Computer Hope

Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: SkaterGirl91 on June 07, 2010, 12:19:15 PM

Title: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 07, 2010, 12:19:15 PM

Hello, Right now I'm having trouble installing new Java (errors but I just uninstalled another version and will reboot and try again).

The problem I had long ago was a fake anti-virus program thing that took over the computer and it would reboot as soon as you logged in etc. After allot of different things ended up being able to get everything back by using a boot-cd and manually removing things and using a maleware bytes program. This is a family computer used by myself, parents and siblings. Here are my problems right now, how ever the comp is used everyday without many problems..

1) I can not boot into safe mode. I will try and it acts like its going to go and all the stuff starts scrolling across the screen (like the blah/blah/blah/ file looking stuff) then it just reboots. I know this started with that old attack.

2) System Restore does not work, You click on it the mouse will flash a hourglass for a sec like its going to try and bring it up but it just never comes. I also know this started with the old attack

3) Every time the computer loads up to everyones usernames a error comes up nmsrv.exe application error. I just exit it, it doesn't seem to effect anything?

4) Everytime I log in I get a Pure Platform Networks service, program is needs to close error where it says you can send a report. I just exit it too now. I believe its tied in with my Linksys Easylink advisor because its no longer working and when I try to open Linksys its says its not running, so I try to connect it tries than that same pure platform error pops up and it exits.

Its possible these things are not all related but I was thinking they where...

I'm about to reboot and try to install the new Java again.

If you need other information just let me know, I'm not sure what to provide? If anyone can help me with all this it would be very helpful and Id really appreciate it.

*Edit* woo hoo I just successfully installed java! Just wanted to let you know. :D

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 07, 2010, 03:07:42 PM

Hello, and welcome to Computer Hope.

Please note the following information about the malware forum:

Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.
From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
Please do not attach logs or post them in Quote/Code boxes unless requested.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMP
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 07, 2010, 05:06:28 PM

Thank you for helping me!

Ok, here is the log. I did have an error message that kept popping up. Mostly in the beginning and then it came back up at the end it said

CSCRIPT.cfxxe - Bad Image

The application or DLL C:\WINDOWS\system32\wbem\wbemdisp.dll is not a valid Windows Image. Please check this against your installation diskette.

I just kept clicking ok and the log combofix kept going.

Edit: Didn't realize I need to POST it. I'm doing it now, Sorry.

ComboFix 10-06-07.03 - Rachell 06/07/2010 18:22:04.1.1 - x86
Running from: c:\documents and settings\Rachell\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\HP_Owner\g2mdlhlpx.exe
c:\documents and settings\Rachell\g2mdlhlpx.exe
C:\Thumbs.db
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.8.inf
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\26500.exe
c:\windows\system32\6334.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\twain.dll
c:\windows\Tasks\blsvxkyx.job
c:\windows\Tasks\ghnzgksu.job
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))
.

