InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 1. |
Solve : Another PC with issues? |
|
Answer» Here is the log from SysProt AntiRootkit, Also I changed the email address name's to "******" in the hidden files for PRIVACY. Thanks for ur time SD |
|
| 2. |
Solve : Running Windows 8.1 - previously had "istartwebsearches" infect the system? |
|
Answer» Upon executing the WU Tool, a message appears advising I need to download 3.5NET Frameworks, which when I try to download, I am unable to with an access denied.
Once finished a logfile will be created. You don't have to attach it to your next reply. ****************************************** Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) **************************************** I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you SAFE from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! Your comment has been removed. Please do not post malware advice, or post here in the malware FORUM, unless you need help.Superdave. |
|
| 3. |
Solve : VIRUS!!! in my Registry according to a Techincian at HP/Printer support? |
|
Answer» HEY SuperDave, I haven't done that YET I will do that and GET back to you Quote from: josmoe on July 18, 2013, 03:38:37 PM Hey SuperDave,Great, Thank you.Hey SuperDave, I save the malaware program on a flash drive and tried downloading it on my laptop running in safe mode and it still won't install. now what? Quote from: josmoe on July 28, 2013, 10:02:53 PM Hey SuperDave,Transfer it to your computer and install it. It should RUN then.you lost me transfer to my computer and then install it. what do you mean by transfer it? Quote from: josmoe on July 29, 2013, 10:28:29 PM you lost me transfer to my computer and then install it. what do you mean by transfer it?Download the program on another computer and save it to your USB MEMORY stick. Plug the stick in the disfunctional computer and copy the program to your desktop. Double-click on the program to install it and then run the scan.Hey SuperDave, I burnt a CD with the Malaware program and it still won't install on the laptop in question. Thanks!!! Now what? Quote from: josmoe on August 20, 2013, 06:17:48 PM Hey SuperDave,If you burnt it as a data disk, there shouldn't be a problem copying it to your computer.Hey SuperDave, I did save the malaware program on another computer and it installed now problem. Now what? Quote from: josmoe on September 08, 2013, 12:18:13 PM Hey SuperDave,Can you run the program? |
|
| 4. |
Solve : Help with fathers Laptop, virus detected...? |
|
Answer» I notice that the computer has loads of games installed. As my dad is over 60 and is not into "kiddie" games such as "Belles beauty boutique" etc, I am sure these were installed from somewhere else. I am struggling to uninstall these too, as they just reappear. Are these the root cause of the problem? Or is this something else completely?Please run AdwCleaner and Junkware Removal too to see what turns up.
•Click on the Misc Tools button •Click on the Open Uninstall Manager button. •Click on the Save list... button and specify where you would like to save this file. When you press Save button a Notepad will open with the contents of that file. Save the file to your desktop. Copy and paste this file in your next reply.? Windows Live ? Windows Live ?? Windows Live ? ?? Windows Live ?? ? Windows Live ? Windows Live ?? ?? Windows Live 1912 Titanic Mystery Acer Backup Manager Acer Crystal Eye Webcam Acer Crystal Eye Webcam Acer ePower Management Acer eRecovery Management Acer Registration Acer ScreenSaver Acer Updater Acrobat.com Adobe AIR Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.1 MUI Apple APPLICATION Support Apple Software Update Backup Manager V3 Bejeweled 2 Deluxe Belles Beauty Boutique Chicken Invaders 3 clear.fi clear.fi clear.fi clear.fi Client D3DX10 Dream Day First Home Farm Frenzy 3 Ice Age Flip Words Fotogalerija Windows Live Galapago Galeria de Fotografias do Windows Live Galería fotográfica de Windows Live Galeria fotogràfica del Windows Live Galeria fotografii uslugi Windows Live Galerie de photos Windows Live Galerie foto Windows Live HijackThis 2.0.2 Identity Card Intel(R) Control Center Intel(R) Graphics Media Accelerator Driver Intel(R) Management Engine Components Intel(R) Rapid Storage Technology Java 7 Update 25 Junk Mail filter update Kaspersky Internet Security 2013 Kaspersky Internet Security 2013 Launch Manager Malwarebytes Anti-Malware version 1.75.0.1300 MediaEspresso Mesh Runtime Microsoft Office 2000 SR-1 Professional Microsoft Office 2010 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSVCRT_amd64 MyWinLocker 4 MyWinLocker Suite MyWinLocker Suite NTI Media Maker 9 Poczta uslugi Windows Live Podstawowe programy Windows Live Pošta Windows Live Raccolta foto di Windows Live Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader S??? f?t???af??? t?? Windows Live Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Shredder Skype Click to Call Skype™ 6.5 Sprill and Ritchie Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Welcome Center Windows Live Windows Live Windows Live ? Windows Live Argazki Galeria Windows Live Communications Platform Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Essentials Windows Live Fotogaléria Windows Live Fotogalerie Windows Live Fotogalerie Windows Live Fotogalleri Windows Live Fotograf Galerisi Windows Live Fotótár Windows Live Galeria de Fotos Windows Live Galerija fotografija Windows Live Installer Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mail Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Mesh Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Messenger Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Common Windows Live Photo Gallery Windows Live Photo Gallery Windows Live Photo Gallery Windows Live Photo Gallery Windows Live Photo Gallery Windows Live Photo Gallery Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Parçalar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Live Writer Resources Windows Liven asennustyökalu Windows Liven sähköposti Windows Liven valokuvavalikoima World of Goo I have also took the time to run the normal hijackthis tool. Log below:Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:29:31, on 11/08/2013 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v10.0 (10.00.9200.16635) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing) O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O9 - Extra button: C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - OPTIONS group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: {32E7B36C-7960-4A42-B83B-D8AFD0AAEF2B} (INDBrowser Control) - http://dizun95pzobbc.cloudfront.net/INDBrowser.CAB O16 - DPF: {99E63F21-514B-4C2B-9170-D25D54F65D5B} (VBIRDPlayer.Player) - http://dizun95pzobbc.cloudfront.net/VBIXDPlayer.CAB O18 - PROTOCOL: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: %SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: %SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: %systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: %SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: %systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: %systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: %SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: %SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: %systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: %SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: %SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: %SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: %SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: %systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: %SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: %systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: %Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12699 bytes I used HJT just to look at what was installed on your computer but I don't see anything that is malicious. How have you been removing those programs?just by using the uninstall option in control panel. Is this not the best way? I'm glad you don't see anything else bad.. If there are no virus etc I will see if this is better for my Dad. Thanks for the help. Quote just by using the uninstall option in control panel. Is this not the best way?That's the best way but sometimes they have their own uninstaller. You can locate it by click All programs and click on the program. If there is an uninstaller, you will see it there. Let's do some cleanup. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) *************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! |
|
| 5. |
Solve : Incapable of connecting to the internet.? |
|
Answer» That first screenshot SHOWS that you need to delete that Gimp .exe file and download GIMP again. If you SAVE it in your downloads folder the name should be gimp2.8.4 setup. When you double-click on the setup, it will INSTALL on your computer. |
|
| 6. |
Solve : Atapi.sys and other stuff? |
|
Answer» Quote from: cldmafia on March 03, 2010, 07:04:49 PM but I don't really understand what's changed. The corrupt file was repaired. Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could CAUSE damage if launched accidentally. These steps will also help secure the work you have done. * Click START then RUN * Now type Combofix /Uninstall in the runbox * Make sure there's a space between Combofix and /Uninstall * Then hit Enter. The above procedure will: * Delete: ComboFix and its associated files and folders. * Reset the CLOCK settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ---------- Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ENSURE a complete cleaning. ---------- Use the Secunia Software Inspector to check for out of date software. * Click Start Scanner * Check the box next to Enable thorough system inspection. * Click Start * Allow the scan to finish and scroll down to see if any updates are needed. * Update anything listed. ---------- Go to Microsoft Windows Update and GET all critical updates. ---------- If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page. ---------- I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also STOP certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. * Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Many thanks to you sir!Your welcome. Safe surfing... |
|
| 7. |
Solve : Application cannot be executed. The file ----- is infected.? |
|
Answer» Ok here are the two logs good sir. There is one thing though. A message pops up from the bottom right icons every so often to tell me about start up programs that have been blocked. I was wondering if that's normal or not. But apart from that everything is wonderful so far.If this happens again, can you please get a screen print of the message? Could you please run ESET again as described in Repyl # 5 The eset scan said they're were no threats detected and the start-up block was referring to malwarebytes so i just ran the program and it hasn't happened on a restart yet.Ok Mike. If there are no other issues, it's time for some clean-up. You can uninstall HJT, RSIT and ESET. You may keep SAS and MBAM. Update them and run them every week or so to keep your computer clean. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ============================================== Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! Ok i downloaded all of that and everything is running just fine. I can't thank you enough. Have a good one man.You're Welcome. Stay clean. |
|
| 8. |
Solve : Desktop blank at Startup? |
|
Answer» Here are my two new logs. Hope it helps. |
|
| 9. |
Solve : Malware deleted some of my system files and now I can't uninstall? |
|
Answer» Hi guyz I'm a newbie here and not much of a techno geek.
When I try to uninstall these keeps popping:
and when I try to restore files these keeps popping out:
Like this: The instruction at 0x00000000 referenced memory at0x00000000. The memory could not be written. And when I tried msconfig it won't open and kept popping:
Help what should I do? Thanks for your time. Post edited for content...Oh yeah. Forgot to tell everyone. My brother borrowed my netbook and deleted my backup memory to free some space. That maybe a reason it won't restore anything.I'm afraid your brother might have messed up something. Do you have the OS disk? Please run this even if you don't have the disk and tell what happens. 1/ Click the Start button. 2/ From the Start MENU, Click All programs followed by Accessories. 3/ In the Accessories menu, Right Click on the COMMAND Prompt option. 4/ From the drop down menu that appears, Click on the Run as administrator option. 5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc. 6/ In the Command Prompt window, type: sfc /scannow and then press Enter. 7/ A message will appear stating that the system scan will begin. 8/ Be patient because the scan may take some time. 9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue. 10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations. 11/ After the scan has completed, Close the command prompt window. |
|
| 10. |
Solve : Pop ups and redirects - First Scan Logs? |
|
Answer» Hello,
Service Deleted : vToolbarUpdater18.1.7 ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar Folder Deleted : C:\ProgramData\AVG Secure Search Folder Deleted : C:\Program Files\AVG SafeGuard toolbar Folder Deleted : C:\Program Files\globalUpdate Folder Deleted : C:\Program Files\MyPC Backup Folder Deleted : C:\Program Files\P-HD-V1.4 Folder Deleted : C:\Program Files\Common Files\AVG Secure Search Folder Deleted : C:\Users\me\AppData\Local\AVG SafeGuard toolbar Folder Deleted : C:\Users\me\AppData\Local\globalUpdate Folder Deleted : C:\Users\me\AppData\LocalLow\AVG SafeGuard toolbar Folder Deleted : C:\Users\me\AppData\Roaming\Advanced System Protector Folder Deleted : C:\Users\me\AppData\Roaming\Systweak Folder Deleted : C:\Users\me\AppData\Roaming\VOPackage Folder Deleted : C:\Users\me\AppData\Roaming\Microsoft\Windows\Start menu\Programs\MyPC Backup Folder Deleted : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\Extensions\[email protected]1e7cfc871.com File Deleted : C:\Windows\system32\roboot.exe File Deleted : C:\Users\me\AppData\Roaming\Microsoft\Windows\Start menu\Programs\Startup\MyPC Backup.lnk File Deleted : C:\Users\me\Desktop\MyPC Backup.lnk File Deleted : C:\Users\me\Desktop\Sync Folder.lnk File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml File Deleted : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\searchplugins\trovi-search.xml ***** [ Tâches planifiées ] ***** Tâche supprimée : globalUpdateUpdateTaskMachineCore Tâche supprimée : globalUpdateUpdateTaskMachineUA Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-1 Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-11 Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-2 Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-3 Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-4 Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-5 Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-5_user ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\MozillaPlugins\staging.google.com/globalUpdate Update;version=10 Key Deleted : HKLM\SOFTWARE\MozillaPlugins\staging.google.com/globalUpdate Update;version=4 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0058362.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0058362.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0058362.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0058362.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511831162} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522832262} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555835562} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566836662} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511831162} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511831162} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511831162} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Key Deleted : HKCU\Software\AVG SafeGuard toolbar Key Deleted : HKCU\Software\GlobalUpdate Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\SearchProtectINT Key Deleted : HKCU\Software\systweak Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\P-HD-V1.4 Key Deleted : HKLM\Software\AVG SafeGuard toolbar Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\GlobalUpdate Key Deleted : HKLM\Software\InstalledBrowserExtensions Key Deleted : HKLM\Software\systweak Key Deleted : HKLM\Software\P-HD-V1.4 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P-HD-V1.4 ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16502 -\\ Mozilla Firefox v30.0 (en-US) [ File : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\prefs.js ] Line Deleted : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m58362.58362.internaldb.monetization_pl ugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...] Line Deleted : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362n58362e58362w58362t 58362a58362b58362.58362u58362r583[...] Line Deleted : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362s58362e58362a58362r 58362c58362h58362.58362d58362e583[...] Line Deleted : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362s58362e58362a58362r 58362c58362h58362.58362s58362e583[...] Line Deleted : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362s58362t58362a58362r 58362t58362u58362p58362.58362h583[...] Line Deleted : user_pref("extensions.crossrider.bic", "1476194b641d022438bb5cc414066b94"); ************************* AdwCleaner[R0].txt - [15114 octets] - [27/07/2014 22:36:43] AdwCleaner[S0].txt - [15437 octets] - [27/07/2014 22:38:25] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15498 octets] ########## # AdwCleaner v3.300 - Report created 27/07/2014 at 22:36:43 # Updated 27/07/2014 by Xplode # Operating System : Windows 7 Ultimate (32 bits) # Username : me - DELL # Running from : C:\Users\me\Downloads\adwcleaner_3.300.exe # Option : Scan ***** [ Services ] ***** Service Found : BackupStack Service Found : globalUpdate Service Found : globalUpdatem Service Found : vToolbarUpdater18.1.7 ***** [ Files / Folders ] ***** File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml File Found : C:\Users\me\AppData\Roaming\Microsoft\Windows\Start menu\Programs\Startup\MyPC Backup.lnk File Found : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\searchplugins\trovi-search.xml File Found : C:\Users\me\Desktop\MyPC Backup.lnk File Found : C:\Users\me\Desktop\Sync Folder.lnk File Found : C:\Windows\system32\roboot.exe Folder Found : C:\Program Files\AVG SafeGuard toolbar Folder Found : C:\Program Files\Common Files\AVG Secure Search Folder Found : C:\Program Files\globalUpdate Folder Found : C:\Program Files\MyPC Backup Folder Found : C:\Program Files\P-HD-V1.4 Folder Found : C:\ProgramData\AVG SafeGuard toolbar Folder Found : C:\ProgramData\AVG Secure Search Folder Found : C:\Users\me\AppData\Local\AVG SafeGuard toolbar Folder Found : C:\Users\me\AppData\Local\globalUpdate Folder Found : C:\Users\me\AppData\LocalLow\AVG SafeGuard toolbar Folder Found : C:\Users\me\AppData\Roaming\Advanced System Protector Folder Found : C:\Users\me\AppData\Roaming\Microsoft\Windows\Start menu\Programs\MyPC Backup Folder Found : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\Extensions\[email protected]1e7cfc871.com Folder Found : C:\Users\me\AppData\Roaming\Systweak Folder Found : C:\Users\me\AppData\Roaming\VOPackage ***** [ Scheduled Tasks ] ***** Task Found : globalUpdateUpdateTaskMachineCore Task Found : globalUpdateUpdateTaskMachineUA Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-1 Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-11 Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-2 Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-3 Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-4 Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-5 Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-5_user ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\AppDataLow\Software\P-HD-V1.4 Key Found : HKCU\Software\AVG SafeGuard toolbar Key Found : HKCU\Software\GlobalUpdate Key Found : HKCU\Software\InstallCore Key Found : HKCU\Software\InstalledBrowserExtensions Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511831162} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511831162} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\SearchProtectINT Key Found : HKCU\Software\systweak Key Found : HKLM\Software\AVG SafeGuard toolbar Key Found : HKLM\Software\AVG Security Toolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1 Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511831162} Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522832262} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87} Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0058362.BHO Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0058362.BHO.1 Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0058362.Sandbox Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0058362.Sandbox.1 Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10 Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555835562} Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566836662} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol Key Found : HKLM\SOFTWARE\Classes\S Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\Software\GlobalUpdate Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Found : HKLM\Software\InstalledBrowserExtensions Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511831162} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P-HD-V1.4 Key Found : HKLM\SOFTWARE\MozillaPlugins\avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found : HKLM\SOFTWARE\MozillaPlugins\staging.google.com/globalUpdate Update;version=10 Key Found : HKLM\SOFTWARE\MozillaPlugins\staging.google.com/globalUpdate Update;version=4 Key Found : HKLM\Software\P-HD-V1.4 Key Found : HKLM\Software\systweak Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]] ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16502 -\\ Mozilla Firefox v30.0 (en-US) [ File : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\prefs.js ] Line Found : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m58362.58362.internaldb.monetization_pl ugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...] Line Found : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362n58362e58362w58362t 58362a58362b58362.58362u58362r583[...] Line Found : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362s58362e58362a58362r 58362c58362h58362.58362d58362e583[...] Line Found : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362s58362e58362a58362r 58362c58362h58362.58362s58362e583[...] Line Found : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362s58362t58362a58362r 58362t58362u58362p58362.58362h583[...] Line Found : user_pref("extensions.crossrider.bic", "1476194b641d022438bb5cc414066b94"); ************************* AdwCleaner[R0].txt - [14972 octets] - [27/07/2014 22:36:43] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15033 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/27/2014 Scan Time: 11:10:35 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.28.01 Rootkit Database: v2014.07.17.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 CPU: x86 File System: NTFS User: me Scan Type: Threat Scan Result: Completed Objects Scanned: 259004 Time Elapsed: 6 min, 50 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 12 PUP.Optional.TopArcadeHits.A, HKLM\SOFTWARE\CLASSES\CLSID\{CF190686-9E72-403C-B99D-682ABDB63C5B}, Quarantined, [10d1673dbebdac8a9a28aee7679be719], PUP.Optional.TopArcadeHits.A, HKLM\SOFTWARE\CLASSES\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}, Quarantined, [10d1673dbebdac8a9a28aee7679be719], PUP.Optional.TopArcadeHits.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}, Quarantined, [10d1673dbebdac8a9a28aee7679be719], PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-987213009-2929140832-2469461819-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}, Quarantined, [10d1673dbebdac8a9a28aee7679be719], PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-987213009-2929140832-2469461819-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}, Quarantined, [10d1673dbebdac8a9a28aee7679be719], PUP.Optional.TopArcadeHits.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{39A17362-9C1D-4907-9428-0D28A94DC79D}, Quarantined, [10d1673dbebdac8a9a28aee7679be719], PUP.Optional.TopArcadeHits.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{627A968A-03E6-41C7-B11B-4E442B376F95}, Quarantined, [10d1673dbebdac8a9a28aee7679be719], PUP.Optional.TopArcadeHits.A, HKLM\SOFTWARE\CLASSES\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}\INPROCSERVER32, Quarantined, [10d1673dbebdac8a9a28aee7679be719], PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-987213009-2929140832-2469461819-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF190686-9E72-403C-B99D-682ABDB63C5B}, Quarantined, [10d1673dbebdac8a9a28aee7679be719], Adware.GameVance, HKU\S-1-5-21-987213009-2929140832-2469461819-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C1C3E833-420E-4D78-9BA7-86AEBB272384}, Quarantined, [a839b9eb2754d85e41fd1eef6c95916f], PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-987213009-2929140832-2469461819-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C1C3E833-420E-4D78-9BA7-86AEBB272384}, Quarantined, [f1f03173d9a252e4c762a56441c304fc], PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\P-HD-V1.4, Quarantined, [ac35762ed9a2ff3737754e8008fa6898], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 2 Adware.GameVance, C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits, Quarantined, [e00140649be09c9ad0509a6e7c881ee2], PUP.Optional.TopArcadeHits.A, C:\Users\me\AppData\Local\TopArcadeHits, Quarantined, [f1f03173d9a252e4c762a56441c304fc], Files: 11 PUP.Optional.TopArcadeHits.A, C:\Users\me\AppData\Local\TopArcadeHits\Toparcadehits.dll, Quarantined, [10d1673dbebdac8a9a28aee7679be719], Adware.GameVance, C:\Users\me\AppData\Local\TopArcadeHits\uninstaller.exe, Quarantined, [a839b9eb2754d85e41fd1eef6c95916f], Adware.GameVance, C:\Users\me\AppData\Local\TopArcadeHits\updater.exe, Quarantined, [a1400d9789f2ab8be05eb35add24946c], PUP.Optional.TopArcadeHits.A, C:\Windows\System32\Tasks\TopArcadeHits, Quarantined, [c819ecb8700bec4a1e1941917b8738c8], Adware.GameVance, C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\Play Toparcadehits Online.url, Quarantined, [e00140649be09c9ad0509a6e7c881ee2], Adware.GameVance, C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\Uninstall Toparcadehits.lnk, Quarantined, [e00140649be09c9ad0509a6e7c881ee2], PUP.Optional.TopArcadeHits.A, C:\Users\me\AppData\Local\TopArcadeHits\tah.config, Quarantined, [f1f03173d9a252e4c762a56441c304fc], PUP.Optional.TopArcadeHits.A, C:\Users\me\AppData\Local\TopArcadeHits\Toparcadehitsbrkr.exe, Quarantined, [f1f03173d9a252e4c762a56441c304fc], PUP.Optional.TopArcadeHits.A, C:\Users\me\AppData\Local\TopArcadeHits\uninstaller.exe, Quarantined, [f1f03173d9a252e4c762a56441c304fc], PUP.Optional.TopArcadeHits.A, C:\Users\me\AppData\Local\TopArcadeHits\updater.exe, Quarantined, [f1f03173d9a252e4c762a56441c304fc], PUP.Optional.TopArcadeHits.A, C:\Windows\Tasks\TopArcadeHits.job, Quarantined, [e6fb3e666e0d82b4c86299709b69db25], Physical Sectors: 0 (No malicious items detected) (end) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ There is one more scan I need to do but I thought I'd send this on first. Thank you! NariI've scanned the computer with Security Check, here is the log: Results of screen317's Security Check version 0.99.86 Windows 7 x86 (UAC is enabled) Out of date service pack!![/b] Internet Explorer 11 ``````````````Antivirus/Firewall Check:``````````````[/u] Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:`````````[/u] CCleaner Java 7 Update 40 Java version out of Date! Adobe Flash Player 14.0.0.145 Adobe Reader XI Mozilla Firefox (30.0) ````````Process Check: objlist.exe by Laurent````````[/u] Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe me Desktop MWRmv Malwarebytes Anti-Malware\mbamscheduler.exe `````````````````System Health check`````````````````[/u] TOTAL Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````[/u] Unfortunately, I don't know many details about this problem other than it has pop ups and redirects in the browser. Since I started this process, it seems to be happening less. I don't believe there is any virus protection on this computer, either. Keep me posted as to what my next steps are. Thank you! NariLooking over your log it seems you don't have any antivirus software. Before we continue download and install a free antivirus. Remember to only install one antivirus! 1) Avast! Home Edition 2) AVG Free Edition 3) Avira AntiVir Personal 4) MicroSoft Security Essentials All versions and all languages. 5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one) 6) PC Tools AntiVirus Free Edition It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time. ***************************************************** Go to Microsoft Windows Update and get all critical updates. **************************************************** Update Your Java (JRE) Old versions of Java have vulnerabilities that malware can use to infect your system. First Verify your Java Version If there are any other version(s) installed then update now. Get the new version (if needed) If your version is out of date install the newest version of the Sun Java Runtime Environment. Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update. Be sure to close ALL open web browsers before starting the installation. Remove any old versions 1. Download JavaRa and unzip the file to your Desktop. 2. Open JavaRA.exe and choose Remove Older Versions 3. Once complete exit JavaRA. Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer. ******************************************* Please download Junkware Removal Tool to your desktop. •Warning! Once the scan is complete JRT will shut down your browser with NO warning. •Shut down your protection software now to avoid potential conflicts. •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator •The tool will open and start scanning your system. •Please be patient as this can take a while to complete depending on your system's specifications. •On completion, a log (JRT.txt) is saved to your desktop and will automatically open. •Copy and Paste the JRT.txt log into your next message. ************************************************* Malwarebytes' Anti-Rootkit Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
Here are my logs: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Ultimate x86 Ran by me on Thu 07/31/2014 at 10:14:59.59 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440544834462} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440544834462} ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\me\AppData\Roaming\mozilla\firefox\profiles\zxfy6o7p.default\prefs.js user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362s58362o58362c58362i58362a583 62l58362.58362m58362a58362n58362i58362f 58362e58 Emptied folder: C:\Users\me\AppData\Roaming\mozilla\firefox\profiles\zxfy6o7p.default\minidumps [26 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 07/31/2014 at 10:22:21.37 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Rootkit BETA 1.07.0.1012 www.malwarebytes.org Database version: v2014.08.01.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 me :: DELL [administrator] 7/31/2014 11:54:42 PM mbar-log-2014-07-31 (23-54-42).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 262094 Time elapsed: 8 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser.
•Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Hello Dave, So, looks like the ESET scanner found only the things the Adwcleaner found. It gives me the option to delete the quarantined files, should I check that box before closing the application? The scan took 8 hours to complete! By the way, I thought I'd mention that although the browser is not redirecting anymore, I keep getting the AVG search page every time I open a new tab, even though I have it set to Google. Its quite tenacious! Here is the ESET scan: C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\0b5f3c30-03a2-4d63-9f31-3c1cc7310cde.crx.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-11.exe.vir a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application deleted - quarantined C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-2.exe.vir a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application deleted - quarantined C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-3.exe.vir a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application deleted - quarantined C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-4.exe.vir a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application deleted - quarantined C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-5.exe.vir a variant of Win32/Toolbar.CrossRider.AH potentially unwanted application deleted - quarantined C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063.crx.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063.xpi.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\c3a53950-de1f-44cf-89f5-2bedead76b9d.crx.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\P-HD-V1.4-bg.exe.vir a variant of Win32/Toolbar.CrossRider.AL potentially unwanted application deleted - quarantined C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\P-HD-V1.4-bho.dll.vir a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application deleted - quarantined C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\P-HD-V1.4-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application deleted - quarantined C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\Extensions\[email protected]1e7cfc871.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Users\me\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir Win32/Systweak.G potentially unwanted application deleted - quarantined C:\Users\me\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Users\me\Downloads\ccsetup416pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined ````````````````````````````````````````````````````````````````````````````````` if you wanted me to post the log in the ESET folder, here it is: [email protected] as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=3fc27dbb2888eb4f8ffa7af9f95d2b09 # engine=19461 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-08-02 05:31:42 # local_time=2014-08-01 07:31:42 (-1000, Hawaiian Standard Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 100 95 0 0 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 0 158502293 0 0 # scanned=115658 # found=16 # cleaned=16 # scan_time=30745 sh=5EF6DD1EE9CB46A8A3C0FC447C20FA4DD5697AAF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\0b5f3c30-03a2-4d63-9f31-3c1cc7310cde.crx.vir" sh=F9AC0FE1D87D994A4FFAA7F98F6E6A67586DF6AC ft=1 fh=c0c52e2e9dc7d1d3 vn="a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-11.exe.vir" sh=885A46553671BF175DD043DBAC12857626F09534 ft=1 fh=67ef0ac222edb61f vn="a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-2.exe.vir" sh=F9AC0FE1D87D994A4FFAA7F98F6E6A67586DF6AC ft=1 fh=c0c52e2e9dc7d1d3 vn="a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-3.exe.vir" sh=4C2C17F17A7990B361162880FA91913322338334 ft=1 fh=a4dd8b1dd1c6433a vn="a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-4.exe.vir" sh=9BBC1C271914ADD8788D80C7F3365DD3568ABAA7 ft=1 fh=97b22a3307d0ae49 vn="a variant of Win32/Toolbar.CrossRider.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-5.exe.vir" sh=5EF6DD1EE9CB46A8A3C0FC447C20FA4DD5697AAF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063.crx.vir" sh=4A7F9590451984E4AC955F678AF8201AA29040A6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063.xpi.vir" sh=5C8EFBA2EAEE7E989EBED04B0257BB4797F496C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\c3a53950-de1f-44cf-89f5-2bedead76b9d.crx.vir" sh=04D3E7039A01857AC61A04C31D89752F0EA94556 ft=1 fh=4bcab78a325497f3 vn="a variant of Win32/Toolbar.CrossRider.AL potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\P-HD-V1.4-bg.exe.vir" sh=535AAE99E5238930A5BC6AA9F366E1953C9CA044 ft=1 fh=320c67522b4fa4b8 vn="a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\P-HD-V1.4-bho.dll.vir" sh=355F5998A37A0E3D824FF261BE7918DCE8FD7D4D ft=1 fh=2c76fa261b127937 vn="a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\P-HD-V1.4-codedownloader.exe.vir" sh=B730BC81AFB3E390C9D638D2AD48C5DAE83E3975 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\Extensions\[email protected]1e7cfc871.com\extensionData\plugins\91.js.vir" sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Users\me\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir" sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\me\Downloads\ccsetup416.exe" sh=BDD1A02CE4D1C21C15110710454D7B7E3602F2BF ft=1 fh=8eedbadeca69cb97 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\me\Downloads\ccsetup416pro.exe" Quote looks like the ESET scanner found only the things the Adwcleaner found. It gives me the option to delete the quarantined files, should I check that box before closing the application?You can open AdwCleaner and remove the quarantined files there. We will be removing all these tools when we're finished. Quote By the way, I thought I'd mention that although the browser is not redirecting anymore, I keep getting the AVG search page every time I open a new tab, even though I have it set to Google. Its quite tenacious!AVG can be quite frustrating. You should consider another free AV from the list below. Remember to only install one antivirus! 1) Avast! Home Edition 2) AVG Free Edition 3) Avira AntiVir Personal 4) MicroSoft Security Essentials All versions and all languages. 5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one) It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time. ********************************************* This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by ACCIDENTALLY using some older restore point) and it'll make some other minor adjustments... This is a very crucial step so make sure you don't skip it. Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles. Double-click Delfix.exe to start the tool. Make sure the following items are checked:
Once finished a logfile will be created. You don't have to attach it to your next reply. ************************************************ Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) *********************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! Hello Dave, One last question, for some reason, I wanted to put all these tools in a folder on my desktop, just to keep it all easy to find, perhaps. After I ran Delfix, the folder I created is still there with all the Malware removal tools and their logs still inside. Would it be safe to just delete the folder? I have tried everything possible mentioned on the web on how to completely get rid of AVG and finally did a search on my computer and found a bunch of AVG "safe search" files in this folder in a AdwCleaner quarantine folder... Thanks again for all your help. N Just for kicks, here is my log from Delfix: # DelFix v10.8 - Logfile created 05/08/2014 at 09:18:13 # Updated 29/07/2014 by Xplode # Username : me - DELL # Operating System : Windows 7 Ultimate Service Pack 1 (32 bits) ~ Removing disinfection tools ... Deleted : C:\AdwCleaner Deleted : C:\Users\me\Downloads\adwcleaner_3.300.exe Deleted : C:\Users\me\Downloads\adwcleaner_3.302.exe Deleted : C:\Users\me\Downloads\SecurityCheck.exe Deleted : HKLM\SOFTWARE\AdwCleaner ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #61 [Windows 7 Service Pack 1 | 07/31/2014 09:23:32] Deleted : RP #62 [Windows Update | 08/03/2014 02:56:10] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ########## Quote One last question, for some reason, I wanted to put all these tools in a folder on my desktop, just to keep it all easy to find, perhaps. After I ran Delfix, the folder I created is still there with all the Malware removal tools and their logs still inside. Would it be safe to just delete the folder? I have tried everything possible mentioned on the web on how to completely get rid of AVG and finally did a search on my computer and found a bunch of AVG "safe search" files in this folder in a AdwCleaner quarantine folder...Yes, you should delete that folder. If you wish, you can download and install MBAM and AdwCleaner on your computer. Keep them updated and run them on a regular basis to keep your computer clean. As for AVG, you can run this tool to completely remove it. AVG Antivirus - AVG Anti-virus Removal Tool |
|
| 11. |
Solve : mysterious files appearing? |
|
Answer» Some time ago (maybe a month or more) my computer was infected with a Trojan which i removed with the free version of Malware bytes, a few days later i noticed files that had seemingly appeared overnight on my computer. I'm not sure if the Trojan had anything to do with it but that's the only thing i could think of that could have caused this. files are a lighter shade as if I've "cut" them and mostly appear in my music filesI wouldn't worry about it too much. The reason why the icons are LIKE that is because they are files that have the hidden attribute. These files can be set to be displayed or not in windows explorer. I am guessing you have it set to view hidden files (probably not set that way by you), so you see the files on your comp, but not on his. If you delete these files and they don't come back, then don't worry about it. It is always a GOOD idea to post some logs anyway like patio suggested, just in case. Quote memory stick containing some files on itFYI: When opening a memory stick, never use the box that pops up automatically to access the files. You can get viruses that way. Thanks for the replies guys! I did a quick internet search for "hidden files" on vista (not sure why i didn't think of adding hidden in my search before) and found how to STOP my computer from displaying them. So everything is fixed and like it was before as far as i can see, but just in case i attached my logs as instructed in the link. (hopefully I've managed to attach the logs to this post, if not I'll try again) [recovering disk space - old attachment DELETED by admin]I'll TAKE the liberty to move this over to the Malware section then.... |
|
| 12. |
Solve : YOUR SYSTEM IS INFECTED - System has been stopped due to a serious malfunction.? |
|
Answer» When I turned on my Windows 7 laptop, I found that my background is gone and this notice was in place of it "YOUR SYSTEM IS INFECTED - System has been stopped due to a serious malfunction. Spyware ACTIVITY has been detected. It is recommended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed." |
|
| 13. |
Solve : pls help!? |
|
Answer» i dont know what's WRONG with my pc. i just installed a new webcam, an A4tech CAMERA K, but its accompanying cd installer has a virus and it disabled my previous avira anti-virus. now i dont know what to do. included is my HJT log... thanks a lot! |
|
| 14. |
Solve : Virus/malware infection? |
|
Answer» On my mothers computer there has been multiple false positives with avg leading to almost del;eting all files on the computer. Since got rid of AVG and installed avast with same problem it seems. Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:Backdoors and What They Mean to You This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do? Quote The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications). Important Note:: If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost DUE to fraud or similar criminal activity. |
|
| 15. |
Solve : i have anti virus 8 ( or did have )? |
|
Answer» i have got anti-virus8 |
|
| 16. |
Solve : Removing virus now I am stuck. Logs included? |
|
Answer» A friend asked me to clean their infected notebook. |
|
| 17. |
Solve : Requesting help please? |
|
Answer» Another update.. My IE is still crashing and throwing up the DEP info... So something is still wrong with my PC it seems. Any ideas?? Thanks for your ongoing help SuperdaveDownload WhoCrashed from here
Please try this even if you don't have the OS disk. If it finds an error it will ask for the disk. If not, we'll know that the files are ok. Do you have an XP CD? If so, place it in your CD ROM drive and follow the instructions below: •Click on Start > Run and type sfc /scannow then press Enter (note the space between SCF and /scannow) *Let this run undisturbed until the window with the blue progress bar goes away SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.Hey again, I ran that how you said and nothing popped up but the log afterwards.. So that means that csrss.exe isnt messed up? I wonder whats causing that DEP. I will continue doing what you tell me if there is more to try... Thanks a million for ur help and time SuperDave Also here is the log on that "Look" --- c:\windows\system32\csrss.exe --- Company: Microsoft Corporation File Description: Client Server Runtime Process File Version: 6.0.6000.16386 (vista_rtm.061101-2205) Product Name: Microsoft® Windows® Operating System Copyright: © Microsoft Corporation. All rights reserved. Original Filename: CSRSS.Exe.MUI File size: 6144 Created time: 2008-01-21 02:24 Modified time: 2008-01-21 02:24 MD5: ABCA209EBA02CB59233614DB83B4F50D SHA1: F3A49C0D42455DAA097BCFB6455F8F31C20AFBF 8I'm going to consult with my mentor about this problem. If I don't get back to you in a few days please pm me.Have you been in the control panel and adjusted any of the settings in there? DEP warnings are not necessarily a bad thing, it could be some software not agreeing with Windows. Many people choose to turn DEP warnings off. Is there something that you installed around the time these warnings started happening> No not that I can think of... My IE has been crashing A LOT more in the last 24 hours too... Like every 10 minutes when I click on a lot of stuff. From the way this sounds would it be unsafe to turn off DEP? I will check over my programs tho to make sure I didnt install anything, but I havent I am almost certin. Thanks for ur reply Evilfantasy.This is happening now.. In the Problems reports and solutions manager. Is this normal? "Solve a problem with PSIKey PSIKey has stopped working properly. An update is available that solves this problem. Click to download the update from the Protexis Inc. website Download instructions In the File Download dialog box, click Run or Open. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. Follow the steps in the installation wizard." Have a look here. How to Disable and Uninstall Protexis Licensing Service (PSIService.exe) Let us know....This is all I could find with CCleaner and HiJackthis.. Is there some other way to find and delete that item?? [img=http://s2.postimage.org/4pLd0.jpg]Look in the Protexis folder and see if there is an uninstaller in it.I don't have a Protexsis folder, I never accepted that update or "Solution". I declined it both times its popped up because it seems weird.. Hopin' I get the right words out to explain what I mean.. I don't have the protexsis folder tho.Try this. How do I turn off Data Execution Prevention errors? |
|
| 18. |
Solve : My computer is sending out emails! Virus?? |
|
Answer» Ok I tried again, it says the source file cannot be read? Tried again, then it says an unknown error occurred.
Also, I tried to find the WildTangent thing, but it is not in my programlist, how do I find it and uninstall it? GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-09-06 17:13:35 Windows 6.0.6002 Service Pack 2 Running: gmer.exe; Driver: C:\Users\Sanna\AppData\Local\Temp\kxldrpob.sys ---- System - GMER 1.0.15 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8DCC879E] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8DCC8738] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8DCC874C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8DCC87DC] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8DCC881F] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8DCC8710] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8DCC8724] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8DCC87B2] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8DCC8847] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8DCC8833] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8DCC878A] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8DCC8776] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8DCC880B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8DCC87F2] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8DCC87C8] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8DCC8762] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwYieldExecution 81E3D9D2 5 Bytes JMP 8DCC87CC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwNotifyChangeKey 81FD15B5 5 Bytes JMP 8DCC8823 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateUserProcess 81FDBB82 5 Bytes JMP 8DCC8766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwTerminateProcess 82002DA3 5 Bytes JMP 8DCC880F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtMapViewOfSection 820224FA 7 Bytes JMP 8DCC87E0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 820227BD 5 Bytes JMP 8DCC87F6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtSetInformationProcess 82026528 5 Bytes JMP 8DCC877A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 8202BF3D 7 Bytes JMP 8DCC87B6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenThread 8202E15A 5 Bytes JMP 8DCC8728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenProcess 82032C08 5 Bytes JMP 8DCC8714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtCreateFile 82053E5B 5 Bytes JMP 8DCC87A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRestoreKey 820648D2 5 Bytes JMP 8DCC8837 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwReplaceKey 82065AD6 5 Bytes JMP 8DCC884B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcess 820A38BF 5 Bytes JMP 8DCC873C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcessEx 820A390A 7 Bytes JMP 8DCC8750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetContextThread 820A43C7 5 Bytes JMP 8DCC878E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) C:\Program Files\CyberLink\PowerDVD\000.fcl entry point in "" section [0xAB81F000] .clc C:\Program Files\CyberLink\PowerDVD\000.fcl unknown last section [0xAB820000, 0x1000, 0x00000000] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\services.exe[660] kernel32.dll!GetStartupInfoW 75CD1929 5 Bytes JMP 00060F3A .text C:\Windows\system32\services.exe[660] kernel32.dll!GetStartupInfoA 75CD19C9 5 Bytes JMP 00060080 .text C:\Windows\system32\services.exe[660] kernel32.dll!CreateProcessW 75CD1BF3 5 Bytes JMP 000600BD .text C:\Windows\system32\services.exe[660] kernel32.dll!CreateProcessA 75CD1C28 5 Bytes JMP 000600AC .text C:\Windows\system32\services.exe[660] kernel32.dll!VirtualProtect 75CD1DC3 5 Bytes JMP 00060F5C .text C:\Windows\system32\services.exe[660] kernel32.dll!CreateNamedPipeA 75CD2EF5 5 Bytes JMP 00060FD4 .text C:\Windows\system32\services.exe[660] kernel32.dll!CreateNamedPipeW 75CD5C0C 5 Bytes JMP 00060025 .text C:\Windows\system32\services.exe[660] kernel32.dll!CreatePipe 75CF8E6E 5 Bytes JMP 00060F4B .text C:\Windows\system32\services.exe[660] kernel32.dll!LoadLibraryExW 75CF9109 5 Bytes JMP 00060F6D .text C:\Windows\system32\services.exe[660] kernel32.dll!LoadLibraryW 75CF9362 5 Bytes JMP 00060FAF .text C:\Windows\system32\services.exe[660] kernel32.dll!LoadLibraryExA 75CF94B4 5 Bytes JMP 00060F8A .text C:\Windows\system32\services.exe[660] kernel32.dll!LoadLibraryA 75CF94DC 5 Bytes JMP 00060036 .text C:\Windows\system32\services.exe[660] kernel32.dll!VirtualProtectEx 75CFDBDA 5 Bytes JMP 0006005B .text C:\Windows\system32\services.exe[660] kernel32.dll!GetProcAddress 75D1903B 5 Bytes JMP 00060F0B .text C:\Windows\system32\services.exe[660] kernel32.dll!CreateFileW 75D1AECB 5 Bytes JMP 0006000A .text C:\Windows\system32\services.exe[660] kernel32.dll!CreateFileA 75D1CE5F 5 Bytes JMP 00060FEF .text C:\Windows\system32\services.exe[660] kernel32.dll!WinExec 75D65CF7 5 Bytes JMP 00060091 .text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyExA 773C39AB 5 Bytes JMP 00870F97 .text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyA 773C3BA9 5 Bytes JMP 00870FB9 .text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyA 773C89C7 5 Bytes JMP 00870000 .text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyW 773D391E 5 Bytes JMP 00870FA8 .text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyExW 773D41F1 5 Bytes JMP 00870054 .text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyExA 773D7C42 5 Bytes JMP 0087001B .text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyW 773DE2B5 5 Bytes JMP 00870FEF .text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyExW 773E7BA1 5 Bytes JMP 00870FCA .text C:\Windows\system32\services.exe[660] msvcrt.dll!_wsystem 761B7F2F 5 Bytes JMP 00850FAD .text C:\Windows\system32\services.exe[660] msvcrt.dll!system 761B804B 5 Bytes JMP 00850FBE .text C:\Windows\system32\services.exe[660] msvcrt.dll!_creat 761BBBE1 5 Bytes JMP 0085001D .text C:\Windows\system32\services.exe[660] msvcrt.dll!_open 761BD106 5 Bytes JMP 00850FEF .text C:\Windows\system32\services.exe[660] msvcrt.dll!_wcreat 761BD326 5 Bytes JMP 0085002E .text C:\Windows\system32\services.exe[660] msvcrt.dll!_wopen 761BD501 5 Bytes JMP 0085000C .text C:\Windows\system32\services.exe[660] WS2_32.dll!socket 762B36D1 5 Bytes JMP 00860000 .text C:\Windows\system32\lsass.exe[692] kernel32.dll!GetStartupInfoW 75CD1929 5 Bytes JMP 00190F91 .text C:\Windows\system32\lsass.exe[692] kernel32.dll!GetStartupInfoA 75CD19C9 1 Byte [E9] .text C:\Windows\system32\lsass.exe[692] kernel32.dll!GetStartupInfoA 75CD19C9 5 Bytes JMP 001900CD .text C:\Windows\system32\lsass.exe[692] kernel32.dll!CreateProcessW 75CD1BF3 5 Bytes JMP 0019010D .text C:\Windows\system32\lsass.exe[692] kernel32.dll!CreateProcessA 75CD1C28 5 Bytes JMP 00190F6C .text C:\Windows\system32\lsass.exe[692] kernel32.dll!VirtualProtect 75CD1DC3 5 Bytes JMP 001900AB .text C:\Windows\system32\lsass.exe[692] kernel32.dll!CreateNamedPipeA 75CD2EF5 5 Bytes JMP 0019002C .text C:\Windows\system32\lsass.exe[692] kernel32.dll!CreateNamedPipeW 75CD5C0C 5 Bytes JMP 00190047 .text C:\Windows\system32\lsass.exe[692] kernel32.dll!CreatePipe 75CF8E6E 5 Bytes JMP 00190FAC .text C:\Windows\system32\lsass.exe[692] kernel32.dll!LoadLibraryExW 75CF9109 5 Bytes JMP 00190084 .text C:\Windows\system32\lsass.exe[692] kernel32.dll!LoadLibraryW 75CF9362 5 Bytes JMP 00190062 .text C:\Windows\system32\lsass.exe[692] kernel32.dll!LoadLibraryExA 75CF94B4 5 Bytes JMP 00190073 .text C:\Windows\system32\lsass.exe[692] kernel32.dll!LoadLibraryA 75CF94DC 5 Bytes JMP 00190FD1 .text C:\Windows\system32\lsass.exe[692] kernel32.dll!VirtualProtectEx 75CFDBDA 5 Bytes JMP 001900BC .text C:\Windows\system32\lsass.exe[692] kernel32.dll!GetProcAddress 75D1903B 5 Bytes JMP 00190128 .text C:\Windows\system32\lsass.exe[692] kernel32.dll!CreateFileW 75D1AECB 5 Bytes JMP 0019001B .text C:\Windows\system32\lsass.exe[692] kernel32.dll!CreateFileA 75D1CE5F 5 Bytes JMP 00190000 .text C:\Windows\system32\lsass.exe[692] kernel32.dll!WinExec 75D65CF7 5 Bytes JMP 001900E8 .text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!RegCreateKeyExA 773C39AB 5 Bytes JMP 004E0F8D .text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!RegCreateKeyA 773C3BA9 5 Bytes JMP 004E0025 .text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!RegOpenKeyA 773C89C7 5 Bytes JMP 004E000A .text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!RegCreateKeyW 773D391E 5 Bytes JMP 004E0FA8 .text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!RegCreateKeyExW 773D41F1 5 Bytes JMP 004E004A .text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!RegOpenKeyExA 773D7C42 5 Bytes JMP 004E0FD4 .text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!RegOpenKeyW 773DE2B5 5 Bytes JMP 004E0FEF .text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!RegOpenKeyExW 773E7BA1 5 Bytes JMP 004E0FC3 .text C:\Windows\system32\lsass.exe[692] msvcrt.dll!_wsystem 761B7F2F 5 Bytes JMP 001A0F7A .text C:\Windows\system32\lsass.exe[692] msvcrt.dll!system 761B804B 5 Bytes JMP 001A0F95 .text C:\Windows\system32\lsass.exe[692] msvcrt.dll!_creat 761BBBE1 5 Bytes JMP 001A0FB7 .text C:\Windows\system32\lsass.exe[692] msvcrt.dll!_open 761BD106 5 Bytes JMP 001A0FEF .text C:\Windows\system32\lsass.exe[692] msvcrt.dll!_wcreat 761BD326 5 Bytes JMP 001A0FA6 .text C:\Windows\system32\lsass.exe[692] msvcrt.dll!_wopen 761BD501 5 Bytes JMP 001A0FDE .text C:\Windows\system32\lsass.exe[692] WS2_32.dll!socket 762B36D1 5 Bytes JMP 001B0FEF .text C:\Windows\system32\svchost.exe[880] kernel32.dll!GetStartupInfoW 75CD1929 5 Bytes JMP 004B00B1 .text C:\Windows\system32\svchost.exe[880] kernel32.dll!GetStartupInfoA 75CD19C9 5 Bytes JMP 004B0F61 .text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateProcessW 75CD1BF3 5 Bytes JMP 004B00DD .text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateProcessA 75CD1C28 5 Bytes JMP 004B0F46 .text C:\Windows\system32\svchost.exe[880] kernel32.dll!VirtualProtect 75CD1DC3 5 Bytes JMP 004B0056 .text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateNamedPipeA 75CD2EF5 5 Bytes JMP 004B0FB9 .text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateNamedPipeW 75CD5C0C 5 Bytes JMP 004B0014 .text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreatePipe 75CF8E6E 5 Bytes JMP 004B0082 .text C:\Windows\system32\svchost.exe[880] kernel32.dll!LoadLibraryExW 75CF9109 5 Bytes JMP 004B0F7C .text C:\Windows\system32\svchost.exe[880] kernel32.dll!LoadLibraryW 75CF9362 5 Bytes JMP 004B0F97 .text C:\Windows\system32\svchost.exe[880] kernel32.dll!LoadLibraryExA 75CF94B4 5 Bytes JMP 004B0039 .text C:\Windows\system32\svchost.exe[880] kernel32.dll!LoadLibraryA 75CF94DC 5 Bytes JMP 004B0FA8 .text C:\Windows\system32\svchost.exe[880] kernel32.dll!VirtualProtectEx 75CFDBDA 5 Bytes JMP 004B0071 .text C:\Windows\system32\svchost.exe[880] kernel32.dll!GetProcAddress 75D1903B 5 Bytes JMP 004B0F2B .text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateFileW 75D1AECB 5 Bytes JMP 004B0FCA .text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateFileA 75D1CE5F 5 Bytes JMP 004B0FE5 .text C:\Windows\system32\svchost.exe[880] kernel32.dll!WinExec 75D65CF7 5 Bytes JMP 004B00C2 .text C:\Windows\system32\svchost.exe[880] msvcrt.dll!_wsystem 761B7F2F 1 Byte [E9] .text C:\Windows\system32\svchost.exe[880] msvcrt.dll!_wsystem 761B7F2F 5 Bytes JMP 004C0033 .text C:\Windows\system32\svchost.exe[880] msvcrt.dll!system 761B804B 5 Bytes JMP 004C0FA8 .text C:\Windows\system32\svchost.exe[880] msvcrt.dll!_creat 761BBBE1 5 Bytes JMP 004C0FD4 .text C:\Windows\system32\svchost.exe[880] msvcrt.dll!_open 761BD106 5 Bytes JMP 004C000C .text C:\Windows\system32\svchost.exe[880] msvcrt.dll!_wcreat 761BD326 5 Bytes JMP 004C0FC3 .text C:\Windows\system32\svchost.exe[880] msvcrt.dll!_wopen 761BD501 5 Bytes JMP 004C0FEF .text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyExA 773C39AB 5 Bytes JMP 00520F83 .text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyA 773C3BA9 5 Bytes JMP 00520FAF .text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyA 773C89C7 5 Bytes JMP 00520FE5 .text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyW 773D391E 5 Bytes JMP 00520F9E .text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyExW 773D41F1 5 Bytes JMP 00520040 .text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyExA 773D7C42 5 Bytes JMP 00520000 .text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyW 773DE2B5 5 Bytes JMP 00520FCA .text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyExW 773E7BA1 5 Bytes JMP 00520011 .text C:\Windows\system32\svchost.exe[880] WS2_32.dll!socket 762B36D1 5 Bytes JMP 00510000 .text C:\Windows\system32\svchost.exe[940] kernel32.dll!GetStartupInfoW &nbYou could try searching for it this way. Delete An Uninstall Entry •Start HijackThis •Click on the Open the Misc Tools section •Click on the Open Uninstall Manager button. •Highlight the entry you want to remove. WildTangent •Click Delete this entry ************************************** I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt [email protected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=f9a6e9326aee944993376a399242ae6a # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-09-07 01:47:12 # local_time=2010-09-06 06:47:12 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 789324 789324 0 0 # compatibility_mode=3584 16777215 100 0 0 0 0 0 # compatibility_mode=5121 16776573 100 96 11575405 36657156 0 0 # compatibility_mode=5892 16776573 100 100 0 120431560 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=19 # found=0 # cleaned=0 # scan_time=0 [email protected] as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=f9a6e9326aee944993376a399242ae6a # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-09-07 04:15:47 # local_time=2010-09-06 09:15:47 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 789456 789456 0 0 # compatibility_mode=3584 16777215 100 0 0 0 0 0 # compatibility_mode=5121 16776573 100 96 11575537 36657288 0 0 # compatibility_mode=5892 16776573 100 100 0 120431692 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=197483 # found=3 # cleaned=3 # scan_time=8782 C:\Users\Sanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-596ef2e2 probably a variant of Win32/Agent.DYXWUMY trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Sanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-4a3b7957 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Sanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\549f6065-54daa004 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C And the other one: C:\Users\Sanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-596ef2e2 probably a variant of Win32/Agent.DYXWUMY trojan deleted - quarantined C:\Users\Sanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-4a3b7957 multiple threats deleted - quarantined C:\Users\Sanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\549f6065-54daa004 multiple threats deleted - quarantined That looks good. If there are no other issues, it's time for some cleanup. * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box. * Now type Combofix /uninstall in the runbox * Make sure there's a space between Combofix and /Uninstall * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ******************************* Download OTC by OldTimer and save it to your desktop. 1. Double-click OTC to run it. 2. Click the CleanUp! button. 3. Select Yes when the "Begin cleanup Process?" prompt appears. 4. If you are prompted to Reboot during the cleanup, select Yes 5. OTC should delete itself once it finishes, if not delete it yourself. ********************************* Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ************************************** Looking over your log it seems you don't have any evidence of a third party firewall. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. ********************************** Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!I did all of the above, No more problems! Thank you so much for all of your help! |
