Computer Hope
Software => Computer viruses and spyware => Topic started by: srose on February 10, 2010, 02:42:53 PM
-
I have been working to remove a few things that showed up on my computer. I ran a check with a web root program and it says the following.
Virus: Mal/Generic-A
Adware: fake alert.gen
Informational items: killapp
I followed the steps that were listed from 1 to 6.
I have spybot, but don't use it
I deleted any programs that I didn't need
I run CCleaner all the time.
I ran the super spywear program and it says that everything is clean.
I ran the malware program and it showed a few things and I am posting the log.
I updated my Java program to make it current
I ran a hijack this log, but have no idea what to do with it, so I am going to post it.
After doing all of this my web root software still says the same thing. The computer does seem to be running better, but I am still concerend that there is still something on the computer.
If you can help I would really appreciate it.
[Saving space, attachment deleted by admin]
-
<Removed> See here http://www.computerhope.com/forum/index.php/topic,57605.0.html
-
Download DDS from |HERE| (http://www.techsupportforum.com/sectools/sUBs/dds) or |HERE| (http://download.bleepingcomputer.com/sUBs/dds.scr) or |HERE| (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
-
I ran spybot and it didn't pick up anything.
I did run spy hunter and removed the things that it came up with.
Not sure on Microsoft defender, as I don't have this program.
I run Microsoft live 1 and it does a scan everyday, and it comes up with nothing.
If you have suggestions on a anti-spyware program I am open.
The reason I posted is because someone got into my email and did a mass mail out to all of my contacts. When the Live one didn't pick anything up I scanned with the Web Root software that I have that will usually always pick up what is on it, but it doesn't have anything set up to remove. It only tells you what is there, and then you have to figure out how to get rid of it. Most of the time I don't have any trouble running some kind of program and then getting rid of it, but this time I have not had any success. That is why I posted what the web root software was saying was on there.
-
Download DDS from |HERE| (http://www.techsupportforum.com/sectools/sUBs/dds) or |HERE| (http://download.bleepingcomputer.com/sUBs/dds.scr) or |HERE| (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
-
I responded to the post that you removed while you posted this one, but here are the DDS logs that you requested. I appreciate any help that you can provide.
[Saving space, attachment deleted by admin]
-
Attached DDS copy and paste:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-09-29.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/7/2004 12:14:57 PM
System Uptime: 2/10/2010 8:00:41 AM (27 hours ago)
Motherboard: ASUSTeK Computer INC. | | 'P4SD-LA'
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 | 3200/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 180 GiB total, 143.394 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 1.122 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft MPU Audio Driver(WDM)
Device ID: ROOT\MEDIA\0002
Manufacturer: Aztech Systems
Name: Microsoft MPU Audio Driver(WDM)
PNP Device ID: ROOT\MEDIA\0002
Service: ms_mpu401
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Aztech 2320 Compatible PnP Audio (WDM)
Device ID: ROOT\MEDIA\0003
Manufacturer: Aztech Systems
Name: Aztech 2320 Compatible PnP Audio (WDM)
PNP Device ID: ROOT\MEDIA\0003
Service: azt2320
==== System Restore Points ===================
RP625: 11/12/2009 3:00:28 AM - Software Distribution Service 3.0
RP626: 11/13/2009 3:00:19 AM - Software Distribution Service 3.0
RP627: 11/14/2009 3:00:19 AM - Software Distribution Service 3.0
RP628: 11/15/2009 3:00:18 AM - Software Distribution Service 3.0
RP629: 11/16/2009 3:00:18 AM - Software Distribution Service 3.0
RP630: 11/17/2009 3:00:18 AM - Software Distribution Service 3.0
RP631: 11/18/2009 3:00:22 AM - Software Distribution Service 3.0