2010-06-07 18:51 . 2010-06-07 18:50   411368   ----a-w-   c:\windows\system32\deployJava1.dll
2010-06-04 13:46 . 2010-06-05 21:51   --------   d-----w-   c:\documents and settings\Rachell\Local Settings\Application Data\Panda3D
2010-06-03 15:32 . 2010-06-03 15:33   --------   d-----w-   c:\program files\CCleaner
2010-05-13 17:41 . 2010-05-13 17:42   --------   d-----w-   c:\documents and settings\Rachell\Application Data\Ace
2010-05-13 17:41 . 2010-05-13 17:41   --------   d-----w-   c:\documents and settings\Rachell\Local Settings\Application Data\Asobo Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 18:29 . 2010-03-21 16:24   627304   ----a-w-   c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-07 17:58 . 2004-08-07 19:36   --------   d-----w-   c:\program files\Java
2010-06-07 17:08 . 2010-03-20 21:57   --------   d-----w-   c:\program files\Windows Installer Clean Up
2010-06-07 15:54 . 2009-04-26 12:34   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-05-10 22:43 . 2006-02-24 13:59   163712   ----a-w-   c:\windows\system32\drivers\vidstub.sys
2010-05-10 22:40 . 2004-08-07 18:46   4140544   ----a-w-   c:\windows\system32\logonuiX.exe
2010-05-03 12:28 . 2009-11-29 04:31   --------   d-----w-   c:\program files\Opera
2010-04-20 16:27 . 2009-12-06 17:46   --------   d-----w-   c:\program files\Rhapsody
2010-04-19 23:49 . 2004-12-17 23:37   --------   d-----w-   c:\program files\GetSmile
2010-04-09 15:50 . 2008-07-08 14:54   --------   d-----w-   c:\documents and settings\Rachell\Application Data\OpenOffice.org2
2010-03-31 23:42 . 2009-12-16 02:35   33920   ----a-w-   c:\windows\system32\drivers\fsbts.sys
2010-03-22 16:21 . 2006-02-26 16:11   382792   -c--a-w-   c:\documents and settings\Rachell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-10 06:15 . 2004-08-07 18:47   420352   ----a-w-   c:\windows\system32\vbscript.dll
2009-12-11 06:36 . 2006-10-08 17:40   7168   -csha-w-   c:\program files\Thumbs.db
2009-01-21 23:38 . 2009-01-21 23:38   0   -c--a-w-   c:\program files\temp01
2006-07-04 20:26 . 2006-07-04 20:26   16125224   -c--a-w-   c:\program files\Install_Messenger.exe
2006-07-01 17:35 . 2006-07-01 17:35   774144   -c--a-w-   c:\program files\RngInterstitial.dll
2005-03-08 04:28 . 2005-03-08 04:28   685709   -c--a-w-   c:\program files\ascgen_b13.zip
2004-06-08 20:51 . 2004-06-08 20:51   278528   ----a-w-   c:\program files\internet explorer\plugins\PanoViewer.dll
2004-06-08 20:51 . 2004-06-08 20:51   143360   ----a-w-   c:\program files\internet explorer\plugins\UPjpeg.dll
2004-12-13 19:57 . 2004-12-13 17:57   0   -csha-w-   c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b4fec876-9bb2-4397-83f8-f25875933559}]
2010-05-23 18:41   2515552   -c--a-w-   c:\program files\MillBar\tbMil0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2008-10-01 07:40   192960   ----a-w-   c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b4fec876-9bb2-4397-83f8-f25875933559}"= "c:\program files\MillBar\tbMil0.dll" [2010-05-23 2515552]

[HKEY_CLASSES_ROOT\clsid\{b4fec876-9bb2-4397-83f8-f25875933559}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B4FEC876-9BB2-4397-83F8-F25875933559}"= "c:\program files\MillBar\tbMil0.dll" [2010-05-23 2515552]

[HKEY_CLASSES_ROOT\clsid\{b4fec876-9bb2-4397-83f8-f25875933559}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-04-28 353736]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 140288]
"wben"="c:\program files\Starfield\Desktop Notifier\wben.exe" [2009-06-25 338456]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-07-28 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-07 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 221184]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-08-20 483328]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"nwiz"="nwiz.exe" [2008-09-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"F-Secure Manager"="c:\program files\F-Secure PC Protection\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\F-Secure PC Protection\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-07-28 160592]

