Computer Hope
Software => Computer viruses and spyware => Topic started by: alspach06 on April 10, 2009, 05:16:02 PM
-
I'm trying to get my speakers to work. I just bought new ones n the only cord i have is the green one that came with it.. everything is plugged in but nothing is working.. my computer says i have no audio device found which is causing other programs not to open, like my iTunes 8.. help! I dont have a clue where to start
-
I'm trying to get my speakers to work. I just bought new ones n the only cord i have is the green one that came with it.. everything is plugged in but nothing is working.. my computer says i have no audio device found which is causing other programs not to open, like my iTunes 8.. help! I dont have a clue where to start
Did the speakers come with a CD?
If so, put it in a follow the instructions, then reply if you succeeded or failed.
If not, what brand of speaker is it?
-
no they didnt come with a cd i got them from a local wal mart the ones that came with the computer were blown... they are BZX1102
-
no they didnt come with a cd i got them from a local wal mart the ones that came with the computer were blown... they are BZX1102
What brand name?
-
altec lansing BX1120.. i was going off of memory b4 sorry... my computer hasnt had sound for over 2 years but we never needed it really... im trying to put music on my ipod but it wont open bcuz it says there is an error with my sound device so thats really all im trying to figure out
-
Speakers don't come with any CD. What for?
Why new speakers? Did the sound work before?
-
my old speakers that came with the computer were blown from forever ago... now when i try to adjust the volume on my computer it says there is no audio device found.. so i bought new speakers hooked them up but nothing is working... i know its not the speakers its my computer something happend n my audio got screwed up somehow
-
Any errors in Device Manager?
What's the computer brand, and model?
-
windows hp.. Windows XP Home Edition... is that right?? ha see i have no clue what im doing
-
Look at the front panel of your computer. Does it have any name on it?
-
my monitor says hp v72 and the tower says hp pavillion a305w
-
This is correct info. We'll need it, but first....
Go Start>Run, type in:
devmgmt.msc
Click OK.
Device Manger will open.
Are there any yellow "?", or "!" marks there?
-
yes it did... it was the "Universal Serial Bus (USB) Controller"
-
yes it did... it was the "Universal Serial Bus (USB) Controller"
USB Speakers?
-
USB controller has nothing to do with the sound problem.
Go here: http://h10025.www1.hp.com/ewfrf/wc/softwareList?os=228&lc=en&dlc=en&cc=us&lang=en&product=362754
Download sound driver (2nd on the list - Realtek).
Uninstall current sound driver, and install new one.
-
Altec speakers are great! I hope you get this figured out.
-
Thank you so much that worked!! but im still having an issue... my iTunes wont open so i tried ctrl alt delete and it says my Task Manager has been disabled by my administrator.. how do i fix that? and do you know how i can get itunes to work? I've uninstalled it once i got the sound working and reinstalled it but it still wont open for some reason
-
I'm glad, you have your sound back :)
my Task Manager has been disabled by my administrator
The above is often a sign of an infection...
Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download)
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
-
ok so i downloaded the hijackthis program n a list of all kinds of things popped up how do i know what to fix n what not to?
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:29:01 PM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\webHancer\Programs\whagent.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\iftuyszv.exe,
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - D:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IpWins] D:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [webHancer Agent] D:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://D:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?f60327c5b4d84eafb53ab58613fead2f
O8 - Extra context menu item: Open in new foreground tab - res://D:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?f60327c5b4d84eafb53ab58613fead2f
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130969658513
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O21 - SSODL: tmdelapw - {77fcd0b8-ff5e-479e-a337-2562e05f7824} - D:\Documents and Settings\All Users\Application Data\tmdelapw.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Client IP-IPX - Unknown owner - D:\WINDOWS\system32\svchosts.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
--
End of file - 13670 bytes
-
Wow....what a mess....
-
thats what i was affraid of
-
Wow....what a mess....
I'm not an expert and even I can see that...
-
ok im pretty sure we have established that my computer is a hot mess.. i get it.. now could someone help me or not thats the real quesiton here..geez
-
Well you have others that aren't knowing in reading logs chiming in on how bad things are so it's to be expected...
I'm taking the liberty to move this to the correct section so it can recieve the proper attention....
-
Wow....what a mess....
Looks can be deceiving...
---
Hello alspach06.
Before you begin the SDFix instructions you should copy these instructions in a Notepad file and save them to your desktop or print them for easy reference. Much of SDFix will be done in Safe mode and you will be unable to access this web page after booting into Safe mode.
Download SDFix by AndyManchesta (http://download.bleepingcomputer.com/andymanchesta/SDFix.exe) and save it to your desktop.
When using this tool, you must use the Administrator's account or an account with Administrative rights
* Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.
* A window will now open showing SDFix being extracted into the C:\SDFix folder.
* Once the installation program has finished extracting SDFix, it will open a Notepad with further instructions.
* DO NOT use it just yet.
Reboot your computer in Safe Mode (http://www.bleepingcomputer.com/tutorials/tutorial61.html) using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
When your computer has started in safe mode, and you see the desktop, close all open Windows.
* Click on the Start button, click on the Run menu option, and type the following text from the Code Box into the Open: field then click the OK button.
C:\SDFix\RunThis.bat
* SDFix window will open containing some brief info and a disclaimer on the use of the tool.
* Type Y on your keyboard and then press Enter to begin the cleanup process.
* It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
* Copy and paste the contents of the results file Report.txt in your next reply.