RP632: 11/19/2009 3:00:19 AM - Software Distribution Service 3.0
RP633: 11/19/2009 7:40:54 AM - Software Distribution Service 3.0
RP634: 11/19/2009 6:43:20 PM - Removed iTunes
RP635: 11/19/2009 6:46:28 PM - Removed QuickTime
RP636: 11/19/2009 7:06:12 PM - Installed iTunes
RP637: 11/20/2009 3:00:20 AM - Software Distribution Service 3.0
RP638: 11/21/2009 3:00:19 AM - Software Distribution Service 3.0
RP639: 11/22/2009 3:00:18 AM - Software Distribution Service 3.0
RP640: 11/23/2009 3:00:20 AM - Software Distribution Service 3.0
RP641: 11/24/2009 3:00:19 AM - Software Distribution Service 3.0
RP642: 11/25/2009 3:00:30 AM - Software Distribution Service 3.0
RP643: 11/30/2009 3:50:25 PM - System Checkpoint
RP644: 12/1/2009 5:35:56 PM - System Checkpoint
RP645: 12/2/2009 6:32:48 PM - System Checkpoint
RP646: 12/3/2009 8:35:11 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP647: 12/3/2009 8:35:29 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP648: 12/4/2009 12:20:30 PM - System Checkpoint
RP649: 12/5/2009 1:25:54 PM - System Checkpoint
RP650: 12/6/2009 3:05:48 PM - System Checkpoint
RP651: 12/7/2009 3:06:28 PM - System Checkpoint
RP652: 12/8/2009 3:54:53 PM - System Checkpoint
RP653: 12/9/2009 4:38:35 PM - System Checkpoint
RP654: 12/10/2009 3:00:26 AM - Software Distribution Service 3.0
RP655: 12/11/2009 3:25:59 AM - System Checkpoint
RP656: 12/14/2009 11:06:02 AM - System Checkpoint
RP657: 12/15/2009 12:32:45 PM - System Checkpoint
RP658: 12/16/2009 12:33:07 PM - System Checkpoint
RP659: 12/17/2009 1:40:29 PM - System Checkpoint
RP660: 12/19/2009 3:00:23 AM - Software Distribution Service 3.0
RP661: 12/21/2009 4:55:40 PM - System Checkpoint
RP662: 12/22/2009 10:18:55 AM - Removed Adobe Reader 7.1.0
RP663: 12/22/2009 10:19:48 AM - Installed Adobe Reader 9.2.
RP664: 12/27/2009 3:57:58 PM - System Checkpoint
RP665: 1/9/2010 6:09:12 PM - System Checkpoint
RP666: 1/13/2010 3:00:39 AM - Software Distribution Service 3.0
RP667: 1/21/2010 3:00:20 AM - Software Distribution Service 3.0
RP668: 1/22/2010 3:00:18 AM - Software Distribution Service 3.0
RP669: 1/23/2010 9:09:47 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP670: 1/23/2010 9:10:16 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP671: 1/24/2010 12:57:31 PM - System Checkpoint
RP672: 1/25/2010 5:34:43 PM - System Checkpoint
RP673: 1/26/2010 7:16:55 PM - System Checkpoint
RP674: 2/5/2010 11:06:16 PM - System Checkpoint
RP675: 2/7/2010 12:46:49 AM - System Checkpoint
RP676: 2/8/2010 2:02:29 AM - System Checkpoint
RP677: 2/8/2010 8:46:05 PM - Installed SUPERAntiSpyware Free Edition
RP678: 2/9/2010 1:41:00 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP679: 2/9/2010 1:42:35 PM - Removed STOPzilla Toolbar
RP680: 2/9/2010 5:35:06 PM - Installed Java(TM) 6 Update 18
RP681: 2/10/2010 3:00:39 AM - Software Distribution Service 3.0
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe SVG Viewer 6.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
Bonjour
Canon MultiPASS Suite 4.00
CCleaner
CCScore
Choice Guard
Compatibility Pack for the 2007 Office system
Corel WinDVD 9
Defraggler (remove only)
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Google Earth
Google Update Helper
GTOneCare
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HP Instant Support
HP Software Update
hpmdtab
HpSdpAppCoreApp
Intel(R) Extreme Graphics 2 Driver
InterActual Player
InterVideo WinDVD 8
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java Auto Updater
Java(TM) 6 Update 18
Kodak EasyShare software
LG USB Drivers
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft IntelliPoint 6.2
Microsoft IntelliType Pro 6.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Protection Service
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Live OneCare Resources v2.5.2900.28
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.5.2900.24 Idcrl Install
Microsoft Windows OneCare Live v2.5.2900.28
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works 7.0
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Multimedia Card Reader
