Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: turinj5677 on December 30, 2010, 08:56:33 PM
-
Please Help!! I have been going nuts for a few days with this.
I am running Windows XP pro version 2002 sp3.
My problems started a few days ago when I began to get a windows "no disc" error. It would give me three options of retry, cancel, or continue. After several clicks the window would close. My machine would hang up on shut down at the screen "windows is shutting down". My home page in both ie and firefox were changed, and I was getting redirected to various search pages when I tried links from google. I also could not access the windows update site.
I had recently installed itunes and quick time so I assumed that was the problem. When I tried to remove them my computer would freeze up. So I tried a system restore to the point before I installed them, but it didn't work. I was still having the same problem.
I ran an avg scan that came up empty. I tried to run an ad-aware scan but the system froze. I went to a site called eset.com and ran an online scan there that found some problems and supposedly rectified them. I then downloaded combofix from another site after being reccomended to do so by someone at another site, and ran that. After these the no disc error was gone, and my machine would shut down, but the other problems were still there. Along with these sometimes after start up my screen would be blank with no task bar and no desktop items. When I would try to shut down through task mgr the system would freeze. I also occasionally get an error message that says "Generic Host Process for Win32 Services had encountered a problem and needs to close."
I then downloaded spybot s+d and Super antispyware and ran those in safe mode. The found a few issues as well and removed them. I also ran CClean in safe mode. After rebooting the problems were still there.
I read a few threads on another site and then downloaded MBAM and ran it. It found one problem and fixed it. The problems are still there however. I still am getting redirected to other search sites in both explorer and fire fox. When I try to get to windows update I get a "cannot display webpage" message whether I try to get there from ie or from the start menu. I still have the occasional boot to empty screen and the Generic Host Process Error message.
Can anyone help??? I know that there are a few different symptoms here but since they all started at the same time I am assuming they are from the same problem.
I posted this in another part of this board and they advised me to follow the isntructions in "Read this before requesting malware removal". I have followed all the instructions in order. Thanks in advance for any help. Here are the logs:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 12/30/2010 at 09:08 PM
Application Version : 4.47.1000
Core Rules Database Version : 6104
Trace Rules Database Version: 3916
Scan type : Complete Scan
Total Scan Time : 01:20:11
Memory items scanned : 502
Memory threats detected : 0
Registry items scanned : 6878
Registry threats detected : 0
File items scanned : 107589
File threats detected : 139
Adware.Tracking Cookie
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@advertise[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@advertising[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\LocalService\Cookies\system@apmebf[1].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\LocalService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@casalemedia[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@collective-media[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][3].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@fastclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\LocalService\Cookies\system@insightexpressai[2].txt
C:\Documents and Settings\LocalService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@legolas-media[1].txt
C:\Documents and Settings\LocalService\Cookies\system@lucidmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\LocalService\Cookies\system@pointroll[1].txt
C:\Documents and Settings\LocalService\Cookies\system@pro-market[1].txt
C:\Documents and Settings\LocalService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ru4[1].txt
C:\Documents and Settings\LocalService\Cookies\system@serving-sys[2].txt
C:\Documents and Settings\LocalService\Cookies\system@technoratimedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
C:\Documents and Settings\Mom\Cookies\mom@advertising[2].txt
C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
C:\Documents and Settings\Mom\Cookies\mom@atdmt[1].txt
C:\Documents and Settings\Mom\Cookies\mom@atwola[1].txt
C:\Documents and Settings\Mom\Cookies\mom@collective-media[1].txt
C:\Documents and Settings\Mom\Cookies\mom@doubleclick[1].txt
C:\Documents and Settings\Mom\Cookies\mom@fastclick[1].txt
C:\Documents and Settings\Mom\Cookies\mom@interclick[1].txt
C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
C:\Documents and Settings\Mom\Cookies\mom@questionmarket[2].txt
C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
C:\Documents and Settings\Mom\Cookies\mom@trafficmp[1].txt
C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
C:\Documents and Settings\Mom\Cookies\mom@yieldmanager[1].txt
C:\Documents and Settings\Mom\Cookies\mom@zedo[1].txt
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\YXRZGUDT ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\YXRZGUDT ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\YXRZGUDT ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\YXRZGUDT ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\YXRZGUDT ]
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adinterax[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adtech[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@azjmp[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstbeacon[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@chitika[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@kontera[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@overture[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@technoratimedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5426
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/30/2010 10:07:31 PM
mbam-log-2010-12-30 (22-07-31).txt
Scan type: Quick scan
Objects scanned: 233026
Time elapsed: 21 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:41:29 PM, on 12/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNDczMzg4ODgxLVQxNS1VODUrMS1CQSsxLUtWMys3L
VhMKzEtRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5 LUYxME0rNS1YMjAxMCsyLVFJWDErNC1WSVAxMCs xLUYxME0xMEQrMQ"&"prod=90"&"ver=10.0.1187
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011 (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dad\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.classlink2000.com/sites/FILES/wfica.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 9062 bytes
-
Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
You can get information about Generic Host Process for Win32 Services here. (http://support.microsoft.com/kb/894391)You mentioned that you can't get your updates so we'll have to fix that and then try the updates.
Download Disable/Remove Windows Messenger (http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html) to the desktop to remove Windows Messenger.
Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.
Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.
Exit out of MessengerDisable then delete the two files that were put on the desktop.
************************************************************
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dad\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
***************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
********************************************************
Please download ComboFix (http://img7.imageshack.us/img7/4930/combofix.gif) from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Alternate link: GeeksToGo.com (http://subs.geekstogo.com/ComboFix.exe)
Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]
(http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif)
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif)
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
Hello and Happy New Year Dave.
My name is Tom. Thank you so much for replying. I cannot tell you how much I appreciate you giving your time to help me out.
I followed your instructions. It took me a while. The machine is running very slow and the easiest of tasks seems to take forever, sometimes it even hangs up. I had to reboot several times, and about 1 out of five boot to a blank desktop. I am able to get onto the internet from this machine but only through firefox. IE hangs almost all the time. Firefox runs, but slowly.
I had to completely uninstall avg to run combofix. Even after I followed the directions to disable it I was getting a message from combofix that it had to be removed. After I finished the combofix scan I re-installed it, however I didn't let it run a scan.
I read the link on the Generic Host Processes for Win 32 Services, I did not try to download anything because I was unclear as to whether you wanted me to or not.
I have also gotten a message a few times after boot up today that said jusched.exe is not responding do I wish to end now. I have clicked on end now.
-
Here are the logs from security check and combo fix:
Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG 2011
ESET Online Scanner v3
Outpost Firewall 2009
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Out of date Java installed!
Adobe Flash Player 10.0.12.36
Adobe Reader 9.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````
ComboFix 11-01-01.01 - Dad 01/01/2011 13:33:31.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1182 [GMT -5:00]
Running from: c:\documents and settings\Dad\desktop\commy.exe
Command switches used :: /stepdel
FW: Outpost Firewall *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\arp.exe
c:\windows\system32\SCardSvr.exe
.
((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 )))))))))))))))))))))))))))))))
.