c:\documents and settings\Rachell\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-3-17 299008]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2005-6-18 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2005-6-18 110592]
Photags AutoDetect.lnk - c:\program files\PhoTags Express\Photags AutoDetect.exe [2007-10-29 368640]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2004-1-29 57344]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-7 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 19:13   49152   ----a-w-   c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-03-13 14:57   226992   ----a-w-   c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^MP3 Rocket (silent).lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\MP3 Rocket (silent).lnk
backup=c:\windows\pss\MP3 Rocket (silent).lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^MP3Rocket (silent).lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\MP3Rocket (silent).lnk
backup=c:\windows\pss\MP3Rocket (silent).lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Documents and Settings\\HP_Owner\\Desktop\\magentic_install.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\HP_Owner\\Desktop\\incredimail_install.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImSc.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"c:\\Program Files\\Disney\\Disney Online\\Toontown\\Toontown.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImPackr.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Keyword Country\\Keyword Country 5.0.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Cosmi\\3D Frog Frenzy\\3D Frog Frenzy.exe"=
"c:\\Program Files\\MP3 Rocket\\MP3Rocket.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\CursorXP\\CursorXP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\Ymsgr_tray.exe"=
"c:\\WINDOWS\\system32\\logonuiX.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\Program Files\\Common Files\\Stardock\\SDMCP.exe"=
"c:\\hp\\KBD\\kbd.exe"=
"c:\\WINDOWS\\system\\hpsysdrv.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Best Buy Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6667:TCP"= 6667:TCP:Port 6667
"443:TCP"= 443:TCP:Port 443
"67:UDP"= 67:UDP:DHCP Discovery Service

R2 gupdate1ca067e846332e0;Google Update Service (gupdate1ca067e846332e0);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 133104]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure PC Protection\ORSP Client\fsorsp.exe [2010-05-17 55992]
R3 XIRLINK;Veo PC Camera;c:\windows\system32\DRIVERS\ucdnt.sys [2001-08-01 805808]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure PC Protection\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure PC Protection\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-03-31 33920]
S0 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2009-08-05 80000]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure PC Protection\HIPS\drivers\fshs.sys [2009-08-05 68064]
S2 litsgt;litsgt;c:\windows\system32\DRIVERS\litsgt.sys [2005-12-25 137344]
S2 tansgt;tansgt;c:\windows\system32\DRIVERS\tansgt.sys [2005-12-25 12032]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure PC Protection\Anti-Virus\minifilter\fsgk.sys [2010-06-02 113864]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{c23dd370-cb79-11d2-898a-00c04f80a47f}]
2009-03-08 08:32   128512   ----a-w-   c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 01:32]

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 01:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
LSP: c:\program files\F-Secure PC Protection\FSPS\program\FSLSP.DLL
Trusted Zone: dishmail.net\myaccount
Trusted Zone: dishmail.net\www
Trusted Zone: google.com
Trusted Zone: google.com\partnerpage
Trusted Zone: google.com\www
Trusted Zone: wildblue.net\myaccount
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Starfield Technologies - hxxp://video.secureserver.net/WSTPlugins/starfield_technologies.CAB
DPF: {0645D7F3-C20E-4E0B-A545-557527497C0B} - hxxp://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.70.19.0_MEGAPANEL_USA.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.photoworks.com/pixami/DragDropUploader.cab
FF - ProfilePath - c:\documents and settings\Rachell\Application Data\Mozilla\Firefox\Profiles\1kzyaqmf.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
FF - component: c:\documents and settings\Rachell\Application Data\Mozilla\Firefox\Profiles\1kzyaqmf.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\Rachell\Application Data\Mozilla\Firefox\Profiles\1kzyaqmf.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
FF - plugin: c:\documents and settings\Rachell\Application Data\Mozilla\Firefox\Profiles\1kzyaqmf.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\nppanda3d.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwbe.dll
FF - plugin: c:\program files\Opera\program\plugins\npjpi160_17.dll
FF - plugin: c:\program files\Opera\program\plugins\npoji610.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\WildBlue.js - pref("network.proxy.type", 2);
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Internet Security 2010 - c:\program files\InternetSecurity2010\IS2010.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-07 18:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,04,95,f2,19,a0,02,41,aa,dd,f0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,04,95,f2,19,a0,02,41,aa,dd,f0,\

[HKEY_USERS\S-1-5-21-1273659944-3790613762-3211983470-1010\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1273659944-3790613762-3211983470-1010\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
c:\program files\f-secure pc protection\hips\fshook32.dll