netbrdg
OfotoXMI
Palm Desktop and Synchronization Software
Print Perfect Deluxe
PX Engine
QuickTime
RealOne Player
Scan
Scan Manager 5.2
ScanSoft OmniPage 16
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
SereneScene Marine Aquarium 2
SFR
SHASTA
ShowCase
skin0001
SKINXSDK
Spybot - Search & Destroy
staticcr
SUPERAntiSpyware Free Edition
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976749)
Updates from HP
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
VueScan
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live OneCare
Windows Live Upload Tool
Windows Live Writer
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See Q828026 for more information]
Windows Presentation Foundation
Windows XP Service Pack 3
Winmail Opener 1.4
WIRELESS
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
2/9/2010 1:40:47 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
2/9/2010 1:40:17 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
2/5/2010 4:36:53 PM, error: Service Control Manager [7000] - The Media Center Monitor Service service failed to start due to the following error: The system cannot find the file specified.
2/5/2010 4:36:53 PM, error: Service Control Manager [7000] - The hpdj00 service failed to start due to the following error: The system cannot find the file specified.
2/11/2010 11:49:39 AM, error: Service Control Manager [7016] - The MpService service has reported an invalid current state 0.
2/10/2010 8:01:12 AM, error: Dhcp [1002] - The IP address lease 98.164.154.217 for the Network Card with network address 000EA68A1BA7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/10/2010 1:05:46 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
==== End Of File ===========================
DDS File copy and paste version:
DDS (Ver_09-09-29.01) - NTFSx86
Run by Sean and Wylene at 11:49:35.07 on Thu 02/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1382 [GMT -5:00]
AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\calc.exe
C:\Documents and Settings\Sean and Wylene\My Documents\Antivirus\REMOVAL\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Sean and Wylene\Desktop\dds.com
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = localhost;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
EB: {8F4902B6-6C04-4ade-8052-AA58578A21BD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0854D220-A90A-466D-BC02-6683183802B7} - hxxp://cgmls.fnismls.com/Paragon/Codebase/FNISPrintControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} - file://f:\win\setup\iaieplay.dll
DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26}
DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} - hxxp://www.cyberlink.com/winxp/CheckDVD.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126482186562
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204817669703
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: TPSvc - TPSvc.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\seanan~1\applic~1\mozilla\firefox\profiles\614r5ppc.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 CX88XBAR;Conexant 2388x Crossbar Dual Input;c:\windows\system32\drivers\cx88xbardual.sys [2004-2-17 7040]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-31 55152]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-7-9 26104]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S0 omoecx;omoecx;c:\windows\system32\drivers\lncww.sys --> c:\windows\system32\drivers\lncww.sys [?]
S2 ehMonitor;Media Center Monitor Service;c:\program files\media center diagnostic kit\tests\bin\ehmonitor.exe --> c:\program files\media center diagnostic kit\tests\bin\ehMonitor.exe [?]
S2 gupdate1c9871162dbbbf2;Google Update Service (gupdate1c9871162dbbbf2);c:\program files\google\update\GoogleUpdate.exe [2009-2-4 133104]
S2 hpdj00;hpdj00;c:\docume~1\seanan~1\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=hp photosmart 8100 series -product=hid --> c:\docume~1\seanan~1\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=HP Photosmart 8100 Series -product=hid [?]
