Computer Hope

Software => Computer viruses and spyware => Topic started by: missypoo on February 17, 2008, 01:26:20 PM

Title: Can you take a look at my Log : )
Post by: missypoo on February 17, 2008, 01:26:20 PM

Having trouble loading certian websites. And can't list anything on ebay (can't download pics or type in the description section). Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:42 PM, on 2/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\Windows\Temp\CTun.exe" "/remove"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 17, 2008, 01:26:40 PM

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E35149B6-E070-41EA-983F-F82A7418719B}: NameServer = 166.102.165.11 166.102.165.13
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: dizening - {70d17a5f-ef27-4295-90f5-20ad6f24834f} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10438 bytes

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 17, 2008, 02:12:47 PM

Open Hijackthis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O22 - SharedTaskScheduler: dizening - {70d17a5f-ef27-4295-90f5-20ad6f24834f} - (no file)

Important: Close all windows except for Hijackthis and then click Fix checked.

Exit Hijackthis.

You will need to do the steps in this post (http://www.computerhope.com/forum/index.php/topic,46313.msg290095.html#msg290095) as there are multiple questionable entries in the HJT log.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 17, 2008, 02:34:14 PM

I did what you said I got this error:

Error:

An unexpected error has occured at procedure:
modBackup_MakeBackup(sItem=022 - Shared Task Scheduler: dizening - {70d17a5f-ef27-4295-90f5-20ad6f24834f} - (no file))

Error #5 - Invalid procedure call or argument

Now what do I do? :'(

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 17, 2008, 02:37:21 PM

Quote from: evilfantasy on February 17, 2008, 02:12:47 PM

You will need to do the steps in this post (http://www.computerhope.com/forum/index.php/topic,46313.msg290095.html#msg290095) as there are multiple questionable entries in the HJT log.

You have malware on the computer.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 17, 2008, 02:39:26 PM

I sent that error report to HijackThis and received this popup:

HijackThis is about to remove a BHO and the corresponding file from your system. Close all IE Windows AND all Windows Explorer Windows before continuing for the best chance of success.

Should I click on OK? I wanted to ask this before I do it. Please let me know : )

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 17, 2008, 02:51:17 PM

Yes, that is normal.

You will still need to work through the removal instructions and post the logs. There are more entries that need to be cleaned.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 17, 2008, 02:57:40 PM

Now my file tool tabs are missing on the very top of the screen. How can I get them back?

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 17, 2008, 03:04:16 PM

Another ? I have Norton Internet Security on my PC. That is not the same as an anti-virus software is it?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 17, 2008, 03:06:14 PM

Norton Internet Security has antivirus included as far as I know.

Open Hijackthis and select View list of Backups.

Check the most recent one and then click Restore.

Next go to work the removal steps.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 17, 2008, 03:11:49 PM

I went to click on HijackThis and now a popup says Out of Memory And I can't uninstall it.

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 17, 2008, 03:13:12 PM

Try a system restore to get it back to where it was.

http://www.howtogeek.com/howto/windows-vista/using-windows-vista-system-restore/

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 17, 2008, 03:14:53 PM

I'm unable to do a system restore. I have tried it over and over, but it keeps saying error. Any more suggestions : )

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 17, 2008, 03:18:47 PM

Right click the C drive in Windows Explorer, choose properties. On the tools
tab, you will find error checking. Run that.

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 17, 2008, 03:23:19 PM

You may want to try and restore the HJT Backup form safe mode.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 17, 2008, 03:35:39 PM

I ran that scan like you said and there was nothing posted. I had to restart my PC for it to start the scan. I have tried running the system restore in safe mode and still it says the same thing Error.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 17, 2008, 03:38:16 PM

I found out just now on how to get my File Edit View Favorites Tools Help to come back on my screen. It was locked, so I fixed that. I would love to find out why I haven an error on my system restore though

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 17, 2008, 03:45:02 PM

I don't know, were you able to see if it is turned on?

I hate to keep harping on the removal thread but until those steps are complete we may not know what is wrong. It could be malware related, which is why I keep going back to it.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 17, 2008, 03:55:29 PM

So sorry, I will try the steps now and see if that will help : )

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 17, 2008, 07:23:05 PM

Is it normal for the SUPERAntiSpyware to scan for 3 hours? That's how long it's been scanning now. When I first installed this program yesterday, it only took 40 min to do the full scan. But now that I read to configure the scan, it's taking forever. Is it normal? Should I let it keep scanning. BTW there is no threats so far, but there was some yesterday when I first scanned it.