2011-01-01 18:11 . 2011-01-01 18:12 -------- d-----w- C:\commy
2010-12-31 03:38 . 2010-12-31 03:38 388096 ----a-r- c:\documents and settings\Dad\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-31 03:38 . 2010-12-31 03:38 -------- d-----w- c:\program files\Trend Micro
2010-12-31 03:22 . 2010-12-31 03:22 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-31 03:22 . 2010-12-31 03:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-31 00:39 . 2010-12-31 00:39 -------- d-----w- c:\program files\CCleaner
2010-12-31 00:11 . 2009-04-06 16:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2010-12-31 00:11 . 2009-02-10 21:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2010-12-31 00:10 . 2009-02-18 22:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2010-12-31 00:10 . 2010-12-31 00:10 -------- d-----w- c:\program files\Agnitum
2010-12-31 00:09 . 2010-12-31 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2010-12-30 23:03 . 2010-12-30 23:48 -------- d-----w- c:\documents and settings\Dad\Application Data\OnlineArmor
2010-12-30 01:17 . 2010-12-30 01:17 -------- d-----w- c:\documents and settings\Dad\Application Data\Malwarebytes
2010-12-30 01:17 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-30 01:17 . 2010-12-30 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-30 01:17 . 2010-12-30 01:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-30 01:17 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-29 20:25 . 2010-12-29 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-29 20:25 . 2010-12-29 20:25 -------- d-----w- c:\documents and settings\Dad\Application Data\SUPERAntiSpyware.com
2010-12-29 20:21 . 2010-12-29 20:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-29 02:10 . 2010-12-29 02:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-12-28 05:36 . 2010-12-28 05:36 -------- d-----w- c:\program files\iPod
2010-12-28 05:36 . 2010-12-28 05:37 -------- d-----w- c:\program files\iTunes
2010-12-28 01:03 . 2010-12-28 01:03 -------- d-----w- c:\program files\ESET
2010-12-28 00:08 . 2010-12-28 00:08 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-28 00:06 . 2010-12-28 05:35 -------- d-----w- c:\program files\QuickTime
2010-12-27 04:56 . 2010-12-28 00:06 -------- d-s---w- c:\documents and settings\Administrator
2010-12-26 15:57 . 2010-12-28 00:07 -------- d-----w- c:\documents and settings\Dad\Application Data\Intelli-studio
2010-12-26 15:57 . 2010-12-26 15:57 -------- d-----w- c:\program files\Samsung
2010-12-26 03:27 . 2010-12-26 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-26 03:24 . 2010-12-26 03:24 -------- d-----w- c:\program files\Apple Software Update
2010-12-26 03:22 . 2010-12-26 03:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-26 03:22 . 2010-09-28 20:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-26 03:22 . 2010-09-28 20:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-16 00:01 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 23:59 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-13 07:28 . 2010-12-13 07:28 -------- d-----w- c:\documents and settings\Mom\Application Data\vShare
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-31 03:22 . 2007-06-25 04:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2005-12-31 00:38 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-08 22:52 . 2010-11-08 22:52 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-08 22:03 . 2010-11-08 22:03 1 ----a-w- c:\documents and settings\Dad\SI.bin
2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-12-28_04.49.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2011-01-01 18:52 . 2011-01-01 18:52 16384 c:\windows\temp\Perflib_Perfdata_408.dat
+ 2007-05-30 13:14 . 2010-12-30 20:53 53248 c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe
+ 2010-12-28 05:37 . 2009-05-18 18:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2008-12-25 23:20 . 2009-05-18 18:17 26600 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2004-08-04 12:00 . 2008-04-14 00:12 95744 c:\windows\system32\dllcache\scardsvr.exe
+ 2010-12-31 03:22 . 2010-12-31 03:22 157472 c:\windows\system32\javaws.exe
+ 2010-12-31 03:22 . 2010-12-31 03:22 145184 c:\windows\system32\javaw.exe
+ 2010-12-31 03:22 . 2010-12-31 03:22 145184 c:\windows\system32\java.exe
- 2008-12-25 23:20 . 2008-04-17 18:12 107368 c:\windows\system32\GEARAspi.dll
+ 2008-12-25 23:20 . 2008-04-17 17:12 107368 c:\windows\system32\GEARAspi.dll
+ 2005-12-30 19:08 . 2010-12-30 00:52 162728 c:\windows\system32\FNTCACHE.DAT
+ 2010-12-28 05:37 . 2008-04-17 17:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2006-01-02 02:07 . 2010-12-31 00:39 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2006-01-02 02:07 . 2006-01-02 02:07 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2010-12-31 00:10 . 2010-12-31 00:10 228352 c:\windows\Installer\bdeb7.msi
+ 2010-12-31 03:22 . 2010-12-31 03:22 180224 c:\windows\Installer\290323.msi
+ 2010-12-31 03:21 . 2010-12-31 03:21 675840 c:\windows\Installer\29031c.msi
+ 2010-12-28 05:38 . 2010-12-28 05:38 380928 c:\windows\Installer\{881F5DE8-9367-4B81-A325-E91BBC6472F9}\iTunesIco.exe
+ 2010-12-28 05:38 . 2010-12-28 05:38 6248448 c:\windows\Installer\85f1f.msi
+ 2010-12-31 03:38 . 2010-12-31 03:38 1094656 c:\windows\Installer\60073.msi
+ 2010-12-28 05:18 . 2010-12-28 05:18 3141632 c:\windows\Installer\2b418.msi
+ 2010-12-28 05:16 . 2010-12-28 05:16 1568768 c:\windows\Installer\2b414.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-14 7110656]
"nwiz"="nwiz.exe" [2005-10-14 1519616]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-14 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-14 428032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 68856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-12-30 53248]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-3-8 450560]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-10 00:24 50760 ----a-w- c:\program files\Common Files\AOL\1136251813\ee\aolsoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 03:12 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
2006-02-17 16:59 124520 -c--a-w- c:\program files\Common Files\AOL\IPHSend\IPHSend.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2003-11-20 19:08 57344 ----a-w- c:\windows\system32\ico.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 21:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-10-14 02:15 86016 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-21 14:13 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-08 22:02 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136251813\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136251813\\ee\\aim6.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\battlefront.exe"=
"d:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=
"d:\\Program Files\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
"d:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17779:TCP"= 17779:TCP:BitComet 17779 TCP
"17779:UDP"= 17779:UDP:BitComet 17779 UDP
"27555:TCP"= 27555:TCP:BitComet 27555 TCP
"27555:UDP"= 27555:UDP:BitComet 27555 UDP
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [12/30/2010 7:11 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [12/30/2010 7:10 PM 1195008]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 4:38 AM 92008]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [12/30/2010 7:10 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [12/30/2010 7:11 PM 257432]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/1/2010 8:14 AM 135664]
.
Contents of the 'Scheduled Tasks' folder
2010-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
2011-01-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 02:05]
2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 13:14]
2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 13:14]
2011-01-01 c:\windows\Tasks\User_Feed_Synchronization-{181CDA17-A9FC-4BF4-A657-523B2F907238}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: startfreshtoday.com\www
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\jcftzkea.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Photobucket Uploader em:version=1.3>: [email protected] - %profile%\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-IntelAudioStudio - c:\program files\Intel Audio Studio\IntelAudioStudio.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_03\bin\jusched.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-01 13:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'lsass.exe'(832)
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(1328)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-01-01 13:59:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-01 18:59
ComboFix2.txt 2010-12-28 04:53
Pre-Run: 19,267,321,856 bytes free
Post-Run: 20,240,592,896 bytes free
- - End Of File - - A1CA438D6C7A017EEC9075B5768BED66
-
To remove AVG, use this tool.
AVG Antivirus - AVG Antivirus Remover utility (http://www.avg.com/download-tools)
Please download the newest version of Adobe Acrobat Reader from Adobe.com (http://www.adobe.com/products/acrobat/readstep2.html)
Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.
Once old versions are gone, please install the newest version.
**************************************************
P2P - I see you have P2P software installed on your machine (P2P - I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
*****************************************************
Re-running ComboFix to remove infections:
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Open notepad and copy/paste the text in the quotebox below into it:
KillAll::
File::
c:\program files\Google\Update\GoogleUpdate.exe
DDS::
Trusted Zone: startfreshtoday.com\www
Driver::
gupdate
- Save this as CFScript.txt, in the same location as ComboFix.exe
(http://img19.imageshack.us/img19/5660/cfscriptb4.gif)
- Referring to the picture above, drag CFScript into ComboFix.exe
- When finished, it shall produce a log for you at C:\ComboFix.txt
- Please post the contents of the log in your next reply.
***********************************************
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The
log will be saved automatically in the same folder Sysprot.exe was
extracted to. Open the text file and copy/paste the log here.
[/list].
-
I was running bit comet a while back but thought I had uninstalled it. I looked at all my programs and saw myplayer and xvid. Those were two programs I didn't recognize and didn't remember installing intentionally. So I removed those two as well. Are these the p2p's you were talking about or are there others that I am missing? Here are the logs from combofix and sysprot logs:
ComboFix 11-01-01.01 - Dad 01/01/2011 20:01:07.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1184 [GMT -5:00]
Running from: c:\documents and settings\Dad\Desktop\commy.exe
Command switches used :: c:\documents and settings\Dad\Desktop\CFScript.txt
FW: Outpost Firewall *Enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FILE ::
"c:\program files\Google\Update\GoogleUpdate.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Google\Update\GoogleUpdate.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GUPDATE
-------\Service_gupdate
((((((((((((((((((((((((( Files Created from 2010-12-02 to 2011-01-02 )))))))))))))))))))))))))))))))
.
