530AF2}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{1F87F909-2EA4-4E41-8C59-6AF4A5644ED1}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{97FFE196-3F9B-4AF7-BEFD-EB0AC8FF3C88}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{7C92D134-56D2-48CF-8849-6D6B8E72EA3F}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{FD28CF17-C718-44AA-8644-ACC2F740B9C3}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{EBE4857C-43EE-4328-AAF2-970343011E23}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{7640D92A-E994-464B-8BB3-D2DB0F1D8238}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{3975E01C-D56B-4629-815E-3D70A1B4F0A9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{031E2B37-4578-4034-A8BD-D3663A717BFE}"= UDP:c:\program files\DNA\btdna.exe:DNA "{2F47012C-F760-47BE-BF4D-97DF237CF2A4}"= TCP:c:\program files\DNA\btdna.exe:DNA "TCP Query User{74DE3353-CCC7-4789-96AE-649315BFCBFB}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{7A47D0AC-4C07-43F9-AD8A-B5E9EEFBFDE6}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "{45DCF8F0-D2C6-4626-9C38-008DC137F38C}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service "{E143B07B-DADE-47CA-80A7-EDD0B3395BAF}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service "TCP Query User{C5484B3D-C2F7-4E30-82F8-4D6B83807D85}c:\\program files\\rhapsody\\rhapsody.exe"= UDP:c:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody "UDP Query User{40CEAEF1-1981-4329-849C-A8E3D17323E1}c:\\program files\\rhapsody\\rhapsody.exe"= TCP:c:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody "TCP Query User{B4D25E5D-95F4-45AD-BAF6-6E4A75088FCC}c:\\program files\\maxima-5.16.3\\wxmaxima\\wxmaxima.exe"= UDP:c:\program files\maxima-5.16.3\wxmaxima\wxmaxima.exe:wxMaxima "UDP Query User{C9F4853B-34E1-4FE0-95E1-8607C815477E}c:\\program files\\maxima-5.16.3\\wxmaxima\\wxmaxima.exe"= TCP:c:\program files\maxima-5.16.3\wxmaxima\wxmaxima.exe:wxMaxima "TCP Query User{963E5FF3-B9CA-4F67-976F-CF2B9B5B3FD9}d:\\bittorrent\\bittorrent.exe"= UDP:d:\bittorrent\bittorrent.exe:bittorrent "UDP Query User{6E848298-2BFD-409C-A1E2-5ADF9943BA1F}d:\\bittorrent\\bittorrent.exe"= TCP:d:\bittorrent\bittorrent.exe:bittorrent "{0AD427A8-1AFC-40D5-9CF8-B1FADF91048C}"= UDP:c:\program files\DNA\btdna.exe:DNA "{A8850746-E9F3-4A33-AE53-D24E4E8DF483}"= TCP:c:\program files\DNA\btdna.exe:DNA "{CE3D63F4-F9A7-45D7-BF74-20C925F7461E}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In) "{B410286C-844F-46A6-ADBE-CC8F116F176D}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In) "{2E9A9144-1144-4500-AE67-9045DF1314F1}"= UDP:d:\bittorrent\bittorrent.exe:BitTorrent "{B9E89948-C54B-4B85-9B4C-E7BDF8062A20}"= TCP:d:\bittorrent\bittorrent.exe:BitTorrent "TCP Query User{DC907F5F-AF2F-41A5-B7C1-7BE807577058}c:\\program files\\rhapsody\\rhapsody.exe"= UDP:c:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody "UDP Query User{4CA96B6E-6FB2-4697-A7B6-DE5FB2E9CF79}c:\\program files\\rhapsody\\rhapsody.exe"= TCP:c:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody "TCP Query User{D7780A0A-2D27-48FC-9357-358FCA8EBE96}c:\\program files\\cambridgesoft\\chemoffice2008\\chem3d\\chem3d.exe"= UDP:c:\program files\cambridgesoft\chemoffice2008\chem3d\chem3d.exe:ChemBio3D Ultra 11.0.1 "UDP Query User{3DF3FFC7-D459-4FF2-A5B8-9D1C550CDEE4}c:\\program files\\cambridgesoft\\chemoffice2008\\chem3d\\chem3d.exe"= TCP:c:\program files\cambridgesoft\chemoffice2008\chem3d\chem3d.exe:ChemBio3D Ultra 11.0.1 "TCP Query User{8E36830A-5984-4DB2-95F6-52B564945646}c:\\program files\\cambridgesoft\\chemoffice2008\\chemdraw\\chemdraw.exe"= UDP:c:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe:ChemBioDraw Ultra 11.0.1 "UDP Query User{FA2D4C84-F53D-4E86-A945-7AE34D8A145C}c:\\program files\\cambridgesoft\\chemoffice2008\\chemdraw\\chemdraw.exe"= TCP:c:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe:ChemBioDraw Ultra 11.0.1 "TCP Query User{A3A2F845-DFAA-4B19-8669-8D51FC3827F0}c:\\program files\\cambridgesoft\\chemoffice2008\\chem3d\\chem3d.exe"= UDP:c:\program files\cambridgesoft\chemoffice2008\chem3d\chem3d.exe:ChemBio3D Ultra 11.0.1 "UDP Query User{01868467-4557-4149-8A5F-CB1CC2181D19}c:\\program files\\cambridgesoft\\chemoffice2008\\chem3d\\chem3d.exe"= TCP:c:\program files\cambridgesoft\chemoffice2008\chem3d\chem3d.exe:ChemBio3D Ultra 11.0.1 "{46016AC4-9D05-4E0F-9D2D-EFCC56D59EC0}"= Disabled:UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{D918C5DD-AADE-4A53-BD22-A09A4B0FFCB6}"= Disabled:TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{62C36177-5BA7-4755-AFAA-1793BA53A8AC}"= UDP:c:\program