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 17, 2008, 07:29:57 PM

Did you do the Dr Web scan yet? And did it find anything?

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 17, 2008, 08:13:06 PM

Can I run that scan while the SUPERAntiSpyware is still scanning? It's at 4 hours now and still no threats

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 17, 2008, 08:20:35 PM

No stop it from scanning and run this instead.

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)

Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)
Link #3 (http://forospyware.com/sUBs/Beta/ComboFix.exe)

Important! Combofix.exe MUST be saved to and ran from the Desktop.

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
- Click this link (http://bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
- If yours is not listed and you don't know how to disable it, please ask.
Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
Double click combofix.exe & follow the prompts.
- From the keyboard select 1 and press Enter[/COLOR]
- When finished, it will produce a log for you.
- Post that log in your next reply.
Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall
- If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
- Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
.
----------

Next post please add
Combofix log

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 17, 2008, 08:49:55 PM

link #1 says this:

Sorry, 'www.download.bleepingcomputer.com' does not exist or is not available

link #2 reads the same thing and the third link is in spanish

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 17, 2008, 08:55:08 PM

Fixed.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 17, 2008, 09:00:16 PM

Do all three? And before I start this the popup window reads run or save. Which one do I click?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 17, 2008, 09:00:56 PM

You only need one. Choose to save it to the desktop.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 17, 2008, 09:13:39 PM

how do I disable the SUPERAntiSpyware?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 17, 2008, 09:22:49 PM

It shouldn't interfere, just disable the antivirus.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 17, 2008, 09:25:26 PM

ok I disabled the Norton Internet Security. Now I will try to do the steps.

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 17, 2008, 09:26:28 PM

Ok, should take around 10 minutes, I will be here.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 17, 2008, 09:55:31 PM

I did the scan and copied the log, but then all all my icons disappeared and I had no way to get back to anysites. So I had to shut the PC and of course it lost the log that I copied. Is that suppose to happen?

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 17, 2008, 09:56:46 PM

If you have any more ideas, please let me know. I took some nyquil and it's kicking in, but I hope you will be on tomorrow morning. I plan on fixing this problem lol. Talk to you tomorrow : ) don't give up on me just yet!

Melissa

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 17, 2008, 10:00:39 PM

Go to C:\Combofix.txt and get the log from there.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 07:23:25 AM

I found the combofix log:

ComboFix 08-02-18.1 - Mikkelsen 2008-02-17 22:36:02.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.267 [GMT -6:00]
Running from: C:\Users\Mikkelsen\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://ceement.rssx.hp.com
.
((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-17 14:03 . 2008-02-17 14:03   <DIR>   d--------   C:\Program Files\Trend Micro
2008-02-17 11:31 . 2008-02-17 11:31   <DIR>   d--------   C:\Users\All Users\SUPERAntiSpyware.com
2008-02-17 11:31 . 2008-02-17 11:31   <DIR>   d--------   C:\ProgramData\SUPERAntiSpyware.com
2008-02-17 11:30 . 2008-02-17 11:30   <DIR>   d--------   C:\Users\Mikkelsen\AppData\Roaming\SUPERAntiSpyware.com
2008-02-17 11:30 . 2008-02-17 22:17   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2008-02-15 20:48 . 2008-02-15 20:48   <DIR>   d--------   C:\Users\All Users\Avg7
2008-02-15 20:48 . 2008-02-15 20:48   <DIR>   d--------   C:\ProgramData\Avg7
2008-02-05 09:19 . 2008-02-12 17:48   <DIR>   d--------   C:\Program Files\CCleaner
2008-01-31 03:02 . 2007-01-03 19:20   1,732   --a------   C:\Windows\System32\drivers\nvphy.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 17:29   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 02:27   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-02-16 02:26   ---------   d-----w   C:\Program Files\NewSoft
2008-02-12 23:48   ---------   d-----w   C:\ProgramData\WildTangent
2008-02-12 23:48   ---------   d-----w   C:\Program Files\Microsoft Works
2008-02-12 23:48   ---------   d-----w   C:\Program Files\Google
2008-02-12 23:48   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-02-12 23:48   ---------   d-----w   C:\Program Files\Common Files\SureThing Shared
2008-02-12 22:27   ---------   d-----w   C:\Program Files\MSN Messenger
2008-02-12 18:07   642   ----a-w   C:\Users\Mikkelsen\AppData\Roaming\wklnhst.dat
2008-02-12 18:04   ---------   d-----w   C:\ProgramData\Symantec
2008-02-01 21:50   ---------   d-----w   C:\Program Files\Windows Sidebar
2008-02-01 21:50   ---------   d-----w   C:\Program Files\Windows Mail
2008-01-15 15:54   10,537   ----a-w   C:\Windows\system32\drivers\COH_Mon.cat
2008-01-15 11:28   706   ----a-w   C:\Windows\system32\drivers\COH_Mon.inf
2008-01-13 00:32   23,904   ----a-w   C:\Windows\system32\drivers\COH_Mon.sys
2008-01-09 09:08   802,816   ----a-w   C:\Windows\system32\drivers\tcpip.sys
2008-01-09 09:08   24,064   ----a-w   C:\Windows\System32\netcfg.exe
2008-01-09 09:08   22,016   ----a-w   C:\Windows\System32\netiougc.exe
2008-01-09 09:08   216,760   ----a-w   C:\Windows\system32\drivers\netio.sys
2008-01-09 09:08   167,424   ----a-w   C:\Windows\System32\tcpipcfg.dll
2008-01-09 09:05   11,776   ----a-w   C:\Windows\System32\sbunattend.exe
2007-12-23 05:48   ---------   d-----w   C:\Program Files\Common Files\Adobe
2007-12-12 09:07   1,327,104   ----a-w   C:\Windows\System32\quartz.dll
2007-12-12 09:06   9,728   ----a-w   C:\Windows\System32\LAPRXY.DLL
2007-12-12 09:06   223,232   ----a-w   C:\Windows\System32\WMASF.DLL
2007-12-12 09:05   824,832   ----a-w   C:\Windows\System32\wininet.dll
2007-12-12 09:05   56,320   ----a-w   C:\Windows\System32\iesetup.dll
2007-12-12 09:05   52,736   ----a-w   C:\Windows\AppPatch\iebrshim.dll
2007-12-12 09:05   26,624   ----a-w   C:\Windows\System32\ieUnatt.exe
2007-12-12 09:03   3,504,824   ----a-w   C:\Windows\System32\ntkrnlpa.exe
2007-12-12 09:03   3,470,520   ----a-w   C:\Windows\System32\ntoskrnl.exe
2007-08-29 08:14   174   --sha-w   C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 03:05 1232896]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-16 16:59 1480296]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 06:34 2159104 C:\Windows\System32\oobefldr.dll]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 12:49 4670968]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 06:35 125440]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 09:06 700416]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-01 23:26 171448]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2007-08-29 10:55 1347584]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 06:36 201728]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-11 02:01 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 07:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 09:16 65536]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 04:57 3784704 C:\Windows\RtHDVCpl.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 08:12 71176]
"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2006-11-03 10:01 319488]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24 54840]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 20:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 20:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 20:15 81920]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [2007-01-15 12:36:13 34520]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080215.002\IDSvix86.sys [2008-02-13 10:18]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 10:44]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-08-31 13:54]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 10:34]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-28 07:39:04 C:\Windows\Tasks\HPCeeScheduleForMikkelsen.job"
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe!HPCeeScheduleForMikkelsen (null)
"2008-02-15 07:42:02 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mikkelsen.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-02-18 02:11:04 C:\Windows\Tasks\User_Feed_Synchronization-{5CEA02D6-9241-486C-976D-525FAA476D9A}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 22:39:58
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-17 22:40:37
ComboFix-quarantined-files.txt 2008-02-18 04:40:35
.
2008-01-31 09:02:51   --- E O F ---

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 09:48:18 AM

I don't see anything there.

Please download DrWeb CureIt (http://www.freedrweb.com/) & save it to your desktop.

Scan with DrWeb-CureIt as follows:

Double-click on drweb-cureit.exe and then click Start.
An Express Scan of your PC notice will appear.
Under Start the Express Scan Now Click OK to start.
- This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
Once the short scan has finished, Click Options > Change settings
Choose the Scan tab and UNcheck Heuristic analysis and click OK
Back at the main window, select the Complete scan button.
Then click the Green Arrow (http://i154.photobucket.com/albums/s258/evilfantasy69/drweb.jpg) Start Scanning button on the right and the scan will start.
- Click Yes to all if it asks if you want to cure/move any file(s).
When the scan is done.
In the Dr.Web CureIt menu on top left, click File and choose Save report list.
Save the DrWeb.csv report to your Desktop.
Exit Dr.Web Cureit.

Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

After reboot. Leave the Dr. Web CureIt log on the desktop.

Copy and paste that log in the next reply.
.
----------

Please use Panda's NanoScan (http://www.nanoscan.com/as/index/)

Under Scan Now click the Full Scan button
Follow the prompts to install the Active X if necessary
When the scan is finished, a report will be generated
Next to Scan Details click the small Save button and save the report to your desktop.
Please post the report in your reply.