----------
Download DDS by sUBs (http://www.forospyware.com/sUBs/dds) and save it to your desktop. Alternate DDS download link (http://download.bleepingcomputer.com/sUBs/dds.scr)
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
----------
Next post please add:
-
Sorry...it won't happen again.
-
ok so i started doin all of these instructions but i realized im not in an administrative account or one with administrator rights so i got into safe mode on the administrators account (thats the only way i got the icon to get into it) but obviously i couldnt get on the net to download the sdfix stuff.. sooo how do i do that on an administrative account? man im really lost when it comes to this stuff.. sorry but thanks for your help!
-
Install SDFix in Normal Mode. The go into Safe Mode to run it.
-
my computer says i have no audio device found
Where did that come from?
When you try to play a sample sound in Wedow Media Player what happens?
Try playing Beethoven's Symphony No. 9 (Scherzo).wma
It is the the sample music in My Music if you have Windows XP. Do you get an error message?
Or try playing any music file.
-
The amount of malicious entries on this computer could be causing any number of side issues. Lets clean the malware then troubleshoot anything that might be still not working.
-
My speakers are fixed I dont need any help with those anymore thank you though. I downloaded SDFix I see the icon on my desktop and I recieved the notepad with futher instructions, so I restarted my computer got into safe mode and logged onto the Administrators account, when it loaded there was no SDFix icon, I went to start>run typed in C:\SDFix\RunThis.bat and this is the message that I recieved " C:\SDFix\RunThis.bat refers to a location that is unavailable. It could be on a hard drive on this computer or on a network. Check to make sure that the disc is properly inserted, or that you are connected to the internet or your netwrok, and then try again. If it still cannot be located, the information might have been moved to a different location" so I thought to try it in safe mode under my account where I can see the SDFix icon on my desktop but I recieved the same message.
-
I realize time is sometimes precious but you really should take care of this ASAP. There is a LOT of bad files to clean up on the computer.
You have to run it from the same account you installed it from. Did you do that?
Try this please. From the same account you installed it on...
Running SDFix in Normal Mode
- Open the SDFix folder and double-click RunThis.bat to start the script or go to Start > Run and type: C:\SDFix\RunThis.bat, then press Ok.
- Type S, then press Enter to switch to the safe mode menu screen.
- Type Y to begin the cleanup process.
- Please be patient as the scan may take up to 20 minutes to complete.
- SDFix will remove any Trojan services or registry entries found, then prompt you to "press any key..." to Reboot.
- At this point, Press any key to continue and restart the computer.
- When the computer restarts, the tool will run again to complete the removal process.
- When the script is complete, it will display Finished...press any key...
- Again, Press any key to end the script and load your desktop icons.
- Once the desktop icons load, The SDFix report log (Report.txt) will open in Notepad and automatically be saved in the SDFix folder.
- Please copy and paste the contents of Report.txt in your next reply.
-
when i downloaded the SDFix program it saved on my desktop so when i tried to open it a box comes up saying the publisher could not be verified are you sure you want to run this? then there is the option to run or cancel when i run it this comes up
SDFix has been extracted to %systemdrive%\SDFix\
(Drive that contains the Windows directory - typically C:\SDFix)
Open the SDFix folder in Safe Mode and double click the RunThis.bat file to start the fixtool
If RunThis.bat is started in Normal Mode, options to download and run Anti-Virus command line scanners are displayed
Catchme.exe Stealth Malware Detector by GMER is also included in the SDFix folder
Additional SDFix Instructions & screen shots can be found here - http://www.bleepingcomputer.com/forums/topic131299.html
SDFix a été extrait dans %systemdrive%\SDFix\
(Le disque qui contient le répertoire Windows - typiquement C:\SDFix)
Ouvrez le dossier SDFix en mode sans échec et double cliquez sur le fichier RunThis.bat pour démarrer l'outil.
Si RunThis.bat est lancé en mode normal, les options pour télécharger et lancer les scanners Antivirus en ligne de commande seront affichées
Catchme.exe Stealth Malware Detector de GMER est également inclus dans le dossier SDFix
Instructions supplémentaires pour SDFix & captures d'écran peuvent être trouvées ici - http://www.bleepingcomputer.com/forums/topic131299.html
SDFix wurde nach %systemdrive%\SDFix\ entpackt
(Das ist das laufwerk welches den Windows Ordner enthält - normalerweise c:\SDFix)
Öffe den SDFix Ordner im Abgesicherten Modus und doppelklicke zum starten die RunThis.bat Datei
Sollte die RunThis.bat im normalen Modus gestartet werden, wird einem die Möglichkeiten geboten Antivirenscanner für die Kommandozeile
(Dosbox) downzuloaden.
Das Programm Catchme Malware Detector von Gmer ist auch im SDFix Ordner enthalten.
Zusätzliche SDFix Anleitungen und Screen Shots können hier nach geschaut werden: http://www.bleepingcomputer.com/forums/topic131299.html (http://"http://www.bleepingcomputer.com/forums/topic131299.html")
when i type in C:\SDFix\RunThis.bat i still get the same message
-
Did you try my above suggestion of Running SDFix in Normal Mode? http://www.computerhope.com/forum/index.php/topic,81147.msg539016.html#msg539016
If that does not work we will move on to something else.
-
everything i just wrote you was in normal mode :)
-
thats the stuff that comes up when i tried to open the SDFix program
-
OK thanks. We will move on then.
You might need two posts to get all of the next 3 logs in and if so that's fine. I was hoping SDFix would work so we could avoid the extra scans but all of this should go pretty fast.