|
| 19. |
Solve : Malwarebytes Anti-Malware, HijackThis and SUPERAntiSpyware Logs? |
|
Answer» It says that its ALREADY installed. |
|
| 20. |
Solve : Cannot delete registry entries or change permissions in Windows XP? |
|
Answer» I do not have the OS disk for this computer. I have my own OS disk for a Dell computer that has the XP Media Center Edition, but I don't know if it work for what you have planned. The owner of this laptop is a teenage boy (can't you tell?), the son of a friend of mine. He has misplaced the OS disk and they are supposed to be looking for it this weekend.OK I am back. I ran the ESET scan and the log is below:
2010/09/06 18:33:32.0557 TDSS rootkit removing tool 2.4.2.0 Sep 3 2010 10:26:06 2010/09/06 18:33:32.0557 ================================================================================ 2010/09/06 18:33:32.0557 SystemInfo: 2010/09/06 18:33:32.0557 2010/09/06 18:33:32.0557 OS Version: 5.1.2600 ServicePack: 3.0 2010/09/06 18:33:32.0557 Product type: Workstation 2010/09/06 18:33:32.0557 ComputerName: CHASEDOTY 2010/09/06 18:33:32.0557 UserName: chase 2010/09/06 18:33:32.0557 Windows directory: C:\WINDOWS 2010/09/06 18:33:32.0557 System windows directory: C:\WINDOWS 2010/09/06 18:33:32.0557 Processor architecture: Intel x86 2010/09/06 18:33:32.0557 Number of processors: 1 2010/09/06 18:33:32.0557 Page size: 0x1000 2010/09/06 18:33:32.0557 Boot type: Normal boot 2010/09/06 18:33:32.0557 ================================================================================ 2010/09/06 18:33:37.0526 Initialize success 2010/09/06 18:33:51.0574 ================================================================================ 2010/09/06 18:33:51.0574 Scan started 2010/09/06 18:33:51.0574 Mode: Manual; 2010/09/06 18:33:51.0574 ================================================================================ 2010/09/06 18:33:52.0402 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/09/06 18:33:52.0465 ACPIEC (a19857c810444c1ae0c1eaae1ae3801d) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2010/09/06 18:33:52.0559 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/09/06 18:33:52.0637 AegisP (accd563bf09c4659b54143fde633b57d) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2010/09/06 18:33:52.0918 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/09/06 18:33:53.0059 AgereSoftModem (c41a5740468d0b9cb46e6390a0e15ce3) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2010/09/06 18:33:53.0731 AR5211 (3d769924a07c00f5bb4b890f3934cd1e) C:\WINDOWS\system32\DRIVERS\ar5211.sys 2010/09/06 18:33:53.0809 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/09/06 18:33:53.0949 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 2010/09/06 18:33:54.0059 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/09/06 18:33:54.0121 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/09/06 18:33:54.0277 ati2mtag (221f0a33229cce7bf2f7640d3bb8845d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2010/09/06 18:33:54.0512 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/09/06 18:33:54.0746 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/09/06 18:33:54.0809 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/09/06 18:33:55.0028 BHDrvx86 (8f6d9ce8af24f09de6b020b2c09e27d9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100810.004\BHDrvx86.sys 2010/09/06 18:33:55.0418 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/09/06 18:33:55.0496 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys 2010/09/06 18:33:55.0621 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/09/06 18:33:55.0699 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/09/06 18:33:55.0762 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/09/06 18:33:55.0887 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2010/09/06 18:33:55.0965 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2010/09/06 18:33:56.0121 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/09/06 18:33:56.0199 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 2010/09/06 18:33:56.0449 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2010/09/06 18:33:56.0528 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS 2010/09/06 18:33:56.0559 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 2010/09/06 18:33:56.0590 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 2010/09/06 18:33:56.0621 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 2010/09/06 18:33:56.0653 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS 2010/09/06 18:33:56.0684 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 2010/09/06 18:33:56.0731 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 2010/09/06 18:33:56.0840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/09/06 18:33:56.0965 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/09/06 18:33:57.0028 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/09/06 18:33:57.0168 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/09/06 18:33:57.0356 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/09/06 18:33:57.0387 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2010/09/06 18:33:57.0418 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2010/09/06 18:33:57.0606 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2010/09/06 18:33:57.0731 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2010/09/06 18:33:57.0887 esgiguard (051a2e2a75adb6d1c5c27e940fdabcba) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 2010/09/06 18:33:58.0184 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/09/06 18:33:58.0278 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2010/09/06 18:33:58.0309 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/09/06 18:33:58.0371 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2010/09/06 18:33:58.0450 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/09/06 18:33:58.0512 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/09/06 18:33:58.0543 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/09/06 18:33:58.0653 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2010/09/06 18:33:58.0840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/09/06 18:33:58.0965 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/09/06 18:33:59.0121 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/09/06 18:33:59.0325 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/09/06 18:33:59.0606 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/09/06 18:33:59.0887 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100906.001\IDSxpx86.sys 2010/09/06 18:34:00.0200 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/09/06 18:34:00.0575 IntcAzAudAddService (7c09d605fcae64e3cb11ebf90fb1e3a1) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2010/09/06 18:34:00.0950 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/09/06 18:34:00.0997 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/09/06 18:34:01.0090 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/09/06 18:34:01.0184 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/09/06 18:34:01.0387 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/09/06 18:34:01.0434 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/09/06 18:34:01.0481 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/09/06 18:34:01.0544 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/09/06 18:34:01.0622 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys 2010/09/06 18:34:01.0669 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/09/06 18:34:01.0731 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/09/06 18:34:01.0887 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/09/06 18:34:02.0122 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 2010/09/06 18:34:02.0278 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys 2010/09/06 18:34:02.0403 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys 2010/09/06 18:34:02.0450 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 2010/09/06 18:34:02.0590 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/09/06 18:34:02.0669 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/09/06 18:34:02.0715 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/09/06 18:34:02.0794 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/09/06 18:34:02.0872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/09/06 18:34:02.0934 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/09/06 18:34:03.0044 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/09/06 18:34:03.0184 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/09/06 18:34:03.0247 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/09/06 18:34:03.0356 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/09/06 18:34:03.0403 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/09/06 18:34:03.0465 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/09/06 18:34:03.0497 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/09/06 18:34:03.0747 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20100906.024\NAVENG.SYS 2010/09/06 18:34:03.0825 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20100906.024\NAVEX15.SYS 2010/09/06 18:34:04.0012 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/09/06 18:34:04.0200 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/09/06 18:34:04.0262 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/09/06 18:34:04.0325 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/09/06 18:34:04.0372 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/09/06 18:34:04.0497 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/09/06 18:34:04.0622 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/09/06 18:34:04.0684 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys 2010/09/06 18:34:04.0794 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/09/06 18:34:04.0841 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/09/06 18:34:04.0919 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/09/06 18:34:04.0966 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/09/06 18:34:05.0028 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/09/06 18:34:05.0059 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/09/06 18:34:05.0091 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/09/06 18:34:05.0184 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2010/09/06 18:34:05.0356 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/09/06 18:34:05.0512 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/09/06 18:34:05.0622 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/09/06 18:34:05.0716 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/09/06 18:34:05.0747 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2010/09/06 18:34:06.0013 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys 2010/09/06 18:34:06.0059 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/09/06 18:34:06.0091 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/09/06 18:34:06.0122 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/09/06 18:34:06.0169 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/09/06 18:34:06.0356 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/09/06 18:34:06.0419 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/09/06 18:34:06.0544 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/09/06 18:34:06.0669 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/09/06 18:34:06.0747 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/09/06 18:34:06.0794 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/09/06 18:34:06.0825 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/09/06 18:34:06.0903 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/09/06 18:34:06.0981 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/09/06 18:34:07.0075 RTL8023xp (8e34400ffc7d647946d9c820678775af) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 2010/09/06 18:34:07.0153 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2010/09/06 18:34:07.0341 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2010/09/06 18:34:07.0403 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2010/09/06 18:34:07.0700 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/09/06 18:34:07.0794 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2010/09/06 18:34:07.0919 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/09/06 18:34:08.0060 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/09/06 18:34:08.0122 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/09/06 18:34:08.0231 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS 2010/09/06 18:34:08.0481 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS 2010/09/06 18:34:08.0653 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/09/06 18:34:08.0825 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/09/06 18:34:08.0872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/09/06 18:34:09.0028 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS 2010/09/06 18:34:09.0231 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS 2010/09/06 18:34:09.0388 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 2010/09/06 18:34:09.0591 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS 2010/09/06 18:34:09.0716 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS 2010/09/06 18:34:09.0935 SynTP (a6cc8c28d5aad4179ef32f05bed55e91) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2010/09/06 18:34:10.0106 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/09/06 18:34:10.0232 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys 2010/09/06 18:34:10.0419 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/09/06 18:34:10.0560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/09/06 18:34:10.0747 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/09/06 18:34:10.0935 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/09/06 18:34:11.0028 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys 2010/09/06 18:34:11.0075 Tvs (568dccff5d0f2be99cb04a49a70a63d4) C:\WINDOWS\system32\DRIVERS\Tvs.sys 2010/09/06 18:34:11.0122 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/09/06 18:34:11.0263 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/09/06 18:34:11.0388 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2010/09/06 18:34:11.0685 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/09/06 18:34:11.0810 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/09/06 18:34:11.0872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/09/06 18:34:11.0919 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2010/09/06 18:34:11.0982 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/09/06 18:34:12.0028 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/09/06 18:34:12.0075 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/09/06 18:34:12.0122 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/09/06 18:34:12.0200 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/09/06 18:34:12.0310 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/09/06 18:34:12.0497 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 2010/09/06 18:34:12.0669 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/09/06 18:34:12.0794 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2010/09/06 18:34:12.0904 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/09/06 18:34:12.0966 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/09/06 18:34:13.0029 ================================================================================ 2010/09/06 18:34:13.0029 Scan finished 2010/09/06 18:34:13.0029 ================================================================================ How's your computer running now? Any problems?It is running great. No problems that I can detect. Thank you so much for your help. I could never have done this without you. Are we finished? Any more instructions? We should do some cleanup. * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box. * Now type Combofix /uninstall in the runbox * Make sure there's a space between Combofix and /Uninstall * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore POINT. ************************************** Download OTC by OldTimer and save it to your desktop. 1. Double-click OTC to run it. 2. Click the CleanUp! button. 3. Select Yes when the "Begin cleanup PROCESS?" prompt appears. 4. If you are prompted to Reboot during the cleanup, select Yes 5. OTC should delete itself once it finishes, if not delete it yourself. *************************************** Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ************************************* Looking over your log it seems you don't have any evidence of a third party firewall. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during INSTALLATION "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. ***************************************** Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to SEE if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! I do have the firewall that comes with Norton Internet Security 2010 and had planned to use it but it may have been disabled to run one of the scans you recommended. Will the NIS firewall protect this computer OK or would one of the free ones you recommend do a better job?Yes, NIS will protect you. It's considered a third-party firewall but you will have to make sure that it's kept up-to-date. |
|
| 21. |
Solve : HelpAssistant Folder Won't Go Away? |
|
Answer» While trying to clean-up some space on my computer, I noticed a folder called HelpAssistant that appeared to contain a copy of all the files/folders in my primary user account. After searching the forum and finding that others had been affected by similar PROBLEMS, I've tried various scans, all to no avail.
|
|
| 22. |
Solve : New QuickTime and DLDR-ZLOB.NT Trojan? |
|
Answer» Since my last bout of trouble with this PC I have been trying to keep it fully
that were highlighted when I had problems earlier in the year. They are all in my e.mail folder, are probably several years old and were possibly quarantined by whichever anti-virus I was running when they were delivered. Last database update: Saturday, April 03, 2010 13:40:23 Records in database: 3913863 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ F:\ Scan statistics: Objects scanned: 197603 Threats found: 3 Infected objects found: 6 Suspicious objects found: 4 Scan duration: 03:28:44 File name / Threat / Threats count F:\PMAIL\MAIL\wraith\JUNK.PMM Suspicious: Trojan-Spy.HTML.Fraud.gen 1 F:\PMAIL\MAIL\wraith\FOL037D6.PMM Suspicious: Trojan-Spy.HTML.Fraud.gen 1 F:\PMAIL\MAIL\wraith\FOL0059B.PMM Infected: Trojan-Spy.HTML.Bayfraud.ib 1 F:\PMAIL\MAIL\wraith\FOL0059B.PMM Suspicious: Trojan-Spy.HTML.Fraud.gen 2 F:\PMAIL\MAIL\wraith\FOL0059B.PMM Infected: Trojan-Spy.HTML.Bayfraud.ek 5 Selected area has been scanned.Please download OTM
F:\PMAIL\MAIL\wraith\JUNK.PMM F:\PMAIL\MAIL\wraith\FOL037D6.PMM F:\PMAIL\MAIL\wraith\FOL0059B.PMM F:\PMAIL\MAIL\wraith\FOL0059B.PMM F:\PMAIL\MAIL\wraith\FOL0059B.PMM :commands [purity] [emptytemp] [reboot]
open the newest .log file present, and copy/paste the contents of that document back here in your next post.Hi I have now looked at the HTML version of the Kaspersky report which lists what the threats are. Suspicious: Trojan-Spy.HTML.Fraud.gen 1 F:\PMAIL\MAIL\wraith\FOL037D6.PMM Suspicious: Trojan-Spy.HTML.Fraud.gen 1 F:\PMAIL\MAIL\wraith\FOL0059B.PMM Infected: Trojan-Spy.HTML.Bayfraud.ib 1 F:\PMAIL\MAIL\wraith\FOL0059B.PMM Suspicious: Trojan-Spy.HTML.Fraud.gen 2 F:\PMAIL\MAIL\wraith\FOL0059B.PMM Infected: Trojan-Spy.HTML.Bayfraud.ek 5 Is there any way that these can launch without me opening individual messages ? I wonder if they are spams that I have never opened anyway. I am worried that the files listed are actually complete folders full of years' worth of multiple mails which I do not want to delete and lose. Is "Bayfraud" something to do with eBay ?Yes, they are from a fake eBay. Designed to steal personal information from eBay users. |
|
| 23. |
Solve : 2nd machine down? |
|
Answer» Same symptoms as first machine but CAUGHT this one before the browser hijacking got out of control. Only popping bogus Security Warning windows about files being infected.
Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis. ---------- Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger or Windows Live Messenger because they are not the same. Windows Messenger is a FREQUENT cause of popups. Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply. Exit out of MessengerDisable then delete the two files that were put on the desktop. ---------- If you already have ComboFix be sure to delete it and download a new copy. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it) When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFixThank you for your help; everything appears to have stabilized.No ComboFix log?Due to lack of feedback, this topic is now CLOSED. If you need the topic re-opened, PM a moderator and they shall unlock it. =>CLOSED |
|
| 24. |
Solve : Browser hijacked? |
|
Answer» Here is the readout from hijack this :Logfile of Trend Micro HijackThis v2.0.2
Important: Close all open windows except for HijackThis and then click Fix checked. Restart the computer if asked to do so. Once completed, exit HijackThis. ---------- Download DISABLE/Remove Windows Messenger to the desktop to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger or Windows Live Messenger because they are not the same. Windows Messenger is a frequent cause of popups. Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply. Exit out of MessengerDisable then delete the two files that were put on the desktop. ---------- Create An Uninstall List * Start HijackThis * Click on the Open the Misc Tools section * Click on the Open Uninstall Manager button. * Click on the Save list button and specify where you would like to save this file and click Save. * When you press Save button a notepad will open with the contents of that file. * Copy and paste that list in your reply. ---------- If you already have ComboFix be sure to delete it and download a new copy. Download ComboFix© by sUBs from one of the below links. Be sure to save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it) When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFix That's the weird thing is i thought i deleted bear share No problem. Just continue on with ComboFix and we will deal with it later. |
|
| 25. |
Solve : Google re-direction? |
|
Answer» Ok I'm asking for searches on google and in my browser it starts re-directing to other search
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19 ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20 ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2589518989-727022852-2468593643-1000 ProfileImagePath REG_EXPAND_SZ C:\Users\Graham HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2589518989-727022852-2468593643-1001.bak ProfileImagePath REG_EXPAND_SZ C:\Users\Greg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2589518989-727022852-2468593643-501 ProfileImagePath REG_EXPAND_SZ C:\Users\Guest ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService SystemRoot REG_SZ C:\Windows Starting up... Running from: C:\Users\Graham\Desktop\System defence\Win32kDiag.exe Log file at : C:\Users\Graham\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\Windows'... Cannot access: C:\Windows\bthservsdp.dat Please let me know what else you need... Cheetah-Anti-Rogue is needed, also. I included the instructions for my first reply to you.I new I forgot to mention something. That link to Cheetah does not work.Ok. I will see what is wrong with my link there. Edit: try it again. I fixed it.OK thanks for that. See attached. Cheetah-Anti-Rogue v1.3.35 by DragonMaster Jay Microsoft Windows [Version 6.0.6002] Date: 02/04/2010 - Time: 19:13:23 - Arch.: x86 -- Malware removal tools check -- USER has Sandboxie installed! Sandboxie CCleaner Trend Micro HijackThis 2.0.2 Malwarebytes' Anti-Malware SUPERAntiSpyware -- Known infection -- Extra MESSAGE: Detection only. EOF [recovering disk space - old attachment deleted by admin]Please download Stealth MBR Rootkit DETECTOR by GMER from GMER.net, and save to your Desktop.
[recovering disk space - old attachment deleted by admin]Please download RootRepeal from GooglePages.com.
|
|
| 26. |
Solve : advanced xp defender virus has locked up my system..totally..can't open anything? |
|
Answer» I'm using windows xp i think it's sp3 , can't even check that..it won't open up! its a dell inspiron 6000. |
|
| 27. |
Solve : Win32spytrojan.agent / Keylogger menace? |
|
Answer» Hello. Yesterday I was performing my usual computer cleaning procedure (CCleaner, Superantispyware, Malwarebytes), and what is strange is that I kept finding malware or infected files, even if I ran the program after it had just finished. I also ran the Ad-Aware, and found the Win32spytrojan.agent. It is also worth noting that my computer was extremely slow, for no apparent reason since it had been working properly the days before.