.
----------

Next post
Dr Web log
Nano Scan log

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 10:00:44 AM

Ok, I'm downloading the DrWeb CureIt, is it normal for the process to take awhile? It's says estimate time is like 48 minutes total.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 10:06:03 AM

Oh great! While it was downloading an error popped up. It said this:

Internet Explorer cannot download cureit.exe from ftp.drweb.com.
The operation timed out.

Now what?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 10:15:51 AM

Try this first.

Download and install CleanUp!.exe (http://www.stevengould.org/downloads/cleanup/CleanUp452.exe)

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:

Click Options...
Move the arrow to Standard CleanUp!
Uncheck the following: (if checked)
- Delete Newsgroup cache
- Delete Newsgroup Subscriptions
Click OK

Click the CleanUp! button to start the program. Reboot/logoff when prompted.

Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 10:31:00 AM

Hate to admit this, but I don't know how to do backups and don't know if I have a 64 bit OS. How can I do that?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 10:33:50 AM

It isn't a 64bit.

Follow these steps to create a backup of the registry.

Click the Start button, then click Run.
Type REGEDIT, then click OK.
- The Registry Editor opens.
Choose File, Export Registry File.
Verify the following entries in the Export Registry File Dialog Box:
Save in: Desktop
File Name: Registry Backup
Export Range: All

Click Save.
Exit the Registry Editor.
Verify you have an icon titled REGISTRY BACKUP.REG on the Desktop.

CAUTION: Do not double-click the REGISTRY BACKUP.REG file on your Desktop unless you intend to undo your changes or need to restore the Registry.

Immediately verify the effect of your changes by restarting the computer.
Once you have verified that the changes to the registry:
If there are any problems.
- Restore it immediately by Right clicking the REGISTRY BACKUP.REG and choose Merge.
If there are no problems.
- Delete the REGISTRY BACKUP.REG file from the desktop.

Do not allow the REGISTRY BACKUP.REG file to remain on the desktop beyond the testing period to avoid inadvertently double-clicking it.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 10:38:11 AM

I don't know how to get to the RUN key. I knew how to do it when I had XP. Where do I find it on Vista?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 10:42:41 AM

Press the Windows+R keys.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 11:04:38 AM

I restarted the computer after doing the backup process. Do I delete it now? If so, how do I get rid of it?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 11:18:43 AM

If everything is running OK then delete it.

Try the Dr Web again.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 02:48:18 PM

Sorry it took me awhile to reply. I was able to do the scan, but when you said to Save Report List, I was unable to click it because it was greyed out. But good new is that it detected no threats. What's next?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 02:50:52 PM

Post a fresh Hijackthis log please.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 02:56:53 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:42 PM, on 2/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\Windows\Temp\CTun.exe" "/remove"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 02:57:08 PM

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 03:08:58 PM

Disabling Windows Defender

Please disable WD until Hijackthis is finished.

Open Windows Defender
Click Tools
Click General Settings
Scroll down to Real Time Protection Options
Uncheck Turn on Real Time Protection (recommended)
After you uncheck this, click on the Save button
Close Windows Defender

----------

Open Hijackthis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O22 - SharedTaskScheduler: dizening - {70d17a5f-ef27-4295-90f5-20ad6f24834f} - (no file)

Important: Close all windows except for Hijackthis and then click Fix checked.

Exit Hijackthis.

----------

Scan Suspicious File(s)

Please visit one of the following:
(Multiple sites are given in case one is not working)

Virustotal (http://www.virustotal.com/en/indexf.html)
Jotti's malware scan (http://www.virusscan.jotti.org/)
VirSCAN.org (http://www.virscan.org/)

Copy the file path in the code box below.

Code: [Select]

C:\Windows\Temp\CTun.exe

At the upload site, click once inside the window next to Browse.
Press Ctrl+V on the keyboard (both at the same time) to paste the file path in the window.
Next click Send File/Submit/Upload (depending on the site)
- Your file will possibly be entered into a queue which normally takes less than a minute to clear.
This will perform a scan across multiple different virus scanning engines.
Please wait for all of the scanning engines to complete.
Copy and then Paste the results in the next reply.

.
----------

Next post
File scan report

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 03:22:19 PM

That's odd. Now the O22 - SharedTaskScheduler: dizening - {70d17a5f-ef27-4295-90f5-20ad6f24834f} - (no file)
is missing from the log now. I found the other two, what do I do now?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 03:23:10 PM

Scan Suspicious File

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 03:27:09 PM

I don't understand what you mean by that. I did check the boxes of the other two you mentioned. I can't see where it says to scan for suspicious file. Remember I'm not computer savvy : ) I need the step by step method if you will...