Download HostsXpert (http://www.funkytoad.com/index.php?option=com_content&task=view&id=13&Itemid=&28d444df85eb4f435055ed9d39c02f03=2762e1da6db9163fc17720a8dfac5b6e)- Unzip HostXpert to your Desktop
- Open up the HostXpert program.
- Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled.
- Click Create Back Up
- Then click on Restore Microsoft's Host Files
- Close the HostXpert program
.
Note: if you use SpywareBlaster, Spybot and/or IE-SPYAD, it will be necessary to re-install the protection they afford. For SpywareBlaster, run the program and select Enable all protection. For Spybot run the program and select Immunize. For IE-SPYAD, run the batch file and reinstall the protection.
----------
Download Malwarebytes' Anti-Malware (MBAM) (http://www.malwarebytes.org/mbam-download.php)
Alternate MBAM download link (http://www.besttechie.net/tools/mbam-setup.exe)
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and Paste the entire report in your next reply.
.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
----------
Download DDS by sUBs (http://www.forospyware.com/sUBs/dds) and save it to your desktop. Alternate DDS download link (http://download.bleepingcomputer.com/sUBs/dds.scr)
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
----------
Next post please add
-
what the heck does "unzip" hostxpert to your desktop mean? how do i do that haha.. i downloaded it and a folder came up that has an icon of a folder with hostxpert underneath it to the left in folder tasks it says extract all files... is this whats supposed to be there
-
Just double click it and it should open.
-
ok when i opened it i see some of the buttons you were talking about but i got a warning that says your HOSTS file is marked as "system file" and can NOT be manipulated. press OK to remove the system file attribute, cancel to quit. ****HostsXpert will NOT reset these attributes****
do i want to say ok or cancel?
-
No just exit out of that and go on to the next scan with MalwareBytes. We will take care of that later after some cleanup has been done.
-
Hello again, alspach06.
How much did you pay for the speakers?
How much effort do you want to make them work?
Are you sure the problem is a virus? How do you know?
There is a diagnostics program the runs off of a boo table CD.
It is not affected by virus. If it does not work, this would indicate that your Windows system has been damaged oo something.
:-\
-
My speakers are fixed I dont need any help with those anymore thank you though.
;)
-
Insert Quote
Quote from: alspach06 on Today at 12:40:57 PM
My speakers are fixed I dont need any help with those anymore thank you though.
evilfantasy:
Hurry, break his computer NOW!
Before somebody closes this thread! O0
-
this scan is taking FOREVER!
-
Did you choose full scan or quick scan.
There are a BUNCH of adware files to be removed so if it takes a while it's worth it. As long as it doesn't get stuck then everything is OK.
Can't wait to see the log... >:D
-
Malwarebytes' Anti-Malware 1.36
Database version: 1995
Windows 5.1.2600 Service Pack 3
4/17/2009 5:46:26 PM
mbam-log-2009-04-17 (17-46-26).txt
Scan type: Quick Scan
Objects scanned: 110120
Time elapsed: 37 minute(s), 18 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 60
Registry Values Infected: 3
Registry Data Items Infected: 4
Folders Infected: 5
Files Infected: 69
Memory Processes Infected:
D:\Program Files\webHancer\Programs\whagent.exe (Adware.Webhancer) -> Unloaded process successfully.
Memory Modules Infected:
D:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Delete on reboot.
D:\Program Files\webHancer\Programs\webhdll.dll (Adware.Webhancer) -> Delete on reboot.
D:\Documents and Settings\All Users\Application Data\tmdelapw.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77fcd0b8-ff5e-479e-a337-2562e05f7824} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\webhancer agent (Adware.Webhancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\tmdelapw (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\iftuyszv.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
Folders Infected:
D:\Program Files\Ipwindows (Trojan.Rond) -> Files: 2461 -> Quarantined and deleted successfully.
D:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Program Files\webHancer (Adware.Webhancer) -> Delete on reboot.
D:\Program Files\webHancer\Programs (Adware.Webhancer) -> Delete on reboot.
D:\WINDOWS\system32\netrax06 (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
D:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Delete on reboot.
D:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
D:\Documents and Settings\Linda\Local Settings\Temp\snpp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\Linda\Local Settings\Temp\syswcc32.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
D:\Program Files\webHancer\Programs\license.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
D:\Program Files\webHancer\Programs\readme.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
D:\Program Files\webHancer\Programs\sporder.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
D:\Program Files\webHancer\Programs\webhdll.dll (Adware.Webhancer) -> Delete on reboot.
D:\Program Files\webHancer\Programs\whagent.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
D:\Program Files\webHancer\Programs\whagent.ini (Adware.Webhancer) -> Quarantined and deleted successfully.
D:\Program Files\webHancer\Programs\whinstaller.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
D:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\tmdelapw.dll (Trojan.Agent) -> Delete on reboot.
D:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
D:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\netstat.com (Worm.Alcra) -> Quarantined and deleted successfully.
