Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1] 2  All   Go Down

Author Topic: Ok, I have followed your request & here is the SAS results  (Read 10864 times)

0 Members and 1 Guest are viewing this topic.

BravoRoc

    Topic Starter


    Rookie

    Ok, I have followed your request & here is the SAS results
    « on: July 13, 2009, 08:20:01 PM »

    I like others have had problems with files or links closing unexpected. After following the directions of the malware removal page, I am including the results of the SAS scan. Your thoughts on this one are appreciated.
    Thanx
    roc

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/14/2009 at 09:13 PM

    Application Version : 4.26.1006

    Core Rules Database Version : 3991
    Trace Rules Database Version: 1931

    Scan type       : Complete Scan
    Total Scan Time : 00:54:45

    Memory items scanned      : 525
    Memory threats detected   : 0
    Registry items scanned    : 6609
    Registry threats detected : 9
    File items scanned        : 83951
    File threats detected     : 6

    Adware.MyWebSearch/FunWebProducts
       HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
       HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance
       HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000
       HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service
       HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy
       HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags
       HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class
       HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID
       HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc

    Adware.JuicyAccess
       C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.1.0.17730\bin\stbup.exe
       C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.1.0.17730\bin
       C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.1.0.17730
       C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar

    Adware.Tracking Cookie
       C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt
       C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt
    Logged

    BravoRoc

      Topic Starter


      Rookie

      Re: Ok, I have followed your request & here is the SAS results
      « Reply #1 on: July 14, 2009, 01:33:25 PM »

      I apologize for my previous email to your contact page. I have tried to delete my earlier request, but was denied. So, I will add the other info asap.
      roc
      Logged

      Computer Hope Admin

      • Administrator


        • Prodigy

        Thanked: 248
        • Yes
        • Yes
        • Yes
        • Computer Hope
      • Certifications: List
      • Computer: Specs
      • Experience: Guru
      • OS: Windows 10
      Re: Ok, I have followed your request & here is the SAS results
      « Reply #2 on: July 14, 2009, 06:49:44 PM »
      Malwarebytes should have no issues removing what SAS was able to find if it still exists. It can be downloaded at:

      http://www.malwarebytes.org/mbam-download.php

      If after running that you're still having the same issue I'd also suggest posting a Hijackthis log and let us know what Internet Browser you're using.

      http://www.computerhope.com/issues/ch001110.htm
      Logged
      Everybody is a genius. But, if you judge a fish by its ability to climb a tree, it will spend its whole life believing that it is stupid.
      -Albert Einstein

      BravoRoc

        Topic Starter


        Rookie

        Re: Ok, I have followed your request & here is the SAS results
        « Reply #3 on: July 15, 2009, 03:15:09 PM »
        I will do that right now. I do have one other issue I did not list in the above post. One of the steps including checking for unknown programs. I neglected to post this one: WUBR-177G.
        I cannot remove it, none of the above malware or spyware have removed it either.
        Does anyone have any idea as to what this might be?
        roc
        Logged

        Computer Hope Admin

        • Administrator


          • Prodigy

          Thanked: 248
          • Yes
          • Yes
          • Yes
          • Computer Hope
        • Certifications: List
        • Computer: Specs
        • Experience: Guru
        • OS: Windows 10
        Re: Ok, I have followed your request & here is the SAS results
        « Reply #4 on: July 15, 2009, 04:18:47 PM »
        Did a search on it and it appears that's related to the Gemtek Wireless broadband (wireless router). So if you have a wireless router it's likely part of that.
        Logged
        Everybody is a genius. But, if you judge a fish by its ability to climb a tree, it will spend its whole life believing that it is stupid.
        -Albert Einstein

        BravoRoc

          Topic Starter


          Rookie

          Re: Ok, I have followed your request & here is the SAS results
          « Reply #5 on: July 15, 2009, 07:59:19 PM »
          So, how come I cannot delete it? Is that normal?
          On the original subject, here is the latest on the Malware scan and following the HJT scan, just in case.