2011-01-02 00:15 . 2011-01-02 00:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-01-01 18:11 . 2011-01-01 18:12 -------- d-----w- C:\commy
2010-12-31 03:38 . 2010-12-31 03:38 388096 ----a-r- c:\documents and settings\Dad\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-31 03:38 . 2010-12-31 03:38 -------- d-----w- c:\program files\Trend Micro
2010-12-31 03:22 . 2010-12-31 03:22 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-31 03:22 . 2010-12-31 03:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-31 00:39 . 2010-12-31 00:39 -------- d-----w- c:\program files\CCleaner
2010-12-31 00:11 . 2009-04-06 16:37 704384 ------w- c:\windows\system32\drivers\SandBox.sys
2010-12-31 00:11 . 2009-02-10 21:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2010-12-31 00:10 . 2009-02-18 22:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2010-12-31 00:10 . 2010-12-31 00:10 -------- d-----w- c:\program files\Agnitum
2010-12-31 00:09 . 2010-12-31 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2010-12-30 23:03 . 2010-12-30 23:48 -------- d-----w- c:\documents and settings\Dad\Application Data\OnlineArmor
2010-12-30 01:17 . 2010-12-30 01:17 -------- d-----w- c:\documents and settings\Dad\Application Data\Malwarebytes
2010-12-30 01:17 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-30 01:17 . 2010-12-30 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-30 01:17 . 2010-12-30 01:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-30 01:17 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-29 20:25 . 2010-12-29 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-29 20:25 . 2010-12-29 20:25 -------- d-----w- c:\documents and settings\Dad\Application Data\SUPERAntiSpyware.com
2010-12-29 20:21 . 2010-12-29 20:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-29 02:10 . 2010-12-29 02:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-12-28 05:36 . 2010-12-28 05:36 -------- d-----w- c:\program files\iPod
2010-12-28 05:36 . 2010-12-28 05:37 -------- d-----w- c:\program files\iTunes
2010-12-28 01:03 . 2010-12-28 01:03 -------- d-----w- c:\program files\ESET
2010-12-28 00:08 . 2010-12-28 00:08 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-28 00:06 . 2010-12-28 05:35 -------- d-----w- c:\program files\QuickTime
2010-12-27 04:56 . 2010-12-28 00:06 -------- d-s---w- c:\documents and settings\Administrator
2010-12-26 15:57 . 2010-12-28 00:07 -------- d-----w- c:\documents and settings\Dad\Application Data\Intelli-studio
2010-12-26 15:57 . 2010-12-26 15:57 -------- d-----w- c:\program files\Samsung
2010-12-26 03:27 . 2010-12-26 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-26 03:24 . 2010-12-26 03:24 -------- d-----w- c:\program files\Apple Software Update
2010-12-26 03:22 . 2010-12-26 03:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-26 03:22 . 2010-09-28 20:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-26 03:22 . 2010-09-28 20:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-16 00:01 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 23:59 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-13 07:28 . 2010-12-13 07:28 -------- d-----w- c:\documents and settings\Mom\Application Data\vShare
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-31 03:22 . 2007-06-25 04:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2005-12-31 00:38 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-08 22:52 . 2010-11-08 22:52 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-08 22:03 . 2010-11-08 22:03 1 ----a-w- c:\documents and settings\Dad\SI.bin
2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-12-28_04.49.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2011-01-02 01:15 . 2011-01-02 01:15 16384 c:\windows\temp\Perflib_Perfdata_fc.dat
+ 2007-05-30 13:14 . 2010-12-30 20:53 53248 c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe
+ 2010-12-28 05:37 . 2009-05-18 18:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2008-12-25 23:20 . 2009-05-18 18:17 26600 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2004-08-04 12:00 . 2008-04-14 00:12 95744 c:\windows\system32\dllcache\scardsvr.exe
+ 2011-01-02 00:15 . 2011-01-02 00:15 28160 c:\windows\Installer\af7f2.msi
+ 2010-12-31 03:22 . 2010-12-31 03:22 157472 c:\windows\system32\javaws.exe
+ 2010-12-31 03:22 . 2010-12-31 03:22 145184 c:\windows\system32\javaw.exe
+ 2010-12-31 03:22 . 2010-12-31 03:22 145184 c:\windows\system32\java.exe
+ 2008-12-25 23:20 . 2008-04-17 17:12 107368 c:\windows\system32\GEARAspi.dll
- 2008-12-25 23:20 . 2008-04-17 18:12 107368 c:\windows\system32\GEARAspi.dll
+ 2005-12-30 19:08 . 2010-12-30 00:52 162728 c:\windows\system32\FNTCACHE.DAT
+ 2010-12-28 05:37 . 2008-04-17 17:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
- 2006-01-02 02:07 . 2006-01-02 02:07 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2006-01-02 02:07 . 2010-12-31 00:39 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2010-12-31 00:10 . 2010-12-31 00:10 228352 c:\windows\Installer\bdeb7.msi
+ 2010-12-31 03:22 . 2010-12-31 03:22 180224 c:\windows\Installer\290323.msi
+ 2010-12-31 03:21 . 2010-12-31 03:21 675840 c:\windows\Installer\29031c.msi
+ 2010-12-28 05:38 . 2010-12-28 05:38 380928 c:\windows\Installer\{881F5DE8-9367-4B81-A325-E91BBC6472F9}\iTunesIco.exe
+ 2011-01-02 00:20 . 2011-01-02 00:20 2283008 c:\windows\Installer\af7f9.msi
+ 2010-12-28 05:38 . 2010-12-28 05:38 6248448 c:\windows\Installer\85f1f.msi
+ 2010-12-31 03:38 . 2010-12-31 03:38 1094656 c:\windows\Installer\60073.msi
+ 2011-01-01 19:23 . 2011-01-01 19:23 3141632 c:\windows\Installer\1b6cd7.msi
+ 2011-01-01 19:21 . 2011-01-01 19:21 1568768 c:\windows\Installer\1b6cd3.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-14 7110656]
"nwiz"="nwiz.exe" [2005-10-14 1519616]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-14 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-14 428032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 68856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-12-30 53248]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-3-8 450560]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-10 00:24 50760 ----a-w- c:\program files\Common Files\AOL\1136251813\ee\aolsoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 03:12 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
2006-02-17 16:59 124520 -c--a-w- c:\program files\Common Files\AOL\IPHSend\IPHSend.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2003-11-20 19:08 57344 ----a-w- c:\windows\system32\ico.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 21:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-10-14 02:15 86016 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-21 14:13 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-08 22:02 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136251813\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136251813\\ee\\aim6.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\battlefront.exe"=
"d:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=
"d:\\Program Files\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
"d:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17779:TCP"= 17779:TCP:BitComet 17779 TCP
"17779:UDP"= 17779:UDP:BitComet 17779 UDP
"27555:TCP"= 27555:TCP:BitComet 27555 TCP
"27555:UDP"= 27555:UDP:BitComet 27555 UDP
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [12/30/2010 7:11 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [12/30/2010 7:10 PM 1195008]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 4:38 AM 92008]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [12/30/2010 7:10 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [12/30/2010 7:11 PM 257432]
.