D:\Program Files\Common Files\Yazzle1122OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\taskkill.com (Worm.P2P) -> Quarantined and deleted successfully.
your not gunna crash n burn my computer are you
-
DS (Ver_09-03-16.01) - NTFSx86
Run by Linda at 18:07:07.37 on Fri 04/17/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.72 [GMT -5:00]
AV: AVG 7.5.557 *On-access scanning enabled* (Updated)
============== Running Processes ===============
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
svchost.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\svchost.exe -k imgsvc
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\WINDOWS\system32\igfxtray.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
D:\Documents and Settings\Linda\Desktop\dds.pif
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - d:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - d:\program files\windows live toolbar\msntb.dll
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MsnMsgr] "d:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [AVG7_CC] d:\progra~1\grisoft\avgfre~1\avgcc.exe /STARTUP
mRun: [AVG7_EMC] d:\progra~1\grisoft\avgfre~1\avgemc.exe
mRun: [IgfxTray] d:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] d:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "d:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [IpWins] d:\program files\ipwindows\ipwins.exe
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
dRun: [AVG7_Run] d:\progra~1\grisoft\avgfre~1\avgw.exe /RUNONCE
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - d:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - d:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - d:\program files\microsoft office\office\OSA9.EXE
IE: &Windows Live Search - d:\program files\windows live toolbar\msntb.dll/search.htm
IE: Open in new background tab - d:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?f60327c5b4d84eafb53ab58613fead2f
IE: Open in new foreground tab - d:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?f60327c5b4d84eafb53ab58613fead2f
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - d:\program files\java\jre1.6.0_05\bin\ssv.dll
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://www.slide.com/uploader/SlideImageUploader.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130969658513
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/luxr/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab41227.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R1 Avg7Core;AVG7 Kernel;d:\windows\system32\drivers\avg7core.sys [2006-5-23 821856]
R1 Avg7RsW;AVG7 Wrap Driver;d:\windows\system32\drivers\avg7rsw.sys [2006-2-27 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;d:\windows\system32\drivers\avg7rsxp.sys [2006-3-14 27776]
R1 AvgClean;AVG Clean Driver;d:\windows\system32\drivers\avgclean.sys [2007-4-12 10760]
R2 Avg7Alrt;AVG7 Alert Manager Server;d:\progra~1\grisoft\avgfre~1\avgamsvr.exe [2005-11-3 418816]
R2 Avg7UpdSvc;AVG7 Update Service;d:\progra~1\grisoft\avgfre~1\avgupsvc.exe [2005-11-3 49664]
R2 AvgTdi;AVG Network Redirector;d:\windows\system32\drivers\avgtdi.sys [2005-11-3 4960]
S2 Client IP-IPX;Client IP-IPX;"d:\windows\system32\svchosts.exe" -e te-110-12-0000282 --> d:\windows\system32\svchosts.exe [?]
=============== Created Last 30 ================
2009-04-17 16:55 <DIR> --d----- d:\docume~1\linda\applic~1\Malwarebytes
2009-04-17 16:54 15,504 a------- d:\windows\system32\drivers\mbam.sys
2009-04-17 16:54 38,496 a------- d:\windows\system32\drivers\mbamswissarmy.sys
2009-04-17 16:54 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-17 16:54 <DIR> --d----- d:\program files\Malwarebytes' Anti-Malware
2009-04-16 12:02 <DIR> --d----- D:\SDFix
2009-04-15 13:20 <DIR> --d----- d:\program files\Trend Micro
2009-04-14 21:18 401,408 -c------ d:\windows\system32\dllcache\rpcss.dll
2009-04-14 21:18 284,160 -c------ d:\windows\system32\dllcache\pdh.dll
2009-04-14 21:18 110,592 -c------ d:\windows\system32\dllcache\services.exe
2009-04-14 21:18 473,600 -c------ d:\windows\system32\dllcache\fastprox.dll
2009-04-14 21:18 453,120 -c------ d:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 21:18 227,840 -c------ d:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 21:18 729,088 -c------ d:\windows\system32\dllcache\lsasrv.dll
2009-04-14 21:18 617,472 -c------ d:\windows\system32\dllcache\advapi32.dll
2009-04-14 21:18 714,752 -c------ d:\windows\system32\dllcache\ntdll.dll
2009-04-14 21:17 1,203,922 -c------ d:\windows\system32\dllcache\sysmain.sdb
2009-04-14 21:17 2,560 -------- d:\windows\system32\xpsp4res.dll
2009-04-14 21:17 215,552 -c------ d:\windows\system32\dllcache\wordpad.exe
2009-04-14 12:27 <DIR> --d----- d:\program files\iPod
2009-04-14 11:42 156,672 -------- d:\windows\system32\RtlCPAPI.dll
2009-04-14 11:42 69,632 -------- d:\windows\soundman.exe
2009-04-14 11:42 40,448 -------- d:\windows\system32\ChCfg.exe
2009-04-14 11:42 9,196,032 -------- d:\windows\system32\RTLCPL.exe
2009-04-14 11:42 141,016 -------- d:\windows\system32\alsndmgr.wav
2009-04-14 11:42 208,896 -------- d:\windows\alcupd.exe
2009-04-14 11:42 139,264 -------- d:\windows\alcrmv.exe
2009-04-07 13:18 <DIR> --d----- d:\program files\Realtek
2009-04-07 13:18 540,672 a------- d:\windows\RtlExUpd.dll
2009-04-06 21:48 36,864 a------- d:\windows\system32\drivers\usbaapl.sys
2009-04-06 21:47 1,900,544 a------- d:\windows\system32\usbaaplrc.dll
2009-04-06 19:01 107,368 a------- d:\windows\system32\GEARAspi.dll
2009-04-06 19:01 23,400 a------- d:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-06 12:26 <DIR> --d----- d:\program files\iTunes
2009-04-06 12:26 <DIR> --d----- d:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-06 12:25 <DIR> --d----- d:\program files\Bonjour
2009-03-30 17:50 <DIR> --dsh--- d:\documents and settings\linda\PrivacIE
2009-03-30 17:44 <DIR> --dsh--- d:\documents and settings\linda\IETldCache
2009-03-30 17:28 <DIR> --d----- d:\windows\ie8updates
2009-03-30 17:24 <DIR> -cd-h--- d:\windows\ie8
2009-03-30 17:16 105,984 -c------ d:\windows\system32\dllcache\iecompat.dll