files\Lavasoft\Ad-Aware\Ad-Aware.exe:Ad-Aware "{F14F7880-473D-4ADE-907C-477B87D86C89}"= TCP:c:\program files\Lavasoft\Ad-Aware\Ad-Aware.exe:Ad-Aware "{F81E8F30-7595-471A-A41C-1F3554F59D53}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{5D80DF93-0883-40B8-AF75-7E8920CAB823}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink "d:\\BitTorrent\\bittorrent.exe"= d:\bittorrent\bittorrent.exe:*:Enabled:BitTorrent R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-03-23 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-03-22 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-03-22 107912] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-22 298264] R2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [2008-10-02 482176] R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-11-17 3668480] S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\System32\drivers\HCW85BDA.sys [2008-06-02 968832] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632] --- Other Services/Drivers In Memory --- *Deregistered* - CO_Mon *Deregistered* - SymEvent [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcsREG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac93ab1f-3b4a-11dd-8138-89ef840a8b75}] \shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] %SystemRoot%\system32\soundschemes2.exe /AddRegistration . Contents of the 'Scheduled Tasks' folder 2009-03-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:06] . - - - - ORPHANS REMOVED - - - - HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe HKLM-Run-Virtual PDF Printer - c:\program files\Virtual PDF Printer\VirtualPDFPrinter.exe MSConfigStartUp-HPAdvisor - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe MSConfigStartUp-hpWirelessAssistant - c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe MSConfigStartUp-QPService - c:\program files\HP\QuickPlay\QPService.exe MSConfigStartUp-WAWifiMessage - c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: real.com\rhap-app-4-0 Trusted Zone: real.com\rhapreg FF - ProfilePath - c:\users\Sam Hern\AppData\Roaming\Mozilla\Firefox\Profiles\ute3ick1.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\ChemDraw\NPCDP32.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll FF - plugin: c:\users\Sam Hern\AppData\Local\Google\Update\1.2.121.17\npGoogleOneClick.dll FF - plugin: c:\users\Sam Hern\Program Files\DNA\plugins\npbtdna.dll FF - plugin: d:\palm\PACKAG~1\NPInstal.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-26 16:31:22 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(768) c:\windows\system32\DPPWDFLT.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\program files\DigitalPersona\Bin\DpHostW.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Maxtor\Sync\SyncServices.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\AVG\AVG8\avgnsx.exe c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\program files\AVG\AVG8\avgtray.exe c:\windows\ehome\ehmsas.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\windows\System32\wbem\WMIADAP.exe . ************************************************************************** . Completion time: 2009-03-26 16:35:30 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-26 20:35:27 Pre-Run: 47,323,611,136 bytes free Post-Run: 47,615,905,792 bytes free 308--- E O F ---2009-03-19 18:54:54 To completely remove Norton/Symantec go to add remove programs and uninstall anything with Norton, Symantec or Live Update in the name. Download the Norton Removal Tool (SymNRT) to your Desktop. Once downloaded please close ALL open browsers, also save any work because this may require a restart.
---------- Download Malwarebytes' Anti-Malware (MBAM)
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. ---------- How is the computer running now?All of the problems seem to be fixed. I did the Malwarebyte's scan as well as a Lavasoft scan. There were two tracking cookies which I deleted, but that was it. The firewall stays on when I turn on the computer and I am not redirected to other sites when I am on Google. THANK you so much for your help! Malwarebytes' Anti-Malware 1.34 Database version: 1904 Windows 6.0.6001 Service Pack 1 3/26/2009 5:55:37 PM mbam-log-2009-03-26 (17-55-37).txt Scan type: Quick Scan Objects scanned: 67580 Time elapsed: 2 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Final steps. Let me know if you have any questions. .