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 03:28:52 PM

The Hijackthis instructions say (if there)

It wasn't there so go on with the next Scan Suspicious File instructions.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 03:31:34 PM

OHH!! You mean your next list for me to do. Okay. You need to be more specific with me : )

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 03:33:19 PM

None of those links work for me. Cannot display webpage is what I'm getting from my end.

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 03:34:45 PM

Sorry, fixed now.

That is getting frustrating to me also.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 03:39:51 PM

I'm sorry : ( All I want to do is fix my ebay so I can view the gallery pictures and to list. Without having the option of loading my pics and not able to use the description section, I hate it!! I still can't log onto my yahoo mail or even go to my yahoo answers, but get this, I can get on the Yahoo homepage. Shitzu, I need a smoke, I'll brb and do what you said.

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 03:41:47 PM

If the spyware scans would just work we would be done by now.

I am beginning to think it isn't malware.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 03:45:51 PM

Ok before I go any further. I wanted to tell you again what I think happened. I don't know if all this could affect my PC, but everything was going good on my computer. Then I found out my son was looking into adult web sites. Could he have triggered something to make going into certain websites a no go? Now everytime I look at my Outlook Express Mail, it disconnects my internet.

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 03:47:49 PM

Yes, he could have downloaded something that would make the computer act funny.

After the file scan we are going to do two more scans to tell if it is malware or not. (if they will run)

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 03:54:57 PM

I can't upload that in any of the links you gave me.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 03:58:41 PM

this is what I copied and pasted:

O22 - SharedTaskScheduler: dizening - {70d17a5f-ef27-4295-90f5-20ad6f24834f} - (no file

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 04:01:00 PM

It should have been this. C:\Windows\Temp\CTun.exe

----------

After you post the results from that follow through with the rest of these instructions.

(http://i154.photobucket.com/albums/s258/evilfantasy69/javaicon.jpg) Your Java is out of date.
Older versions of Java have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version(s) of Java components and update.

Step 1 - Get the new version

Go to the Sun Java Download Page (http://www.java.sun.com/javase/downloads/index.jsp")
On the Sun Java page scroll to the 4th download.
(http://i154.photobucket.com/albums/s258/evilfantasy69/java.jpg)
Click the (http://i154.photobucket.com/albums/s258/evilfantasy69/javabutton-1.jpg) button and choose the options.
- Platform Windows
- Language English
- Next place a check mark in the box to agree to the License Agreement.
"I agree to the Java SE Runtime Environment 6 License Agreement"
Click Continue
Click on the link to download Windows Offline Installation and save to your desktop.
Then from your desktop double-click on jre-6u4-windowsi586-p.exe to install the newest version.
Follow the prompts to complete the installation.

Step 2 - Remove old version(s)

Close any programs you may have running - especially your web browser.
Go to Start > Control Panel > Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Do not remove Java 6 Update 4
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each old Java version.
Restart your computer once all Java components are removed.

.
----------

Go to http://secunia.com/software_inspector

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

----------

Please use Panda's NanoScan (http://www.nanoscan.com/as/index/)

Under Scan Now click the Full Scan button
Follow the prompts to install the Active X if necessary
When the scan is finished, a report will be generated
Next to Scan Details click the small Save button and save the report to your desktop.
Please post the report in your reply.

----------

Next post
Nanoscan log

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 04:03:46 PM

Ok here is this first:

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 04:04:55 PM

Of all the sites I can't load that Java is one of them :'(

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 04:07:33 PM

Try this one.

http://java.sun.com/javase/downloads/?intcmp=1281

Go down to the 4th download

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 04:13:06 PM

Nope. Just a blank screen. It's like it wants to load, but it won't. I just see the little circle going around and around on the bar. I just noticed that on the bottom of my screen on the right side, it says Unknown Zone when I try to load the Java site.

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 04:14:53 PM

Click here (direct download link) http://filehippo.com/download/f02d30cdfe56c8b0fdae60a597b011cb/download/

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 04:17:14 PM

Okay I got onto that site you just posted. There is a yellow bar message on top stating:

To help protect your security, IE blocked this site from downloading files to your computer. Click here for options....

What do I do?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 04:18:45 PM

Allow it to download.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 04:20:47 PM

Is it under Popular Downloads?

Java Runtime Environment 1.6.0.4

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 04:22:37 PM

Java Runtime Environment 1.6.0.4 is the one you want.