          Malwarebytes' Anti-Malware 1.39
          Database version: 2436
          Windows 5.1.2600 Service Pack 3

          7/15/2009 9:53:02 PM
          mbam-log-2009-07-15 (21-53-02).txt

          Scan type: Full Scan (C:\|)
          Objects scanned: 205499
          Time elapsed: 1 hour(s), 8 minute(s), 43 second(s)

          Memory Processes Infected: 0
          Memory Modules Infected: 0
          Registry Keys Infected: 0
          Registry Values Infected: 0
          Registry Data Items Infected: 0
          Folders Infected: 0
          Files Infected: 0

          Memory Processes Infected:
          (No malicious items detected)

          Memory Modules Infected:
          (No malicious items detected)

          Registry Keys Infected:
          (No malicious items detected)

          Registry Values Infected:
          (No malicious items detected)

          Registry Data Items Infected:
          (No malicious items detected)

          Folders Infected:
          (No malicious items detected)

          Files Infected:
          (No malicious items detected)

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 9:57:04 PM, on 7/15/2009
          Platform: Windows XP SP3 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16850)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\WINDOWS\arservice.exe
          C:\WINDOWS\eHome\ehRecvr.exe
          C:\WINDOWS\eHome\ehSched.exe
          C:\Program Files\Java\jre6\bin\jqs.exe
          C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
          C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
          C:\Program Files\Microsoft Windows OneCare Live\winss.exe
          C:\WINDOWS\ehome\ehtray.exe
          C:\WINDOWS\eHome\ehmsas.exe
          C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
          C:\WINDOWS\system32\dllhost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
          C:\HP\KBD\KBD.EXE
          c:\windows\system\hpsysdrv.exe
          C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\Program Files\DISC\DISCover.exe
          C:\Program Files\DISC\DiscUpdMgr.exe
          C:\Program Files\DISC\DiscStreamHub.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\Program Files\Microsoft Windows OneCare Live\GtOneCare\OcBrowse.exe
          C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
          C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
          R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
          O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
          O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (file missing)
          O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
          O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
          O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
          O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (file missing)
          O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
          O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
          O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
          O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
          O4 - HKCU\..\Run: [RadioTime] "C:\Program Files\RadioTime\mrt.exe" /nosplash /noplayer
          O4 - HKUS\S-1-5-19\..\Run: [RadioTime] "C:\Program Files\RadioTime\mrt.exe" /nosplash /noplayer (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-20\..\Run: [RadioTime] "C:\Program Files\RadioTime\mrt.exe" /nosplash /noplayer (User 'NETWORK SERVICE')
          O4 - HKUS\S-1-5-18\..\Run: [RadioTime] "C:\Program Files\RadioTime\mrt.exe" /nosplash /noplayer (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [RadioTime] "C:\Program Files\RadioTime\mrt.exe" /nosplash /noplayer (User 'Default user')
          O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
          O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
          O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
          O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
          O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
          O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O15 - Trusted Zone: http://*.trymedia.com (HKLM)
          O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
          O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
          O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
          O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
          O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing)
          O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
          O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
          O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\McShield.exe (file missing)
          O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
          O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
          O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\Program Files\Spyware Terminator\sp_rsser.exe (file missing)
          O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

          --
          End of file - 9718 bytes

          This is what you asked for; thanks again, for your help
          roc
          Logged

          BravoRoc

            Topic Starter


            Rookie

            Re: Ok, I have followed your request & here is the SAS results
            « Reply #6 on: July 17, 2009, 11:37:55 AM »
            Ok, here is the HJT results.