- - - - - - - > 'lsass.exe'(744)
c:\program files\F-Secure PC Protection\FSPS\program\FSLSP.DLL
c:\program files\f-secure pc protection\hips\fshook32.dll
.
Completion time: 2010-06-07 18:59:29
ComboFix-quarantined-files.txt 2010-06-07 22:59

Pre-Run: 50,108,706,816 bytes free
Post-Run: 50,225,590,272 bytes free

- - End Of File - - EDA42AFB7E94668EBDC5F0E7CB98BA7D

[recovering disk space - old attachment deleted by admin]

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 07, 2010, 05:08:22 PM

Please download MySystem-Search from one of the following links:
Download mirror (http://www.drivehq.com/file/df.aspx/publish/GPuser/DragonMasterJay/mss.exe)

Save the file to your Desktop.
Double-click on mss.exe
Allow it to run, and follow the prompts.
Once done, it will launch a log.
Post it in your next reply.

Note: the logs are long. Please use more than one post, if necessary.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 07, 2010, 05:14:00 PM

Ok, Thankyou! Here is the other log.

MySystem-Search

Run on 06/07/2010 at 19:16:53

MSS v1.3

Basic System Information

CD Emulation Drivers running?

Peer-to-Peer applications?

File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=ComFile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile

Running processes

Hidden objects

PATH: C:\windows

$hf_mig$
$MSI31Uninstall_KB893803$
$MSI31Uninstall_KB893803v2$
$NtServicePackUninstall$
$NtServicePackUninstallIDNMitigationAPIs$
$NtServicePackUninstallNLSDownlevelMapping$
$NtUninstallKB834707$
$NtUninstallKB835221WXP$
$NtUninstallKB867282$
$NtUninstallKB873333$
$NtUninstallKB873339$
$NtUninstallKB883667$
$NtUninstallKB883939$
$NtUninstallKB885250$
$NtUninstallKB885835$
$NtUninstallKB885836$
$NtUninstallKB886185$
$NtUninstallKB887472$
$NtUninstallKB887742$
$NtUninstallKB888113$
$NtUninstallKB888302$
$NtUninstallKB890046$
$NtUninstallKB890047$
$NtUninstallKB890175$
$NtUninstallKB890859$
$NtUninstallKB890923$
$NtUninstallKB891781$
$NtUninstallKB893066$
$NtUninstallKB893086$
$NtUninstallKB893756$
$NtUninstallKB894391$
$NtUninstallKB896358$
$NtUninstallKB896422$
$NtUninstallKB896423$
$NtUninstallKB896424$
$NtUninstallKB896428$
$NtUninstallKB898458$
$NtUninstallKB898461$
$NtUninstallKB899587$
$NtUninstallKB899591$
$NtUninstallKB900485$
$NtUninstallKB900725$
$NtUninstallKB901017$
$NtUninstallKB901214$
$NtUninstallKB902400$
$NtUninstallKB903235$
$NtUninstallKB904706$
$NtUninstallKB904942$
$NtUninstallKB905414$
$NtUninstallKB905749$
$NtUninstallKB905915$
$NtUninstallKB908519$
$NtUninstallKB908531$
$NtUninstallKB910437$
$NtUninstallKB911280$
$NtUninstallKB911562$
$NtUninstallKB911564$
$NtUninstallKB911565$
$NtUninstallKB911567$
$NtUninstallKB911927$
$NtUninstallKB912812$
$NtUninstallKB912919$
$NtUninstallKB913446$
$NtUninstallKB913580$
$NtUninstallKB914388$
$NtUninstallKB914389$
$NtUninstallKB914440$
$NtUninstallKB915865$
$NtUninstallKB916281$
$NtUninstallKB916595$
$NtUninstallKB917159$
$NtUninstallKB917344$
$NtUninstallKB917422$
$NtUninstallKB917734_WMP9$
$NtUninstallKB917953$
$NtUninstallKB918118$
$NtUninstallKB918439$
$NtUninstallKB918899$
$NtUninstallKB919007$
$NtUninstallKB920213$
$NtUninstallKB920213_0$
$NtUninstallKB920214$
$NtUninstallKB920670$
$NtUninstallKB920683$
$NtUninstallKB920685$
$NtUninstallKB920872$
$NtUninstallKB921398$
$NtUninstallKB921503$
$NtUninstallKB921883$
$NtUninstallKB922582$
$NtUninstallKB922616$
$NtUninstallKB922760$
$NtUninstallKB922819$
$NtUninstallKB923191$
$NtUninstallKB923414$
$NtUninstallKB923561$
$NtUninstallKB923689$
$NtUninstallKB923694$
$NtUninstallKB923723$
$NtUninstallKB923980$
$NtUninstallKB924191$
$NtUninstallKB924270$
$NtUninstallKB924496$
$NtUninstallKB924667$
$NtUninstallKB925398_WMP64$
$NtUninstallKB925486$
$NtUninstallKB925902$
$NtUninstallKB926239$
$NtUninstallKB926255$