S3 azt2320;Aztech 2320 Audio Driver (WDM);c:\windows\system32\drivers\aztw2320.sys [2009-8-20 36992]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\BdHidCom.sys [2006-7-23 17408]
=============== Created Last 30 ================
2010-02-10 18:42 664 a------- c:\windows\system32\d3d9caps.dat
2010-02-09 17:01 <DIR> --d----- c:\docume~1\seanan~1\applic~1\Malwarebytes
2010-02-09 17:01 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-09 17:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-09 17:01 19,160 a------- c:\windows\system32\drivers\mbam.sys
2010-02-09 17:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-02-09 13:39 824 a------- c:\windows\system32\drivers\kgpcpy.cfg
2010-02-08 20:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-08 20:46 <DIR> --d----- c:\program files\SUPERAntiSpyware
2010-02-08 20:46 <DIR> --d----- c:\docume~1\seanan~1\applic~1\SUPERAntiSpyware.com
2010-02-08 20:45 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2010-01-12 14:01 471,552 -c------ c:\windows\system32\dllcache\aclayers.dll
==================== Find3M ====================
2009-12-31 11:50 353,792 a------- c:\windows\system32\drivers\srv.sys
2009-12-21 14:14 916,480 a------- c:\windows\system32\wininet.dll
2009-12-17 17:14 411,368 a------- c:\windows\system32\deploytk.dll
2009-12-16 13:43 343,040 a------- c:\windows\system32\mspaint.exe
2009-12-14 02:08 33,280 a------- c:\windows\system32\csrsrv.dll
2009-12-08 14:26 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-12-08 13:43 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-11-27 12:11 1,291,776 a------- c:\windows\system32\quartz.dll
2009-11-27 12:11 17,920 a------- c:\windows\system32\msyuv.dll
2009-11-27 11:07 28,672 a------- c:\windows\system32\msvidc32.dll
2009-11-27 11:07 8,704 a------- c:\windows\system32\tsbyuv.dll
2009-11-27 11:07 84,992 a------- c:\windows\system32\avifil32.dll
2009-11-27 11:07 48,128 a------- c:\windows\system32\iyuv_32.dll
2009-11-27 11:07 11,264 a------- c:\windows\system32\msrle32.dll
2009-11-21 10:51 471,552 a------- c:\windows\apppatch\aclayers.dll
2009-10-10 20:52 2,516 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2008-07-05 14:34 8 ---shr-- c:\docume~1\alluse~1\applic~1\407F676AD1.sys
2008-05-15 10:28 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051520080516\index.dat
============= FINISH: 11:50:18.78 ===============
-
Disable Spybot's TeaTimer
While TeaTimer is an excellent tool for the prevention of spyware, it can also interfere with any fixes we make. Please disable TeaTimer for now until you are clean.
1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol). Choose Exit Spybot S&D Resident
2. Run Spybot S&D
3. Go to the Mode menu, and make sure Advanced Mode is selected.
4. On the left hand side, choose Tools > Resident
uncheck Resident TeaTimer and OK any prompt and Restart your computer.
Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
If TeaTimer will not turn off then uninstall Spybot until we are done cleaning.
----------
Go to Add or Remove Programs and uninstall:
- Java 2 Runtime Environment, SE v1.4.2
- Viewpoint Media Player
.
----------
Download Disable/Remove Windows Messenger (http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html) to the desktop to remove Windows Messenger.
Do not confuse Windows Messenger with MSN Messenger or Windows Live Messenger because they are not the same. Windows Messenger is a frequent cause of popups.
Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.
Exit out of MessengerDisable then delete the two files that were put on the desktop.
----------
If you already have ComboFix be sure to delete it and download a new copy.
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://www.forospyware.com/sUBs/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
DO NOT run it yet!
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
DDS::
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
EB: {8F4902B6-6C04-4ade-8052-AA58578A21BD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26}
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://img249.imageshack.us/img249/1218/cfscript1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
-
I uninstalled Spybot while I was waiting for your responce.
I uninstalled the windows messager as requested.
Here is the log from the Combo Fix:
ComboFix 10-02-10.05 - Sean and Wylene 02/11/2010 12:42:01.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1397 [GMT -5:00]
Running from: c:\documents and settings\Sean and Wylene\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sean and Wylene\Desktop\CFScript.txt
AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\Ijl11.dll
c:\windows\system32\tmp.reg
D:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://armmf.adobe.com
.