[Saving space, attachment deleted by admin]Hello. Please copy and paste the log in a new post instead of upload.I uploaded it since the system says "The message exceeds the maximum allowed length (50000 characters). " Should I divide it into two posts, perhaps?Yes. Two or three. Code: [Select]OTS logfile created on: 23/03/2010 00:13:28 - Run 1 OTS by OldTimer - Version 3.1.27.1 Folder = C:\DOCUMENTS and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 179,50 Gb Total Space | 113,05 Gb Free Space | 62,98% Space Free | Partition Type: NTFS Drive D: | 186,31 Gb Total Space | 150,02 Gb Free Space | 80,52% Space Free | Partition Type: NTFS Drive E: | 6,80 Gb Total Space | 0,83 Gb Free Space | 12,21% Space Free | Partition Type: FAT32 Drive F: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NOM-FB9B15D2723 Current User Name: HP_Administrateur Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 90 Days [Processes - Safe List] ots.exe -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\OTS.exe -> [2010/03/23 00:08:28 | 000,637,440 | ---- | M] (OldTimer Tools) avastui.exe -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe -> [2010/03/09 12:24:10 | 002,769,336 | ---- | M] (ALWIL Software) avastsvc.exe -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/03/09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) jusched.exe -> C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe -> [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) wlcomm.exe -> C:\Program Files\Windows Live\Contacts\wlcomm.exe -> [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) lifechat.exe -> C:\Program Files\Microsoft LifeChat\LifeChat.exe -> [2008/08/21 10:16:56 | 000,267,296 | ---- | M] (Microsoft Corporation) zlclient.exe -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> [2008/07/09 08:05:20 | 000,919,016 | ---- | M] (Zone Labs, LLC) vsmon.exe -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> [2008/07/09 08:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 18:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) iaanotif.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2006/07/06 14:15:00 | 000,151,552 | ---- | M] (Intel Corporation) iaantmon.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2006/07/06 14:14:30 | 000,090,112 | ---- | M] (Intel Corporation) lssrvc.exe -> C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -> [2006/06/21 04:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company) elservice.exe -> C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe -> [2006/06/01 23:25:00 | 000,180,224 | ---- | M] (Intel Corporation) transcode360tray.exe -> C:\Program Files\Transcode360\Transcode360Tray.exe -> [2006/05/02 18:01:30 | 000,192,512 | ---- | M] ( ) dmascheduler.exe -> C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe -> [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) gnotify.exe -> C:\Program Files\Google\Gmail Notifier\gnotify.exe -> [2005/07/15 22:48:33 | 000,479,232 | ---- | M] (Google Inc.) kmaestro.exe -> C:\Program Files\HP Wireless Keyboard\Kmaestro.exe -> [2005/06/13 02:38:22 | 000,278,528 | ---- | M] (BTC) uphclean.exe -> C:\Program Files\UPHClean\uphclean.exe -> [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) wlancfgg.exe -> C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe -> [2004/09/02 17:09:56 | 000,794,624 | ---- | M] () wlservice.exe -> C:\Program Files\Wireless 802.11g Monitor\WLService.exe -> [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () [Modules - Safe List] ots.exe -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\OTS.exe -> [2010/03/23 00:08:28 | 000,637,440 | ---- | M] (OldTimer Tools) hid.dll -> C:\WINDOWS\system32\hid.dll -> [2008/04/13 18:33:28 | 000,020,992 | ---- | M] (Microsoft Corporation) nview.dll -> C:\WINDOWS\system32\nview.dll -> [2006/04/28 08:47:00 | 001,466,368 | ---- | M] () nvwrsfr.dll -> C:\WINDOWS\system32\nvwrsfr.dll -> [2006/04/28 08:47:00 | 000,327,680 | ---- | M] (NVIDIA Corporation) nvwddi.dll -> C:\WINDOWS\system32\nvwddi.dll -> [2006/04/28 08:47:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) hidkeybd.dll -> C:\Program Files\HP Wireless Keyboard\HidKeybd.dll -> [2004/06/15 08:32:12 | 000,018,476 | ---- | M] (BTC) [Win32 Services - Safe List] (Planificateur LiveUpdate automatique) Planificateur LiveUpdate automatique [Auto | Stopped] -> -> File not found (avast! Web Scanner) avast! Web Scanner [On_Demand | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/03/09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) (avast! Mail Scanner) avast! Mail Scanner [On_Demand | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/03/09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) (avast! Antivirus) avast! Antivirus [Auto | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/03/09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) (vsmon) TrueVector Internet Monitor [Auto | Running] -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe -> [2008/07/09 08:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) (IAANTMON) Intel(R) Matrix Storage Event Monitor [Auto | Running] -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2006/07/06 14:14:30 | 000,090,112 | ---- | M] (Intel Corporation) (LightScribeService) LightScribeService Direct Disc Labeling Service [Auto | Running] -> C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -> [2006/06/21 04:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company) (ELService) Intel(R) Quick Resume technology [Auto | Running] -> C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe -> [2006/06/01 23:25:00 | 000,180,224 | ---- | M] (Intel Corporation) (UPHClean) User Profile Hive Cleanup [Auto | Running] -> C:\Program Files\UPHClean\uphclean.exe -> [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) (IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 10:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) (R54G Wireless Service) R54G Wireless Service [Auto | Running] -> C:\Program Files\Wireless 802.11g Monitor\WLService.exe -> [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () [Driver Services - Safe List] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -> [2010/03/21 18:28:14 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) (SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2010/03/21 18:28:11 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) (SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/03/21 18:28:10 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) (aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\aswTdi.sys -> [2010/03/09 12:12:54 | 000,046,672 | ---- | M] (ALWIL Software) (aswSP) aswSP [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\aswSP.sys -> [2010/03/09 12:12:33 | 000,162,640 | ---- | M] (ALWIL Software) (aswRdr) aswRdr [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\aswRdr.sys -> [2010/03/09 12:09:08 | 000,023,376 | ---- | M] (ALWIL Software) (aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\aswmon2.sys -> [2010/03/09 12:08:41 | 000,100,432 | ---- | M] (ALWIL Software) (aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\aswFsBlk.sys -> [2010/03/09 12:08:30 | 000,019,024 | ---- | M] (ALWIL Software) (Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\aavmker4.sys -> [2010/03/09 12:08:15 | 000,028,880 | ---- | M] (ALWIL Software) (MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.9 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\mdc8021x.sys -> [2009/11/22 04:01:16 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) (sptd) sptd [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\sptd.sys -> [2009/08/09 12:46:12 | 000,721,904 | ---- | M] () (vsdatant) vsdatant [Kernel | System | Running] -> C:\WINDOWS\system32\vsdatant.sys -> [2008/07/09 08:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) (MPE) Filtre BDA MPE [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mpe.sys -> [2008/04/13 10:46:24 | 000,015,232 | ---- | M] (Microsoft Corporation) (usbaudio) Pilote USB audio (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\USBAUDIO.sys -> [2008/04/13 10:45:14 | 000,060,032 | ---- | M] (Microsoft Corporation) (HDAudBus) Pilote de bus Microsoft UAA pour High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 08:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) (srescan) srescan [Kernel | Boot | Running] -> C:\WINDOWS\system32\ZoneLabs\srescan.sys -> [2008/02/27 02:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) (RT2500USB) RT2500 USB Wireless LAN Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\rt2500usb.sys -> [2006/11/08 13:45:26 | 000,240,384 | ---- | M] (Ralink Technology Inc.) (iaStor) Intel RAID Controller [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\iastor.sys -> [2006/07/06 14:59:42 | 000,246,784 | ---- | M] (Intel Corporation) (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2006/06/14 19:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) (e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\e1e5132.sys -> [2006/05/16 19:37:50 | 000,229,376 | ---- | M] (Intel Corporation) (ELacpi) ELacpi [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ELacpi.sys -> [2006/05/09 22:36:44 | 000,009,728 | ---- | M] (Intel Corporation) (ELmon) EL Monitor Service [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\Elmon.sys -> [2006/05/09 22:36:42 | 000,007,040 | ---- | M] (Intel Corporation) (ELkbd) EL KB Service [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\Elkbd.sys -> [2006/05/09 22:36:22 | 000,006,912 | ---- | M] (Intel Corporation) (ELmou) EL Mouse Service [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\Elmou.sys -> [2006/05/09 22:36:20 | 000,006,400 | ---- | M] (Intel Corporation) (ELhid) EL hid Service [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\Elhid.sys -> [2006/05/09 22:36:18 | 000,010,112 | ---- | M] (Intel Corporation) (nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2006/04/28 08:47:00 | 003,663,040 | ---- | M] (NVIDIA Corporation) (3xHybrid) 3xHybrid service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\3xHybrid.sys -> [2006/04/12 04:36:56 | 002,829,696 | ---- | M] (ASUSTek) (Ps2) Ps2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\PS2.sys -> [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) (WN5301) LIteon Wireless PCI Network Adapter Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\wn5301.sys -> [2005/10/05 03:44:06 | 000,468,768 | ---- | M] (Liteon Technology Inc.) (ftsata2) ftsata2 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ftsata2.sys -> [2005/06/29 16:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) (rt2571) Wireless 802.11g USB Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\rt2571.sys -> [2004/05/07 13:47:10 | 000,079,616 | ---- | M] (Ralink Technology Inc.) (bb-run) Promise driver accelerator [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\bb-run.sys -> [2003/11/05 06:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) (GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\GTNDIS5.sys -> [2003/09/26 12:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop -> HKEY_USERS\.DEFAULT\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop -> HKEY_USERS\S-1-5-18\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\] > -> -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\: Main\\"Start Page" -> http://www.google.com/ -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Mozilla\FireFox\Profiles\38zcja25.default\prefs.js -> browser.startup.homepage -> "http://www.google.fr/" -> extensions.enabledItems -> [email protected]:1.1.1 -> extensions.enabledItems -> {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028 -> network.proxy.type -> 2 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.6\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/03/09 16:07:44 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/02/18 23:43:27 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Mozilla\Extensions -> [2009/07/06 03:06:35 | 000,000,000 | ---D | M] -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Mozilla\Firefox\Profiles\38zcja25.default\extensions -> [2010/03/21 19:08:55 | 000,000,000 | ---D | M] WOT -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Mozilla\Firefox\Profiles\38zcja25.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} -> [2009/11/05 14:15:43 | 000,000,000 | ---D | M] -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Mozilla\Firefox\Profiles\38zcja25.default\extensions\[email protected] -> [2010/03/21 18:29:54 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Program Files\Mozilla Firefox\extensions -> [2010/03/21 19:08:55 | 000,000,000 | ---D | M] < HOSTS File > ([2009/07/06 02:13:35 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 03:16:42 | 000,059,032 | ---- | M] (Adobe Systems INCORPORATED) {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Programme d'aide de l'Assistant de connexion Windows Live] -> [2009/02/17 16:11:04 | 000,408,440 | ---- | M] (Microsoft Corporation) {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> c:\Program Files\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> [2007/01/19 22:56:04 | 002,436,160 | R--- | M] (Google Inc.) {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} [HKLM] -> C:\Program Files\WOT\WOT.dll [WOT Helper] -> [2009/04/15 12:19:44 | 001,290,912 | ---- | M] () {CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] -> C:\Program Files\Free Download Manager\iefdm2.dll [FDMIECookiesBHO Class] -> [2008/06/18 06:56:52 | 000,094,208 | ---- | M] () {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKLM] -> C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> [2005/02/21 20:50:34 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> c:\Program Files\Google\GoogleToolbar2.dll [&Google] -> [2007/01/19 22:56:04 | 002,436,160 | R--- | M] (Google Inc.) "{71576546-354D-41c9-AAE8-31F2EC22BF0D}" [HKLM] -> C:\Program Files\WOT\WOT.dll [WOT] -> [2009/04/15 12:19:44 | 001,290,912 | ---- | M] () "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" [HKLM] -> C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2005/02/21 20:50:34 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION) < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\] > -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> c:\Program Files\Google\GoogleToolbar2.dll [&Google] -> [2007/01/19 22:56:04 | 002,436,160 | R--- | M] (Google Inc.) WebBrowser\\"{71576546-354D-41C9-AAE8-31F2EC22BF0D}" [HKLM] -> C:\Program Files\WOT\WOT.dll [WOT] -> [2009/04/15 12:19:44 | 001,290,912 | ---- | M] () WebBrowser\\"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" [HKLM] -> C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2005/02/21 20:50:34 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "" -> [] -> File not found "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" -> C:\Program Files\Google\Gmail Notifier\gnotify.exe [C:\Program Files\Google\Gmail Notifier\gnotify.exe] -> [2005/07/15 22:48:33 | 000,479,232 | ---- | M] (Google Inc.) "avast5" -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe [C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui] -> [2010/03/09 12:24:10 | 002,769,336 | ---- | M] (ALWIL Software) "BtcMaestro" -> C:\Program Files\HP Wireless Keyboard\KMaestro.exe ["C:\Program Files\HP Wireless Keyboard\KMaestro.exe"] -> [2005/06/13 02:38:22 | 000,278,528 | ---- | M] (BTC) "DMAScheduler" -> c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe ["c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"] -> [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) "ftutil2" -> C:\WINDOWS\System32\ftutil2.dll [rundll32.exe ftutil2.dll,SetWriteCacheMode] -> [2004/06/07 13:05:38 | 000,106,496 | ---- | M] (Promise Technology, Inc.) "HPBootOp" -> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> [2006/02/15 22:34:58 | 000,249,856 | ---- | M] (Hewlett-Packard Company) "IAAnotif" -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe] -> [2006/07/06 14:15:00 | 000,151,552 | ---- | M] (Intel Corporation) "LifeChat" -> C:\Program Files\Microsoft LifeChat\LifeChat.exe ["C:\Program Files\Microsoft LifeChat\LifeChat.exe"] -> [2008/08/21 10:16:56 | 000,267,296 | ---- | M] (Microsoft Corporation) "NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2006/04/28 08:47:00 | 007,573,504 | ---- | M] (NVIDIA Corporation) "nwiz" -> C:\WINDOWS\System32\nwiz.exe [nwiz.exe /installquiet /keeploaded /nodetect] -> [2006/04/28 08:47:00 | 001,519,616 | ---- | M] () "Recguard" -> C:\WINDOWS\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [2005/07/22 22:14:00 | 000,237,568 | ---- | M] () "SunJavaUpdateSched" -> C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe ["C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"] -> [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) "Transcode360" -> C:\Program Files\Transcode360\Transcode360Tray.exe [C:\Program Files\Transcode360\Transcode360Tray.exe] -> [2006/05/02 18:01:30 | 000,192,512 | ---- | M] ( ) "ZoneAlarm Client" -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> [2008/07/09 08:05:20 | 000,919,016 | ---- | M] (Zone Labs, LLC) < Administrateur Startup Folder > -> C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage -> -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AutorunsDisabled -> [2008/01/20 06:19:25 | 000,000,000 | -H-D | M] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage -> C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage\Pin.lnk -> C:\hp\bin\cloaker.exe -> [1999/11/07 08:11:14 | 000,027,136 | ---- | M] (Hewlett-Packard Co.) C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage\PinMcLnk.lnk -> C:\hp\bin\cloaker.exe -> [1999/11/07 08:11:14 | 000,027,136 | ---- | M] (Hewlett-Packard Co.) < HP_Administrateur Startup Folder > -> C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Démarrage -> < HP_Administrateur.NOM-FB9B15D2723 Startup Folder > -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Menu Démarrer\Programmes\Démarrage -> < HP_Administrateur.NOM-FB9B15D2723.000 Startup Folder > -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723.000\Menu Démarrer\Programmes\Démarrage -> < MCX1 Startup Folder > -> C:\Documents and Settings\MCX1\Menu Démarrer\Programmes\Démarrage -> C:\Documents and Settings\MCX1\Menu Démarrer\Programmes\Démarrage\Pin.lnk -> C:\hp\bin\cloaker.exe -> [1999/11/07 08:11:14 | 000,027,136 | ---- | M] (Hewlett-Packard Co.) C:\Documents and Settings\MCX1\Menu Démarrer\Programmes\Démarrage\PinMcLnk.lnk -> C:\hp\bin\cloaker.exe -> [1999/11/07 08:11:14 | 000,027,136 | ---- | M] (Hewlett-Packard Co.) < MCX2 Startup Folder > -> C:\Documents and Settings\MCX2\Menu Démarrer\Programmes\Démarrage -> C:\Documents and Settings\MCX2\Menu Démarrer\Programmes\Démarrage\Pin.lnk -> C:\hp\bin\cloaker.exe -> [1999/11/07 08:11:14 | 000,027,136 | ---- | M] (Hewlett-Packard Co.) C:\Documents and Settings\MCX2\Menu Démarrer\Programmes\Démarrage\PinMcLnk.lnk -> C:\hp\bin\cloaker.exe -> [1999/11/07 08:11:14 | 000,027,136 | ---- | M] (Hewlett-Packard Co.) < Software Policy Settings [HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007] > -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDrives" -> [0] -> File not found \\"NoCDBurning" -> [0] -> File not found \\"HonorAutoRunSetting" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> [2004/08/10 05:29:58 | 001,347,728 | ---- | M] (Microsoft) \\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.Theme [C:\WINDOWS\Resources\Themes\Royale.theme] -> [2004/07/28 00:03:28 | 000,001,293 | ---- | M] () < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007] > -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007] > -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xportar a Microsoft Excel -> C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000] -> [2009/05/05 12:53:16 | 009,361,232 | R--- | M] (Microsoft Corporation) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xportar a Microsoft Excel -> C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000] -> [2009/05/05 12:53:16 | 009,361,232 | R--- | M] (Microsoft Corporation) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\] > -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xportar a Microsoft Excel -> C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000] -> [2009/05/05 12:53:16 | 009,361,232 | R--- | M] (Microsoft Corporation) Télécharger avec Free Download Manager -> C:\Program Files\Free Download Manager\dllink.htm [file://C:\Program Files\Free Download Manager\dllink.htm] -> [2007/06/02 12:25:02 | 000,002,140 | ---- | M] () Télécharger la sélection avec Free Download Manager -> C:\Program Files\Free Download Manager\dlselected.htm [file://C:\Program Files\Free Download Manager\dlselected.htm] -> [2007/06/02 12:25:02 | 000,000,463 | ---- | M] () Télécharger la vidéo avec Free Download Manager -> C:\Program Files\Free Download Manager\dlfvideo.htm [file://C:\Program Files\Free Download Manager\dlfvideo.htm] -> [2007/07/27 00:34:42 | 000,001,706 | ---- | M] () Tout télécharger avec Free Download Manager -> C:\Program Files\Free Download Manager\dlall.htm [file://C:\Program Files\Free Download Manager\dlall.htm] -> [2007/06/02 12:25:02 | 000,000,893 | ---- | M] () < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Button: Aide à la connexion] -> [2006/01/02 21:47:08 | 000,000,706 | ---- | M] () {E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Menu: Aide à la connexion] -> [2006/01/02 21:47:08 | 000,000,706 | ---- | M] () {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> File not found {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Aide à la connexion] -> File not found CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Aide à la connexion] -> File not found CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\] > -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Aide à la connexion] -> File not found CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Bibliothèque de contrôles ActiveX Microsoft -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\] > -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4821 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\] > -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {20A60F0D-9AFA-4515-A0FD-83BD84642501} [HKLM] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab [Checkers Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab [Minesweeper Flags Class] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.1.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}\\DhcpNameServer -> 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 (Carte Fast Ethernet EN1207D-TX 10/100 PCI HP) -> {8B5E9E00-B6A5-494B-94B5-33E887F751AF}\\DhcpNameServer -> 192.168.1.1 (Wireless LAN PCI 802.11 b/g adapter WN5301A) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 18:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation)*MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -> [2010/03/21 18:27:59 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com) < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 000,583,024 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare] -> [2009/07/26 12:05:30 | 001,169,224 | ---- | M] (Microsoft Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\mIRC\mirc.exe" -> C:\mIRC\mirc.exe [C:\mIRC\mirc.exe:*:Enabled:mIRC] -> [2006/11/19 23:55:34 | 001,790,464 | ---- | M] (mIRC Co. Ltd.) "C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe" -> C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe [C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV Colonization] -> [2008/09/23 15:41:58 | 040,834,360 | ---- | M] (Firaxis Games) "C:\Program Files\Ares Ultra\Ares Ultra.exe" -> C:\Program Files\Ares Ultra\Ares Ultra.exe [C:\Program Files\Ares Ultra\Ares Ultra.exe:*:Enabled:Ares Ultra p2p for windows] -> File not found "C:\Program Files\Azureus\Azureus.exe" -> C:\Program Files\Azureus\Azureus.exe [C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus] -> File not found "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" -> C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe [C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword] -> [2008/07/29 04:21:25 | 012,767,232 | ---- | M] (Firaxis Games) "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" -> C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe [C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss] -> [2007/09/27 13:48:42 | 011,650,360 | R--- | M] (Firaxis Games) "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" -> C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe [C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4] -> [2008/07/29 04:15:06 | 010,407,936 | ---- | M] (Firaxis Games) "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe" -> C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe [C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords] -> [2008/07/26 14:41:16 | 009,976,832 | ---- | M] (Firaxis Games) "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe" -> C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe [C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss] -> [2007/05/16 18:57:52 | 008,581,120 | ---- | M] (Firaxis Games) "C:\Program Files\Opera\opera.exe" -> C:\Program Files\Opera\opera.exe [C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser] -> [2009/11/20 19:01:18 | 000,832,296 | ---- | M] (Opera Software) "C:\Program Files\Transcode360\Transcode360Tray.exe" -> C:\Program Files\Transcode360\Transcode360Tray.exe [C:\Program Files\Transcode360\Transcode360Tray.exe:*:Enabled: ] -> [2006/05/02 18:01:30 | 000,192,512 | ---- | M] ( ) "C:\Program Files\Valve\Half-Life\hl.exe" -> C:\Program Files\Valve\Half-Life\hl.exe [C:\Program Files\Valve\Half-Life\hl.exe:*:Enabled:Half-Life Launcher] -> [2005/11/22 14:33:30 | 000,081,920 | ---- | M] (Valve) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 000,583,024 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare] -> [2009/07/26 12:05:30 | 001,169,224 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\ehome\ehshell.exe" -> C:\WINDOWS\ehome\ehshell.exe [C:\WINDOWS\ehome\ehshell.exe:LocalSubNet:Enabled:Media Center] -> [2006/10/09 15:19:14 | 003,223,552 | ---- | M] (Microsoft Corporation) "D:\Games\Unreal Tournament\System\UnrealTournament.exe" -> D:\Games\Unreal Tournament\System\UnrealTournament.exe [D:\Games\Unreal Tournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament] -> [2006/06/02 13:39:46 | 000,241,664 | ---- | M] () < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> Pilote de CD-ROM -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625 | ] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/01/02 21:41:54 | 000,000,100 | -H-- | M] () E:\AUTOEXEC.BAT [] -> E:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [ = comfile] -> "%1" %* -> .exe [ = exefile] -> "%1" %* -> [Registry - Additional Scans - Safe List] < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 02:38:16 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE -> [2001/02/13 08:01:04 | 000,083,360 | ---- | M] (Microsoft Corporation) C:^Documents and Settings^HP_Administrateur.NOM-FB9B15D2723^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk -> C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe -> [2008/01/21 14:41:28 | 000,393,216 | ---- | M] () C:^Documents and Settings^HP_Administrateur.NOM-FB9B15D2723^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe -> [2009/08/18 13:49:56 | 000,384,000 | ---- | M] () < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> ares destiny hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Ares Destiny\AresDestiny.exe -> File not found ares vista hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Ares Vista\Ares.exe -> File not found Comrade.exe hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\GameSpy\Comrade\Comrade.exe -> [2007/05/27 02:19:06 | 000,036,864 | ---- | M] (IGN Entertainment Inc.) WinampAgent hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Winamp\winampa.exe -> [2009/07/01 17:37:06 | 000,037,888 | ---- | M] () < Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> "bootini" -> 0 -> "services" -> 0 -> "startup" -> 2 -> "system.ini" -> 0 -> "win.ini" -> 0 -> < Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> "aux2" -> [wdmaud.sys] -> File not found "msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008/04/13 18:34:32 | 000,199,680 | ---- | M] (Intel Corporation) "msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2008/04/13 18:31:44 | 000,290,816 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) "msacm.siren" -> C:\WINDOWS\System32\sirenacm.dll [sirenacm.dll] -> [2009/07/26 16:44:56 | 000,048,448 | ---- | M] (Microsoft Corporation) "msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/13 18:32:36 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.) "msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2004/08/10 05:00:00 | 000,008,192 | ---- | M] (DSP GROUP, INC.) "MSVideo8" -> C:\WINDOWS\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2008/04/13 18:33:50 | 000,054,784 | ---- | M] (Microsoft Corporation) "vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2008/04/13 18:33:28 | 000,080,384 | ---- | M] (Radius Inc.) "vidc.DIVX" -> C:\WINDOWS\System32\DivX.dll [DivX.dll] -> [2008/06/11 01:03:18 | 000,683,520 | ---- | M] (DivX, Inc.) "VIDC.FFDS" -> C:\WINDOWS\System32\ff_vfw.dll [ff_vfw.dll] -> [2007/12/24 12:47:52 | 000,007,680 | ---- | M] () "vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/10 05:00:00 | 000,199,168 | ---- | M] () "vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/10 05:00:00 | 000,199,168 | ---- | M] () "vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/13 18:34:32 | 000,848,384 | ---- | M] (Intel Corporation) "vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/13 18:33:28 | 000,755,200 | ---- | M] (Intel Corporation) "vidc.LEAD" -> [LCODCCMP.DLL] -> File not found "vidc.yv12" -> C:\WINDOWS\System32\DivX.dll [DivX.dll] -> [2008/06/11 01:03:18 | 000,683,520 | ---- | M] (DivX, Inc.) < Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\SwDir.dll [Shockwave ActiveX Control] -> [2009/01/16 19:25:34 | 000,202,168 | ---- | M] (Adobe Systems, Inc.) {233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\SwDir.dll [Shockwave ActiveX Control] -> [2009/01/16 19:25:34 | 000,202,168 | ---- | M] (Adobe Systems, Inc.) {4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {4F07F79F-087F-42cf-8B36-7A88D06088E9} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M] (Microsoft Corporation) {5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2010/03/21 19:00:22 | 000,108,320 | ---- | M] (Sun Microsystems, Inc.) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/21 19:00:22 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.) {C2828995-4A83-4100-A212-3024BA117356} [HKLM] -> C:\Program Files\Windows Live SkyDrive\Microsoft.Live.Folders.RichUpload.3.dll [Outil de téléchargement Windows Live] -> [2008/10/29 11:46:56 | 000,245,112 | ---- | M] (Microsoft Corporation) {CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2007/05/10 22:26:40 | 000,632,432 | ---- | M] (Adobe Systems, Inc.) {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre1.6.0_13\bin\npjpi160_13.dll [Java Plug-in 1.6.0_13] -> File not found {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre1.6.0_13\bin\npjpi160_13.dll [Java Plug-in 1.6.0_13] -> File not found {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_13\bin\npjpi160_13.dll [Java Plug-in 1.6.0_13] -> File not found {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/21 19:00:22 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.) {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/21 19:00:22 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.) {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/21 19:00:22 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.) {CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deploytk.dll [Deployment Toolkit] -> [2010/03/21 19:00:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {D2517915-48CE-4286-970F-921E881B8C5C} [HKLM] -> C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Contrôle de l'Assistant de connexion Windows Live] -> [2009/02/17 16:11:04 | 000,408,440 | ---- | M] (Microsoft Corporation) {D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx [Shockwave Flash Object] -> [2008/03/25 03:32:42 | 002,991,488 | R--- | M] (Adobe Systems, Inc.) {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M] (Microsoft Corporation) {F06608C7-1874-4EEA-B3B2-DF99EBB144B8} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M] (Microsoft Corporation) < Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 03:16:42 | 000,059,032 | ---- | M] (Adobe Systems Incorporated) {20A60F0D-9AFA-4515-A0FD-83BD84642501} [HKLM] -> C:\WINDOWS\Downloaded Program Files\CONFLICT.3\msgrchkr.dll [Checkers Class] -> [2007/02/28 13:21:04 | 000,131,472 | ---- | M] () {2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> c:\Program Files\Google\GoogleToolbar2.dll [&Google] -> [2007/01/19 22:56:04 | 002,436,160 | R--- | M] (Google Inc.) {52A2AAAE-085D-4187-97EA-8C30DB990436} [HKLM] -> C:\WINDOWS\system32\hhctrl.ocx [HHCtrl Object] -> [2008/04/13 18:31:28 | 000,545,280 | ---- | M] (Microsoft Corporation) {71576546-354D-41C9-AAE8-31F2EC22BF0D} [HKLM] -> C:\Program Files\WOT\WOT.dll [WOT] -> [2009/04/15 12:19:44 | 001,290,912 | ---- | M] () {754FF233-5D4E-11D2-875B-00A0C93C09B3} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Programme d'aide de l'Assistant de connexion Windows Live] -> [2009/02/17 16:11:04 | 000,408,440 | ---- | M] (Microsoft Corporation) {AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> c:\Program Files\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> [2007/01/19 22:56:04 | 002,436,160 | R--- | M] (Google Inc.) {B1549E58-3894-11D2-BB7F-00A0C999C4C1} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> C:\WINDOWS\Downloaded Program Files\CONFLICT.2\MessengerStatsPAClient.dll [MessengerStatsClient Class] -> [2007/02/22 22:41:12 | 000,304,544 | ---- | M] () {C533ADF1-0C80-11D1-8C54-00A02468F316} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} [HKLM] -> C:\Program Files\WOT\WOT.dll [WOT Helper] -> [2009/04/15 12:19:44 | 001,290,912 | ---- | M] () {CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] -> C:\Program Files\Free Download Manager\iefdm2.dll [FDMIECookiesBHO Class] -> [2008/06/18 06:56:52 | 000,094,208 | ---- | M] () {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx [Shockwave Flash Object] -> [2008/03/25 03:32:42 | 002,991,488 | R--- | M] (Adobe Systems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKLM] -> C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> [2005/02/21 20:50:34 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION) {EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKLM] -> C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2005/02/21 20:50:34 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION) {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> C:\WINDOWS\Downloaded Program Files\CONFLICT.4\MineSweeper.dll [Minesweeper Flags Class] -> [2007/02/28 13:21:04 | 000,130,472 | ---- | M] () < Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 03:16:42 | 000,059,032 | ---- | M] (Adobe Systems Incorporated) {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found {20A60F0D-9AFA-4515-A0FD-83BD84642501} [HKLM] -> C:\WINDOWS\Downloaded Program Files\CONFLICT.3\msgrchkr.dll [Checkers Class] -> [2007/02/28 13:21:04 | 000,131,472 | ---- | M] () {2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> c:\Program Files\Google\GoogleToolbar2.dll [&Google] -> [2007/01/19 22:56:04 | 002,436,160 | R--- | M] (Google Inc.) {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {5C255C8A-E604-49B4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {71576546-354D-41C9-AAE8-31F2EC22BF0D} [HKLM] -> C:\Program Files\WOT\WOT.dll [WOT] -> [2009/04/15 12:19:44 | 001,290,912 | ---- | M] () {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Programme d'aide de l'Assistant de connexion Windows Live] -> [2009/02/17 16:11:04 | 000,408,440 | ---- | M] (Microsoft Corporation) {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> c:\Program Files\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> [2007/01/19 22:56:04 | 002,436,160 | R--- | M] (Google Inc.) {C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} [HKLM] -> C:\Program Files\WOT\WOT.dll [WOT Helper] -> [2009/04/15 12:19:44 | 001,290,912 | ---- | M] () {CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] -> C:\Program Files\Free Download Manager\iefdm2.dll [FDMIECookiesBHO Class] -> [2008/06/18 06:56:52 | 000,094,208 | ---- | M] () {D2517915-48CE-4286-970F-921E881B8C5C} [HKLM] -> C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Contrôle de l'Assistant de connexion Windows Live] -> [2009/02/17 16:11:04 | 000,408,440 | ---- | M] (Microsoft Corporation) {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx [Shockwave Flash Object] -> [2008/03/25 03:32:42 | 002,991,488 | R--- | M] (Adobe Systems, Inc.) {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M] (Microsoft Corporation) {E2D4D26B-0180-43A4-B05F-462D6D54C789} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {E2E2DD38-D088-4134-82B7-F2BA38496583} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKLM] -> C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> [2005/02/21 20:50:34 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION) {EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKLM] -> C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2005/02/21 20:50:34 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION) {F31D1897-7EFD-4647-8687-E05894E382AB} [HKLM] -> C:\WINDOWS\system32\runclose.ocx [Runclose Control] -> [2003/04/07 22:22:14 | 000,045,056 | ---- | M] (Hewlett-Packard Company) {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> C:\WINDOWS\Downloaded Program Files\CONFLICT.4\MineSweeper.dll [Minesweeper Flags Class] -> [2007/02/28 13:21:04 | 000,130,472 | ---- | M] () {FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .bat [ = batfile] -> "%1" %* -> .cmd [ = cmdfile] -> "%1" %* -> .com [ = comfile] -> "%1" %* -> .exe [ = exefile] -> "%1" %* -> .html [ = Opera.HTML] -> C:\Program Files\Opera\Opera.exe -> [2009/11/20 19:01:18 | 000,832,296 | ---- | M] (Opera Software) .pif [ = piffile] -> "%1" %* -> .scr [ = scrfile] -> "%1" /S -> < File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Classes\\ -> .html [ = FirefoxHTML] -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2010/01/16 04:14:02 | 000,910,296 | ---- | M] (Mozilla Corporation) < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> -> *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs -> 6to4 -> -> File not found Ias -> C:\WINDOWS\system32\ias -> [2005/11/15 04:10:06 | 000,000,000 | ---D | M] Iprip -> -> File not found Irmon -> -> File not found NWCWorkstation -> -> File not found Nwsapagent -> -> File not found WmdmPmSp -> -> File not found *MultiFile Done* -> -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2004/01/29 15:08:23 | 001,130,496 | ---- | M] (Microsoft Corporation) msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2004/01/29 15:08:23 | 001,130,496 | ---- | M] (Microsoft Corporation) msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2004/01/29 15:08:23 | 001,130,496 | ---- | M] (Microsoft Corporation) ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKLM] -> c:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll[Microsoft Infotech Storage Protocol for IE 4.0] -> [2001/06/20 08:26:46 | 000,221,184 | ---- | M] (Microsoft Corporation) mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} [HKLM] -> C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL[Data Page Pluggable Protocol mso-offdap Handler] -> [2009/07/19 23:13:30 | 007,255,872 | ---- | M] (Microsoft Corporation) wot:{C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} [HKLM] -> C:\Program Files\WOT\WOT.dll[WOT Protocol] -> [2009/04/15 12:19:44 | 001,290,912 | ---- | M] () < SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group File system -> Driver Group Filter -> Driver Group PCI Configuration -> Driver Group PNP Filter -> Driver Group Primary disk -> Driver Group SCSI Class -> Driver Group sermouse.sys -> Driver System Bus Extender -> Driver Group vds -> Service vga.sys -> Driver < SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E972-E325-11CE-BFC1-08002BE10318} -> Net {4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient {4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService {4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group File system -> Driver Group Filter -> Driver Group NDIS Wrapper -> Driver Group NetBIOSGroup -> Driver Group NetDDEGroup -> Driver Group Network -> Driver Group NetworkProvider -> Driver Group PCI Configuration -> Driver Group PNP Filter -> Driver Group PNP_TDI -> Driver Group Primary disk -> Driver Group SCSI Class -> Driver Group sermouse.sys -> Driver Streams Drivers -> Driver Group System Bus Extender -> Driver Group TDI -> Driver Group vga.sys -> Driver vsmon -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe -> [2008/07/09 08:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) < Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center \\"FirstRunDisabled" -> [1] -> File not found \\"UpdatesDisableNotify" ->
\\"AntiVirusOverride" ->
\\"FirewallOverride" ->
\\"AntiVirusDisableNotify" ->
\\"FirewallDisableNotify" ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall \Monitoring\ZoneLabsFirewall\\"DisableMonitoring" -> [1] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile \\"EnableFirewall" ->
\\"DisableNotifications" ->
\\"DoNotAllowExceptions" ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> {0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> Google Gmail Notifier {075473F5-846A-448B-BCB3-104AA1760205} -> Sonic RecordNow Data {0A65A3BD-54B5-4d0d-B084-7688507813F5} -> SlideShow {0F9196C6-58B4-445B-B56E-B1200FECC151} -> Microsoft Bootvis {0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6} -> OpenOffice.org 3.1 {1341D838-719C-4A05-B50F-49420CA1B4BB} -> HP Boot Optimizer {15C0AF59-4877-49B6-B8C6-A61CE54515F5} -> cp_OnlineProjectsConfig {176B3593-72F1-459C-829C-5E9671E2CB35} -> GameSpy Comrade {18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate {1D14373E-7970-4F2F-A467-ACA4F0EA21E3} -> Google Earth {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 {205C6BDD-7B73-42DE-8505-9A093F35A238} -> Outil de téléchargement Windows Live {2075CB0A-D26F-4DAA-B424-5079296B43BA} -> Windows Live FolderShare {20C45B32-5AB6-46A4-94EF-58950CAF05E5} -> EPSON Attach To Email {22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT {23012310-3E05-46A5-88A9-C6CBCABCAC79} -> Amélioration de nos services {2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer {2376813B-2E5A-4641-B7B3-A0D5ADB55229} -> HPPhotoSmartExpress {23FE964A-853B-4176-86D7-9E18B5CA1FC0} -> Media Center Extender {26A24AE4-039D-4CA4-87B4-2F83216013F0} -> Java(TM) 6 Update 13 {26A24AE4-039D-4CA4-87B4-2F83216018FF} -> Java(TM) 6 Update 18 {2A88F1BF-7041-4E42-84B1-6B4ACB83AC64} -> EPSON Scan Assistant {2F58D60D-2BFD-4467-9B4D-64E7355C329D} -> Sonic_PrimoSDK {30465B6C-B53F-49A1-9EBA-A3F187AD502E} -> Sonic Update Manager {314F6D08-A8B7-11D8-8446-0050BA1D384D} -> EPSON Image Clip Palette {32E4F0D2-C135-475E-A841-1D59A0D22989} -> Sid Meier's Civilization 4 - Beyond the Sword {33BF0960-DBA3-4187-B6CC-C969FCFA2D25} -> SkinsHP1 {350C940c-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP {36D620AD-EEBA-4973-BA86-0C9AE6396620} -> OptionalContentQFolder {3E4B349F-10B5-4586-9D99-489A90A8B228} -> Sid Meier's Civilization 4 - Warlords {41E776A5-9B12-416D-9A12-B4F7B044EBED} -> CP_Package_Basic1 {4377F918-E6C9-4ECA-A7F5-754B310B7ED8} -> Sid Meier's Civilization 4 {45B8A76B-57EC-4242-B019-066400CD8428} -> BufferChm {45D707E9-F3C4-11D9-A373-0050BAE317E1} -> HP DVD Play 2.1 {46ABBC54-1872-4AA3-95E2-F2C063A63F31} -> Installation Windows Live {4A03706F-666A-4037-7777-5F2748764D10} -> Java Auto Updater {53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C} -> FullDPAppQFolder {5CFD7508-7774-48FE-8280-7A3C0AE71755} -> Services Internet {5FDD0538-C67A-4F67-B3F8-09D1AAF04D99} -> muvee autoProducer unPlugged 2.0 {66039B36-96AE-40D1-8A32-071F7A61B738} -> Microsoft LifeChat {6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} -> Sonic Express Labeler {6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C} -> RandMap {67EDD823-135A-4D59-87BD-950616D6E857} -> EPSON Copy Utility 3 {690BE098-6D0D-493D-B079-BD7E8F81A141} -> Opera 10.10 {6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} -> Windows Media Player Firefox Plugin {73E94429-C8A2-46B5-A203-E30C62D5379D} -> Wireless 802.11g USB Adapter {767CC44C-9BBC-438D-BAD3-FD4595DD148B} -> VC80CRTRedist - 8.0.50727.762 {770F1BEC-2871-4E70-B837-FB8525FFA3B1} -> Windows Live Messenger {7B63B2922B174135AFC0E1377DD81EC2} -> DivX Codec {7F14F68C-17FA-4F88-B3FD-7F449C1EBF32} -> EPSON Web-To-Page {8105684D-8CA6-440D-8F58-7E5FD67A499D} -> Connexion Facile à Internet {82081779-4175-4666-A457-AB711CD37EF0} -> cp_LightScribeConfig {829DAAD6-BB11-4BB7-921B-07FFB703F944} -> CP_Package_Variety3 {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} -> Windows Live Call {82E55892-6FFD-403F-AA97-D726846768AA} -> CP_AtenaShokunin1Config {866A0078-DEA7-4348-9C9A-999AF2991EAA} -> SlideShowMusic {8A534F71-3202-4464-A422-B767295E67B9} -> CP_Package_Variety2 {8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player {8CE4E6E9-9D55-43FB-9DDB-688C976BFC05} -> Unload {90110C0A-6000-11D3-8CFE-0050048383C9} -> Microsoft Office XP Professional {90120000-0020-0409-0000-0000000FF1CE} -> Compatibility Pack for the 2007 Office system {9068B2BE-D93A-4C0A-861C-5E35E2C0E09E} -> Intel(R) Matrix Storage Manager {93E5A317-24EC-4744-812C-16FECFE86E6A} -> CP_Package_Variety1 {95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting {9A394342-4A68-4EBA-85A6-55B559F4E700} -> Microsoft .NET Framework 1.1 French Language Pack {9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8} -> LightScribe 1.4.105.1 {A059DE09-1B49-4450-B340-7AE097EC3F04} -> Microsoft Works {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} -> Segoe UI {A29800BA-0BF1-4E63-9F31-DF05A87F4104} -> InstantShareDevices {A642BB6B-CA1D-4142-8DD4-318C3F3DC834} -> Rome - Total War(TM) {AB5D51AE-EBC3-438D-872C-705C7C2084B0} -> DeviceManagementQFolder {AB708C9B-97C8-4AC9-899B-DBF226AC9382} -> Sonic RecordNow Audio {AC76BA86-7AD7-1036-7B44-A71000000002} -> Adobe Reader 7.1.3 - Français {B12665F4-4E93-4AB4-B7FC-37053B524629} -> Sonic RecordNow Copy {B131E59D-202C-43C6-84C9-68F0C37541F1} -> Galerie de photos Windows Live {B13A7C41581B411290FBC0395694E2A9} -> DivX Converter {B2157760-AA3C-4E2E-BFE6-D20BC52495D9} -> cp_PosterPrintConfig {B6286A44-7505-471A-A72B-04EC2DB2F442} -> CueTour {B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3} -> CP_Panorama1Config {B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player {B90450DF-E781-46FD-B1F1-0C86DA40E443} -> PIF DESIGNER {C1C6767D-B395-43CB-BF99-051B58B86DA6} -> PhotoGallery {C3FAA091-B278-44A7-BF48-190811C5F9F7} -> cp_UpdateProjectsConfig {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 {CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware Free Edition {CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8} -> Sid Meier's Civilization 4 {D3116CC7-24DC-4CA3-9CE1-23FED836E9F2} -> Assistant de connexion Windows Live {DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38} -> HpSdpAppCoreApp {DB6BD5D5-8482-45C0-99CF-745C5B924497} -> WOT for Internet Explorer {E7A02A01-C75A-4490-A168-5CA709A3D862} -> MainConcept for Software Encoder {E86BC406-944E-41F6-ADE6-2C136734C96B} -> EPSON File Manager {ED00D08A-3C5F-488D-93A0-A04F21F23956} -> Windows Live Communications Platform {ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F} -> CP_CalendarTemplates1 {EEFEBB48-329E-46F6-AEB8-929A5BAFDB2F} -> Le logiciel Intel® Viiv™ {EF36A836-BF89-4A4F-B079-057B0C68C1E0} -> Sid Meier's Civilization IV Colonization {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} -> Microsoft SQL Server 2005 Compact Edition [ENU] {F0E12BBA-AD66-4022-A453-A1C8A0C4D570} -> Microsoft Choice Guard {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver {F19D07BC-6240-49D3-BA5C-59B015DF8916} -> EPSON Easy Photo Print {F333A33D-125C-32A2-8DCE-5C5D14231E27} -> Visual C++ 2008 x86 Runtime - (v9.0.30729) {F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 -> Visual C++ 2008 x86 Runtime - v9.0.30729.01 {F80239D8-7811-4D5E-B033-0D0BBFE32920} -> HP DigitalMedia Archive {FB15E224-67C3-491F-9F5C-F257BC418412} -> Destinations {FB4740B3-2530-452D-A825-F7AB246CA7DF} -> muvee autoProducer 5.0 {FF77941A-2BFA-4A18-BE2E-69B9498E4D55} -> User Profile Hive Cleanup Service 0D20D36D-A11C-444c-9AF7-70CBFED42ECF -> Otto 99A88D57-2C93-491B-87B8-E41A870FB6BE -> GemMaster Mystic Code: [Select]ActiveScan 2.0 -> Panda ActiveScan 2.0 Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin Adobe Shockwave Player -> Adobe Shockwave Player 11 avast5 -> avast! Free Antivirus BtcMaestro -> HP Wireless Keyboard Driver V1.8 (2.0.W-127AU MUL) CCleaner -> CCleaner DAEMON Tools Toolbar -> DAEMON Tools Toolbar Diablo II -> Diablo II DVD X Player 4.1 Professional_is1 -> DVD X Player 4.1 Professional EHome Devices -> Media Center Extender EL -> Intel(R) Quick Resume Technology Drivers EPSON Printer and Utilities -> EPSON Logiciel imprimante EPSON Scanner -> EPSON Scan ESDX4800_4200 Guide util. -> ESDX4800_4200 Guide util. ffdshow_is1 -> ffdshow [rev 1723] [2007-12-24] Foxit Reader -> Foxit Reader Free Download Manager_is1 -> Free Download Manager 2.5 Half-Life_is1 -> Half-Life HijackThis -> HijackThis 2.0.2 HP Imaging Device Functions -> HP Imaging Device Functions 7.0 HP Photo & Imaging -> HP Photosmart Premier Software 6.5 HP Photosmart for Media Center PC -> HP Photosmart for Media Center PC ie8 -> Windows Internet Explorer 8 InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5} -> EPSON Attach To Email InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79} -> Amélioration de nos services InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755} -> Services Internet InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D} -> Connexion Facile à Internet InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834} -> Rome - Total War(TM) InstallShield_{E7A02A01-C75A-4490-A168-5CA709A3D862} -> MainConcept for Software Encoder LastFM_is1 -> Last.fm 1.5.4.24567 Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware Messenger Plus! Live -> Messenger Plus! Live Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1 mIRC -> mIRC Mozilla Firefox (3.6) -> Mozilla Firefox (3.6) MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP NVIDIA Drivers -> NVIDIA Drivers PROSet -> Intel(R) PRO Network Connections Drivers Python 2.2.3 -> Python 2.2.3 pywin32-py2.2 -> Python 2.2 pywin32 extensions (build 203) RAR Password Cracker -> RAR Password Cracker 4.12 ShockwaveFlash -> Macromedia Flash Player 8 SpywareBlaster_is1 -> SpywareBlaster 4.2 Starcraft -> Starcraft Transcode360 -> Transcode 360 for Windows Media Center Edition 2005 TVersity Codec Pack -> TVersity Codec Pack 1.2 Unlocker -> Unlocker 1.8.7 VobSub -> VobSub v2.23 (Remove Only) WIC -> Windows Imaging Component Winamp -> Winamp Windows Media Format Runtime -> Windows Media Format 11 runtime Windows Media Player -> Lecteur Windows Media 11 Windows XP Service -> Windows XP Service Pack 3 WinLiveSuite_Wave3 -> Installation Windows Live WinRAR archiver -> Archiveur WinRAR WMFDist11 -> Windows Media Format 11 runtime wmp11 -> Windows Media Player 11 Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0 Xfire -> Xfire (remove only) ZoneAlarm -> ZoneAlarm < Uninstall List [HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\] > -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> < EVENTVIEWER Logs - Last 10 Errors > -> Event Information -> Description Antivirus [ Error ] 18/01/2010 03:53:09 Computer Name = NOM-FB9B15D2723 | Source = avast! | ID = 33554522 -> Description = Antivirus [ Error ] 18/01/2010 03:53:10 Computer Name = NOM-FB9B15D2723 | Source = avast! | ID = 33554522 -> Description = Antivirus [ Error ] 18/01/2010 03:53:11 Computer Name = NOM-FB9B15D2723 | Source = avast! | ID = 33554522 -> Description = Antivirus [ Error ] 18/01/2010 03:53:17 Computer Name = NOM-FB9B15D2723 | Source = avast! | ID = 33554522 -> Description = Antivirus [ Error ] 18/01/2010 03:53:21 Computer Name = NOM-FB9B15D2723 | Source = avast! | ID = 33554522 -> Description = Antivirus [ Error ] 18/01/2010 03:53:23 Computer Name = NOM-FB9B15D2723 | Source = avast! | ID = 33554522 -> Description = Antivirus [ Error ] 18/01/2010 03:53:24 Computer Name = NOM-FB9B15D2723 | Source = avast! | ID = 33554522 -> Description = Antivirus [ Error ] 18/01/2010 03:53:25 Computer Name = NOM-FB9B15D2723 | Source = avast! | ID = 33554522 -> Description = Antivirus [ Error ] 18/01/2010 03:53:25 Computer Name = NOM-FB9B15D2723 | Source = avast! | ID = 33554522 -> Description = Antivirus [ Error ] 18/01/2010 03:53:26 Computer Name = NOM-FB9B15D2723 | Source = avast! | ID = 33554522 -> Description = Application [ Error ] 21/03/2010 09:31:12 Computer Name = NOM-FB9B15D2723 | Source = COM+ | ID = 135761 -> Description = L'environnement d'exécution a détecté une incohérence dans son état interne qui indique une instabilité possible dans le processus. Cette instabilité peut être provoquée par les composants personnalisés exécutés dans l'application COM+, les composants qu'ils utilisent ou d'autres facteurs. Erreur dans f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), Hr = 8007041f : InitEventCollector fail Application [ Error ] 21/03/2010 09:46:24 Computer Name = NOM-FB9B15D2723 | Source = PerfNet | ID = 2004 -> Description = IMPOSSIBLE d'ouvrir le Service serveur. Les données de performance du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0. Application [ Error ] 21/03/2010 10:34:37 Computer Name = NOM-FB9B15D2723 | Source = PerfNet | ID = 2004 -> Description = Impossible d'ouvrir le Service serveur. Les données de performance du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0. Application [ Error ] 21/03/2010 10:46:06 Computer Name = NOM-FB9B15D2723 | Source = PerfNet | ID = 2004 -> Description = Impossible d'ouvrir le Service serveur. Les données de performance du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0. Application [ Error ] 21/03/2010 10:57:10 Computer Name = NOM-FB9B15D2723 | Source = PerfNet | ID = 2004 -> Description = Impossible d'ouvrir le Service serveur. Les données de performance du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0. Application [ Error ] 21/03/2010 10:58:06 Computer Name = NOM-FB9B15D2723 | Source = WmiAdapter | ID = 4099 -> Description = Échec de l'ouverture de services. Application [ Error ] 21/03/2010 10:58:07 Computer Name = NOM-FB9B15D2723 | Source = COM+ | ID = 135761 -> Description = L'environnement d'exécution a détecté une incohérence dans son état interne qui indique une instabilité possible dans le processus. Cette instabilité peut être provoquée par les composants personnalisés exécutés dans l'application COM+, les composants qu'ils utilisent ou d'autres facteurs. Erreur dans f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), Hr = 8007041f : InitEventCollector fail Application [ Error ] 21/03/2010 11:14:18 Computer Name = NOM-FB9B15D2723 | Source = MsiInstaller | ID = 1008 -> Description = L'installation de C:\Program Files\Fichiers communs\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_26_0_1006.MSI n'est pas autorisée en raison d'une erreur lors du traitement de la stratégie de restriction logicielle. La confiance en l'objet ne peut pas être établie. Application [ Error ] 21/03/2010 12:07:47 Computer Name = NOM-FB9B15D2723 | Source = PerfNet | ID = 2004 -> Description = Impossible d'ouvrir le Service serveur. Les données de performance du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0. Application [ Error ] 21/03/2010 13:50:37 Computer Name = NOM-FB9B15D2723 | Source = Application Error | ID = 1000 -> Description = Application défaillante javara.exe, version 1.15.0.1745, module défaillant ntdll.dll, version 5.1.2600.5755, adresse de défaillance 0x0000100b. System [ Error ] 21/03/2010 12:05:32 Computer Name = NOM-FB9B15D2723 | Source = DCOM | ID = 10005 -> Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF} System [ Error ] 21/03/2010 12:08:11 Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7000 -> Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer en raison de l'erreur : %%3 System [ Error ] 21/03/2010 12:08:23 Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7026 -> Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : Lbd System [ Error ] 21/03/2010 13:19:57 Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7000 -> Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer en raison de l'erreur : %%3 System [ Error ] 21/03/2010 13:19:58 Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7026 -> Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : Lbd System [ Error ] 21/03/2010 13:26:59 Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7000 -> Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer en raison de l'erreur : %%3 System [ Error ] 21/03/2010 13:27:00 Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7026 -> Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : Lbd System [ Error ] 21/03/2010 14:06:45 Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7000 -> Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer en raison de l'erreur : %%3 System [ Error ] 21/03/2010 14:06:47 Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7026 -> Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : Lbd System [ Error ] 22/03/2010 15:50:03 Computer Name = NOM-FB9B15D2723 | Source = Dhcp | ID = 1002 -> Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse réseau est 00C0A8BF95EA a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a envoyé un message DHCPNACK). [Files/Folders - Created Within 90 Days] OTS.exe -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\OTS.exe -> [2010/03/23 00:08:22 | 000,637,440 | ---- | C] (OldTimer Tools) pavboot.sys -> C:\WINDOWS\System32\drivers\pavboot.sys -> [2010/03/22 22:30:17 | 000,028,552 | ---- | C] (Panda Security, S.L.) LastGood -> C:\WINDOWS\LastGood -> [2010/03/22 22:30:08 | 000,000,000 | ---D | C] Panda Security -> C:\Program Files\Panda Security -> [2010/03/22 22:29:24 | 000,000,000 | ---D | C] Sun -> C:\Documents and Settings\All Users\Application Data\Sun -> [2010/03/21 19:00:52 | 000,000,000 | ---D | C] Recent -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Recent -> [2010/03/21 18:50:50 | 000,000,000 | RH-D | C] Wise Installation Wizard -> C:\Program Files\Fichiers communs\Wise Installation Wizard -> [2010/03/21 16:14:18 | 000,000,000 | ---D | C] moviemk.exe -> C:\WINDOWS\System32\dllcache\moviemk.exe -> [2010/03/10 21:03:11 | 003,558,912 | ---- | C] (Microsoft Corporation) msyuv.dll -> C:\WINDOWS\System32\dllcache\msyuv.dll -> [2010/02/10 12:12:40 | 000,017,920 | ---- | C] (Microsoft Corporation) Alwil Software -> C:\Documents and Settings\All Users\Application Data\Alwil Software -> [2010/02/01 17:25:01 | 000,000,000 | ---D | C] aclayers.dll -> C:\WINDOWS\System32\dllcache\aclayers.dll -> [2010/01/13 00:39:24 | 000,471,552 | ---- | C] (Microsoft Corporation) Symantec -> C:\Documents and Settings\NetworkService\Application Data\Symantec -> [2007/11/01 14:10:15 | 000,000,000 | ---D | M] DivX -> C:\Documents and Settings\LocalService\Application Data\DivX -> [2007/10/28 11:40:57 | 000,000,000 | ---D | M] RandFont.dll -> C:\WINDOWS\Fonts\RandFont.dll -> [2006/02/19 10:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2005/11/15 03:23:40 | 000,000,000 | --SD | M] Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2005/11/15 03:23:40 | 000,000,000 | --SD | M] 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 1 C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\*.tmp files -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\*.tmp -> [Files/Folders - Modified Within 90 Days] OTS.exe -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\OTS.exe -> [2010/03/23 00:08:28 | 000,637,440 | ---- | M] (OldTimer Tools) ntuser.dat -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\ntuser.dat -> [2010/03/23 00:07:57 | 007,602,176 | ---- | M] () Principaux articles traité de Lisbonne.doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Principaux articles traité de Lisbonne.doc -> [2010/03/23 00:07:56 | 000,029,184 | ---- | M] () AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/03/22 22:48:03 | 000,000,284 | ---- | M] () activescan2_fr.exe -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\activescan2_fr.exe -> [2010/03/22 22:29:11 | 000,177,176 | ---- | M] () Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2010/03/22 15:07:00 | 000,000,512 | ---- | M] () MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/03/22 01:37:00 | 000,000,330 | -H-- | M] () Raccourci vers sniper.lnk -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Raccourci vers sniper.lnk -> [2010/03/21 19:12:57 | 000,000,695 | ---- | M] () hpsysdrv.dat -> C:\WINDOWS\System\hpsysdrv.dat -> [2010/03/21 19:08:33 | 000,000,248 | ---- | M] () nvapps.xml -> C:\WINDOWS\System32\nvapps.xml -> [2010/03/21 19:07:29 | 000,051,048 | ---- | M] () SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/03/21 19:06:19 | 000,000,006 | -H-- | M] () vsconfig.xml -> C:\WINDOWS\System32\vsconfig.xml -> [2010/03/21 19:06:14 | 000,358,382 | ---- | M] () bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/03/21 19:05:55 | 000,002,048 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2010/03/21 19:05:48 | 2145,857,536 | -HS- | M] () ntuser.ini -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\ntuser.ini -> [2010/03/21 19:04:26 | 000,000,284 | -HS- | M] () CONFIG.NT -> C:\WINDOWS\System32\CONFIG.NT -> [2010/03/21 18:29:35 | 000,003,121 | ---- | M] () win.ini -> C:\WINDOWS\win.ini -> [2010/03/21 18:24:40 | 000,000,603 | ---- | M] () system.ini -> C:\WINDOWS\system.ini -> [2010/03/21 18:24:40 | 000,000,435 | ---- | M] () boot.ini -> C:\boot.ini -> [2010/03/21 18:24:40 | 000,000,289 | RHS- | M] () perfh00C.dat -> C:\WINDOWS\System32\perfh00C.dat -> [2010/03/21 17:12:36 | 000,446,984 | ---- | M] () perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/03/21 17:12:36 | 000,381,828 | ---- | M] () perfc00C.dat -> C:\WINDOWS\System32\perfc00C.dat -> [2010/03/21 17:12:36 | 000,064,724 | ---- | M] () perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/03/21 17:12:36 | 000,053,572 | ---- | M] () PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010/03/21 17:12:35 | 000,956,568 | ---- | M] () fidbox.dat -> C:\WINDOWS\System32\drivers\fidbox.dat -> [2010/03/21 12:57:22 | 142,922,784 | -HS- | M] () aaw7boot.cmd -> C:\aaw7boot.cmd -> [2010/03/21 12:14:53 | 000,000,194 | -H-- | M] () fidbox.idx -> C:\WINDOWS\System32\drivers\fidbox.idx -> [2010/03/20 21:15:18 | 001,913,216 | -HS- | M] () ~$plication letter.doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\~$plication letter.doc -> [2010/03/20 20:14:38 | 000,000,162 | -H-- | M] () Expose final.doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Expose final.doc -> [2010/03/17 12:54:51 | 000,039,424 | ---- | M] () Plan final.doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Plan final.doc -> [2010/03/17 08:35:41 | 000,026,112 | ---- | M] () CEDH, Bosphorus, 2005 - commentaire (Camille Cordasco) .doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\CEDH, Bosphorus, 2005 - commentaire (Camille Cordasco) .doc -> [2010/03/16 20:56:31 | 000,071,168 | ---- | M] () wklnhst.dat -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\wklnhst.dat -> [2010/03/16 06:59:43 | 000,006,728 | ---- | M] () Exposé DIP .doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Exposé DIP .doc -> [2010/03/15 23:41:13 | 000,103,936 | ---- | M] () Relations Sino-Indiennes.doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Relations Sino-Indiennes.doc -> [2010/03/15 01:59:01 | 000,043,008 | ---- | M] () aswBoot.exe -> C:\WINDOWS\System32\aswBoot.exe -> [2010/03/09 12:24:05 | 000,153,184 | ---- | M] (ALWIL Software) aswTdi.sys -> C:\WINDOWS\System32\drivers\aswTdi.sys -> [2010/03/09 12:12:54 | 000,046,672 | ---- | M] (ALWIL Software) aswSP.sys -> C:\WINDOWS\System32\drivers\aswSP.sys -> [2010/03/09 12:12:33 | 000,162,640 | ---- | M] (ALWIL Software) aswRdr.sys -> C:\WINDOWS\System32\drivers\aswRdr.sys -> [2010/03/09 12:09:08 | 000,023,376 | ---- | M] (ALWIL Software) aswmon2.sys -> C:\WINDOWS\System32\drivers\aswmon2.sys -> [2010/03/09 12:08:41 | 000,100,432 | ---- | M] (ALWIL Software) aswmon.sys -> C:\WINDOWS\System32\drivers\aswmon.sys -> [2010/03/09 12:08:38 | 000,094,800 | ---- | M] (ALWIL Software) aswFsBlk.sys -> C:\WINDOWS\System32\drivers\aswFsBlk.sys -> [2010/03/09 12:08:30 | 000,019,024 | ---- | M] (ALWIL Software) aavmker4.sys -> C:\WINDOWS\System32\drivers\aavmker4.sys -> [2010/03/09 12:08:15 | 000,028,880 | ---- | M] (ALWIL Software) rp_stats.dat -> C:\WINDOWS\System32\rp_stats.dat -> [2010/02/21 17:05:31 | 000,000,054 | ---- | M] () rp_rules.dat -> C:\WINDOWS\System32\rp_rules.dat -> [2010/02/21 17:05:30 | 000,000,039 | ---- | M] () EPISMF00.SWB -> C:\WINDOWS\EPISMF00.SWB -> [2010/02/20 14:40:35 | 000,016,574 | ---- | M] () wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/02/18 21:18:51 | 000,001,158 | ---- | M] () avastSS.scr -> C:\WINDOWS\System32\avastSS.scr -> [2010/02/11 19:53:57 | 000,038,848 | ---- | M] (ALWIL Software) mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) srv.sys -> C:\WINDOWS\System32\dllcache\srv.sys -> [2009/12/31 17:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) 4 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 1 C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\*.tmp files -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\*.tmp -> [Files - No Company Name] activescan2_fr.exe -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\activescan2_fr.exe -> [2010/03/22 22:29:11 | 000,177,176 | ---- | C] () Principaux articles traité de Lisbonne.doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Principaux articles traité de Lisbonne.doc -> [2010/03/21 22:40:41 | 000,029,184 | ---- | C] () Raccourci vers sniper.lnk -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Raccourci vers sniper.lnk -> [2010/03/21 19:12:57 | 000,000,695 | ---- | C] () hiberfil.sys -> C:\hiberfil.sys -> [2010/03/21 17:06:57 | 2145,857,536 | -HS- | C] () aaw7boot.cmd -> C:\aaw7boot.cmd -> [2010/03/21 12:14:53 | 000,000,194 | -H-- | C] () ~$plication letter.doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\~$plication letter.doc -> [2010/03/20 20:14:38 | 000,000,162 | -H-- | C] () Plan final.doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Plan final.doc -> [2010/03/17 08:35:41 | 000,026,112 | ---- | C] () Expose final.doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Expose final.doc -> [2010/03/17 08:35:38 | 000,039,424 | ---- | C] () CEDH, Bosphorus, 2005 - commentaire (Camille Cordasco) .doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\CEDH, Bosphorus, 2005 - commentaire (Camille Cordasco) .doc -> [2010/03/16 20:56:31 | 000,071,168 | ---- | C] () Exposé DIP .doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Exposé DIP .doc -> [2010/03/15 23:41:12 | 000,103,936 | ---- | C] () Relations Sino-Indiennes.doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Relations Sino-Indiennes.doc -> [2010/03/14 23:55:29 | 000,043,008 | ---- | C] () rp_stats.dat -> C:\WINDOWS\System32\rp_stats.dat -> [2010/02/21 17:05:31 | 000,000,054 | ---- | C] () rp_rules.dat -> C:\WINDOWS\System32\rp_rules.dat -> [2010/02/21 17:05:30 | 000,000,039 | ---- | C] () sptd.sys -> C:\WINDOWS\System32\drivers\sptd.sys -> [2009/08/09 12:46:10 | 000,721,904 | ---- | C] () imsinstall_loc040c.dll -> C:\WINDOWS\System32\imsinstall_loc040c.dll -> [2009/07/09 10:52:20 | 000,021,904 | ---- | C] () imslsp_install_loc040c.dll -> C:\WINDOWS\System32\imslsp_install_loc040c.dll -> [2009/07/09 10:52:20 | 000,017,808 | ---- | C] () libeay32_0.9.6l.dll -> C:\WINDOWS\System32\libeay32_0.9.6l.dll -> [2009/07/09 10:51:53 | 000,796,048 | ---- | C] () GTW32N50.dll -> C:\WINDOWS\System32\GTW32N50.dll -> [2008/07/29 00:07:31 | 000,094,208 | ---- | C] () ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2008/07/27 15:44:57 | 000,007,680 | ---- | C] () ff_vfw.dll.manifest -> C:\WINDOWS\System32\ff_vfw.dll.manifest -> [2008/07/27 15:44:57 | 000,000,547 | ---- | C] () SystemInfo32.sys -> C:\WINDOWS\System32\SystemInfo32.sys -> [2008/07/24 21:43:33 | 000,000,014 | ---- | C] () PICSDK.ini -> C:\WINDOWS\System32\PICSDK.ini -> [2008/07/24 21:17:35 | 000,000,099 | ---- | C] () NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2008/07/22 20:40:42 | 000,000,069 | ---- | C] () graphedit.INI -> C:\WINDOWS\graphedit.INI -> [2008/07/22 04:10:50 | 000,000,000 | ---- | C] () qt-dx331.dll -> C:\WINDOWS\System32\qt-dx331.dll -> [2008/06/11 01:07:20 | 003,596,288 | ---- | C] () dtu100.dll.manifest -> C:\WINDOWS\System32\dtu100.dll.manifest -> [2008/06/11 01:03:26 | 000,000,416 | ---- | C] () dpl100.dll.manifest -> C:\WINDOWS\System32\dpl100.dll.manifest -> [2008/06/11 01:03:26 | 000,000,416 | ---- | C] () DivXWMPExtType.dll -> C:\WINDOWS\System32\DivXWMPExtType.dll -> [2008/05/22 23:18:54 | 000,012,288 | ---- | C] () _delis32.ini -> C:\WINDOWS\_delis32.ini -> [2007/11/01 02:05:36 | 000,001,088 | ---- | C] () Calendar.INI -> C:\WINDOWS\Calendar.INI -> [2007/08/26 17:53:55 | 000,000,790 | ---- | C] () Edofma.INI -> C:\WINDOWS\Edofma.INI -> [2007/07/20 21:47:00 | 000,000,632 | ---- | C] () exctrlst.INI -> C:\WINDOWS\exctrlst.INI -> [2006/12/12 23:09:49 | 000,000,000 | ---- | C] () wp.ini -> C:\WINDOWS\wp.ini -> [2006/11/26 15:15:17 | 000,000,019 | ---- | C] () wp2.ini -> C:\WINDOWS\wp2.ini -> [2006/11/26 14:50:24 | 000,002,059 | ---- | C] () RomeTW.ini -> C:\WINDOWS\RomeTW.ini -> [2006/09/13 10:13:00 | 000,000,248 | ---- | C] () ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/09/13 08:46:33 | 000,000,379 | ---- | C] () Qtw.ini -> C:\WINDOWS\Qtw.ini -> [2006/09/13 08:35:00 | 000,000,190 | ---- | C] () SIERRA.INI -> C:\WINDOWS\SIERRA.INI -> [2006/09/11 11:06:19 | 000,000,218 | ---- | C] () AmvTransform.ini -> C:\WINDOWS\AmvTransform.ini -> [2006/09/11 10:33:24 | 000,008,836 | R--- | C] () AmvPlayer.ini -> C:\WINDOWS\AmvPlayer.ini -> [2006/09/11 10:33:24 | 000,007,997 | R--- | C] () fwupgrade.ini -> C:\WINDOWS\fwupgrade.ini -> [2006/09/11 10:33:23 | 000,007,915 | R--- | C] () SoundCon.INI -> C:\WINDOWS\SoundCon.INI -> [2006/09/11 10:33:23 | 000,003,677 | R--- | C] () CDE DX4200EFGIPSD.ini -> C:\WINDOWS\CDE DX4200EFGIPSD.ini -> [2006/09/10 13:18:44 | 000,000,027 | ---- | C] () px.ini -> C:\WINDOWS\System32\px.ini -> [2006/06/16 19:58:18 | 000,000,000 | ---- | C] () smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/01/02 22:09:07 | 000,000,061 | ---- | C] () USBkey.sys -> C:\WINDOWS\System32\drivers\USBkey.sys -> [2006/01/02 21:48:22 | 000,028,848 | ---- | C] () CHODDI.SYS -> C:\WINDOWS\System32\CHODDI.SYS -> [2006/01/02 21:45:10 | 000,014,397 | ---- | C] () hpreg.dll -> C:\WINDOWS\System32\hpreg.dll -> [2006/01/02 21:45:06 | 000,045,056 | ---- | C] () WININIT.INI -> C:\WINDOWS\WININIT.INI -> [2006/01/02 21:37:26 | 000,000,210 | ---- | C] () fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2006/01/02 21:32:41 | 000,003,712 | ---- | C] () 34CoInstaller.dll -> C:\WINDOWS\System32\34CoInstaller.dll -> [2006/01/02 21:28:27 | 000,003,072 | ---- | C] () nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2006/01/02 21:27:50 | 001,662,976 | ---- | C] () nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2006/01/02 21:27:50 | 001,019,904 | ---- | C] () nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2006/01/02 21:27:50 | 000,466,944 | ---- | C] () nview.dll -> C:\WINDOWS\System32\nview.dll -> [2006/01/02 21:27:49 | 001,466,368 | ---- | C] () nvapi.dll -> C:\WINDOWS\System32\nvapi.dll -> [2006/01/02 21:27:49 | 000,098,304 | ---- | C] () orun32.ini -> C:\WINDOWS\orun32.ini -> [2006/01/02 21:11:19 | 000,000,821 | ---- | C] () pythoncom22.dll -> C:\WINDOWS\System32\pythoncom22.dll -> [2006/01/02 21:06:52 | 000,323,584 | ---- | C] () pywintypes22.dll -> C:\WINDOWS\System32\pywintypes22.dll -> [2006/01/02 21:06:52 | 000,094,208 | ---- | C] () bcbmm.dll -> C:\WINDOWS\System32\bcbmm.dll -> [2006/01/02 21:06:41 | 000,016,896 | ---- | C] () psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2005/08/05 22:38:54 | 000,235,008 | ---- | C] () qt-mt331.dll -> C:\WINDOWS\System32\qt-mt331.dll -> [2004/09/17 04:24:26 | 003,375,104 | ---- | C] () ADFUUD.SYS -> C:\WINDOWS\ADFUUD.SYS -> [2004/09/16 12:26:40 | 000,012,634 | ---- | C] () oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2003/06/24 18:20:22 | 000,000,651 | ---- | C] () unrar.dll -> C:\WINDOWS\System32\unrar.dll -> [2002/10/15 23:54:04 | 000,153,088 | ---- | C] () [File - Lop Check] Age of Empires 3 -> C:\Documents and Settings\All Users\Application Data\Age of Empires 3 -> [2007/09/13 20:56:18 | 000,000,000 | ---D | M] Alwil Software -> C:\Documents and Settings\All Users\Application Data\Alwil Software -> [2010/02/01 17:25:01 | 000,000,000 | ---D | M] Azureus -> C:\Documents and Settings\All Users\Application Data\Azureus -> [2008/07/22 15:23:16 | 000,000,000 | ---D | M] DAEMON Tools Lite -> C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite -> [2009/08/09 12:59:12 | 000,000,000 | ---D | M] DVD X Studios -> C:\Documents and Settings\All Users\Application Data\DVD X Studios -> [2008/07/24 21:43:20 | 000,000,000 | ---D | M] FreeDownloadManager.ORG -> C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG -> [2008/07/26 22:33:10 | 000,000,000 | ---D | M] Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft -> [2007/07/21 23:50:24 | 000,000,000 | ---D | M] Last.fm -> C:\Documents and Settings\All Users\Application Data\Last.fm -> [2008/07/24 21:54:45 | 000,000,000 | ---D | M] MailFrontier -> C:\Documents and Settings\All Users\Application Data\MailFrontier -> [2009/07/09 10:52:31 | 000,000,000 | ---D | M] Messenger Plus! -> C:\Documents and Settings\All Users\Application Data\Messenger Plus! -> [2006/11/10 21:41:10 | 000,000,000 | ---D | M] muvee Technologies -> C:\Documents and Settings\All Users\Application Data\muvee Technologies -> [2008/07/22 04:30:56 | 000,000,000 | ---D | M] TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2009/07/07 14:32:54 | 000,000,000 | ---D | M] UDL -> C:\Documents and Settings\All Users\Application Data\UDL -> [2008/07/24 21:20:22 | 000,000,000 | ---D | M] Opera -> C:\Documents and Settings\MCX1\Application Data\Opera -> [2008/07/28 19:17:50 | 000,000,000 | ---D | M] Ad-Aware Update (Weekly).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job -> [2010/03/22 15:07:00 | 000,000,512 | ---- | M] () MP Scheduled Scan.job -> C:\WINDOWS\Tasks\MP Scheduled Scan.job -> [2010/03/22 01:37:00 | 000,000,330 | -H-- | M] () [File - Purity Scan] [Alternate Data Streams] Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report > Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop. Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.
DDS (Ver_10-03-17.01) - NTFSx86 Run by HP_Administrateur at 1:10:22,96 on 23/03/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1525 [GMT 1:00] AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Wireless 802.11g Monitor\WLService.exe C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe C:\WINDOWS\ehome\RMSvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Transcode360\Transcode360Tray.exe C:\HP\KBD\KBD.EXE C:\Program Files\HP Wireless Keyboard\KMaestro.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft LifeChat\LifeChat.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\ehome\RMSysTry.exe C:\WINDOWS\system32\rundll32.exe c:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode mRun: [RTHDCPL] RTHDCPL.EXE mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe" mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe mRun: [transcode360] c:\program files\transcode360\Transcode360Tray.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [BtcMaestro] "c:\program files\hp wireless keyboard\KMaestro.exe" mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [] mRun: [lifeChat] "c:\program files\microsoft lifechat\LifeChat.exe" mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe" StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\monite~1.lnk - c:\windows\ehome\RMSysTry.exe StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\autoru~1\maximemo.lnk - c:\program files\maximemo\MaxiMemo.exe IE: E&xportar a Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000 IE: Tout télécharger avec Free Download Manager - file://c:\program files\free download manager\dlall.htm IE: Télécharger avec Free Download Manager - file://c:\program files\free download manager\dllink.htm IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\free download manager\dlselected.htm IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\hp_adm~1.nom\applic~1\mozilla\firefox\profiles\38zcja25.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut. enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugi n", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-3-22 28552] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-9-22 162640] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-6-23 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 66632] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-7-9 394952] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-9-22 19024] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-1 40384] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-29 98304] R2 R54G Wireless Service;R54G Wireless Service;c:\program files\wireless 802.11g monitor\WLService.exe [2009-11-22 49152] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-1-2 2829696] R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-1-2 468768] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-1 40384] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-1 40384] S3 mbr;mbr;\??\c:\docume~1\hp_adm~1.nom\locals~1\temp\mbr.sys --> c:\docume~1\hp_adm~1.nom\locals~1\temp\mbr.sys [?] S3 rt2571;Wireless 802.11g USB Adapter Driver;c:\windows\system32\drivers\rt2571.sys [2007-2-28 79616] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 12872] =============== Created Last 30 ================ 2010-03-22 21:30:17 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-03-22 21:29:24 0 d-----w- c:\program files\Panda Security 2010-03-21 18:00:35 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-03-21 17:59:59 0 ----a-w- c:\windows\system32\REN8D.tmp 2010-03-21 17:59:59 0 ----a-w- c:\windows\system32\REN8C.tmp 2010-03-21 17:59:59 0 ----a-w- c:\windows\system32\REN8B.tmp 2010-03-21 15:14:18 0 d-----w- c:\program files\fichiers communs\Wise Installation Wizard 2010-03-21 11:14:53 194 ---ha-w- C:\aaw7boot.cmd 2010-03-10 20:03:11 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2010-02-21 16:05:31 54 ----a-w- c:\windows\system32\rp_stats.dat 2010-02-21 16:05:30 39 ----a-w- c:\windows\system32\rp_rules.dat ==================== Find3M ==================== 2010-03-21 18:00:21 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-21 16:12:36 64724 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-21 16:12:36 446984 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-21 11:57:22 142922784 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-03-20 20:15:18 1913216 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-03-16 05:59:43 6728 ----a-w- c:\docume~1\hp_adm~1.nom\applic~1\wklnhst.dat 2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys 2006-11-04 10:09:34 251 ----a-w- c:\program files\wt3d.ini ============= FINISH: 1:10:34,70 =============== [Saving space, attachment deleted by admin]Please download the OTM.exe by OldTimer.
========== FILES ========== c:\windows\system32\REN8D.tmp moved successfully. c:\windows\system32\REN8C.tmp moved successfully. c:\windows\system32\REN8B.tmp moved successfully. C:\aaw7boot.cmd moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: HP_Administrateur ->Temp folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 7493 bytes User: HP_Administrateur.NOM-FB9B15D2723 ->Temp folder emptied: 2162515 bytes ->Temporary Internet Files folder emptied: 451068 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 95249506 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 1934464 bytes User: HP_Administrateur.NOM-FB9B15D2723.000 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 874 bytes User: LocalService ->Temp folder emptied: 115616 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: MCX1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Opera cache emptied: 0 bytes User: MCX2 ->Temp folder emptied: 19958120 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 659266 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 115,00 mb OTM by OldTimer - Version 3.1.10.1 log created on 03232010_013259 Files moved on Reboot... File C:\WINDOWS\temp\Perflib_Perfdata_8c4.dat not found! File C:\WINDOWS\temp\ZLT03511.TMP not found! File C:\WINDOWS\temp\ZLT037fd.TMP not found! Registry entries deleted on Reboot... Please run a free online scan with the ESET Online Scanner
all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=eee2c5cdc92cd34f861c368ead367bdc # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-03-23 04:27:19 # local_time=2010-03-23 05:27:19 (+0100, Paris, Madrid) # country="France" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 11034 11034 0 0 # compatibility_mode=768 16777191 100 0 4267822 4267822 0 0 # compatibility_mode=5889 16764286 0 100 104328045 114821618 0 0 # compatibility_mode=8192 67108863 100 0 3886 3886 0 0 # compatibility_mode=9217 16777214 75 64 22172550 53718644 0 0 # scanned=201368 # found=3 # cleaned=3 # scan_time=12702 C:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP131\A0088029.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C D:\Varios\Installers\unlocker1.8.7.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C |
|
| 28. |
Solve : SOS avredirector? |
|
Answer» I need help with this thing. It was included in the installation of 'hide the ip'. I didn't suspect anything at first thanks to regular virus scans with NOD32, but lately the error message ' avredirector has stopped working' keeps on popping up. So i found the file and tried to delete it but to no avail. Then I used NOD32 to quarintine it ( not sure if i spelt it right ) to no avail. Please help I think it may be a trojan, cuz i searched on google and it said it was a trojan. SOS!Please DOWNLOAD COMBOFIX from BleepingComputer.com
Download OTL to your Desktop
%systemroot%\system32\*.DLL /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %SYSTEMDRIVE%\*.* %PROGRAMFILES%\*. netsvcs msconfig safebootminimal safebootnetwork activex drivers32 /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys mv61xx.sys /md5stop CREATERESTOREPOINT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
|
|
| 29. |
Solve : Browser Redirecting? |
|
Answer» Hello. |
|
| 30. |
Solve : Help! Trojan and Malware issues, Need ComboFix logs read!? |
|
Answer» I have had several issues with malware and viruses Trojan.General and Trojan.Virtumonde. I was unable to open my system restore, had popups, unable to download or run malwarebytes, etc. I ran combo fix, and my system restore has come back, however, I still have popups and unwanted processes running. Here is my Combo Fix Log. Any help would be appreciated!! Thank you muchly in advance!
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.Thank you for replying. I had already tried to upload mbam.exe (malwareBytes) and even tried renaming the file and/or the extension and it would not let me run it. (the virus). i got to the point last night when I ended up clearing off my whole computer. It was bad - I even tried to delete registry keys and files and it would block access to it, etc. Thank you again for trying to help though! Consider this a case closed! -Michelle KWhy is that? Your computer could be cleaned...our assistance does not end when we cannot run something.In addition to not being able to run MalwareBytes, I tried several other programs without success. When I found programs that I could scan with (Spyware Doctor & Exterminate It!), I attempted to go into the folders/files and Registry and manually delete keys. I even attempted this through the run: CMD command. The virus was locked and would not allow me access to delete these files even in safe mode. I ended up purchasing Exterminate It! to also try and delete these items, and even when it would say it had cleaned them, I would reboot, and they would show up again in my virus scanner and Exterminate It! as if it was never "exterminated". I think this was a rootkit virus, both my virus scanner gave me: Virtumondo (Vundo) trojan, and TR/Crypt.XPACK.gen2. I literally spent 23 hours working on this with no luck, and I have minimal information on my computer that I can back up, so I decided to have it wiped. The Conbofix worked the fist time, but even that would not help at the end. I know this is not supposed to be run unless under the supervision of a tech, but I was desperate and figured someone would ask me to run it anyways. Again, thanks for the reply, at first I didn't know if I would hear from anyone. I am looking for suggestions on a good free/inexpensive virus scanner, I was using AVG before and it did not pick this virus up. I knew I had it because I had symptoms, and they were detected with Ad-Aware. Thanks for any help you can give!