Contents of the 'Scheduled Tasks' folder
2010-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
2011-01-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 02:05]
2011-01-02 c:\windows\Tasks\User_Feed_Synchronization-{181CDA17-A9FC-4BF4-A657-523B2F907238}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\jcftzkea.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Photobucket Uploader em:version=1.3>: [email protected] - %profile%\extensions\[email protected]
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-01 21:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(3204)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2011-01-01 21:54:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-02 02:54
ComboFix2.txt 2011-01-01 18:59
ComboFix3.txt 2010-12-28 04:53
Pre-Run: 19,995,639,808 bytes free
Post-Run: 20,288,434,176 bytes free
- - End Of File - - 445BB2A96DF1B67A2657218396346DE9
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: AB867000
Module End: AB87F000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA624000
Module End: BA626000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAssignProcessToJobObject
Address: B2647A60
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwClose
Address: B262CBF0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwConnectPort
Address: B2649920
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateFile
Address: B2628F60
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateKey
Address: B2634090
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateProcess
Address: B26402B0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateProcessEx
Address: B2640BB0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateSection
Address: B2627D10
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateSymbolicLinkObject
Address: B2633E40
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateThread
Address: B263ED70
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwDebugActiveProcess
Address: B264CF30
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwDeleteFile
Address: B2632B20
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwDeleteKey
Address: B2635900
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwDeleteValueKey
Address: B263C3A0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwLoadDriver
Address: B263DBB0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwMakeTemporaryObject
Address: B26336B0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwOpenFile
Address: B262BC10
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwOpenKey
Address: B2634FC0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwOpenProcess
Address: B2642CA0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwOpenSection
Address: B2628580
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwOpenThread
Address: B2642060
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwProtectVirtualMemory
Address: B2648DA0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwQueryDirectoryFile
Address: B262D8A0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwQueryKey
Address: B2637750
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwQueryValueKey
Address: B2637FA0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwQueueApcThread
Address: B2646ED0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwRenameKey
Address: B263B590
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwReplaceKey
Address: B2639500
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwRequestPort
Address: B264BA50
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwRequestWaitReplyPort
Address: B264BD70
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwRestoreKey
Address: B263AD20
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSaveKey
Address: B2639C80
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSaveKeyEx
Address: B263A4D0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSecureConnectPort
Address: B264A480
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSetContextThread
Address: B2646440
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSetInformationDebugObject
Address: B264D520
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSetInformationFile
Address: B262EBF0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSetSystemInformation
Address: B263D1C0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSetValueKey
Address: B2638820
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSuspendProcess
Address: B2645190
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSuspendThread
Address: B2645AC0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSystemDebugControl
Address: B264C770
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwTerminateProcess
Address: B2643790
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwTerminateThread
Address: B2644620
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwUnloadDriver
Address: B263E530
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwWriteVirtualMemory
Address: B26482B0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\01\17-{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}-v1-{9A
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\19\19-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v19-{9
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\20\20-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v20-{9
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\21\21-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v21-{9
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\22\22-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v22-{9
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\23\23-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v23-{9
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\24\24-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v24-{9
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\01\133-{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}-v1-{9AD5F1
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\25\25-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v25-{9AD5F1
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\26\26-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v26-{9AD5F1
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\27\27-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v27-{9AD5F1
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\28\28-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v28-{9AD5F1
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\29\29-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v29-{9AD5F1
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\30\30-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v30-{9AD5F1
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\01\175-{DF1CC13D-E369-D39A-EF88-06A16758991A}-v1-{
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\45\169-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v45-
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\46\46-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v46-{
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\47\170-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v47-
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\49\171-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v49-
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\51\172-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v51-
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\52\173-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v52-
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\53\174-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v53-
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\01\188-{19BACEC6-6B29-A09D-33F2-4C8B1C206683}-v1-{9AD5F18
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\11\11-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v11-{9AD5F18
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\11\11-{A687D1DB-86D3-42DD-B993-89979A706CED}-v11-{A687D1D
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\12\12-{A687D1DB-86D3-42DD-B993-89979A706CED}-v12-{A687D1D
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\12\177-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v12-{9AD5F1
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\13\13-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v13-{9AD5F18
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\13\181-{A687D1DB-86D3-42DD-B993-89979A706CED}-v13-{9AD5F1
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\14\14-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v14-{9AD5F18
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\15\15-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v15-{9AD5F18
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\16\16-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v16-{9AD5F18
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\21\21-{A687D1DB-86D3-42DD-B993-89979A706CED}-v21-{A687D1D
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\22\22-{A687D1DB-86D3-42DD-B993-89979A706CED}-v22-{A687D1D
Status: Hidden
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
Object: C:\RECYCLER\NPROTECT\00220634.
Status: Hidden
-
Under Regular starting points in that second log I noticed a few things that I don't understand. I noticed a program called IMVU, which I am not familiar with and is not in my add/remove program list, or my program menu. There is something called power reg schedule I don't know what that is for. There is something for AOL, which aol appears on my add/remove program list but when I click on it, it doesn't find anything to remove. There is something about symantec. Isn't that the company that makes norton?? I haven't had that on my machine for a long time and I had downloaded a program from them to get rid of it all. And also I saw all the lines regarding bit comet, which I had uninstalled, and no longer see on my add/remove programs list or in my program menu. Should these things still all be there? How can I get rid of them?
-
Are these the p2p's you were talking about or are there others that I am missing?
Yes. I can't see any more P2P's.
I noticed a program called IMVU, which I am not familiar with and is not in my add/remove program list, or my program menu.
It's a shortcut for some other program. Give me a list of installed programs by doing this:
•Start HijackThis
•Click on the Misc Tools button
•Click on the Open Uninstall Manager button.
•Click on the Save list... button and specify where you would like to save this file. When you press Save button a Notepad will open with the contents of that file. Save the file to your desktop.
Copy and paste this file in your next reply.
**************************************
There is something about symantec. Isn't that the company that makes norton??
Norton/Symantec Removal Tool - Norton Removal Tool (http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039/)
******************************************
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png) icon on your desktop.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png)
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png) button.
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Here is the uninstall list
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
AVG 2011
AVG 2011
CardRd81
CCleaner
CCScore
Clifford Phonics
Compatibility Pack for the 2007 Office system
CR2
Critical Update for Windows Media Player 11 (KB959772)
Data Lifeguard Tools
DVD Decrypter (Remove Only)
DVD Shrink 3.2
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
GdiplusUpgrade
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HiJackThis
HLPPDOCK
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Document Viewer 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.A
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
Intel(R) PRO Network Connections Drivers
iTunes
Java(TM) 6 Update 2
Java(TM) 6 Update 23
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
kgcbase
Kodak EasyShare software
KSU
Logitech SetPoint
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mouse Suite
Mozilla Firefox (3.5.10)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Essentials
Notifier
NVIDIA Drivers
OfotoXMI
OGA Notifier 2.0.0048.0
OTtBP
OTtBPSDK
Outpost Firewall 2009
QuickTime
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SFR
SFR2
SHASTA
SKIN0001
SKINXSDK
Spybot - Search & Destroy
Star Wars Battlefront
Star Wars JK II Jedi Outcast
Star Wars Republic Commando
staticcr
SUPERAntiSpyware
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
WIRELESS
Yahtzee 1.1.6
And here is the eset log
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\59\72a437bb-242dbbf5 multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\62\588b6b3e-66b8d472 a variant of Java/TrojanDownloader.OpenStream.NAS trojan deleted - quarantined
-
How's your computer running now?
-
It has been booting up better. I haven't had the blank desktop in a while. It still is running slow though. And I am still getting redirected when I click on links from search sites. I still cannot get onto windows update. I am still getting the jusched.exe has encountered a problem and needs to shut down message.
-
And I am still getting redirected when I click on links from search sites. I still cannot get onto windows update. I am still getting the jusched.exe has encountered a problem and needs to shut down message.
Ok. We'll try to fix these one at a time. What happens when you try to get your updates from MS?
Click Start, Control Panel and double-click System. Click the Automatic Updates tab and click on the Windows Update Web Site. Tell me if you get any errors.The latest updates you received was 9/12/2010.
-
When I click on the Windows Update Web Site IE opens and I get "Windows cannot display web page"
-
I can go to microsoft.com without a problem. When I click on the link for updates it says that it is checking my system for the latest update software. Then it says that the website has encountered a problem and cannot display the page I am trying to view.
-
Please do this whether or not you have the OS disk. If it asks for the disk, we'll know there's some corrupted files.
Do you have an XP CD?
If so, place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.
-
I do have an xp cd so I ran the program as you said. It did access the cd a few times. During the process I did get a window open from outpost saying that postupdate.exe was trying to modify a critical registry entry. I clicked allow. At the end of the process I got an avg notification that said threat was blocked.
File name: 9472350473.org/fg74ut7dfgju4/kucrjsinb.php
Threat name: Exploit Phoenix Exploit Kit (type 1834)
When I clicked on more info it said this:
process name c:/windows/system32/svchost.exe
process id: 1416
As I was copying this info from that window the screen blinked for a second, the taskbar changed colors for a few seconds, then the screen blinked again and it went back to normal.
-
It didn't seem to make a difference at all in the way the machine is running. I still cannot access the update site.
-
Ok. Let's try this:
Download Dial-a-Fix by djlizard (http://wiki.djlizard.net/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles), save it to the desktop then extract it to it's own folder.
•Open the folder and run Dial-a-fix.exe
•2 windows will open. Close the one in the background labeled Restrictive Policies
•Check the box in section 1, Empty temp folders.