2009-03-21 09:06 989,696 -c------ d:\windows\system32\dllcache\kernel32.dll
==================== Find3M ====================
2009-03-08 04:34 914,944 a------- d:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- d:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- d:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- d:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- d:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- d:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- d:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- d:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- d:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- d:\windows\system32\msls31.dll
2009-03-06 09:22 284,160 a------- d:\windows\system32\pdh.dll
2009-02-09 07:10 729,088 a------- d:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 a------- d:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 a------- d:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- d:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 a------- d:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- d:\windows\system32\ntkrnlpa.exe
2009-02-06 06:11 110,592 a------- d:\windows\system32\services.exe
2009-02-06 06:08 2,189,056 a------- d:\windows\system32\ntoskrnl.exe
2009-02-06 05:39 35,328 a------- d:\windows\system32\sc.exe
2009-02-03 14:59 56,832 a------- d:\windows\system32\secur32.dll
============= FINISH: 18:07:38.96 ===============
-
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/2/2005 4:11:20 PM
System Uptime: 4/17/2009 5:48:45 PM (1 hours ago)
Motherboard: TriGem Computer Inc. | | Glendale motherboard
Processor: Intel(R) Celeron(R) CPU 2.70GHz | WMT478/NWD | 2691/mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (FAT32) - 6 GiB total, 0.576 GiB free.
D: is FIXED (NTFS) - 32 GiB total, 20.1 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 4/7/2009 12:35:54 PM - System Checkpoint
RP2: 4/7/2009 1:18:39 PM - Installed Realtek High Definition Audio Driver
RP3: 4/8/2009 1:26:29 PM - System Checkpoint
RP4: 4/9/2009 2:26:25 PM - System Checkpoint
RP5: 4/10/2009 3:26:26 PM - System Checkpoint
RP6: 4/11/2009 3:58:27 PM - System Checkpoint
RP7: 4/12/2009 4:58:25 PM - System Checkpoint
RP8: 4/13/2009 5:58:27 PM - System Checkpoint
RP9: 4/14/2009 12:05:48 PM - Removed iTunes
RP10: 4/14/2009 12:10:05 PM - Removed QuickTime
RP11: 4/14/2009 12:26:43 PM - Installed iTunes
RP12: 4/15/2009 3:00:36 AM - Software Distribution Service 3.0
RP13: 4/16/2009 3:20:33 AM - System Checkpoint
RP14: 4/17/2009 4:19:49 AM - System Checkpoint
==== Installed Programs ======================
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Apple Mobile Device Support
Apple Software Update
AVG Free Edition
Bonjour
CardRd81
CCScore
CR2
Critical Update for Windows Media Player 11 (KB959772)
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Form Fill (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Extreme Graphics Driver
IpWins
iTunes
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 2
Java(TM) 6 Update 5
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
LimeWire 4.16.6
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
netbrdg
Notifier
OfotoXMI
OIN
OneCare Advisor (Windows Live Toolbar)
PCDADDIN
PCDHELP
QuickTime
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SFR
SHASTA
SKIN0001
SKINXSDK
Smart Menus (Windows Live Toolbar)
staticcr
Tabbed Browsing (Windows Live Toolbar)
tooltips
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
4/16/2009 12:10:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avg7Core Avg7RsW Avg7RsXP Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
4/16/2009 12:10:04 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
4/16/2009 12:10:04 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/16/2009 12:10:04 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/16/2009 12:10:04 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/16/2009 12:10:04 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/16/2009 12:10:04 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/16/2009 12:09:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/16/2009 12:09:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/14/2009 12:07:47 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
4/14/2009 11:49:07 AM, error: Service Control Manager [7000] - The Client IP-IPX service failed to start due to the following error: The system cannot find the file specified.
==== End Of File ===========================
-
your not gunna crash n burn my computer are you
I find more enjoyment in making them run good then I do crashing them... ;)
Go to Add or Remove Programs and uninstall:
- IpWins
----------
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
DO NOT run it yet!
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
DDS::
BHO: 1 (0x1) - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [IpWins] d:\program files\ipwindows\ipwins.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
Folder::
d:\program files\ipwindows
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
----------
Your Java is out of date.
Older versions have vulnerabilities that malicious sites can use to infect your system.
First install the new Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html)
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close all browser windows before beginning the install.
Remove the old version(s)
Download JavaRa (http://www.majorgeeks.com/JavaRa_d5967.html)
- Unzip the file and open the JavaRa.exe
- Click Remove Older Versions
- JavaRa will search for and remove any outdated version of Java and remove any that are found.
- Click Additional Tasks
- Place a check next to Remove Useless JRE Files and click Go
- Exit JavaRa
- Delete the JavaRa files from the Desktop
.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
-
sorry this is taking so long..new hours at work so i dont have a whole lot of extra time on my hands and the computer you are helping me fix isnt at my house yet... it will prob be like this for awhile..i appreciate your helping me...