((((((((((((((((((((((((( Files Created from 2010-01-11 to 2010-02-11 )))))))))))))))))))))))))))))))
.
2010-02-10 23:42 . 2010-02-10 23:42 503808 ----a-w- c:\documents and settings\Taylor\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2679089b-n\msvcp71.dll
2010-02-10 23:42 . 2010-02-10 23:42 499712 ----a-w- c:\documents and settings\Taylor\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2679089b-n\jmc.dll
2010-02-10 23:42 . 2010-02-10 23:42 348160 ----a-w- c:\documents and settings\Taylor\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2679089b-n\msvcr71.dll
2010-02-10 23:42 . 2010-02-10 23:42 61440 ----a-w- c:\documents and settings\Taylor\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6b9a8257-n\decora-sse.dll
2010-02-10 23:42 . 2010-02-10 23:42 12800 ----a-w- c:\documents and settings\Taylor\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6b9a8257-n\decora-d3d.dll
2010-02-10 23:42 . 2010-02-10 23:42 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-09 22:36 . 2010-02-09 22:36 503808 ----a-w- c:\documents and settings\Sean and Wylene\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43f0a589-n\msvcp71.dll
2010-02-09 22:36 . 2010-02-09 22:36 499712 ----a-w- c:\documents and settings\Sean and Wylene\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43f0a589-n\jmc.dll
2010-02-09 22:36 . 2010-02-09 22:36 348160 ----a-w- c:\documents and settings\Sean and Wylene\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43f0a589-n\msvcr71.dll
2010-02-09 22:35 . 2010-02-09 22:35 61440 ----a-w- c:\documents and settings\Sean and Wylene\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1ff5c2e1-n\decora-sse.dll
2010-02-09 22:35 . 2010-02-09 22:35 12800 ----a-w- c:\documents and settings\Sean and Wylene\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1ff5c2e1-n\decora-d3d.dll
2010-02-09 22:01 . 2010-02-09 22:01 -------- d-----w- c:\documents and settings\Sean and Wylene\Application Data\Malwarebytes
2010-02-09 22:01 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-09 22:01 . 2010-02-09 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-09 22:01 . 2010-02-09 22:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-09 22:01 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-09 01:47 . 2010-02-09 01:47 52224 ----a-w- c:\documents and settings\Sean and Wylene\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-09 01:47 . 2010-02-09 01:47 117760 ----a-w- c:\documents and settings\Sean and Wylene\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-09 01:46 . 2010-02-09 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-09 01:46 . 2010-02-09 01:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-09 01:46 . 2010-02-09 01:46 -------- d-----w- c:\documents and settings\Sean and Wylene\Application Data\SUPERAntiSpyware.com
2010-02-09 01:45 . 2010-02-09 01:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-12 19:01 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-11 17:44 . 2009-04-29 22:38 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2010-02-11 17:15 . 2005-08-10 17:05 -------- d-----w- c:\program files\ShowCase
2010-02-11 17:12 . 2008-02-24 16:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-11 17:12 . 2008-02-24 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-09 22:36 . 2003-12-17 06:32 -------- d-----w- c:\program files\Common Files\Java
2010-02-09 22:35 . 2003-12-17 06:32 -------- d-----w- c:\program files\Java
2010-02-09 18:47 . 2009-09-28 13:28 -------- d-----w- c:\program files\Coupons
2010-02-09 18:44 . 2009-09-29 21:16 -------- d-----w- c:\program files\trademanager
2010-02-09 18:39 . 2010-02-09 18:39 824 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-02-09 18:39 . 2009-07-16 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-02-08 19:04 . 2008-03-26 23:05 -------- d-----w- c:\program files\Enigma Software Group
2010-02-08 10:12 . 2008-12-14 23:38 -------- d-----w- c:\program files\Google
2010-02-01 14:11 . 2004-07-13 17:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-22 13:43 . 2008-03-07 13:23 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-31 16:50 . 2003-12-17 04:29 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 15:28 . 2009-09-30 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-22 15:27 . 2009-12-22 15:14 -------- d-----w- c:\program files\NOS