•Check the box in section 2, Fix Windows Installer.
•Check the box in section 3, Fix Windows Update.
•Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
•Check all boxes in section 5, labeled Registration Center.
•Click Go
•OK any error messages if received, but write them down and post them here.
•Restart the computer when done.
-
Dave I hope you don't mind but I am gonna post the whole log from dial-a-fix because there were many errors and most were saying the same thing about different files. I highlighted all the errors.
During the time the program was running my screen blinked twice and the task bar changed colors. The second time they never went back until after I rebooted.
Once I rebooted I got an alert from the security center saying my automatic updates were off. When I clicked on the balloon and tried to turn them on from the security center I got a little message saying that windows couldn't perform that operation at this time through the security center to go to system in the control panel and click on automatic updates. When I went to system, there was no longer an automatic update tab. When I click on windows update from program files I still get the same cannot display web page message.
The first time I re-booted after running the program the machine locked up just as the windows emblem came up. It re-booted ok after that. Since I have had the computer re-booted it has been working away. Light flashing and I hear my hard drive working like there was a scan going on. I looked at my task manager but there was no other application running except firefox. Don't know if that is anything, just seemed unusual to me.
9:12:40 PM | Dial-a-fix was unable to determine your version of Internet Explorer
Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
[email protected] and include a copy of this log
DAF version: v0.60.0.24
--- System info ---
OS: Microsoft Windows XP Service Pack 3
IE version: 8.0.6001.18702
MPC: 76487-OEM
CPU: Intel(R) Pentium(R) D CPU 3.20GHz (~3200MHz)
CPU: CPU is 64-bit or has 64-bit extensions
CPU: 2 CPU cores present
BIOS: 7/11/2005
Memory (approx): 1533MB
Uptime: 0 hour(s)
Current directory: C:\Documents and Settings\Dad\Desktop\Dial-a-fix-v0.60.0.24
---
1/5/2011 9:12:40 PM -- Dial-a-fix : [v0.60.0.24] -- started
9:12:41 PM | Policy scan started
9:12:41 PM | Policy scan ended - no restrictive policies were found
--- Emptying temp folders ---
9:15:03 PM | Deleting C:\Documents and Settings\Dad\Local Settings\temp...
9:15:04 PM | C:\Documents and Settings\Dad\Local Settings\temp could not be completely emptied, please reboot and try again
9:15:04 PM | Deleting C:\WINDOWS\temp...
9:15:04 PM | C:\WINDOWS\temp could not be completely emptied, please reboot and try again
9:15:04 PM | Deleting C:\DOCUME~1\Dad\LOCALS~1\Temp...
9:15:04 PM | Re-created directory C:\DOCUME~1\Dad\LOCALS~1\Temp
--- MSI ---
9:15:11 PM | Registered: C:\WINDOWS\system32\msi.dll
--- Windows Update ---
--- Registration: Windows Update/Automatic Update DLLs ---
9:15:18 PM | Unregistered: C:\WINDOWS\system32\msxml.dll
9:15:18 PM | Registered: C:\WINDOWS\system32\msxml.dll
9:15:19 PM | Unregistered: C:\WINDOWS\system32\msxml2.dll
9:15:19 PM | Registered: C:\WINDOWS\system32\msxml2.dll
9:15:22 PM | Unregistered: C:\WINDOWS\system32\msxml3.dll
9:15:23 PM | Registered: C:\WINDOWS\system32\msxml3.dll
9:15:23 PM | Unregistered: C:\WINDOWS\system32\msxml4.dll
9:15:23 PM | Registered: C:\WINDOWS\system32\msxml4.dll
9:15:24 PM | Unregistered: C:\WINDOWS\system32\qmgr.dll
9:15:24 PM | Registered: C:\WINDOWS\system32\qmgr.dll
9:15:24 PM | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll
9:15:24 PM | Registered: C:\WINDOWS\system32\qmgrprxy.dll
9:15:24 PM | Unregistered: C:\WINDOWS\system32\muweb.dll
9:15:24 PM | Registered: C:\WINDOWS\system32\muweb.dll
9:15:25 PM | Unregistered: C:\WINDOWS\system32\winhttp.dll
9:15:25 PM | Registered: C:\WINDOWS\system32\winhttp.dll
9:15:25 PM | Registered: C:\WINDOWS\system32\wuapi.dll
9:16:42 PM | Unregistered: C:\WINDOWS\system32\wuaueng.dll
9:21:42 PM | Error during registration of C:\WINDOWS\system32\wuaueng.dll - version: 7.4.7600.226. The error returned is: The specified service has been marked for deletion.
(-2147023824)
9:21:42 PM | Unregistered: C:\WINDOWS\system32\wuaueng1.dll
9:21:43 PM | Registered: C:\WINDOWS\system32\wuaueng1.dll
9:21:43 PM | Unregistered: C:\WINDOWS\system32\wucltui.dll
9:21:43 PM | Registered: C:\WINDOWS\system32\wucltui.dll
9:21:43 PM | Unregistered: C:\WINDOWS\system32\wups.dll
9:21:43 PM | Registered: C:\WINDOWS\system32\wups.dll
9:21:43 PM | Unregistered: C:\WINDOWS\system32\wups2.dll
9:21:43 PM | Registered: C:\WINDOWS\system32\wups2.dll
9:21:43 PM | Unregistered: C:\WINDOWS\system32\wuweb.dll
9:21:43 PM | Registered: C:\WINDOWS\system32\wuweb.dll
9:21:43 PM | Registered: C:\WINDOWS\system32\ole32.dll
--- SSL/HTTPS/Cryptography ---
9:21:48 PM | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
9:21:50 PM | Unregistered: C:\WINDOWS\system32\cryptdlg.dll
9:21:50 PM | Registered: C:\WINDOWS\system32\cryptdlg.dll
9:21:51 PM | Unregistered: C:\WINDOWS\system32\cryptui.dll
9:21:51 PM | Registered: C:\WINDOWS\system32\cryptui.dll
9:21:51 PM | Unregistered: C:\WINDOWS\system32\cryptext.dll
9:21:51 PM | Registered: C:\WINDOWS\system32\cryptext.dll
9:21:51 PM | Unregistered: C:\WINDOWS\system32\dssenh.dll
9:21:51 PM | Registered: C:\WINDOWS\system32\dssenh.dll
9:21:51 PM | Unregistered: C:\WINDOWS\system32\gpkcsp.dll
9:21:51 PM | Registered: C:\WINDOWS\system32\gpkcsp.dll
9:21:51 PM | Unregistered: C:\WINDOWS\system32\initpki.dll
9:22:34 PM | Registered: C:\WINDOWS\system32\initpki.dll
9:22:34 PM | Unregistered: C:\WINDOWS\system32\licdll.dll
9:22:34 PM | Registered: C:\WINDOWS\system32\licdll.dll
9:22:34 PM | Unregistered: C:\WINDOWS\system32\mssign32.dll
9:22:34 PM | Registered: C:\WINDOWS\system32\mssign32.dll
9:22:34 PM | Unregistered: C:\WINDOWS\system32\mssip32.dll
9:22:34 PM | Registered: C:\WINDOWS\system32\mssip32.dll
9:22:35 PM | Unregistered: C:\WINDOWS\system32\scardssp.dll
9:22:36 PM | Registered: C:\WINDOWS\system32\scardssp.dll
9:22:36 PM | Unregistered: C:\WINDOWS\system32\sccbase.dll
9:22:36 PM | Registered: C:\WINDOWS\system32\sccbase.dll
9:22:36 PM | Unregistered: C:\WINDOWS\system32\scecli.dll
9:22:36 PM | Registered: C:\WINDOWS\system32\scecli.dll
9:22:37 PM | Unregistered: C:\WINDOWS\system32\softpub.dll
9:22:37 PM | Registered: C:\WINDOWS\system32\softpub.dll
9:22:37 PM | Unregistered: C:\WINDOWS\system32\slbcsp.dll
9:22:37 PM | Registered: C:\WINDOWS\system32\slbcsp.dll
9:22:39 PM | Unregistered: C:\WINDOWS\system32\regwizc.dll
9:22:39 PM | Registered: C:\WINDOWS\system32\regwizc.dll
9:22:39 PM | Unregistered: C:\WINDOWS\system32\rsaenh.dll
9:22:39 PM | Registered: C:\WINDOWS\system32\rsaenh.dll
9:22:39 PM | Unregistered: C:\WINDOWS\system32\winhttp.dll
9:22:40 PM | Registered: C:\WINDOWS\system32\winhttp.dll
9:22:40 PM | Unregistered: C:\WINDOWS\system32\wintrust.dll
9:22:40 PM | Registered: C:\WINDOWS\system32\wintrust.dll
--- Registration: ActiveX controls/codecs ---
9:22:41 PM | Registered: C:\WINDOWS\system32\acelpdec.ax
9:22:41 PM | Registered: C:\WINDOWS\system32\actxprxy.dll
9:22:41 PM | Registered: C:\WINDOWS\system32\asctrls.ocx
9:22:42 PM | Registered: C:\WINDOWS\system32\daxctle.ocx
9:22:42 PM | Registered: C:\WINDOWS\system32\hhctrl.ocx
9:22:42 PM | Registered: C:\WINDOWS\system32\l3codecx.ax
9:22:42 PM | Registered: C:\WINDOWS\system32\licmgr10.dll
9:22:42 PM | Registered: C:\WINDOWS\system32\mpg4ds32.ax
9:22:47 PM | Registered: C:\WINDOWS\system32\msdxm.ocx
9:22:47 PM | Registered: C:\WINDOWS\system32\proctexe.ocx
9:22:47 PM | Registered: C:\WINDOWS\system32\tdc.ocx
9:22:47 PM | Registered: C:\WINDOWS\system32\wshom.ocx
--- Registration: Control Panel applets ---
9:22:48 PM | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl
9:22:48 PM | DllInstalled: C:\WINDOWS\system32\appwiz.cpl
9:22:48 PM | Registered: C:\WINDOWS\system32\appwiz.cpl
9:22:48 PM | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl
9:22:49 PM | Registered: C:\WINDOWS\system32\nusrmgr.cpl
--- Registration: Direct[X|Draw|Show|Media] ---
9:22:49 PM | Registered: C:\WINDOWS\system32\quartz.dll
9:22:50 PM | Registered: C:\WINDOWS\system32\danim.dll
9:22:50 PM | Registered: C:\WINDOWS\system32\dmscript.dll
9:22:50 PM | Registered: C:\WINDOWS\system32\dmstyle.dll
9:22:50 PM | Registered: C:\WINDOWS\system32\dxmasf.dll
9:22:50 PM | Registered: C:\WINDOWS\system32\dxtmsft.dll
9:22:50 PM | Registered: C:\WINDOWS\system32\dxtrans.dll
9:22:51 PM | Registered: C:\WINDOWS\system32\sbe.dll
--- Registration: Programming cores/runtimes ---
9:22:51 PM | Registered: C:\WINDOWS\system32\atl.dll
9:22:51 PM | Registered: C:\WINDOWS\system32\corpol.dll
9:22:51 PM | Registered: C:\WINDOWS\system32\jscript.dll