. The above procedure will:
---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity THEFT, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.OK, I updated my computer also. Thanks again for all of your help. I really APPRECIATE it.Your welcome. Safe surfing... |
|
| 4094. |
Solve : Re: Can't install SuperAntiSpyware Free Edition...? |
|
Answer» Hi, I am having a similar problem too. I finally DOWNLOADED malware bytes and got it to run. I still cant instal SAS without the computer bluescreening and closing down. Here is my Malwarebytes log Malwarebytes' Anti-Malware 1.34 Database version: 1749 Windows 6.0.6000 19/03/2009 13:54:21 mbam-log-2009-03-19 (13-54-21).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 165978 Time elapsed: 45 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 31 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 7 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-7-2-71-100026020-100017071-100003000-9307.com (Trojan.Agent) -> Quarantined and deleted successfully. I am still getting redirected in my google searches, plus my banner/tile ads are always advertising VIMAX pills? Any help would be greatly appreciated http://www.superantispyware.com/superantispywarefreevspro.html did you try here , harryDownload from DDS by sUBs and save it to your Desktop. Vista users. Right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * Double click on dds to run it. * When done, DDS.txt will open. * You will receive another prompt after a while. Click Yes at the prompt and for the next scan to complete. * When done, Attach.txt will open. * Please copy and paste the contents of DDS.txt and Attach.txt in your next reply.Hi, I have downloaded Hijack This and got it to run after renaming it. here is the log. If you cant find anything htere there I will try downloading the link. Thanks very much for your time. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:45:19, on 24/03/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16809) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Windows\sttray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\msfeedssync.exe C:\Users\Jaiden\Desktop\hijack.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SKYPE add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-gb.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DA77FD48-1F3E-40D8-A6BF-72FD7C593A6D}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Update Service (gupdate1c9a31389415475) (gupdate1c9a31389415475) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing) O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9090 bytesUpdate: I cannot download dds as i cant open the internet page. It seems to happening alot on certain sites that help/have downloads on computer problems. Any suggestions? Thanks. Click Start > type in devmgmt.msc > and open the Device Manager. Click View > Show Hidden Devices. * Scroll down to Non-plug and Play Drivers and click the plus icon to open those drivers. * Search for any of the following: - Seneka.sys <- Or anything beginning with Seneka - clbdriver.sys <- Or anything beginning with clbdriver - TDSSserv.sys <- Or anything beginning with TDSS * Let me know if you find them or not. * If you do find it, right click on it, and select Disable. Do not try to uninstall them.Evilfantasy, I didnt find any of the .sys files. But i successfully downloaded the DDS and combo fix with the help of a friend. Then I installed and ran SAS, also an updated version of nod32 v4. All is running good atm. No redirections or silly banner ads! Was wondering if I should post the log of my dds or combofix finds? I'm pretty SURE things are OK and I know you are really busy at the moment, but thought I would ask. Thanks for your help. Sorry, I've decided to post my logs. SINCE i downloaded Nod32 v 4 my computer has blue screened a few times? Not sure if it is because of nod32 or maybe I missed something? again, Thanks for your help and time [attachment deleted by admin]Download the McAfee Consumer Product Removal Tool to your Desktop. Using McAfee Consumer Product Removal tool:
---------- Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows:
* After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad * Copy and paste that log in the next replyI installed and ran mcpr.exe and it removed everything. But once it finished my computer blue screened. I rebooted then downloaded dr web, followed the instructions and did a complete scan (took a couple of hours). Once it finished and I was about to save the file and the computer blue screened again. The only files it asked to move were a few combo fix deleted items which "contained infections". When it rebooted I could no longer attach the log. I was wondering if it was worth uninstalling nod32 v 4, and running another AV to see if it may be the problem. Why do computers blue screen anyway?? Any suggestions, thanks again for your help mate.Just thought I would mention, I noticed when the blue screen came up and was memory DUMPING. It said something about netio.sys. I saw the same thing a few times. I am researching it now on the web, and it seems to be a common problem with vista. Have you heard of this before? ThanksI haven't seen it before and I don't think this is a malware issue. Try posting in the Windows forum for some more suggestions. |
|
| 4095. |
Solve : Networm.kido help !!!? |
|
Answer» is there any way we can remove and prevent networm.kido virus from attacking again and again??? |
|
| 4096. |
Solve : What does this EXE file do????? EXPERT HELP NEEDED HERE? |
|
Answer» In my task list under processes I have this .exe file that appears 100+ TIMES. Each time I halt the task it REEMERGES 10 fold. The file name is GLTNTTY.exe. I have googled this and come up with nothing. THANKS Starting multiple TOPICS will not get you help any faster. Please STAY in the other topic. |
|
| 4097. |
Solve : Possible Virus - GLTNTTY.EXE Question? |
|
Answer» I run WIN XP PRO on a Dell i530. I have McAfee ANTI Virus protection. When I boot my computer it runs really slow and when I go into the system task list I see this process running 100+ instances. It is gltntty.exe. I googled this and get no results. Any ideas what this is??? Thanks in advance for any help.Download TrendMicro HijackThis.exe (HJT) to the Desktop.
|
|
| 4098. |
Solve : worm? |
|
Answer» I happened to read today about a WORM named CONFICKER INTERNET WORM that is suppose to hit on April 1ST. Just thought i would post this message.Keep Windows and your antivirus up to date. That's the best defense against this worm.try UPDATING your anti-virus it will certainly help remove virusMake sure you are PROTECTED by having a good antivirus program what EVER you do don't get macafee. |
|
| 4099. |
Solve : Malware ???? |
|
Answer» Hi |
|
| 4100. |
Solve : Re: 'Error loading dll32' message? |
|
Answer» Hi, sorry, If you DONT mind, I have the exact same problem and I followed your instructions, the report I get is this...
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. |
|