ComboFix 09-04-20.02 - Linda 04/19/2009 21:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.59 [GMT -5:00]
Running from: d:\documents and settings\Linda\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Linda\Desktop\CFScript.txt
AV: AVG 7.5.557 *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
d:\documents and settings\Michelle\Start Menu\Programs\Startup\winlogon.lnk
d:\progra~1\COMMON~1\{10B7B~1
d:\progra~1\COMMON~1\{10B7B~1\system.dll
d:\progra~1\COMMON~1\{10B7B~2
d:\progra~1\COMMON~1\{10B7B~2\system.dll
d:\program files\messenger\msmsgs.exe
d:\windows\system32\hljwugsf.bin
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CLIENT_IP-IPX
-------\Service_Client IP-IPX
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="d:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="d:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2009-03-01 590848]
"AVG7_EMC"="d:\progra~1\Grisoft\AVGFRE~1\avgemc.exe" [2007-12-27 406528]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="d:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-27 219136]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - d:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
KODAK Software Updater.lnk - d:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Microsoft Office.lnk - d:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"d:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"d:\\StubInstaller.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"d:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"d:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
--- Other Services/Drivers In Memory ---
*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - AudioSrv
*Deregistered* - Avg7Alrt
*Deregistered* - Avg7UpdSvc
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - iPod Service
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder
2009-04-16 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-04-20 d:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- d:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - d:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Open in new background tab - d:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?f60327c5b4d84eafb53ab58613fead2f
IE: Open in new foreground tab - d:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?f60327c5b4d84eafb53ab58613fead2f
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 22:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Client IP-IPX]
"ImagePath"="\"d:\windows\system32\svchosts.exe\" -e te-110-12-0000282"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2164)
d:\docume~1\Linda\LOCALS~1\Temp\IadHide5.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\OneX.DLL
d:\windows\system32\eappprxy.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
d:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\iPod\bin\iPodService.exe
d:\program files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-04-20 22:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-20 03:15
Pre-Run: 21,504,122,880 bytes free
Post-Run: 23,344,259,072 bytes free
162 --- E O F --- 2009-04-15 08:08
-
what do i download on the website for the new Sun Java Runtime Environment? which one do i pick???
-
The 5th download button next to JRE 6 Update 13 on this page. http://java.sun.com/javase/downloads/index.jsp
Download the OTMoveIt3 (http://oldtimer.geekstogo.com/OTMoveIt3.exe) by OldTimer
Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.
* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)
:Processes
explorer.exe
:reg
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Client IP-IPX]
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.
----------
How is the computer running now?
-
there is 3 options to download which do i choose?
-
The first one. Windows Offline Installation
-
ok so when i downloaded java once it was finished i kept gettin a message that said Syntec error what is that
-
Is that the whole error?
Have you restarted the computer?
-
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Client IP-IPX\\ not found.
========== COMMANDS ==========
File delete failed. D:\DOCUME~1\Linda\LOCALS~1\Temp\IadHide5.dll scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Linda\LOCALS~1\Temp\~DF5716.tmp scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Linda\LOCALS~1\Temp\~DF5736.tmp scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Linda\LOCALS~1\Temp\~DF5B80.tmp scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Linda\LOCALS~1\Temp\~DF5B90.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. D:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\V341E69C\ViewFilteredProducts-SingleVariationTypeFilter98a8d675[1].htm scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\A9MGCRYN\topic,81147.msg540929[1].html scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. D:\WINDOWS\temp\Perflib_Perfdata_18c.dat scheduled to be deleted on reboot.
File delete failed. D:\WINDOWS\temp\Perflib_Perfdata_e6c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04202009_215520
Files moved on Reboot...
DllUnregisterServer procedure not found in D:\DOCUME~1\Linda\LOCALS~1\Temp\IadHide5.dll
D:\DOCUME~1\Linda\LOCALS~1\Temp\IadHide5.dll NOT unregistered.
D:\DOCUME~1\Linda\LOCALS~1\Temp\IadHide5.dll moved successfully.
File D:\DOCUME~1\Linda\LOCALS~1\Temp\~DF5716.tmp not found!
File D:\DOCUME~1\Linda\LOCALS~1\Temp\~DF5736.tmp not found!
File D:\DOCUME~1\Linda\LOCALS~1\Temp\~DF5B80.tmp not found!
File D:\DOCUME~1\Linda\LOCALS~1\Temp\~DF5B90.tmp not found!
D:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\V341E69C\ViewFilteredProducts-SingleVariationTypeFilter98a8d675[1].htm moved successfully.
D:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\A9MGCRYN\topic,81147.msg540929[1].html moved successfully.
File D:\WINDOWS\temp\Perflib_Perfdata_18c.dat not found!
D:\WINDOWS\temp\Perflib_Perfdata_e6c.dat moved successfully.
-
im pretty sure i didnt get my java updated right can you start over with those instructions?
-
Do this first.
Download DrWeb CureIt (http://www.freedrweb.com/) & save it to your desktop. Scan with DrWeb-CureIt as follows:
- Double-click on drweb-cureit.exe and then click Start
- An information notice will appear, click OK.
- This starts a short scan that will scan the files currently running in memory.
- If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
- If or when something is found, click the Yes button when it asks you if you want to cure it.
- Once the short scan has finished, Click Settings > Change Settings
- Under the Scanning tab UNcheck Heuristic analysis and click OK
- Back at the main window, select the Complete scan button and then click the Green Arrow (http://i154.photobucket.com/albums/s258/evilfantasy69/drweb.jpg) Start Scanning button on the right and the scan will start.