After it is installed go into add/remove programs and uninstall the old version, it should be Java jre1.5.0_10 (or similar).

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 04:30:14 PM

Just want to make sure before I start this. I currently have J2SE Runtime Environment 5.0 Update 10 on my programs. This one is out of date? And if it is, don't uninstall it yet, but first download the current one?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 04:34:13 PM

Download the current one then delete the J2SE Runtime Environment 5.0

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 04:36:56 PM

Okay, Run or Save? And if Save, do I save it to the desktop?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 04:39:21 PM

Run will start the install and Save will save it to the desktop and thin you will have to double click it to install it.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 04:56:24 PM

Sorry had to fix supper. I installed the current Java and uninstalled the older version. Now what do I do?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 04:58:01 PM

Pick up from here.

http://www.computerhope.com/forum/index.php/topic,51589.msg323907.html#msg323907

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 05:24:48 PM

Okay I'm running the scan from the Secunia site. I'll be back to post what I find.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 05:36:13 PM

This installation of Yahoo! Messenger 8.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 8.1.0.239, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 8.1.0.419.

Update Instructions:
Update to version 8.1.0.419 or later.
http://messenger.yahoo.com/download.php

Vulnerabilities Fixed:
Read about the vulnerabilities fixed with this update in Secunia advisory SA26579 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered.

Installed on Your System in:
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
Adobe Flash Player 9.x 9.0.16.0
This installation of Adobe Flash Player 9.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 9.0.16.0, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 9.0.115.0.

Update Instructions:
Update to version 9.0.115.0.
http://www.adobe.com/go/getflash

NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system.

Vulnerabilities Fixed:
Read about the vulnerabilities fixed with this update in Secunia advisory SA28161 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered.

Installed on Your System in:
C:\Windows\SYSTEM32\Macromed\Flash\Flash9.ocx
Adobe Flash Player 9.x 9.0.47.0
This installation of Adobe Flash Player 9.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 9.0.47.0, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 9.0.115.0.

Update Instructions:
Update to version 9.0.115.0.
http://www.adobe.com/go/getflash

NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system.

Vulnerabilities Fixed:
Read about the vulnerabilities fixed with this update in Secunia advisory SA28161 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered.

Installed on Your System in:
C:\Windows\SYSTEM32\Macromed\Flash\Flash9d.ocx
Macromedia Flash Player 7.x 7.0.14.0
This installation of Macromedia Flash Player 7.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 7.0.14.0, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 9.0.115.0.

Update Instructions:
Update to version 9.0.115.0.
http://www.adobe.com/go/getflash

NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system.

Vulnerabilities Fixed:
Read about the vulnerabilities fixed with this update in Secunia advisory SA28161 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered.

Installed on Your System in:
C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 06:14:48 PM

I can't seem to upgrade my yahoo messenger. It won't let me.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 18, 2008, 07:05:41 PM

I wasn't able to upgrade the yahoo messenger or one of the Adobe downloads. And when I tried to do the Panda Scan it said this:

Sorry, updating is incomplete due to an error. Please try again later. Error 1003.

What do I do now?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 18, 2008, 10:03:22 PM

I'm not sure about the Yahoo messenger. It should be easily done by opening messenger and choosing to update it there.

Use the Adobe Online Uninstaller (http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_14157) to get rid of all remnants.

Then install a Fresh Version (http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash)

Try another scanner from Panda.

Please go HERE (http://www.nanoscan.com/as/index/") to run Panda's TotalScan

Under Scan Now select the option for Full scan and then click Scan Now.
Install the ActiveX control.
It will start downloading the files it requires for the scan.
It may take a couple of minutes, please be patient

The scan will then begin.

When the scan completes
Click the Save button on the right of Scan details.
Save it to a convenient location like the Desktop.
Exit TotalScan.
Post the contents of the TotalScan report in your next post.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 19, 2008, 12:28:23 PM

I still can't update to messenger. I go thru all the steps, but when it comes to the part where it needs to download, it says on the top Not Responding. I updated the Adobe like I mentioned last night, but I still have the old on on there. I can't tell which is which. I suppose just looking on the date will tell me. Should I just uninstall the old one since i have the new on on there?

Good news though! I went onto ebay last night and was able to view the gallery pics on listings and when I went to try to sell something on there, I was able to use the picture loading system. I had a wait a few minutes, but it came up!! I was so happy : ) I wonder if it was because I updated the Java. But still want to find out if my system is clean and why my system restore doesn't work on normal or safe mode.