$NtUninstallKB926436$
$NtUninstallKB927779$
$NtUninstallKB927802$
$NtUninstallKB927891$
$NtUninstallKB928255$
$NtUninstallKB928843$
$NtUninstallKB929123$
$NtUninstallKB929338$
$NtUninstallKB929399$
$NtUninstallKB930178$
$NtUninstallKB930916$
$NtUninstallKB931261$
$NtUninstallKB931784$
$NtUninstallKB931836$
$NtUninstallKB932168$
$NtUninstallKB932823-v3$
$NtUninstallKB933360$
$NtUninstallKB933729$
$NtUninstallKB935839$
$NtUninstallKB935840$
$NtUninstallKB936021$
$NtUninstallKB936782_WMP11$
$NtUninstallKB936782_WMP9$
$NtUninstallKB938464$
$NtUninstallKB938464-v2$
$NtUninstallKB938464_0$
$NtUninstallKB938828$
$NtUninstallKB938829$
$NtUninstallKB939683$
$NtUninstallKB941202$
$NtUninstallKB941568$
$NtUninstallKB941569$
$NtUninstallKB941644$
$NtUninstallKB941693$
$NtUninstallKB942763$
$NtUninstallKB943055$
$NtUninstallKB943460$
$NtUninstallKB943485$
$NtUninstallKB944653$
$NtUninstallKB945553$
$NtUninstallKB946026$
$NtUninstallKB946648$
$NtUninstallKB946648_0$
$NtUninstallKB948590$
$NtUninstallKB948881$
$NtUninstallKB950749$
$NtUninstallKB950760$
$NtUninstallKB950762$
$NtUninstallKB950762_0$
$NtUninstallKB950974$
$NtUninstallKB950974_0$
$NtUninstallKB951066$
$NtUninstallKB951066_0$
$NtUninstallKB951072-v2$
$NtUninstallKB951376$
$NtUninstallKB951376-v2$
$NtUninstallKB951376-v2_0$
$NtUninstallKB951376_0$
$NtUninstallKB951698$
$NtUninstallKB951698_0$
$NtUninstallKB951748$
$NtUninstallKB951748_0$
$NtUninstallKB951978$
$NtUninstallKB952004$
$NtUninstallKB952069_WM9$
$NtUninstallKB952287$
$NtUninstallKB952287_0$
$NtUninstallKB952954$
$NtUninstallKB952954_0$
$NtUninstallKB953839$
$NtUninstallKB954154_WM11$
$NtUninstallKB954155_WM9$
$NtUninstallKB954211$
$NtUninstallKB954211_0$
$NtUninstallKB954459$
$NtUninstallKB954600$
$NtUninstallKB955069$
$NtUninstallKB955759$
$NtUninstallKB955839$
$NtUninstallKB956391$
$NtUninstallKB956572$
$NtUninstallKB956744$
$NtUninstallKB956802$
$NtUninstallKB956803$
$NtUninstallKB956803_0$
$NtUninstallKB956841$
$NtUninstallKB956841_0$
$NtUninstallKB956844$
$NtUninstallKB957095$
$NtUninstallKB957095_0$
$NtUninstallKB957097$
$NtUninstallKB958644$
$NtUninstallKB958687$
$NtUninstallKB958690$
$NtUninstallKB958869$
$NtUninstallKB959426$
$NtUninstallKB959772_WM11$
$NtUninstallKB960225$
$NtUninstallKB960715$
$NtUninstallKB960803$
$NtUninstallKB960859$
$NtUninstallKB961118$
$NtUninstallKB961371$
$NtUninstallKB961373$
$NtUninstallKB961501$
$NtUninstallKB961503$
$NtUninstallKB967715$
$NtUninstallKB968389$
$NtUninstallKB968537$
$NtUninstallKB968816_WM9$
$NtUninstallKB969059$
$NtUninstallKB969898$
$NtUninstallKB969947$
$NtUninstallKB970238$
$NtUninstallKB970430$
$NtUninstallKB970653-v3$
$NtUninstallKB971468$
$NtUninstallKB971486$
$NtUninstallKB971557$
$NtUninstallKB971633$
$NtUninstallKB971657$
$NtUninstallKB971737$
$NtUninstallKB972270$
$NtUninstallKB973346$
$NtUninstallKB973354$
$NtUninstallKB973507$
$NtUninstallKB973525$
$NtUninstallKB973540_WM9$
$NtUninstallKB973687$
$NtUninstallKB973815$
$NtUninstallKB973869$
$NtUninstallKB973904$
$NtUninstallKB974112$
$NtUninstallKB974318$
$NtUninstallKB974392$
$NtUninstallKB974571$
$NtUninstallKB975025$
$NtUninstallKB975467$
$NtUninstallKB975560$
$NtUninstallKB975561$
$NtUninstallKB975713$
$NtUninstallKB976098-v2$
$NtUninstallKB977165$
$NtUninstallKB977816$
$NtUninstallKB977914$
$NtUninstallKB978037$
$NtUninstallKB978251$
$NtUninstallKB978262$
$NtUninstallKB978338$
$NtUninstallKB978542$
$NtUninstallKB978601$
$NtUninstallKB978706$
$NtUninstallKB979306$
$NtUninstallKB979309$
$NtUninstallKB979683$
$NtUninstallKB980232$
$NtUninstallKB981793$
$NtUninstallMSCompPackV1$
$NtUninstallWMFDist11$
$NtUninstallwmp11$
$NtUninstallWudf01000$
ftpcache
ie7
ie8
inf
Installer
msdownld.tmp
PIF
Thumbs.db
uccspecb.sys
WindowsShell.Manifest
WindowsShellOld.Manifest
winnt.bmp
winnt256.bmp