9:22:51 PM | Registered: C:\WINDOWS\system32\dispex.dll
9:22:51 PM | Registered: C:\WINDOWS\system32\scrrun.dll
9:22:51 PM | Registered: C:\WINDOWS\system32\scrobj.dll
9:22:52 PM | Registered: C:\WINDOWS\system32\vbscript.dll
9:22:52 PM | Registered: C:\WINDOWS\system32\wshext.dll
--- Registration: Explorer/IE/OE/shell/WMP ---
9:22:52 PM | Registered: C:\WINDOWS\system32\activeds.dll
9:22:52 PM | Registered: C:\WINDOWS\system32\audiodev.dll
9:22:54 PM | DllInstalled: C:\WINDOWS\system32\browseui.dll
9:22:54 PM | Registered: C:\WINDOWS\system32\browseui.dll
9:22:54 PM | Registered: C:\WINDOWS\system32\browsewm.dll
9:22:55 PM | Registered: C:\WINDOWS\system32\cabview.dll
9:22:55 PM | Registered: C:\WINDOWS\system32\cdfview.dll
9:22:56 PM | Registered: C:\WINDOWS\system32\clbcatex.dll
9:22:56 PM | Registered: C:\WINDOWS\system32\clbcatq.dll
9:22:56 PM | Registered: C:\WINDOWS\system32\comcat.dll
9:22:56 PM | Registered: C:\WINDOWS\system32\cscui.dll
9:22:56 PM | Registered: C:\WINDOWS\system32\credui.dll
9:22:57 PM | Registered: C:\WINDOWS\system32\datime.dll
9:22:57 PM | Registered: C:\WINDOWS\system32\devmgr.dll
9:22:57 PM | Registered: C:\WINDOWS\system32\dfsshlex.dll
9:22:57 PM | Registered: C:\WINDOWS\system32\dmdlgs.dll
9:22:57 PM | Registered: C:\WINDOWS\system32\dmdskmgr.dll
9:22:57 PM | Registered: C:\WINDOWS\system32\dmloader.dll
9:22:57 PM | Registered: C:\WINDOWS\system32\dmocx.dll
9:22:57 PM | Registered: C:\WINDOWS\system32\dmview.ocx
9:22:58 PM | DllInstalled: C:\WINDOWS\system32\dsuiext.dll
9:22:58 PM | Registered: C:\WINDOWS\system32\dsuiext.dll
9:22:58 PM | DllInstalled: C:\WINDOWS\system32\dsquery.dll
9:22:58 PM | Registered: C:\WINDOWS\system32\dsquery.dll
9:22:59 PM | Registered: C:\WINDOWS\system32\dskquoui.dll
9:22:59 PM | Registered: C:\WINDOWS\system32\els.dll
9:22:59 PM | Registered: C:\WINDOWS\system32\es.dll
9:22:59 PM | Registered: C:\WINDOWS\system32\fontext.dll
9:23:00 PM | Registered: C:\WINDOWS\system32\hlink.dll
9:23:00 PM | Registered: C:\WINDOWS\system32\hnetcfg.dll
9:23:00 PM | Registered: C:\WINDOWS\system32\iedkcs32.dll
9:23:00 PM | Registered: C:\WINDOWS\system32\iepeers.dll
9:23:00 PM | Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
9:26:35 PM | Error 127: C:\WINDOWS\system32\iesetup.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
9:29:37 PM | Registered: C:\WINDOWS\system32\ils.dll
9:29:37 PM | Error 127: C:\WINDOWS\system32\imgutil.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
9:31:18 PM | Registered: C:\WINDOWS\system32\inetcfg.dll
9:31:19 PM | Registered: C:\WINDOWS\system32\inetcomm.dll
9:31:19 PM | Error 127: C:\WINDOWS\system32\inseng.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
9:32:02 PM | Error 127: C:\WINDOWS\system32\inseng.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
9:32:59 PM | Registered: C:\WINDOWS\system32\laprxy.dll
9:33:00 PM | Registered: C:\WINDOWS\system32\lmrt.dll
9:33:00 PM | Registered: C:\WINDOWS\system32\mlang.dll
9:33:01 PM | Registered: C:\WINDOWS\system32\mmcndmgr.dll
9:33:01 PM | Registered: C:\WINDOWS\system32\mmcshext.dll
9:33:02 PM | Registered: C:\WINDOWS\system32\mscoree.dll
9:33:02 PM | Error 127: C:\WINDOWS\system32\mshtml.dll is not registerable or the file is corrupted. Version: 8.00.6001.18999
9:35:10 PM | Error 127: C:\WINDOWS\system32\mshtml.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18999
9:36:03 PM | Registered: C:\WINDOWS\system32\mshtmled.dll
9:36:03 PM | Registered: C:\WINDOWS\system32\msieftp.dll
9:36:04 PM | Registered: C:\WINDOWS\system32\msoeacct.dll
9:36:04 PM | Registered: C:\WINDOWS\system32\msr2c.dll
9:36:04 PM | Error 127: C:\WINDOWS\system32\msrating.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
9:37:31 PM | DllInstalled: C:\WINDOWS\system32\mydocs.dll
9:37:32 PM | Registered: C:\WINDOWS\system32\mydocs.dll
9:37:32 PM | Registered: C:\WINDOWS\system32\mstime.dll
9:37:32 PM | Registered: C:\WINDOWS\system32\netcfgx.dll
9:37:32 PM | DllInstalled: C:\WINDOWS\system32\netplwiz.dll
9:37:33 PM | Registered: C:\WINDOWS\system32\netplwiz.dll
9:37:33 PM | Registered: C:\WINDOWS\system32\netman.dll
9:37:34 PM | Registered: C:\WINDOWS\system32\netshell.dll
9:37:34 PM | Registered: C:\WINDOWS\system32\ntmsevt.dll
9:37:34 PM | Registered: C:\WINDOWS\system32\ntmsmgr.dll
9:37:34 PM | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll
9:37:34 PM | Registered: C:\WINDOWS\system32\ntmssvc.dll
9:37:35 PM | Error 127: C:\WINDOWS\system32\occache.dll is not registerable or the file is corrupted. Version: 8.00.6001.18992
9:38:46 PM | Error 127: C:\WINDOWS\system32\occache.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18992
9:39:30 PM | Registered: C:\WINDOWS\system32\ole32.dll
9:39:31 PM | Registered: C:\WINDOWS\system32\oleaut32.dll
9:39:31 PM | Registered: C:\WINDOWS\system32\oleacc.dll
9:39:31 PM | Registered: C:\WINDOWS\system32\olepro32.dll
9:39:31 PM | DllInstalled: C:\WINDOWS\system32\photowiz.dll
9:39:32 PM | Registered: C:\WINDOWS\system32\photowiz.dll
9:39:32 PM | Error 127: C:\WINDOWS\system32\pngfilt.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
9:41:06 PM | Registered: C:\WINDOWS\system32\remotepg.dll
9:41:06 PM | Registered: C:\WINDOWS\system32\rpcrt4.dll
9:41:07 PM | Registered: C:\WINDOWS\system32\rshx32.dll
9:41:07 PM | Registered: C:\WINDOWS\system32\sendmail.dll
9:41:07 PM | Registered: C:\WINDOWS\system32\slayerxp.dll
9:41:10 PM | DllInstalled: C:\WINDOWS\system32\shdocvw.dll
9:41:11 PM | Registered: C:\WINDOWS\system32\shdocvw.dll
9:41:11 PM | Registered: C:\WINDOWS\system32\shell32.dll
9:41:14 PM | DllInstalled: C:\WINDOWS\system32\shell32.dll
9:41:15 PM | Registered: C:\WINDOWS\system32\shmedia.dll
9:41:15 PM | DllInstalled: C:\WINDOWS\system32\shimgvw.dll
9:41:16 PM | Registered: C:\WINDOWS\system32\shimgvw.dll
9:41:16 PM | DllInstalled: C:\WINDOWS\system32\shsvcs.dll
9:41:16 PM | Registered: C:\WINDOWS\system32\shsvcs.dll
9:41:16 PM | Registered: C:\WINDOWS\system32\srclient.dll
9:41:17 PM | Unregistered: C:\WINDOWS\system32\stobject.dll
9:41:17 PM | Registered: C:\WINDOWS\system32\stobject.dll
9:41:17 PM | DllInstalled: C:\WINDOWS\system32\themeui.dll
9:41:18 PM | Registered: C:\WINDOWS\system32\themeui.dll
9:41:18 PM | Registered: C:\WINDOWS\system32\twext.dll
9:41:21 PM | DllInstalled: C:\WINDOWS\system32\urlmon.dll
9:41:21 PM | Registered: C:\WINDOWS\system32\urlmon.dll
9:41:21 PM | Registered: C:\WINDOWS\system32\userenv.dll
9:41:21 PM | Error 127: C:\WINDOWS\system32\webcheck.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
9:42:08 PM | Error 127: C:\WINDOWS\system32\webcheck.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
9:42:58 PM | Registered: C:\WINDOWS\system32\webvw.dll
9:42:58 PM | Registered: C:\WINDOWS\system32\winhttp.dll
9:42:58 PM | DllInstalled: C:\WINDOWS\system32\wininet.dll
9:42:59 PM | Registered: C:\WINDOWS\system32\zipfldr.dll
9:42:59 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdadc.dll
9:42:59 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaenum.dll
9:42:59 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaer.dll
9:43:00 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaipp.dll
9:43:00 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaora.dll
9:43:00 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaosp.dll
9:43:00 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaps.dll
9:43:01 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasc.dll
9:43:01 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasql.dll
9:43:01 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdatt.dll
9:43:01 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaurl.dll
9:43:01 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msxactps.dll
9:43:02 PM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32.dll
9:43:02 PM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32r.dll
9:43:02 PM | Registered: C:\Program Files\Common Files\system\Ole DB\sqloledb.dll
9:43:03 PM | Registered: C:\Program Files\Common Files\system\Ole DB\sqlxmlx.dll
-
Please run SFC again as instructed in Reply # 14
-
Please run SFC again as instructed in Reply # 14
Should I disable my anti-virus and firewall first this time??
-
Should I disable my anti-virus and firewall first this time??
No. Not necessary.
-
Ok. Ran it again. No errors this time. Ran much faster too. But nothing seems to have changed with the computer. After I rebooted I tried to access windows update to no avail. IE ended up hanging up and I had to end task.
-
- Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
-
It found one error that it cured. After reboot I am able to acess the windows update site!! ;D Should I go ahead and get and install my updates?
Here is the report:
2011/01/06 22:04:09.0390 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/06 22:04:09.0390 ================================================================================