I posted another problem, which I should have addressed to you first. Here is the link:

http://www.computerhope.com/forum/index.php/topic,51625.0.html

Should I get rid of the ComboFix? And also the other stuff you told me to download? Let me know : )

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 19, 2008, 12:35:36 PM

Yes uninstalling the old one would be best.

I'm not sure what to think about the messenger.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 19, 2008, 12:37:23 PM

Okay what about the other stuff I wrote in my last post?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 19, 2008, 12:48:00 PM

I think that has to do with the system restore. Combofix sets a new restore point when you run it. If the system restore isn't working then that is possibly where the error comes from.

Do you have an Vista CD?

If so, place it in your CD ROM drive and follow the instructions below:

Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
- Let this run undisturbed until the window with the blue progress bar goes away

SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 19, 2008, 12:50:42 PM

My Vista PC never came with a CD.

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 19, 2008, 12:59:52 PM

Was it a new computer?

What brand?

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 19, 2008, 01:02:08 PM

Yes it was brand new. Got it at Sam's Club. It is a HP Pavilion Slimline s7727c PC.

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 19, 2008, 01:15:38 PM

Try to get the install disk(s) from HP by calling toll free 877-801-5561 (7 a.m.–2 a.m. EST every day)

You will need the model number. Look here (http://h10025.www1.hp.com/ewfrf/wc/genericDocument?docname=bph07555&product=12455&lc=en&dest_page=product&cc=us) for directions on finding the model number. I don't know if HP ships them free but others do, or they charge for shipping.

I is very important to have the install disk. I thought companies started shipping them again but maybe not and I am pretty sure it will be needed.

----------

Use the Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html)

Click Accept.
Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
- Extended
Scan Options:
Scan Archives
- Scan Mail Bases

Click OK & have it scan My Computer

When the scan is done, in the Scan is complete window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

(http://i154.photobucket.com/albums/s258/evilfantasy69/kscancomplete.jpg)

To obtain the report:
Click on: Save Report As... (shown above)
Next, in the Save as prompt, Save in area, select: Desktop.
In the File name area, use KScan, or something similar.
In Save as type: click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please add the Kaspersky Online Scanner Report in your next post.

---------------

Next post
Kscan log

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 19, 2008, 01:30:28 PM

Ok, while I'm waiting for the to scan, I wanted to ask another ? about Adobe. I still haven't uninstalled because I need to know how many adobe features I need to have on my PC. This is what I have now:

Adobe Flash player Active X installed 2/18/08
Adobe Reader 7.0.9 installed 12/22/07
Adobe Shockwave Player installed 9/1/07

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 19, 2008, 01:32:56 PM

Create An Uninstall List
.

Start HijackThis
Click on the Open the Misc Tools section
Click on the Open Uninstall Manager button.
Click on the Save list button and specify where you would like to save this file and click Save.
- When you press Save button a notepad will open with the contents of that file.
Copy and paste that list in your reply.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 19, 2008, 01:35:30 PM

Adobe Flash Player ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
AppCore
AV
ccCommon
CCleaner (remove only)
Creative Removable Disk Manager
Creative System Information
Creative ZEN V Series (R2)
DivX
Enhanced Multimedia Keyboard Solution
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hardware Diagnostic Tools
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Active Support Library
HP Active Support Library 32 bit components
HP Connections (remove only)
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Picasso Media Center Add-In
HP Total Care Advisor
HP Update
Java(TM) 6 Update 4
Kaspersky Online Scanner
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
muvee autoProducer 5.0
My HP Games
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
Panda TotalScan
Python 2.4.3
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Soft Data Fax Modem with SmartCP
SPBBC 32bit
SUPERAntiSpyware Free Edition
Viewpoint Media Player
WeatherBug
Windows Live Messenger
Windows Live Sign-in Assistant
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar for Internet Explorer
ZENcast Organizer

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 19, 2008, 01:47:24 PM

Adobe Reader 7.0.9 should be Adobe Reader 8.1.2 - http://www.adobe.com/products/acrobat/readstep2.html

Uninstall:

Viewpoint Media Player <<Foistware
WeatherBug <<Spyware

Safe free (spyware free) weather programs:

WeatherWatcher (http://www.majorgeeks.com/download4190.html)
Weather Exchange (http://www.ambientweather.com/weex1.html)

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 19, 2008, 01:58:58 PM

Shoot how long is that scan going to last for the last part?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 19, 2008, 02:19:37 PM

It takes a while, but it's thorough and will let us know if anything malware related is there.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 19, 2008, 03:32:42 PM

The scan is complete, but when I went to save it, a popup stated that it would be put in the temp. folders. Now I can't find it. But the scan said it didn't detect anything.