========== Once this file would have been deleted, the infection would be mostly dead: c:\windows\system32\yopufuju.dll ======== Here is a small list of free antivirus software I recommend:
|
|
| 31. |
Solve : Re: Computer keeps shutting down after I did A full scan on my computer? |
|
Answer» OK I was doing a full scan with AVG, then I cut off STRANGELY this has never happened to me before so I don't no what's wrong, I TRIED to BOOT in again then i cut off again It was SCANNING my Windows folder when it happened. knowing it now il probably cut off in A minute does anyone know what's wrong? Thanks very much for your helpOk dont worry I sorted it out |
|
| 32. |
Solve : msls51.dll not found.? |
|
Answer» Please help! Started up computer and now there is no taskbar or anything on my desktop, only desktop wallpaper can be seen. I can get into task manager and open programmes from there, but can't open system restore or control panel. |
|
| 33. |
Solve : Don't Know What to Do Anymore... >:C? |
|
Answer» I have a XP Dell Inspiron 1525 and it has had many viruses in the past. We've gotten it fixed before but now it has another virus and my mom refuses to pay to get it fixed again.
Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis. ---------- Go to Start > Run and type Notepad.exe then click OK. Copy and paste the following text within the code box into the new Notepad file. Code: [Select]ECHO OFF sc stop avg8emc sc delete avg8emc sc stop avg8wd sc delete avg8wd exit In Notepad select File and Save as Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files. Next double click fixservice.bat to run it. A black box should open and close after a short time, this is normal. Do not continue until the black box has closed Delete fixservice.bat from the Desktop. ---------- Now go here to download and run the AVG Antivirus Remover utility. http://www.avg.com/us-en/download-tools ---------- Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger or Windows Live Messenger because they are not the same. Windows Messenger is a frequent cause of popups. Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply. Exit out of MessengerDisable then delete the two files that were put on the desktop. ---------- If you already have ComboFix be sure to delete it and download a new copy. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it) When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFixComboFix 10-03-03.04 - Michelle Dunaway 03/03/2010 22:24:51.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1449 [GMT -5:00] Running from: c:\documents and settings\Michelle Dunaway\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Adobe\230046.old c:\program files\Adobe\73090406.old c:\windows\ad2h264dec.dll c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf c:\windows\EventSystem.log c:\windows\system32\ctfmon .exe c:\windows\system32\hkcmd .exe c:\windows\system32\igfxpers .exe c:\windows\system32\igfxtray .exe c:\windows\system32\rundll32 .exe c:\windows\system32\wltray .exe Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and DISINFECTED Restored copy from - Kitty ate it :p . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Legacy_SSHNAS ((((((((((((((((((((((((( Files Created from 2010-02-04 to 2010-03-04 ))))))))))))))))))))))))))))))) . 2010-03-02 02:37 . 2010-03-02 02:37 -------- d-----w- c:\documents and settings\Michelle Dunaway\Application Data\Malwarebytes 2010-03-02 02:37 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-02 02:37 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-02 00:26 . 2010-03-02 00:26 -------- d--h--w- c:\windows\system32\GroupPolicy 2010-02-28 20:29 . 2010-02-28 20:29 -------- d-----w- c:\documents and settings\Michelle Dunaway\Local Settings\Application Data\Threat Expert 2010-02-28 20:24 . 2010-03-01 00:28 -------- d-----w- c:\program files\Spyware Doctor 2010-02-28 16:23 . 2010-02-28 16:23 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe 2010-02-28 15:44 . 2008-04-13 19:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-02-28 15:44 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-02-28 15:44 . 2008-04-13 19:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys 2010-02-28 15:44 . 2008-04-13 19:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-02-28 15:44 . 2008-04-13 19:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys 2010-02-28 15:44 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-02-28 02:36 . 2010-02-28 02:46 2110728 ----a-w- c:\documents and settings\Michelle Dunaway\Application Data\Facebook\Install_Facebook_Plug-In_1.0.3.exe 2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\documents and settings\Michelle Dunaway\Application Data\Facebook\npfbplugin_1_0_3.dll 2010-02-20 20:52 . 2010-02-20 20:52 -------- d-----w- c:\program files\LyricsSeeker 2010-02-08 00:28 . 2010-02-08 00:28 50354 ----a-w- c:\documents and settings\Michelle Dunaway\Application Data\Facebook\uninstall.exe 2010-02-08 00:28 . 2010-02-28 02:46 -------- d-----w- c:\documents and settings\Michelle Dunaway\Application Data\Facebook 2010-02-05 00:44 . 2010-02-05 00:44 -------- d-----w- c:\program files\iPod 2010-02-05 00:44 . 2010-03-03 00:41 -------- d-----w- c:\program files\iTunes 2010-02-05 00:37 . 2010-02-05 00:37 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-04 03:35 . 2009-12-21 20:10 -------- d-----w- c:\program files\Common Files\Akamai 2010-03-04 01:42 . 2009-11-26 18:12 -------- d-----w- c:\program files\QuickTime 2010-03-03 22:18 . 2010-01-28 23:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-03 22:05 . 2008-09-19 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-03-02 03:13 . 2009-11-10 12:00 79488 ----a-w- c:\documents and settings\Michelle Dunaway\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-02 00:57 . 2009-03-16 22:20 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-02-28 21:01 . 2009-03-16 22:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-02-28 16:29 . 2008-09-20 21:17 -------- d-----w- c:\program files\Safari 2010-02-26 00:04 . 2008-09-28 21:47 -------- d-----w- c:\documents and settings\Michelle Dunaway\Application Data\gtk-2.0 2010-02-24 11:37 . 2007-02-12 19:36 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys 2010-02-24 02:44 . 2008-09-19 11:23 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-05 00:44 . 2008-09-19 21:29 -------- d-----w- c:\program files\Common Files\Apple 2010-02-04 18:08 . 2008-09-19 11:24 -------- d-----w- c:\program files\Google 2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Michelle Dunaway\Application Data\Facebook\axfbootloader.dll 2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Michelle Dunaway\Application Data\Facebook\npfbplugin_1_0_1.dll 2010-01-29 01:52 . 2010-01-29 01:52 -------- d-----w- c:\documents and settings\Michelle Dunaway\Application Data\Office Genuine Advantage 2010-01-28 23:07 . 2010-01-28 23:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-01-28 23:07 . 2010-01-28 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-22 21:01 . 2009-03-16 23:33 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-12 22:57 . 2008-06-20 04:12 162048 ----a-w- c:\windows\system32\drivers\WpsHelper.sys 2010-01-07 00:12 . 2009-12-25 19:29 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT 2010-01-02 20:19 . 2009-12-25 19:27 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT 2009-12-31 16:50 . 2004-08-04 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-27 22:39 . 2008-09-20 21:41 86760 ---ha-w- c:\windows\system32\mlfcache.dat 2009-12-25 19:31 . 2009-12-25 19:31 49152 ----a-r- c:\documents and settings\Michelle Dunaway\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe 2009-12-25 19:31 . 2009-12-25 19:31 335872 ----a-r- c:\documents and settings\Michelle Dunaway\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe 2009-12-25 19:30 . 2009-12-25 19:30 57344 ----a-r- c:\documents and settings\Michelle Dunaway\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe 2009-12-24 22:35 . 2008-09-19 22:47 189992 ----a-w- c:\documents and settings\Michelle Dunaway\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-21 19:14 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-16 18:43 . 2008-09-17 03:42 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:26 . 2005-03-30 01:21 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43 . 2005-03-30 01:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-04 18:22 . 2004-08-04 10:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2008-09-17 12:41 . 2008-09-17 12:41 76 --sh--r- c:\windows\CT4CET.bin . Code: [Select]<pre> c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe c:\program files\Common Files\Adobe\CS4ServiceManager\cs4servicemanager .exe c:\program files\Common Files\Apple\Mobile Device Support\bin\applesyncnotifier .exe c:\program files\Common Files\Nikon\Monitor\nkmonitor .exe c:\program files\Common Files\Symantec Shared\ccapp .exe c:\program files\iTunes\ituneshelper .exe c:\program files\Java\jre6\bin\jusched .exe c:\program files\Malwarebytes' Anti-Malware\mbam .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\SigmaTel\C-Major Audio\WDM\stsystra .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeBridge"="" [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560] c:\documents and settings\Michelle Dunaway\Start Menu\Programs\Startup\ Talking Owl Gadget.lnk - c:\program files\Talking Owl Gadget\Talking Owl Gadget.exe [2010-1-2 95232] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Event Reminder.lnk - c:\program files\PrintMaster Silver 17\Remind.exe [2006-2-22 344064] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] ="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] ="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] ="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] ="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY] c:\progra~1\AVG\AVG8\avgtray.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] c:\program files\QuickTime\qttask.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "enablefirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "1033:TCP"= 1033:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 5:00 AM 14336] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/19/2008 4:30 PM 24652] R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/30/2009 8:54 PM 102448] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [9/17/2008 7:47 AM 105984] S2 gupdate1c9d65c8e7f4cd4;Google Update Service (gupdate1c9d65c8e7f4cd4);c:\program files\Google\Update\GoogleUpdate.exe [5/16/2009 2:28 PM 133104] S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\a5agu.sys [9/16/2008 11:03 PM 347648] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\coh_mon.sys [1/12/2008 5:32 PM 23888] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder 2010-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2010-03-04 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-19 23:44] 2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 19:28] 2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 19:28] 2010-03-04 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie8-nickelback.com/start/ uInternet Settings,ProxyOverride = *.local IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxps://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab . - - - - ORPHANS REMOVED - - - - Notify-avgrsstarter - avgrsstx.dll SafeBoot-Symantec Antvirus ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-03 22:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1340) c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(3484) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\HPZipm12.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe . ************************************************************************** . Completion time: 2010-03-03 22:42:14 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-04 03:42 Pre-Run: 106,908,049,408 bytes free Post-Run: 107,110,699,008 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 6D9730B51C40200121A613FE4F25A3241. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Driver:: Viewpoint Manager Service Folder:: c:\program files\Viewpoint SecCenter:: {17DDD097-36FF-435F-9E1B-52D74245D6BF} RenV:: c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe c:\program files\Common Files\Adobe\CS4ServiceManager\cs4servicemanager .exe c:\program files\Common Files\Apple\Mobile Device Support\bin\applesyncnotifier .exe c:\program files\Common Files\Nikon\Monitor\nkmonitor .exe c:\program files\Common Files\Symantec Shared\ccapp .exe c:\program files\iTunes\ituneshelper .exe c:\program files\Java\jre6\bin\jusched .exe c:\program files\Malwarebytes' Anti-Malware\mbam .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\SigmaTel\C-Major Audio\WDM\stsystra .exe 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezeComboFix 10-03-04.02 - Michelle Dunaway 03/04/2010 17:15:03.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1312 [GMT -5:00] Running from: c:\documents and settings\Michelle Dunaway\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Michelle Dunaway\Desktop\CFScript.txt AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Viewpoint c:\program files\Viewpoint\Common\ViewpointService.exe c:\program files\Viewpoint\Common\VistaBoot.sdll c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_0306003B.dll c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_0306003B.dll c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\MTS3Reader.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\VETScriptInterpreter.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll c:\program files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe c:\program files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt c:\program files\Viewpoint\Viewpoint_log.dmp c:\program files\Viewpoint\Viewpoint_log.txt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_VIEWPOINT_MANAGER_SERVICE -------\Service_Viewpoint Manager Service ((((((((((((((((((((((((( Files Created from 2010-02-04 to 2010-03-04 ))))))))))))))))))))))))))))))) . 2010-03-02 02:37 . 2010-03-02 02:37 -------- d-----w- c:\documents and settings\Michelle Dunaway\Application Data\Malwarebytes 2010-03-02 02:37 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-02 02:37 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-02 00:26 . 2010-03-02 00:26 -------- d--h--w- c:\windows\system32\GroupPolicy 2010-02-28 20:29 . 2010-02-28 20:29 -------- d-----w- c:\documents and settings\Michelle Dunaway\Local Settings\Application Data\Threat Expert 2010-02-28 20:24 . 2010-03-01 00:28 -------- d-----w- c:\program files\Spyware Doctor 2010-02-28 15:44 . 2008-04-13 19:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-02-28 15:44 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-02-28 15:44 . 2008-04-13 19:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys 2010-02-28 15:44 . 2008-04-13 19:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-02-28 15:44 . 2008-04-13 19:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys 2010-02-28 15:44 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-02-20 20:52 . 2010-02-20 20:52 -------- d-----w- c:\program files\LyricsSeeker 2010-02-08 00:28 . 2010-02-28 02:46 -------- d-----w- c:\documents and settings\Michelle Dunaway\Application Data\Facebook 2010-02-05 00:44 . 2010-02-05 00:44 -------- d-----w- c:\program files\iPod 2010-02-05 00:44 . 2010-03-04 22:15 -------- d-----w- c:\program files\iTunes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-04 22:21 . 2009-12-21 20:10 -------- d-----w- c:\program files\Common Files\Akamai 2010-03-04 22:15 . 2009-11-26 18:12 -------- d-----w- c:\program files\QuickTime 2010-03-04 22:15 . 2010-01-28 23:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-03 22:05 . 2008-09-19 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-03-02 03:13 . 2009-11-10 12:00 79488 ----a-w- c:\documents and settings\Michelle Dunaway\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-02 00:57 . 2009-03-16 22:20 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-02-28 21:01 . 2009-03-16 22:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-02-28 16:29 . 2008-09-20 21:17 -------- d-----w- c:\program files\Safari 2010-02-28 16:23 . 2010-02-28 16:23 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe 2010-02-28 02:46 . 2010-02-28 02:36 2110728 ----a-w- c:\documents and settings\Michelle Dunaway\Application Data\Facebook\Install_Facebook_Plug-In_1.0.3.exe 2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\documents and settings\Michelle Dunaway\Application Data\Facebook\npfbplugin_1_0_3.dll 2010-02-26 00:04 . 2008-09-28 21:47 -------- d-----w- c:\documents and settings\Michelle Dunaway\Application Data\gtk-2.0 2010-02-24 11:37 . 2007-02-12 19:36 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys 2010-02-24 02:44 . 2008-09-19 11:23 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-08 00:28 . 2010-02-08 00:28 50354 ----a-w- c:\documents and settings\Michelle Dunaway\Application Data\Facebook\uninstall.exe 2010-02-05 00:44 . 2008-09-19 21:29 -------- d-----w- c:\program files\Common Files\Apple 2010-02-05 00:37 . 2010-02-05 00:37 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-02-04 18:08 . 2008-09-19 11:24 -------- d-----w- c:\program files\Google 2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Michelle Dunaway\Application Data\Facebook\axfbootloader.dll 2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Michelle Dunaway\Application Data\Facebook\npfbplugin_1_0_1.dll 2010-01-29 01:52 . 2010-01-29 01:52 -------- d-----w- c:\documents and settings\Michelle Dunaway\Application Data\Office Genuine Advantage 2010-01-28 23:07 . 2010-01-28 23:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-01-28 23:07 . 2010-01-28 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-22 21:01 . 2009-03-16 23:33 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-12 22:57 . 2008-06-20 04:12 162048 ----a-w- c:\windows\system32\drivers\WpsHelper.sys 2010-01-07 00:12 . 2009-12-25 19:29 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT 2010-01-02 20:19 . 2009-12-25 19:27 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT 2009-12-31 16:50 . 2004-08-04 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-27 22:39 . 2008-09-20 21:41 86760 ---ha-w- c:\windows\system32\mlfcache.dat 2009-12-25 19:31 . 2009-12-25 19:31 49152 ----a-r- c:\documents and settings\Michelle Dunaway\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe 2009-12-25 19:31 . 2009-12-25 19:31 335872 ----a-r- c:\documents and settings\Michelle Dunaway\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe 2009-12-25 19:30 . 2009-12-25 19:30 57344 ----a-r- c:\documents and settings\Michelle Dunaway\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe 2009-12-24 22:35 . 2008-09-19 22:47 189992 ----a-w- c:\documents and settings\Michelle Dunaway\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-21 19:14 . 2006-03-04 03:33 916480 ------w- c:\windows\system32\wininet.dll 2009-12-16 18:43 . 2008-09-17 03:42 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:26 . 2005-03-30 01:21 2145280 ------w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43 . 2005-03-30 01:01 2023936 ------w- c:\windows\system32\ntkrnlpa.exe 2008-09-17 12:41 . 2008-09-17 12:41 76 --sh--r- c:\windows\CT4CET.bin . Code: [Select]<pre> c:\program files\Common Files\Symantec Shared\ccapp .exe </pre> ((((((((((((((((((((((((((((( [email protected]_03.36.28 ))))))))))))))))))))))))))))))))))))))))) . + 2010-03-04 22:21 . 2010-03-04 22:21 16384 c:\windows\Temp\Perflib_Perfdata_334.dat + 2010-03-04 22:21 . 2010-03-04 22:21 16384 c:\windows\Temp\Perflib_Perfdata_330.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeBridge"="" [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560] c:\documents and settings\Michelle Dunaway\Start Menu\Programs\Startup\ Talking Owl Gadget.lnk - c:\program files\Talking Owl Gadget\Talking Owl Gadget.exe [2010-1-2 95232] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Event Reminder.lnk - c:\program files\PrintMaster Silver 17\Remind.exe [2006-2-22 344064] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] ="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] ="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] ="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] ="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY] c:\progra~1\AVG\AVG8\avgtray.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-02-28 18:10 55808 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "enablefirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "1033:TCP"= 1033:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 5:00 AM 14336] R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/30/2009 8:54 PM 102448] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [9/17/2008 7:47 AM 105984] S2 gupdate1c9d65c8e7f4cd4;Google Update Service (gupdate1c9d65c8e7f4cd4);c:\program files\Google\Update\GoogleUpdate.exe [5/16/2009 2:28 PM 133104] S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\a5agu.sys [9/16/2008 11:03 PM 347648] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\coh_mon.sys [1/12/2008 5:32 PM 23888] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder 2010-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2010-03-04 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-19 23:44] 2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 19:28] 2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 19:28] 2010-03-04 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie8-nickelback.com/start/ uInternet Settings,ProxyOverride = *.local IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxps://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab . - - - - ORPHANS REMOVED - - - - AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-04 17:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1344) c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(3604) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\HPZipm12.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe . ************************************************************************** . Completion time: 2010-03-04 17:27:50 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-04 22:27 ComboFix2.txt 2010-03-04 03:42 Pre-Run: 107,085,824,000 bytes free Post-Run: 107,058,651,136 bytes free - - End Of File - - 8428627679F475ACDC94A9D0B0C5C8E3 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Folder:: c:\Program Files\AVG RenV:: c:\program files\Common Files\Symantec Shared\ccapp .exe Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeBridge"=- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY] 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezeComboFix 10-03-04.02 - Michelle Dunaway 03/04/2010 19:46:59.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1373 [GMT -5:00] Running from: c:\documents and settings\Michelle Dunaway\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Michelle Dunaway\Desktop\CFScript.txt AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\AVG c:\program files\AVG\AVG8\avg.snu c:\program files\AVG\AVG8\avgatend.stp c:\program files\AVG\AVG8\avgatupd.stp c:\program files\AVG\AVG8\avgchk.exe c:\program files\AVG\AVG8\avgchk.exe0 c:\program files\AVG\AVG8\avginet.dll c:\program files\AVG\AVG8\avgiproxy.exe c:\program files\AVG\AVG8\avgmwdef_us.mht c:\program files\AVG\AVG8\avgrsx.exe c:\program files\AVG\AVG8\avgupd.dll c:\program files\AVG\AVG8\avgupd.exe c:\program files\AVG\AVG8\cf.dat c:\program files\AVG\AVG8\commonpriv.log c:\program files\AVG\AVG8\commonpriv.log.lock c:\program files\AVG\AVG8\dbghelp.dll c:\program files\AVG\AVG8\fixfp.exe c:\program files\AVG\AVG8\Icons\background_middle_gray.gif c:\program files\AVG\AVG8\Icons\background_middle_green.gif c:\program files\AVG\AVG8\Icons\background_middle_orange.gif c:\program files\AVG\AVG8\Icons\background_middle_red.gif c:\program files\AVG\AVG8\Icons\background_middle_yellow.gif c:\program files\AVG\AVG8\Icons\background_top_gray.gif c:\program files\AVG\AVG8\Icons\background_top_green.gif c:\program files\AVG\AVG8\Icons\background_top_orange.gif c:\program files\AVG\AVG8\Icons\background_top_red.gif c:\program files\AVG\AVG8\Icons\background_top_yellow.gif c:\program files\AVG\AVG8\Icons\block-doc.gif c:\program files\AVG\AVG8\Icons\blocked.gif c:\program files\AVG\AVG8\Icons\border_bottom_gray.gif c:\program files\AVG\AVG8\Icons\border_bottom_green.gif c:\program files\AVG\AVG8\Icons\border_bottom_orange.gif c:\program files\AVG\AVG8\Icons\border_bottom_red.gif c:\program files\AVG\AVG8\Icons\border_bottom_yellow.gif c:\program files\AVG\AVG8\Icons\border_top_gray.gif c:\program files\AVG\AVG8\Icons\border_top_green.gif c:\program files\AVG\AVG8\Icons\border_top_orange.gif c:\program files\AVG\AVG8\Icons\border_top_red.gif c:\program files\AVG\AVG8\Icons\border_top_yellow.gif c:\program files\AVG\AVG8\Icons\box_bottom_red.gif c:\program files\AVG\AVG8\Icons\box_top_red.gif c:\program files\AVG\AVG8\Icons\caution.gif c:\program files\AVG\AVG8\Icons\click_here_gray.gif c:\program files\AVG\AVG8\Icons\click_here_green.gif c:\program files\AVG\AVG8\Icons\click_here_orange.gif c:\program files\AVG\AVG8\Icons\click_here_red.gif c:\program files\AVG\AVG8\Icons\click_here_yellow.gif c:\program files\AVG\AVG8\Icons\clock.gif c:\program files\AVG\AVG8\Icons\close.gif c:\program files\AVG\AVG8\Icons\icons_blocked.gif c:\program files\AVG\AVG8\Icons\icons_caution.gif c:\program files\AVG\AVG8\Icons\icons_close.gif c:\program files\AVG\AVG8\Icons\icons_safe.gif c:\program files\AVG\AVG8\Icons\icons_unknown.gif c:\program files\AVG\AVG8\Icons\icons_warning.gif c:\program files\AVG\AVG8\Icons\LS_Logo_Results.gif c:\program files\AVG\AVG8\Icons\safe.gif c:\program files\AVG\AVG8\Icons\unknown.gif c:\program files\AVG\AVG8\Icons\warning.gif c:\program files\AVG\AVG8\license_us.txt c:\program files\AVG\AVG8\Notification\cmp2008_App_Free_8_fr.html c:\program files\AVG\AVG8\Notification\cmp2008_App_Free_8_it.html c:\program files\AVG\AVG8\Notification\cmp2008_App_Free_8_nl.html c:\program files\AVG\AVG8\Notification\cmp2008_App_Free_8_pt.html c:\program files\AVG\AVG8\Notification\cmp2008_App_Free_8_sp.html c:\program files\AVG\AVG8\Notification\cmp2008_App_Free_8_us.html c:\program files\AVG\AVG8\Notification\cmp2008_App_Paid_8_fr.html c:\program files\AVG\AVG8\Notification\cmp2008_App_Paid_8_it.html c:\program files\AVG\AVG8\Notification\cmp2008_App_Paid_8_nl.html c:\program files\AVG\AVG8\Notification\cmp2008_App_Paid_8_pt.html c:\program files\AVG\AVG8\Notification\cmp2008_App_Paid_8_sp.html c:\program files\AVG\AVG8\Notification\cmp2008_App_Paid_8_us.html c:\program files\AVG\AVG8\Notification\icon_bulb.gif c:\program files\AVG\AVG8\Notification\logo_avg8.gif c:\program files\AVG\AVG8\Notification\style.css c:\program files\AVG\AVG8\ph.dat c:\program files\AVG\AVG8\sb.dat c:\program files\AVG\AVG8\sb.dat.xcd c:\program files\AVG\AVG8\sb2.dat c:\program files\AVG\AVG8\sc.dat c:\program files\AVG\AVG8\sc.dat.xcd c:\program files\AVG\AVG8\updatecomps.cfg . ((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 ))))))))))))))))))))))))))))))) . 2010-03-02 02:37 . 2010-03-02 02:37 -------- d-----w- c:\documents and settings\Michelle Dunaway\Application Data\Malwarebytes 2010-03-02 02:37 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-02 02:37 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-02 00:26 . 2010-03-02 00:26 -------- d--h--w- c:\windows\system32\GroupPolicy 2010-02-28 20:29 . 2010-02-28 20:29 -------- d-----w- c:\documents and settings\Michelle Dunaway\Local Settings\Application Data\Threat Expert 2010-02-28 20:24 . 2010-03-01 00:28 -------- d-----w- c:\program files\Spyware Doctor 2010-02-28 16:23 . 2010-02-28 16:23 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe 2010-02-28 15:44 . 2008-04-13 19:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-02-28 15:44 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-02-28 15:44 . 2008-04-13 19:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys 2010-02-28 15:44 . 2008-04-13 19:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-02-28 15:44 . 2008-04-13 19:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys 2010-02-28 15:44 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-02-28 02:36 . 2010-02-28 02:46 2110728 ----a-w- c:\documents and settings\Michelle Dunaway\Application Data\Facebook\Install_Facebook_Plug-In_1.0.3.exe 2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\documents and settings\Michelle Dunaway\Application Data\Facebook\npfbplugin_1_0_3.dll 2010-02-20 20:52 . 2010-02-20 20:52 -------- d-----w- c:\program files\LyricsSeeker 2010-02-08 00:28 . 2010-02-08 00:28 50354 ----a-w- c:\documents and settings\Michelle Dunaway\Application Data\Facebook\uninstall.exe 2010-02-08 00:28 . 2010-02-28 02:46 -------- d-----w- c:\documents and settings\Michelle Dunaway\Application Data\Facebook 2010-02-05 00:44 . 2010-02-05 00:44 -------- d-----w- c:\program files\iPod 2010-02-05 00:44 . 2010-03-04 22:15 -------- d-----w- c:\program files\iTunes 2010-02-05 00:37 . 2010-02-05 00:37 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-05 00:53 . 2009-12-21 20:10 -------- d-----w- c:\program files\Common Files\Akamai 2010-03-04 23:06 . 2008-09-19 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-03-04 22:15 . 2009-11-26 18:12 -------- d-----w- c:\program files\QuickTime 2010-03-04 22:15 . 2010-01-28 23:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-02 03:13 . 