- Click Yes to all if it asks if you want to cure/move any file(s).
- When the scan is done.
- In the Dr.Web CureIt menu on top left, click File and choose Save report list.
- Save the DrWeb.csv report to your Desktop.
- Exit Dr.Web Cureit.
- Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
* Copy and paste that log in the next reply
-
sorry this has taken so long..new hours at work!
11074468.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11094796.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11095406.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11096000.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11096312.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11097015.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11098234.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11098328.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11098421.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11099890.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11099953.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11100156.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11100234.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11100343.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11100437.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11100562.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11100703.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11100765.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11100796.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11100859.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11100906.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11100953.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11101031.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11101078.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11101109.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11101156.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11101203.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11101281.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11101437.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11101531.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11101609.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11101703.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11101765.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11101828.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11101875.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11102062.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11102218.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11102265.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11102296.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11102343.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11102390.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11102437.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11102484.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11102515.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11102562.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11102593.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11102640.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11102671.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11102718.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11102781.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11102843.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11102875.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11102921.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11102968.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11103984.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11104156.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11104281.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11105031.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11106062.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11106328.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11107390.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11107531.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11125140.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11126156.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11132500.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11132687.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11132921.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11133093.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11133328.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11133375.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11133421.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11133468.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11133500.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11133546.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11133593.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11133640.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11133703.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11133750.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11133796.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11133843.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11133875.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11133937.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11134078.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11134109.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11134156.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11134218.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11134250.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11134296.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11134343.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11134437.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11134515.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11134562.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11134609.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11134656.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11134703.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11134750.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11134796.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11134859.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11134890.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11134953.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11135078.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11135140.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11135187.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11135250.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11135312.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11135390.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11135453.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11135546.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11135609.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11135687.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11135750.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11135828.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11135953.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11136000.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11136140.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11136218.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11136250.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11136296.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11136359.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11136406.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11136453.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11136515.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11136578.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11136625.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11136703.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11136750.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11136796.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11136890.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11136968.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11137046.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11137218.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11137281.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11137328.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11137390.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11137453.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11137500.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11137578.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11137625.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11137671.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11137718.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11137843.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11137953.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11138000.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11138093.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11138140.