2011/01/06 22:04:09.0390 SystemInfo:
2011/01/06 22:04:09.0390
2011/01/06 22:04:09.0390 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/06 22:04:09.0390 Product type: Workstation
2011/01/06 22:04:09.0390 ComputerName: THOMAS-BBFF0909
2011/01/06 22:04:09.0390 UserName: Dad
2011/01/06 22:04:09.0390 Windows directory: C:\WINDOWS
2011/01/06 22:04:09.0390 System windows directory: C:\WINDOWS
2011/01/06 22:04:09.0390 Processor architecture: Intel x86
2011/01/06 22:04:09.0390 Number of processors: 2
2011/01/06 22:04:09.0390 Page size: 0x1000
2011/01/06 22:04:09.0390 Boot type: Normal boot
2011/01/06 22:04:09.0390 ================================================================================
2011/01/06 22:04:10.0750 Initialize success
2011/01/06 22:05:12.0687 ================================================================================
2011/01/06 22:05:12.0687 Scan started
2011/01/06 22:05:12.0687 Mode: Manual;
2011/01/06 22:05:12.0687 ================================================================================
2011/01/06 22:05:13.0046 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/06 22:05:13.0093 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/06 22:05:13.0171 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/06 22:05:13.0218 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/06 22:05:13.0281 afw (f85e257cae6133fcda85332fa52b455e) C:\WINDOWS\system32\DRIVERS\afw.sys
2011/01/06 22:05:13.0328 afwcore (90b57bf63271cd3df6bb264f91e0be35) C:\WINDOWS\system32\drivers\afwcore.sys
2011/01/06 22:05:13.0468 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/06 22:05:13.0578 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/01/06 22:05:13.0609 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/06 22:05:13.0625 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/06 22:05:13.0703 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/06 22:05:13.0734 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/06 22:05:13.0781 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/01/06 22:05:13.0812 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/01/06 22:05:13.0875 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/01/06 22:05:13.0890 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/01/06 22:05:13.0937 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/01/06 22:05:13.0984 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/01/06 22:05:14.0015 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/01/06 22:05:14.0046 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/01/06 22:05:14.0109 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/06 22:05:14.0171 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/06 22:05:14.0218 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/06 22:05:14.0250 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/06 22:05:14.0296 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/06 22:05:14.0453 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/06 22:05:14.0531 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/06 22:05:14.0593 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/06 22:05:14.0625 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/06 22:05:14.0671 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/06 22:05:14.0718 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/06 22:05:14.0765 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/01/06 22:05:14.0828 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/06 22:05:14.0859 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/06 22:05:14.0890 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/06 22:05:14.0906 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/06 22:05:14.0953 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/06 22:05:15.0000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/06 22:05:15.0015 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/06 22:05:15.0046 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/06 22:05:15.0078 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/06 22:05:15.0156 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/06 22:05:15.0203 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/06 22:05:15.0265 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/01/06 22:05:15.0312 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/01/06 22:05:15.0343 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/01/06 22:05:15.0421 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/06 22:05:15.0546 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/06 22:05:15.0562 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/06 22:05:15.0656 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/06 22:05:15.0703 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/06 22:05:15.0750 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/06 22:05:15.0796 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/06 22:05:15.0828 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/06 22:05:15.0875 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/06 22:05:15.0921 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/06 22:05:15.0953 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/06 22:05:15.0984 iviVD (7bd8ff29fecc1f4ef5b26ce3ffa80ae8) C:\WINDOWS\system32\DRIVERS\iviVD.sys
2011/01/06 22:05:16.0015 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/06 22:05:16.0046 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/06 22:05:16.0093 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/06 22:05:16.0125 L8042Kbd (5a11400ea1f0a106fe7edb28c270f7b8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/01/06 22:05:16.0156 L8042mou (20c919b52897b72ebcb2ad2fc29d8ef0) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2011/01/06 22:05:16.0218 LMouKE (90a794d0a0bf3531c4ba1c0510449629) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2011/01/06 22:05:16.0250 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/06 22:05:16.0296 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/06 22:05:16.0312 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/06 22:05:16.0359 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/06 22:05:16.0375 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/06 22:05:16.0437 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/06 22:05:16.0484 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/06 22:05:16.0531 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/06 22:05:16.0546 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/06 22:05:16.0593 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/06 22:05:16.0640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/06 22:05:16.0687 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/06 22:05:16.0734 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/06 22:05:16.0765 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/06 22:05:16.0796 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/06 22:05:16.0828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/06 22:05:16.0859 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/06 22:05:16.0890 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/06 22:05:16.0937 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/06 22:05:16.0968 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/06 22:05:17.0031 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/06 22:05:17.0046 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/06 22:05:17.0093 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/06 22:05:17.0140 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/06 22:05:17.0281 nv (920d2d77a9c17dc628123d16eeea5c22) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/06 22:05:17.0406 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/06 22:05:17.0421 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/06 22:05:17.0453 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/06 22:05:17.0484 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/06 22:05:17.0515 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/06 22:05:17.0562 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/06 22:05:17.0578 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/06 22:05:17.0609 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/06 22:05:17.0656 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/06 22:05:17.0796 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
2011/01/06 22:05:17.0843 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