2009-11-10 12:00 79488 ----a-w- c:\documents and settings\Michelle Dunaway\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-02 00:57 . 2009-03-16 22:20 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-02-28 21:01 . 2009-03-16 22:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-02-28 16:29 . 2008-09-20 21:17 -------- d-----w- c:\program files\Safari 2010-02-26 00:04 . 2008-09-28 21:47 -------- d-----w- c:\documents and settings\Michelle Dunaway\Application Data\gtk-2.0 2010-02-24 11:37 . 2007-02-12 19:36 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys 2010-02-24 02:44 . 2008-09-19 11:23 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-05 00:44 . 2008-09-19 21:29 -------- d-----w- c:\program files\Common Files\Apple 2010-02-04 18:08 . 2008-09-19 11:24 -------- d-----w- c:\program files\Google 2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Michelle Dunaway\Application Data\Facebook\axfbootloader.dll 2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Michelle Dunaway\Application Data\Facebook\npfbplugin_1_0_1.dll 2010-01-29 01:52 . 2010-01-29 01:52 -------- d-----w- c:\documents and settings\Michelle Dunaway\Application Data\Office Genuine Advantage 2010-01-28 23:07 . 2010-01-28 23:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-01-28 23:07 . 2010-01-28 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-22 21:01 . 2009-03-16 23:33 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-12 22:57 . 2008-06-20 04:12 162048 ----a-w- c:\windows\system32\drivers\WpsHelper.sys 2010-01-07 00:12 . 2009-12-25 19:29 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT 2010-01-02 20:19 . 2009-12-25 19:27 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT 2009-12-31 16:50 . 2004-08-04 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-27 22:39 . 2008-09-20 21:41 86760 ---ha-w- c:\windows\system32\mlfcache.dat 2009-12-25 19:31 . 2009-12-25 19:31 49152 ----a-r- c:\documents and settings\Michelle Dunaway\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe 2009-12-25 19:31 . 2009-12-25 19:31 335872 ----a-r- c:\documents and settings\Michelle Dunaway\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe 2009-12-25 19:30 . 2009-12-25 19:30 57344 ----a-r- c:\documents and settings\Michelle Dunaway\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe 2009-12-24 22:35 . 2008-09-19 22:47 189992 ----a-w- c:\documents and settings\Michelle Dunaway\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-21 19:14 . 2006-03-04 03:33 916480 ------w- c:\windows\system32\wininet.dll 2009-12-16 18:43 . 2008-09-17 03:42 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:26 . 2005-03-30 01:21 2145280 ------w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43 . 2005-03-30 01:01 2023936 ------w- c:\windows\system32\ntkrnlpa.exe 2008-09-17 12:41 . 2008-09-17 12:41 76 --sh--r- c:\windows\CT4CET.bin . Code: [Select]<pre> c:\program files\Common Files\Symantec Shared\ccapp .exe </pre> ((((((((((((((((((((((((((((( [email protected]_03.36.28 ))))))))))))))))))))))))))))))))))))))))) . + 2010-03-05 00:53 . 2010-03-05 00:53 16384 c:\windows\Temp\Perflib_Perfdata_3e4.dat + 2010-03-05 00:53 . 2010-03-05 00:53 16384 c:\windows\Temp\Perflib_Perfdata_36c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560] c:\documents and settings\Michelle Dunaway\Start Menu\Programs\Startup\ Talking Owl Gadget.lnk - c:\program files\Talking Owl Gadget\Talking Owl Gadget.exe [2010-1-2 95232] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Event Reminder.lnk - c:\program files\PrintMaster Silver 17\Remind.exe [2006-2-22 344064] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] ="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] ="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] ="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] ="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY] c:\progra~1\AVG\AVG8\avgtray.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-02-28 18:10 55808 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "enablefirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "1033:TCP"= 1033:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 5:00 AM 14336] R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/30/2009 8:54 PM 102448] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [9/17/2008 7:47 AM 105984] S2 gupdate1c9d65c8e7f4cd4;Google Update Service (gupdate1c9d65c8e7f4cd4);c:\program files\Google\Update\GoogleUpdate.exe [5/16/2009 2:28 PM 133104] S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\a5agu.sys [9/16/2008 11:03 PM 347648] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\coh_mon.sys [1/12/2008 5:32 PM 23888] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder 2010-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2010-03-05 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-19 23:44] 2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 19:28] 2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 19:28] 2010-03-05 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie8-nickelback.com/start/ uInternet Settings,ProxyOverride = *.local IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxps://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-04 19:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1344) c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(3360) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\HPZipm12.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe . ************************************************************************** . Completion time: 2010-03-04 19:59:58 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-05 00:59 ComboFix2.txt 2010-03-04 22:27 ComboFix3.txt 2010-03-04 03:42 Pre-Run: 106,909,802,496 bytes free Post-Run: 107,017,216,000 bytes free - - End Of File - - 5DBAAE0650E9E1A509CB87FB2904ED78That file isn't wanting to be removed. Download OTM by OldTimer to your desktop. Note: If you are using Vista or Windows 7, right-click on OTM.exe and choose Run As Administrator. * Save it to your Desktop. * Double-click OTM.exe to run it. * Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy) Code: [Select]:Processes explorer.exe :services :reg :files c:\program files\Common Files\Symantec Shared\ccapp .exe :Commands [purity] [emptytemp] [start explorer] * Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. * Click the red Moveit! button. * Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. * Close OTM Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. How is the computer running now? All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== c:\program files\Common Files\Symantec Shared\ccapp .exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Michelle Dunaway ->Temp folder emptied: 234539 bytes ->Temporary Internet Files folder emptied: 21530592 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 1267570 bytes ->Flash cache emptied: 2865 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 1717 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 32768 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 22.00 mb OTM by OldTimer - Version 3.1.10.0 log created on 03042010_202933 Files moved on Reboot... File C:\Documents and Settings\Michelle Dunaway\Local Settings\Temp\~DFBFC9.tmp not found! File C:\Documents and Settings\Michelle Dunaway\Local Settings\Temp\~DFBFD6.tmp not found! File C:\Documents and Settings\Michelle Dunaway\Local Settings\Temp\~DFC063.tmp not found! File C:\Documents and Settings\Michelle Dunaway\Local Settings\Temp\~DFC070.tmp not found! File C:\Documents and Settings\Michelle Dunaway\Local Settings\Temp\~DFC151.tmp not found! File C:\Documents and Settings\Michelle Dunaway\Local Settings\Temp\~DFC15E.tmp not found! File C:\Documents and Settings\Michelle Dunaway\Local Settings\Temp\~DFC198.tmp not found! File C:\Documents and Settings\Michelle Dunaway\Local Settings\Temp\~DFC1A5.tmp not found! File C:\Documents and Settings\Michelle Dunaway\Local Settings\Temp\~DFC1DF.tmp not found! File C:\Documents and Settings\Michelle Dunaway\Local Settings\Temp\~DFC1EC.tmp not found! File C:\Documents and Settings\Michelle Dunaway\Local Settings\Temp\~DFC226.tmp not found! File C:\Documents and Settings\Michelle Dunaway\Local Settings\Temp\~DFC233.tmp not found! C:\Documents and Settings\Michelle Dunaway\Local Settings\Temporary Internet Files\Content.IE5\YSYX4AVO\connect[1].htm moved successfully. C:\Documents and Settings\Michelle Dunaway\Local Settings\Temporary Internet Files\Content.IE5\YSYX4AVO\iframe3[1].htm moved successfully. C:\Documents and Settings\Michelle Dunaway\Local Settings\Temporary Internet Files\Content.IE5\YSYX4AVO\st[1] moved successfully. C:\Documents and Settings\Michelle Dunaway\Local Settings\Temporary Internet Files\Content.IE5\K6UENPQ2\10[2].htm moved successfully. C:\Documents and Settings\Michelle Dunaway\Local Settings\Temporary Internet Files\Content.IE5\K6UENPQ2\468x60x728x90b[1].html moved successfully. C:\Documents and Settings\Michelle Dunaway\Local Settings\Temporary Internet Files\Content.IE5\K6UENPQ2\Chapter_21_Northern_Eurasia_1_0[1].htm moved successfully. C:\Documents and Settings\Michelle Dunaway\Local Settings\Temporary Internet Files\Content.IE5\K6UENPQ2\home[1].htm moved successfully. C:\Documents and Settings\Michelle Dunaway\Local Settings\Temporary Internet Files\Content.IE5\K6UENPQ2\signin[1].htm moved successfully. C:\Documents and Settings\Michelle Dunaway\Local Settings\Temporary Internet Files\Content.IE5\HV3LFTZ7\adservercontinuation[1].htm moved successfully. C:\Documents and Settings\Michelle Dunaway\Local Settings\Temporary Internet Files\Content.IE5\HV3LFTZ7\redirectiframe[1].html moved successfully. C:\Documents and Settings\Michelle Dunaway\Local Settings\Temporary Internet Files\Content.IE5\HV3LFTZ7\topicseen[1].html moved successfully. C:\Documents and Settings\Michelle Dunaway\Local Settings\Temporary Internet Files\Content.IE5\HKDJ2IXM\06615[1].htm moved successfully. C:\Documents and Settings\Michelle Dunaway\Local Settings\Temporary Internet Files\Content.IE5\HKDJ2IXM\history_manager[1].htm moved successfully. C:\Documents and Settings\Michelle Dunaway\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. File C:\WINDOWS\temp\Perflib_Perfdata_36c.dat not found! File C:\WINDOWS\temp\Perflib_Perfdata_43c.dat not found! Registry entries deleted on Reboot... Its been running great! It's actually better than before because I used to have to right click and press start or go into Program Files and find the .exe to make anything run, and that was because Malwarebytes did something last time I had the fake Internet Security. Thank you so much! If there are no more malware issues we can finish up now. * Click START then RUN * Now type Combofix /Uninstall in the runbox * Make sure there's a space between Combofix and /Uninstall * Then hit Enter. The above procedure will: * Delete: ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ---------- 1. Double click OTM to launch it. Vista and Windows 7 users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTM will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. When finished exit out of OTM. ---------- Use the Secunia Software Inspector to check for out of date software. * Click Start Scanner * Check the box next to Enable thorough system inspection. * Click Start * Allow the scan to finish and scroll down to see if any updates are needed. * Update anything listed. ---------- Go to Microsoft Windows Update and get all critical updates. ---------- If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page. ---------- I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize FEATURE in Spybot - Search & Destroy. * Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thank you very very much! uh oh... i just got "ActiveMovie Window: aim6.exe -Unable To Locate Component This application has failed to start because ad2h264dec.dll was not found. Re-installing the application may fix this problem." Does this mean that re-installing it would really fix it or is that a sign of another problem? That's an Adobe file. Not sure if it's audio or video related though. Probably a codec. See if you have the Adobe Premiere Elements folder on your computer. C:\ProgramFiles\Adobe\Adobe Premiere Elements 4.0 |
|
| 34. |
Solve : Filecure has taken over everything? |
|
Answer» Okay now I am in a huge mess, I know not to make multiple posts but this problem is very different from what originally was happening... I dont know when / where or how I ended up with the filecure program but it has completly taken over and will not let me open anything, everything I TRY to open makes the filecure pop up and do its scan , it then says there are errors , when I hit fix errors it makes me either buy the program or dont fix which puts me right back to square one, I have turned off filecure in task manager, I have tried multiple times to delete it... because I cannot get into my add or remove programs due to missing EXE extention errors I am completly and totally stuck!! Help me please, this is the only form of intertainment my mom has and she is both elderly and DISABLED... |
|
| 35. |
Solve : pop-ups and "your computer is infected" message? |
|
Answer» This may or may not be related to my last 'episode' but I'll start a new thread in this shiny-brand-new subforum anyway.....
Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis. ---------- Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger or Windows Live Messenger because they are not the same. Windows Messenger is a frequent cause of popups. Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply. Exit out of MessengerDisable then delete the two files that were put on the desktop. ---------- If you already have ComboFix be sure to delete it and download a new copy. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it) When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFixOk-- I followed all your instructions, and here is the ComboFix log. [Saving space, attachment deleted by admin]I don't see anything that indicates the computer was infected. Quote and then comes a screen similar to the one I get when clicking on 'my computer' with C drive highlighted and a pink box with red lettering saying my "computer is infected" If you closed the window without clicking and installing anything you likely did not actually get infected.Oh my.... .... now I'm embarrassed...... Paranoia got the best of me? Thanks for your time, Evilfantasy. I apologize for having (apparently) wasted some of it. I have Spywareblaster now, maybe will switch to Firefox if the popup junk keeps coming up. Grrrrrrrr..... Good evening, sir. Thanks for helping me!Is the popup still happening or is it only when you go to that website?There have been no popups since tonight's *fix* In the last couple of weeks, the popups have happened only a handful of times --each episode being a rapid succession of several small windows, opening one on top of the last, either "detecting" _______ virus/trojan/worm/etc or urging me to download a virus protection program to get rid of them. They all had the same M.O., but finding different problems and selling different *cough* programs *cough* The malware that put on the porn shortcuts must've been from a series of popups that I tried to close using the mouse, and ending up accidentally clicking into a new window while trying to close the previous one. They have occurred at different websites-- a news headline site, a couple of large blogs...places I've safely surfed for a year or more. So All of these sites have rotating legit advertising...maybe that has something to do with it? I think because of my computer's particularly (and formerly, thanks to your suggestions!) outdated software and lack of utilities, and my own ignorance/negligence/procrastination.....well.....we've just seen the result, huh? If there are no more malware issues we can finish up now. * Click START then RUN * Now type Combofix /Uninstall in the runbox * Make sure there's a space between Combofix and /Uninstall * Then hit Enter. The above procedure will: * Delete: ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ---------- Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ---------- Use the Secunia Software Inspector to check for out of date software. * Click Start Scanner * Check the box next to Enable thorough system inspection. * Click Start * Allow the scan to finish and scroll down to see if any updates are needed. * Update anything listed. ---------- Go to Microsoft Windows Update and get all critical updates. ---------- If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page. ---------- I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. * Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 36. |
Solve : Trojan problem (Rbuvete/rundll32. exe)? |
|
Answer» Hello, I am having major problems getting rid of what I think is a trojan horse. It runs silently in the background as 'rundll32.exe' The file name is usually named 'rbuvete' but is also often labelled numerous other names (at this writing it is 'egejopevo.dll' and is located in HKLM\SOFTWARE]Microsoft\Windows\CurrentVersion\Run and the command is Rundll32.exe "C:\WINDOWS\egejopevo.dll,Startup My spyware PROGRAM (Spybot) catches it, as well as my antivirus (AVG) but everytime it gets rid of it, it COMES back as different name in the file. I have also tried killing the process down in task manager as well as with MSCONFIG settings but still comes back every time computer reboots. I tried to run my Malicious Software Tool but for some reason, as SOON as I try to open the program, the window shuts down immediately and refuses to open. Any other suggestions you have, other than smashing the computer through a window, would be most appreciated. Thank you. LauriePlease go to this link and follow the directions and post the required logs. Also, please turn of your "BOLD key" |
|
| 37. |
Solve : Browser redirects and possible rootkit? |
|
Answer» After installing a MS update, the computer failed to reboot. Upon checking the internet I found how to remove the update and get windows back, but am unable to find the virus/malware/rootkit. Both browsers (firefox and IE are trying to redirect me to websites that are not what I typed in. I have scanned with an updated Malwarebytes, AVG free and some online scanners but cannot figure out what is the problem. Below is my post of the HJT log. Please help me to fix this computer. |
|
| 38. |
Solve : Computer Infected with Malware/Virus/Trojan?? |
|
Answer» Hi, |
|
| 39. |
Solve : personal scanner? |
|
Answer» I have Norton 360 on my PC and I still get popups for this personal SCANNER thing which wants me to buy some protection form them. |
|
| 40. |
Solve : Safe mode problem? |
|
Answer» My ANTIVIRUS has found a virus but can't remove it because the file is in use. I entered Safe Mode, but the file it was still in use, so I couldn't delete it. My last hope was to enter Diagnostic Mode (VIA Msconfig), where no drivers, services etc. are loaded. But if I select this mode, I can't enter Safe Mode anymore. And I think the virus is responsible for this. |
|
| 41. |
Solve : Need help-virus redirecting, MBAM not helping? |
|
Answer» Help! I have gotten a virus on my computer that will not let me go on any major antivirus or computer help site. It has also slowed down my pc quite a bit. I have already run MBAM, and removed the viruses it LISTED. But I still have this, so what should I do? Please help!RESET Hosts File: |
|
| 42. |
Solve : virus change the USB flash drive name? |
|
Answer» my USB thumbdrive-1 name was auto changed to "pendrive" . I suspect it was caused by some virus , not sure in thumbdrive-1 or in computer . |
|
| 43. |
Solve : Re: could you please check the hjt log? |
|
Answer» Logfile of Trend Micro HijackThis v2.0.2 |
|
| 44. |
Solve : need help - malware/virus infection don't know how to get rid of it? |
|
Answer» Problem: when viewing no particular website (dilbert, facebook, etc) browser (IE 8 on a 3 month old Windows 7 machine) minimizes and pop-up appears titled 'message from website' and it says something to the effect of 'your computer is infected with a virus, press ok to start scan'. EvilFantasy, (Mr. or Mrs.?) Mr. Quote I noticed the referense to the computer "ALSR" in this text. That is my wife's computer name, which is on the same network as my machine; she is wireless, and I am hardwired to the "cable modem". That's normal. * Open OTL * Vista and Windows 7 users Right-click OTL and choose Run as Administrator) * Copy and Paste the following text in the codebox into the Custom Scans/Fixes window. Code: [Select]:OTL O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. :COMMANDS [purity] [emptytemp] [start explorer] * Click Run Fix * OTLI2 may ask to reboot the machine. Please do so if asked. * Click OK * A report will open. Copy and Paste that report in your next reply. ---------- Alright Mr. Evilfantasy, you understand that it would have helped my fantasy if you turned out to be a "Mrs". Regardless, I'm very thankful for the timely help. OTL report text: All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: James ->Temp folder emptied: 90229 bytes ->Temporary Internet Files folder emptied: 609460 bytes ->Java cache emptied: 27952341 bytes ->Flash cache emptied: 3363 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 87104 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 9237193 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 36.00 mb OTL by OldTimer - Version 3.1.32.0 log created on 03012010_054239 Files\Folders moved on Reboot... C:\Users\James\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Windows\temp\mcafee_XMccqMlXZXo0FIk not found! File\Folder C:\Windows\temp\mcmsc_pEJ0EdiyoEUZXa4 not found! File\Folder C:\Windows\temp\mcmsc_uhVgt2ZOwZehVRa not found! File\Folder C:\Windows\temp\mcmsc_V03rws9phw889Z8 not found! File\Folder C:\Windows\temp\sqlite_1WJMbaqeMNjNUPW not found! File\Folder C:\Windows\temp\sqlite_gWFaSxqZNqyUtAe not found! File\Folder C:\Windows\temp\sqlite_LBOx6VNncJhhX33 not found! File\Folder C:\Windows\temp\sqlite_ywGfsVw9kGs9pT0 not found! Registry entries deleted on Reboot... Mr. Evilfantasy, Don't want to muddle the issue, but want to give you and and all info that might/would help solve this problem of mine as quickly and smoothly as possible. Attached is the snapshot of the popup I got this morning; similar wording to what I got before, but definately different; don't know if that means anything. I used the task mngr to end the process. Is that the best thing I can do when this happens? Also, about every web page I view gives me the yellow banner across the top of the browser pane that says 'website wants to install adobe flash player, click to allow'. I am ignoring it. I was going to wait until you give me the green light before trying to get it again. When I have tried in the past, going to the adobe website to get it, it just brings me to a page that says flash player isn't compatible with 64 bit systems, and won't let me get it. Do you have a 'clean' link that get me the latest flash player? Is this a virus, or malware, or both, or what? Regards [Saving space, attachment deleted by admin] Quote This popup came up today just a few seconds after going to the dilbert website: The website is infected. Not your computer. It's not a safe website to visit because someone has placed a malicious file in it to infect anyone who visits. ESET Online Scan Scan your computer with the ESET FREE Online Virus Scan * Click the ESET Online Scanner button. * For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) * Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop * Double click on the esetsmartinstaller_enu.exe icon on your desktop. * Place a check mark next to YES, I accept the Terms of Use. * Click the Start button. * Accept any security warnings from your browser. * Leave the check mark next to Remove found threats and place a check next to Scan archives. * Click the Start button. * ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time. * When the scan completes, click List of found threats. * Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply. * Click the <<Back button then click Finish. In your next reply please include the ESET Online Scan LogMr. Evilfantasy, Attached is the ESET scan result. It didn't find anything, I just took a screenshot and made a pdf so you can see; there was no list. Regards [Saving space, attachment deleted by admin]If there are no more malware issues we can finish up now. Use the Secunia Software Inspector to check for out of date software. * Click Start Scanner * Check the box next to Enable thorough system inspection. * Click Start * Allow the scan to finish and scroll down to see if any updates are needed. * Update anything listed. ---------- Go to Microsoft Windows Update and get all critical updates. ---------- If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version DIRECTLY from Microsoft Internet Explorer 8: Home page. ---------- I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. * Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Attached is the error msg window that opens when I press the start button for the OSI. The scan progression sign begins cycling, but the timer doesn't start, and no files are listed in the 'status' listing, as is happening on my wife's machine right now. Any ideas? Also attached is the windows error that opens when I first open my browser. If I can do all the things you told me to in your last instruction, will that end this, or do I need to do something else for this? Regards [Saving space, attachment deleted by admin] Quote Also attached is the windows error that opens when I first open my browser. If I can do all the things you told me to in your last instruction, will that end this, or do I need to do something else for this? Just click OK. Try the installable version of Secunia. http://secunia.com/vulnerability_scanning/personal/ Mr. Evilfantasy, Thanks for your help. It appears that my machine is back to what it was: sweet (in my opinion). I wasn't able to follow these lasts steps in the order you prescribed, but did finally get them done. Thanks again |
|
| 45. |
Solve : PC full of rubbish..and slow.? |
|
Answer» It WOULD also be a good idea to KEEP MBAM and SAS, if you have room. Update them and RUN them about once a week. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 46. |
Solve : Help - revsci mediaplex liveperson cookies trackers? |
|
Answer» Hi
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ************************************************ Looking over your log it seems you don't have any evidence of a third party firewall. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. ************************************************** Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any UPDATES are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of TRUST. WOT is a free Internet security addon for your browser. It will keep you SAFE from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! Thank you very Much Super Dave. Everything is workign great.You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 47. |
Solve : The file AvastUI.exe was infected - is it clear now?? |
|
Answer» Okay thank you, all done. For future reference, I'm the only user on my laptop so is it important I always RUN these spyware programs as administrator? ThanksYou're welcome. I will LOCK this THREAD. If you NEED it re-opened, please send me a pm. |
|
| 48. |
Solve : Virus, Not Sure Where :-(? |
|
Answer» Re-running ComboFix to remove infections:
Just to let you know that I decided to rebuild my pc. I have wanted to do that for a while now and the way we were struggling to solve this issue, thought now was as good a time as any. Just like to say thx for all your help and if i have any such issues again, WOULD not hesitate to ask for your help Once again Thanks PaulOk Paul. If that is your wish. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 49. |
Solve : re-appearing Trojan-Dropper.VBS.Agent.bp? |
|
Answer» Please download ComboFix from BleepingComputer.com
(Note: Make sure there's a SPACE between the word ComboFix and the forward-slash.)
|
|
| 50. |
Solve : Computer Keeps Crashing Please Help? |
|
Answer» Hi SuperDave,
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt [email protected] as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=552b1b6b7c27394faa21791673faea1d # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-04-09 09:47:35 # local_time=2011-04-09 05:47:35 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=770 16774141 100 100 1469628 237740808 0 0 # compatibility_mode=6401 16777214 66 100 0 763334 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=97586 # found=0 # cleaned=0 # scan_time=8005 That looks good. Are you still having problems with the computer?Terrific. It is running GREAT. Thank you so much!! Should I delete that quarantined file in SuperAntiSpyware? Quote Should I delete that quarantined file in SuperAntiSpyware?Yes. Let's do some cleanup. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
To remove all of the tools we used and the files and folders they created do the following: Double click OTL.exe.
**************************************************** Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ****************************************************** Use the Secunia Software INSPECTOR to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!Thank you SuperDave. My computer is running better than it has in a long, long time.You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