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 1:30:28 PM, on 7/17/2009
            Platform: Windows XP SP3 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.5730.0013)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\nvsvc32.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            C:\WINDOWS\arservice.exe
            C:\WINDOWS\eHome\ehRecvr.exe
            C:\WINDOWS\eHome\ehSched.exe
            C:\Program Files\Java\jre6\bin\jqs.exe
            C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
            C:\WINDOWS\system32\HPZipm12.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
            C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
            C:\Program Files\Microsoft Windows OneCare Live\winss.exe
            C:\WINDOWS\system32\dllhost.exe
            C:\WINDOWS\ehome\ehtray.exe
            C:\Program Files\Common Files\Real\Update_OB\realsched.exe
            C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
            C:\WINDOWS\eHome\ehmsas.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
            C:\Program Files\Mozilla Firefox\firefox.exe
            C:\Program Files\Microsoft Windows OneCare Live\GtOneCare\OcBrowse.exe
            C:\Program Files\Real\RealPlayer\RecordingManager.exe
            C:\HP\KBD\KBD.EXE
            C:\Program Files\iPod\bin\iPodService.exe
            c:\windows\system\hpsysdrv.exe
            C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
            C:\Program Files\iTunes\iTunesHelper.exe
            C:\Program Files\DISC\DISCover.exe
            C:\Program Files\DISC\DiscUpdMgr.exe
            C:\Program Files\DISC\DiscStreamHub.exe
            C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
            R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
            O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
            O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
            O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (file missing)
            O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
            O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
            O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
            O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (file missing)
            O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
            O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
            O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
            O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
            O4 - HKUS\S-1-5-19\..\Run: [RadioTime] "C:\Program Files\RadioTime\mrt.exe" /nosplash /noplayer (User 'LOCAL SERVICE')
            O4 - HKUS\S-1-5-20\..\Run: [RadioTime] "C:\Program Files\RadioTime\mrt.exe" /nosplash /noplayer (User 'NETWORK SERVICE')
            O4 - HKUS\S-1-5-18\..\Run: [RadioTime] "C:\Program Files\RadioTime\mrt.exe" /nosplash /noplayer (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [RadioTime] "C:\Program Files\RadioTime\mrt.exe" /nosplash /noplayer (User 'Default user')
            O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
            O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
            O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
            O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
            O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
            O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
            O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O15 - Trusted Zone: http://*.trymedia.com (HKLM)
            O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
            O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
            O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
            O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
            O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing)
            O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
            O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
            O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\McShield.exe (file missing)
            O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
            O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
            O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
            O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\Program Files\Spyware Terminator\sp_rsser.exe (file missing)
            O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

            --
            End of file - 9490 bytes
            If this is not what you asked for, please let me know.
            roc
            Logged

            BravoRoc

              Topic Starter


              Rookie

              Re: Ok, I have followed your request & here is the SAS results
              « Reply #7 on: July 19, 2009, 10:31:57 AM »
              Hi,
              I would like to have an opinion of the request for help on a subject that I continue to have. I have done all asked of me and I have yet to resolve my problem.
              Is there anyone that can help me on this issue?
              roc
              Logged

              evilfantasy

              • Malware Removal Specialist
              • Moderator


                • Genius
              • Calm like a bomb
                • Thanked: 493
              • Experience: Experienced
              • OS: Windows 11
              Re: Ok, I have followed your request & here is the SAS results
              « Reply #8 on: July 19, 2009, 12:01:24 PM »
              I don't see anything to indicate this is a malware issue. We can do another scan to look closer if you would like.

              Use the Kaspersky Lab Online Scanner

              In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

              • Click on SCAN NOW
              • Click Accept.
              • The program will then begin downloading the latest definition files.
              • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
              • The scan will take a while, so be patient and let it finish.
              When the scan is done, in the Scan is complete window, any infection is displayed.
              There is no option to clean/disinfect, however, we need to analyze the information on the report.

              To obtain the report:
              Click on: Save Report As
              • Next, in the Save as prompt, Save in area, select: Desktop.
              • In the File name area use KScan, or something similar.
              • In Save as type: click the drop arrow and select: Text file [*.txt]
              • Then, click: Save


              Copy and paste the Kaspersky Online Scanner Report in your next reply.

              Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

              If needed, this animation will guide you through the process.
              Logged

              BravoRoc

                Topic Starter


                Rookie

                Re: Ok, I have followed your request & here is the SAS results
                « Reply #9 on: July 19, 2009, 04:27:20 PM »
                Earlier today, I received a reply to the post I submitted this AM. The reply instructed me to go to a site and run an online scan, Kaspersky. that reply does not show up now, so I have no idea as to what happened to it, but I wanted to let you know that when I was running the scan, about 3+ hours passed and my browser, Fire Fox closed unexpectedly and I had to start over again. I have also experienced very slow running while the scan was working. I also had black screens that took 4-5 minutes to respond to efforts to re-open the the browser. I know that is not normal, but I think that is an indication of malware still present.
                So, if the person who responded to my message would let me know who they are, I would like you to explain why this is still happening. Thanks again,
                roc
                Logged

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                  • Genius
                • Calm like a bomb
                  • Thanked: 493
                • Experience: Experienced
                • OS: Windows 11
                Re: Ok, I have followed your request & here is the SAS results
                « Reply #10 on: July 19, 2009, 04:46:11 PM »
                Quote from: BravoRoc on July 19, 2009, 04:27:20 PM
                So, if the person who responded to my message would let me know who they are, I would like you to explain why this is still happening.

                Are you talking about me or someone else?

                Logged

                BravoRoc

                  Topic Starter


                  Rookie

                  Re: Ok, I have followed your request & here is the SAS results
                  « Reply #11 on: July 21, 2009, 06:31:58 AM »
                  I have run the Kaspersky scan and here are the results:  :-\

                     KASPERSKY ONLINE SCANNER 7.0 REPORT
                  Tuesday, July 21, 2009
                  Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
                  Kaspersky Online Scanner version: 7.0.26.13
                  Program database last update: Monday, July 20, 2009 23:21:21
                  Records in database: 2502214
                  Scan settings
                  Scan using the following database    extended
                  Scan archives    yes
                  Scan mail databases    yes
                  Scan area    Folder
                  Scan statistics
                  Files scanned    193148
                  Threat name    1
                  Infected objects    3
                  Suspicious objects    0
                  Duration of the scan    10:31:23

                  File name    Threat name    Threats count
                  J:\hp\bin\wbug\HPPavillion_Spring06.exe   Infected: not-a-virus:AdWare.Win32.WeatherBug.a   1   
                  K:\I386\APPS\APP02662\src\CompaqPresario_Spring06.exe   Infected: not-a-virus:AdWare.Win32.WeatherBug.a   1   
                  K:\I386\APPS\APP02662\src\HPPavillion_Spring06.exe   Infected: not-a-virus:AdWare.Win32.WeatherBug.a   1   
                  The selected area was scanned.

                  Thanks, evilfantasy.
                  It says no real virus infection, just adware. I am still having problems and the only thing I know now is to restore. Does restore completely remove infections?
                  Any other options we can try?
                  thanks
                  Logged

                  evilfantasy

                  • Malware Removal Specialist
                  • Moderator


                    • Genius
                  • Calm like a bomb
                    • Thanked: 493
                  • Experience: Experienced
                  • OS: Windows 11
                  Re: Ok, I have followed your request & here is the SAS results
                  « Reply #12 on: July 21, 2009, 02:54:29 PM »
                  Quote
                  Does restore completely remove infections?

                  No.

                  Since it's been a few days please let me know what all is wrong with the computer.
                  Logged

                  BravoRoc

                    Topic Starter


                    Rookie

                    Re: Ok, I have followed your request & here is the SAS results
                    « Reply #13 on: July 25, 2009, 04:25:53 PM »
                    Thank you for your reply, but I have decided to restore the pc. There are so many things wrong right now I really would not know where to start.I do have one question; I chose the restore console in start up, not the discs.
                    It asked me the Administrator's password. I used the one I always do and it claimed it was incorrect.
                    Would you have any idea as to where I might find that password?
                    thanks again,
                    roc
                    Logged

                    Karnac



                      Specialist

                      Thanked: 211
                      Re: Ok, I have followed your request & here is the SAS results
                      « Reply #14 on: July 25, 2009, 04:33:07 PM »
                      Logged


                      Never argue with a stupid person, they'll drag you down to their level and beat you with experience.
                      Pages: [1] 2  All   Go Up
                      « previous next »