2011/01/06 22:05:17.0937 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/06 22:05:17.0984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/06 22:05:18.0000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/06 22:05:18.0031 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/01/06 22:05:18.0171 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/06 22:05:18.0218 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/06 22:05:18.0234 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/06 22:05:18.0250 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/06 22:05:18.0281 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/06 22:05:18.0328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/06 22:05:18.0359 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/06 22:05:18.0406 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/06 22:05:18.0453 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/06 22:05:18.0515 RTSTOR (578d3aa8c0b8a575839d451a142d2973) C:\WINDOWS\system32\drivers\RTSTOR.SYS
2011/01/06 22:05:18.0593 SandBox (57ef0a92bada411c563384c08a4a25cd) C:\WINDOWS\system32\drivers\SandBox.sys
2011/01/06 22:05:18.0656 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/01/06 22:05:18.0671 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/01/06 22:05:18.0734 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/06 22:05:18.0796 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/06 22:05:18.0828 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/06 22:05:18.0875 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/06 22:05:18.0921 sfng32 (71011e31a67514be6e5468734766f673) C:\WINDOWS\system32\drivers\sfng32.sys
2011/01/06 22:05:19.0015 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/06 22:05:19.0062 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/06 22:05:19.0109 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/06 22:05:19.0171 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/06 22:05:19.0218 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/06 22:05:19.0312 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/06 22:05:19.0359 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/06 22:05:19.0406 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/06 22:05:19.0421 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/06 22:05:19.0468 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/06 22:05:19.0562 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/06 22:05:19.0625 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/06 22:05:19.0671 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/06 22:05:19.0734 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/01/06 22:05:19.0781 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/06 22:05:19.0843 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/06 22:05:19.0875 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/06 22:05:19.0921 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/06 22:05:19.0953 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/06 22:05:20.0000 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/06 22:05:20.0031 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/06 22:05:20.0062 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/06 22:05:20.0125 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/06 22:05:20.0187 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/06 22:05:20.0250 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/06 22:05:20.0328 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/01/06 22:05:20.0390 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/06 22:05:20.0437 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/06 22:05:20.0437 ================================================================================
2011/01/06 22:05:20.0437 Scan finished
2011/01/06 22:05:20.0437 ================================================================================
2011/01/06 22:05:20.0453 Detected object count: 1
2011/01/06 22:05:33.0281 \HardDisk0 - will be cured after reboot
2011/01/06 22:05:33.0281 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/06 22:05:45.0296 Deinitialize success
-
Should I go ahead and get and install my updates?
Yes, please. Let me know how that goes, then we'll do some cleanup.
-
Ok. Things are running a lot better than they were! My browser is not redirecting anymore. Internet Explorer seems to be running trouble free so far.
There wasn't many critical updates. It started with just one, then after that one another one popped up, then one last one. They were all related to Microsoft .NET Framework. At first it told me that I had that update hidden and had to unhide it. The first was Framework itself 1.1 sp 1 . Then there was two security updates for that. (kb982670) and (kb2416447).
I have not gotten the Generic Host Processes error the last few times I have booted up, however should I go to the link you provided in reply #1 and download the hotfix??
I am still getting the jsched.exe has encountered a problem and needed to shut down.
The last few times I have shut down I have gotten a end program message that program - n is not responding.
There are several optional updates that ms is offering. Do I need any of these??
Update for Internet Explorer 8 Compatibility View List for Windows XP (KB2447568)
Update for Root Certificates [October 2010] (KB931125)
Windows PowerShell 2.0 and WinRM 2.0 for Windows XP and Windows Embedded (KB968930)
Update for Windows XP (KB971513)
Windows Search 4.0 for Windows XP (KB940157)
Microsoft Silverlight (KB2416427)
-
I am still getting the jsched.exe has encountered a problem and needed to shut down.
You can try this (http://www.howtogeek.com/howto/windows-vista/what-is-juschedexe-and-why-is-it-running/)to disable it. If that doesn't work, we can try a new install. Please let me know.
There are several optional updates that ms is offering. Do I need any of these??
You should download them. Any program that is not kept up-to-date is a breeding ground for infections.
-
So far so good on the jusched.exe. Doesn't seem to be popping up and I scheduled the it in my tasks.
I think I am all updated now!!
-
Ok. If there's nothing else, let's do some cleanup.
You may keep SAS and MBAM, if you wish. Update them and run them on a regular basis.
Delete the Combo-Fix.exe file, C:\Combo-Fix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combo-fix.txt and C:\Combo-Fix-quarantined-files.txt
You may have a problem deleting one of the folders. In that case, just empyt the folder of whatever files you can and leave it.
**********************************************
To turn off Windows XP System Restore:
NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.
To turn on Windows XP System Restore:
1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
This will give you a new, clean Restore Point.
************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
**************************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
Dave, when I ran the Secunia Software Inspector it said that I needed to update my Internet Explorer and I should go to windows update to get a bunch of missing patches. But when I go to windows update it tells me there are no updates for my computer. What should I do? Here is the info from the scan:
This installation of Microsoft Internet Explorer 8.x is insecure and potentially exposes your system to security threats!
Your system does not have all security related patches from Microsoft installed. Please see list below for details about the missing patches.
Update Instructions:
Download via Microsoft Windows Update.
Missing KB Articles:
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB980195
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB980195
KB980195
KB980195
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
-
I have ran the software inspector several times from both IE and firefox. I was able to update all the software except fro the IE patches listed above, and also it keeps saying I need to update my firefox from version 3.5.10 to the latest 3.5.16. I have downloaded the upgrade several times, and when I check from in firefox it says I am running version 3.5.16. I also checked for updates from within firefox and it said no updates were available.
-
when I go to windows update it tells me there are no updates for my computer. What should I do?
I would tend to agree with MicroSoft.
This installation of Microsoft Internet Explorer 8.x is insecure and potentially exposes your system to security threats!
I think IE9 is out now. I'll have to upgrade mine soon.
I have downloaded the upgrade several times, and when I check from in firefox it says I am running version 3.5.16. I also checked for updates from within firefox and it said no updates were available.
I wouldn't worry about Firefox too much, if I were you. One day you'll open it and it will tell you to upgrade. My version is also 3.5.16 and I upgrade not too long ago.
-
Ok. Followed all your instructions and suggestions. So far machine is running well. Thanks so much for all your help!!