2009-12-22 15:16 . 2009-12-22 15:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-22 15:14 . 2009-12-22 15:14 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-21 19:14 . 2005-06-18 03:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 22:14 . 2009-01-06 15:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2004-01-20 18:08 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-01-20 18:04 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2004-01-20 18:09 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2002-08-29 08:04 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2003-12-17 04:28 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2003-12-17 06:18 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2003-11-12 18:54 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2004-07-07 16:12 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-01-20 18:08 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-07-07 16:12 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2004-01-20 18:08 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-01-20 18:04 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-21 15:51 . 2004-01-20 18:03 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 11:08 . 2009-12-22 15:17 38784 ----a-w- c:\documents and settings\Sean and Wylene\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-12-21 1803064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete \??\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Sean and Wylene^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk]
path=c:\documents and settings\Sean and Wylene\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk
backup=c:\windows\pss\reminder-ScanSoft Product Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2009-04-10 13:53 50520 ----a-w- c:\documents and settings\Sean and Wylene\Application Data\mjusbsp\cdloader2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
2009-07-09 16:15 65240 ----a-w- c:\program files\Microsoft Windows OneCare Live\winssnotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 15:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanSoft OmniPage 16-reminder]
2007-07-20 13:50 328992 ----a-w- c:\program files\ScanSoft\OmniPage16\Ereg\Ereg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"c:\\Documents and Settings\\Sean and Wylene\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 CX88XBAR;Conexant 2388x Crossbar Dual Input;c:\windows\system32\drivers\cx88xbardual.sys [2/17/2004 3:37 PM 7040]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/31/2009 7:24 PM 55152]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [7/9/2009 11:15 AM 26104]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 7:09 PM 11032]
S0 omoecx;omoecx;c:\windows\system32\drivers\lncww.sys --> c:\windows\system32\drivers\lncww.sys [?]
S2 ehMonitor;Media Center Monitor Service;c:\program files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe --> c:\program files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe [?]
S2 gupdate1c9871162dbbbf2;Google Update Service (gupdate1c9871162dbbbf2);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2009 4:41 PM 133104]
S2 hpdj00;hpdj00;c:\docume~1\SEANAN~1\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Photosmart 8100 Series -product=hid --> c:\docume~1\SEANAN~1\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Photosmart 8100 Series -product=hid [?]
S3 azt2320;Aztech 2320 Audio Driver (WDM);c:\windows\system32\drivers\aztw2320.sys [8/20/2009 8:44 AM 36992]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 5:08 PM 533360]
S3 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\BdHidCom.sys [7/23/2006 6:17 PM 17408]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2010-02-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 21:41]
2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 21:41]
2010-02-11 c:\windows\Tasks\User_Feed_Synchronization-{A4B2D6E0-A34D-4D32-B546-B1A3ACC18990}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Sean and Wylene\Application Data\Mozilla\Firefox\Profiles\614r5ppc.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -
Toolbar-SITEguard - (no file)
Notify-TPSvc - TPSvc.dll
MSConfigStartUp-aliim - c:\program files\trademanager\aliim.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-OpAgent - OpAgent.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-11 12:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2272)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2010-02-11 13:02:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-11 18:02
Pre-Run: 153,941,749,760 bytes free
Post-Run: 154,162,298,880 bytes free
- - End Of File - - 991A68075178CFEBCD33EEFF21666D5D
-
I suggest uninstalling Windows Live OneCare as it is outdated. MSE is very good and free. Microsoft Security Essentials for Windows XP (http://majorgeeks.com/Microsoft_Security_Essentials_for_Windows_XP_d6243.html)
* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /Uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter
* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
----------
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
----------
ESET Online Scan
Scan your computer with the ESET FREE Online Virus Scan (http://eset.com/onlinescan)
* Click the ESET Online Scanner button.
* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.
* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.
In your next reply please include the ESET Online Scan Log
-
One thing I forgot to mention.