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11138218.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11138265.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11138312.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11138359.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11138406.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11138453.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11138515.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11138562.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11138625.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11138734.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11138781.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11138828.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11138906.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11138953.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11139015.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11139203.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11139296.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11139343.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11139406.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11139453.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11139515.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11139562.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11139625.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11139750.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11139796.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11139859.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11139921.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11139984.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11140046.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11140125.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11140187.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11140265.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11140375.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11140500.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11140562.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11140656.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11140750.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11140812.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11140859.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11140953.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11141171.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
11141281.FIL;C:\$VAULT$.AVG;Win32.Gael.3666;Cured.;
06990266.FIL;D:\$VAULT$.AVG;Trojan.DownLoader.52774;Deleted.;
09420408.FIL;D:\$VAULT$.AVG;Adware.ClickSpring;;
15784188.FIL;D:\$VAULT$.AVG;Modification of BackDoor.Generic.1699;;
15784829.FIL;D:\$VAULT$.AVG;Modification of BackDoor.Generic.1699;;
29400078.FIL\data003;D:\$VAULT$.AVG\29400078.FIL;Adware.Sonetads.1;;
29400078.FIL;D:\$VAULT$.AVG;Archive contains infected objects;;
29400421.FIL;D:\$VAULT$.AVG;Trojan.DownLoad.1015;Deleted.;
29400593.FIL;D:\$VAULT$.AVG;Trojan.DownLoader.56730;Deleted.;
76061671.FIL;D:\$VAULT$.AVG;Trojan.DownLoader.18142;Deleted.;
76061906.FIL;D:\$VAULT$.AVG;Trojan.DownLoader.18142;Deleted.;
76061968.FIL;D:\$VAULT$.AVG;Trojan.DownLoader.18142;Deleted.;
76331203.FIL;D:\$VAULT$.AVG;Adware.Maxifiles;;
86893687.FIL;D:\$VAULT$.AVG;Trojan.DownLoader.18142;Deleted.;
86893906.FIL;D:\$VAULT$.AVG;Trojan.DownLoader.18142;Deleted.;
86893968.FIL;D:\$VAULT$.AVG;Trojan.DownLoader.18142;Deleted.;
86919571.FIL;D:\$VAULT$.AVG;Trojan.MulDrop.5530;Deleted.;
86920243.FIL;D:\$VAULT$.AVG;Win32.HLLW.Pytica;Deleted.;
86920368.FIL;D:\$VAULT$.AVG;Trojan.DownLoader.18142;Deleted.;
86920680.FIL;D:\$VAULT$.AVG;Trojan.DownLoader.18142;Deleted.;
86920774.FIL;D:\$VAULT$.AVG;Trojan.DownLoader.18142;Deleted.;
86920821.FIL;D:\$VAULT$.AVG;Trojan.DownLoader.18142;Deleted.;
ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;D:\Documents and Settings\Linda\Desktop\ComboFix.exe/data002;Program.PsExec.171;;
data002;D:\Documents and Settings\Linda\Desktop;Archive contains infected objects;;
ComboFix.exe;D:\Documents and Settings\Linda\Desktop;Container contains infected objects;;
SDFix.exe\SDFix\apps\Process.exe;D:\Documents and Settings\Linda\Desktop\SDFix.exe;Tool.Prockill;;
SDFix.exe;D:\Documents and Settings\Linda\Desktop;Archive contains infected objects;;
alisha keys superwoman.mp3;D:\Documents and Settings\Linda\My Documents\LimeWire\Saved;Trojan.WMALoader;Cured.;
system.dll.vir;D:\Qoobox\Quarantine\D\Program Files\COMMON~1\{10B7B~1;Trojan.DownLoader.18142;Deleted.;
system.dll.vir;D:\Qoobox\Quarantine\D\Program Files\COMMON~1\{10B7B~2;Trojan.DownLoader.18142;Deleted.;
Process.exe;D:\SDFix\apps;Tool.Prockill;;
A0000824.exe;D:\System Volume Information\_restore{8E9F19A5-B25A-4409-86BB-4F20D41DEE84}\RP14;Tool.Prockill;;
A0000928.exe;D:\System Volume Information\_restore{8E9F19A5-B25A-4409-86BB-4F20D41DEE84}\RP14;Tool.Prockill;;
A0001043.exe;D:\System Volume Information\_restore{8E9F19A5-B25A-4409-86BB-4F20D41DEE84}\RP14;Adware.Maxifiles;;
A0001145.dll;D:\System Volume Information\_restore{8E9F19A5-B25A-4409-86BB-4F20D41DEE84}\RP17;Trojan.DownLoader.18142;Deleted.;
A0001146.dll;D:\System Volume Information\_restore{8E9F19A5-B25A-4409-86BB-4F20D41DEE84}\RP17;Trojan.DownLoader.18142;Deleted.;
A0001160.EXE;D:\System Volume Information\_restore{8E9F19A5-B25A-4409-86BB-4F20D41DEE84}\RP17;Program.PsExec.170;;
A0001161.dll;D:\System Volume Information\_restore{8E9F19A5-B25A-4409-86BB-4F20D41DEE84}\RP17;Trojan.DownLoader.18142;Deleted.;
A0001162.dll;D:\System Volume Information\_restore{8E9F19A5-B25A-4409-86BB-4F20D41DEE84}\RP17;Trojan.DownLoader.18142;Deleted.;
A0001163.dll;D:\System Volume Information\_restore{8E9F19A5-B25A-4409-86BB-4F20D41DEE84}\RP17;Trojan.DownLoader.18142;Deleted.;
A0001164.dll;D:\System Volume Information\_restore{8E9F19A5-B25A-4409-86BB-4F20D41DEE84}\RP17;Trojan.DownLoader.18142;Deleted.;
-
OK how is the computer running now?
-
rediculously slow
-
I don't think it's malware.
Try doing a disk cleanup and defrag to see what that does.
-
dno what that is or how to do it
-
Delete temporary files
Go to:
- Start
- Run
- type: CLEANMGR.EXE
- Press Enter.
When prompted select the C: drive and click OK.
Check the boxes for:- Temporary Internet Files
- Downloaded Program Files
- Recycle Bin
- Temporary Files
.
Click OK or Enter
Restart the computer.
----------
You can use the built in Windows Defrag by clicking Start > Run and then type in dfrg.msc then click OK. Or use a faster FREE program. Defraggler (http://www.defraggler.com/) is very effective and easy to use.
-
the choices i got were recycle bin, system restore: obsolete data stores and catalog files for the content indexer
do those?
-
Here, this is automated.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune and save it to your Desktop.
Alternate Download link (http://www.majorgeeks.com/ATF_Cleaner_d4949.html)
Windows Vista users:ATF-Cleaner must be Run as an Administrator (http://vistasupport.mvps.org/run_as_administrator.htm)
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
- Windows Temp
- Current User Temp
- All Users Temp
- Temporary Internet Files
- Prefetch
- Java Cache
- Recycle bin
The rest are optional - if you want it to remove everything check Select All
Now click Empty Selected
When you get the Done Cleaning message, click OK
Firefox users click Firefox on the menu bar
Click on Select All, then click Empty
Note: If you want to keep your saved Passwords click No on the prompt.
Opera users click Opera on the menu bar
Click on Select All, then click Empty
Note: If you want to keep your saved Passwords click No on the prompt
Note that your system will run slower for a reboot or two after having used this tool so don't panic
-
My wife's computer lost sound about 2 years ago. I worked with a Windows XP Escalation Engineer who took me under his wing so to speak. Her system is a Systemax with licensed software for their proprietary systems: no windows disc came with the system. If you go to controll panel > sounds > and it is grayed out and defaults to a modem that you may not have installed, the issue is a dropped Windows driver. To fix the problem get a "clean" windows disc. If you don't have one Microsoft will send you a replacement. The Utilities disc manufacuters send with their systems ~ will not work! In save mode insert the disc and check "Repair"; be sure and check your BIOS to see if it is set to auto start [yes]. The disc will reload all the drivers necessary. Be sure to down load new audio drivers [Audio 97 or disc prompt] to a folder on your desktop - it's easy to find there. While the repair is patching files, for each file that it requests a disc to be inserted to load a specific dynamic link library .dll file, make note and download those as well. After you are prompted - reboot, and download those files that the Windows disc asked for during repair. Once you have downloaded and installed the requested file updates, reboot and your problem will be solved. Just a note: systems with factory installed Windows are problematic and without a legit version of Windows XP, your problem is there to stay. My only problem now is keeping my wife's volume turned down....If I can be of further assistance let me know. That problem was persitant.