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 19, 2008, 04:04:08 PM

It not finding anything supports my thinking that it isn't any longer malware and the repair is needed.

Have you had any luck with HP and the install disk?

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 19, 2008, 04:27:21 PM

I haven't called yet about the CD. But I will. Is it okay if I get rid of the ComboFix? The error popup I get everytime I open IE happened right after I installed it.

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 19, 2008, 04:30:20 PM

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

(http://i154.photobucket.com/albums/s258/evilfantasy69/combofixu-1.jpg)

The above procedure will:

Delete:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present

Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

.

Download OTMoveIt2 by OldTimer OTMoveIt2.exe (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe) and place it on your desktop. (unless you already have it)

1. Double click OTMoveIt2.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

When finished exit out of OTMoveIt2

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 19, 2008, 05:55:04 PM

I was able to download the OTMoveIt, but when I went to click on the Clean Up tab a pop up said Files Access Denied.

Why is that?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 19, 2008, 05:58:23 PM

I will look into it.

It may take a while as I will have to wait on OldTimer to respond. I'll be back.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 19, 2008, 06:00:47 PM

Thanks. I'll check back later to see what you found.

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 19, 2008, 06:01:25 PM

OK, I just sent a message. Don't know how long but hopefully not very.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 19, 2008, 06:04:35 PM

Quck ? for you. Everytime I go onto my Outlook Express, it disconnects me from the internet. Why do you think that happens?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 19, 2008, 06:12:30 PM

Just got a reply on the error.

Quote

Everytime I've seen that the user was either behind a proxy or had an application blocking the download.

Try turning off the firewall and/or antivirus for both the Outlook problem and the OTMoveIt.

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 19, 2008, 06:20:57 PM

Right click OTMoveIt and choose Run as administrator and let me know how that works please.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 19, 2008, 06:25:09 PM

Ok I got the OTMoveIt to work. Now it says:

This system requires a reboot to finish removing files. Do you want to reboot now?

I click yes right?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 19, 2008, 06:27:11 PM

Yes reboot now.

Was running as an administrator that did it?

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 19, 2008, 06:28:33 PM

I think so. First I turned the firewall off my Norton and then ran it. Okay, I'm going to reboot now.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 19, 2008, 06:40:51 PM

Ok I'm back. I still have the ComboFix shortcut on my desktop. How do I get rid of that?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 19, 2008, 06:45:02 PM

Right click > delete.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 19, 2008, 06:47:06 PM

okay. Hey, that OTMoveIt download is gone from my desktop. Is that why I had to reboot?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 19, 2008, 06:53:22 PM

OTMoveIt deletes itself along with everything else.

The reboot helps the process.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 19, 2008, 06:54:07 PM

Is there anything else I should work on?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 19, 2008, 06:55:35 PM

I think we have come to a stopping point.

We would do a few other things but system restore isn't working.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 19, 2008, 07:59:19 PM

What about the Cureit.exe on my desktop? Do I get rid of it?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 19, 2008, 08:02:17 PM

You can keep it if you like. It 's free and good to run occasionally to double check behind the antivirus you have installed.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 19, 2008, 08:19:10 PM

I'm still getting the error box whenever I click on IE. How do I get rid of it?

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 19, 2008, 08:26:41 PM

I will post in the other thread so the others will see and maybe have an idea. At this point I think it is down to getting the install disk to do a repair install.

Title: Re: Can you take a look at my Log : )
Post by: missypoo on February 19, 2008, 09:07:31 PM

Ok. Thanks for all your help and once I get the CD, maybe we can find the problem.

Title: Re: Can you take a look at my Log : )
Post by: evilfantasy on February 19, 2008, 09:12:15 PM

Actually Broni had a good idea of creating a new user account. It may clear up the problems and you can use it in place of the other until you get the disks for a repair.

Creating user accounts in Vista is quite simple, once you figure out where to go in the Control Panel. All of the user account tasks are grouped under the User Accounts and Family Safety option in the Control Panel. Once you open this option, the rest of the process is quite similar to that in Windows XP.

The steps for creating a new user account in Vista are outlined below:

1. Click Start and click Control Panel.
2. Click User Accounts and Family Safety.
3. Under User Accounts, click Add or remove user accounts.
4. Click Create a new account.
5. Type in the account name. Select the account type: Standard or Administrator.
6. Click Create Account.
7. Select the account you just created. Click Create a password.
8. Type in a password for the user account and an option password hint.
9. Click Create password.

You will now be able to log on to the computer using the account name and password you specified.