When computer went to reboot it goes to save settings, and then says it is shutting down, but never shuts down. I have to manually turn it off. It does this frequently, not sure if there is any relevance to this and the virus.
-
We'll see if it is still happening after the next scan.
-
I installed the microsoft security, will this cover the firewall and the antispyware as well?
I installed the TFC, but I use CCleaner as an automatic system to clean everytime any user logs on.
I ran the ESet scan, and it did not find any threats, so I ran the system analyzer that I have from web root and it still shows:
Virus: Mal/Generic-A
Information item: killapp
-
Disable/Enable the System Restore Utility to flush old infected restore points
1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Put a check mark next to Turn off System Restore on All Drives
4) Click the OK button.
5) You will be prompted to restart the computer. Click the Yes button.
Now re-enable System Restore
To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.
1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Remove the check mark next to Turn off System Restore on All Drives
4) Click the OK button.
----------
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
* Click Start Now
* Check the box next to Enable thorough system inspection.
* Click Start
* Allow the scan to finish and scroll down to see if any updates are needed.
* Update anything listed.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page (http://www.microsoft.com/windows/ie/).
----------
I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy (http://www.safer-networking.org/en/spybotsd/index.html). Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.
-
I went through and did everything in the prior post.
Here are a few concerns that I still have.
The computer ran a lot faster before I installed SpyBot. With everything else that you have recommended to install is it necessary to run this as well?
After I did all of the things in the prior post the computer seems to hang up on some occasions still when you turn it off or reboot.
I ran the Web Root system Analyzer and it still shows that I have the following on the computer.
Virus: Mal/Generic-A
Information item: Killapp
I went ahead and ran the super-antivirus, malware and hijack this again and I am attaching them, so you can look at them again. I do appreciate everything that your doing, as the computer does seem to run better. I am just concerned about the items that keep showing up.
[Saving space, attachment deleted by admin]
-
he computer ran a lot faster before I installed SpyBot.
If it's slowing you down the uninstall it.
I ran the Web Root system Analyzer and it still shows that I have the following on the computer.
Virus: Mal/Generic-A
Information item: Killapp
I need a file path or log to know what it's complaining about.
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
- O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\SEANAN~1\LOCALS~1\Temp\hpdj00.exe (file missing)
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
If HJT asks to restart choose No.
----------
Open HijackThis, but instead of scanning, click on the Open the MISC tools section button at the bottom of the choices.
Copy this red text -> hpdj00
- In HijackThis select Delete an NT Service
- Paste the text into the box that opens and then click OK
- If you receive any error messages just ignore them and continue.
- Now repeat the above to delete the below Services (if you do not find them or get any errors, just continue):
.
Now exit HijackThis and reboot when it tells you it needs to.
-
I completed the Hijack this instructions and removed the file.
I don't have a log with the scan that the Web Root System Analyzer does, or a file path. Any suggestions on a product that I can do that will provide this would be greatly appreciated.
I did run a Free AVG scan and I found where the Mal/Generic-A was coming from. I had a program that I use that had a dll file attached to it that it was showing up in. I was able to delete what I don't use, and it didn't appear to be a malicious file. I am assuming they were using it to collect data on how I use the product, as well it may have been an open door for the communication part of the software.
I am still showing: Killapp as an information item on the computer scan though. Again that software I have doesn't provide a log or file path. None of the other programs I have bring anything up. If you have any suggestions on a product that I can use it would be greatly appreciated. I know it is not a big problem, but I would still like to get it off.
Also the computer still hangs up 80% of the time when I reboot or turn off. About 30% of the time when I turn it back on it will hang up while it is trying to reboot, and I have to turn it off again. It will then ask you if you want to open in safe mode.
Thank You for your help! The service that your providing is remarkable, and I will defiantly make sure others know of the help that you can offer.
-
Scan your computer with Panda ActiveScan (http://www.pandasoftware.com/products/activescan.htm)
* Once you are on the Panda site click the Scan your PC now button.
* A new window will open...click the Scan Now button.
* If it wants to install an ActiveX component allow it.
* It will start downloading the files it requires for the scan. (Note: It may take a couple of minutes)
* You may get a warning from Internet Explorer that Panda is ready to install, please allow it.
* The scan will begin. Please be patient as it can take an hour or more to complete.
* When the scan completes, if anything malicious is detected, click the Export to: button (looks like a little Notepad).
* Save the ActiveScan.txt to a convenient location like your desktop.
* Note: You do not need to select any of the Disinfect options. We will remove any threats manually.
* Post the contents of the ActiveScan report in your next reply.
-
I started to run the Panda scan sometime around 11:00 am yesterday. I know that you said to be patient, but it is still running this morning. It says that is is only 23% complete and this is the rest:
Item in progress: c:\windows\installer\275bd898.msp[unk_4165] (it is still counting)
Files scanned: 542764
Files infected: 3
Suspicious files detected: 2
Vulnerabilities detected: 0
Do I need to just allow it to keep going?
-
The computer just shut down while it was scanning, and I was doing some work. The security essentials popped up and said the computer was not protected and then the screen went blank and then came back up saying it was shutting down but hung up in the process. I turned it off and back on, but have now lost the scan.
-
This should work better.
ESET Online Scan
Scan your computer with the ESET FREE Online Virus Scan (http://eset.com/onlinescan)
* Click the ESET Online Scanner button.
* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.
* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.
In your next reply please include the ESET Online Scan Log
-
I went ahead and re-ran the panda scan, and for whatever reason it made it way through it. It only picked up 2 files vs 3 when it shut down, but I am posting the log. Thank You for all your help.
;*********************************************************************************************
ANALYSIS: 2010-02-18 18:23:52
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 2
;*********************************************************************************************
PROTECTIONS
Description Version Active Updated
;==================================================================================
Microsoft Security Essentials 2.0.6212.0 Yes Yes
;==================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;==================================================================================
03009106 W32/Xor-encoded.A Virus No 0 Yes No c:\documents and settings\all users\application data\microsoft\microsoft antimalware\localcopy\{728d2b6c-ef40-5718-e9f9-d749100268b3}-acssetup.exe
03009106 W32/Xor-encoded.A Virus No 0 Yes No c:\documents and settings\all users\application data\microsoft\microsoft antimalware\localcopy\{6b6dd3c2-8578-db28-2ff5-d6fa577e5b20}-acssetup.exe
;==================================================================================
SUSPECTS
Sent Location
;==================================================================================
No c:\documents and settings\sean and wylene\my documents\antivirus\spiceworks.exe
No c:\system volume information\_restore{38619354-a30c-4aa1-999e-c6e4474b633e}\rp10\a0001944.dll
;==================================================================================
VULNERABILITIES
Id Severity Description
;==================================================================================
-
That's a false positive so nothing to worry about.
Disable/Enable the System Restore Utility to flush old infected restore points
1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Put a check mark next to Turn off System Restore on All Drives
4) Click the OK button.
5) You will be prompted to restart the computer. Click the Yes button.
Now re-enable System Restore
To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.
1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Remove the check mark next to Turn off System Restore on All Drives
4) Click the OK button.
----------
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
* Click Start Now
* Check the box next to Enable thorough system inspection.
* Click Start
* Allow the scan to finish and scroll down to see if any updates are needed.
* Update anything listed.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page (http://www.microsoft.com/windows/ie/).
----------
I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy (http://www.safer-networking.org/en/spybotsd/index.html). Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.
-
I appreciate everything that you all have done to help me. This has been one of the best experiences that I have ever had, and to imagine it was all free. In the computer world where most peoples knowledge is limited it is hard to trust anyone to give you advice let alone free advice. You all take it to another level and ad the service as well. Not sure I understand the business model, but I hope that you all are getting everything you are looking for, and if there is anything that I can help you with to return the favor please just ask.
I will definitely make sure anyone that I come across that needs help in the computer world is given the information to your site. I wish you all the best in your endeavors.
Hands down the best experience in service and advice that I have ever experienced.
SRose
-
Your very welcome.
Safe surfing... (|