PATH: C:\windows\system32

cdplayer.exe.manifest
dllcache
gapakula
logonui.exe.manifest
ncpa.cpl.manifest
nwc.cpl.manifest
sapi.cpl.manifest
WindowsLogon.manifest
wuaucpl.cpl.manifest

PATH: C:\windows\system32\drivers

HP_PL382AA-ABA A706N_YC_Pavi_QMXK439_E44NAheBLU5_4_IKe lut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L409_M448 _J160_7AMD_8Athlon XP 3000+_92.1_111063044_N11063065_P_Z_K_A11063059_U11063038_G11067205.MRK

PATH: C:\

BOOT.BAK
boot.ini
BOOTNXX.BAK
cmdcons
cmldr
hiberfil.sys
IO.SYS
IPH.PH
MSDOS.SYS
NTDETECT.COM
ntldr
pagefile.sys
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmdata03.sqm
sqmdata04.sqm
sqmdata05.sqm
sqmdata06.sqm
sqmdata07.sqm
sqmdata08.sqm
sqmdata09.sqm
sqmdata10.sqm
sqmdata11.sqm
sqmdata12.sqm
sqmdata13.sqm
sqmdata14.sqm
sqmdata15.sqm
sqmdata16.sqm
sqmdata17.sqm
sqmdata18.sqm
sqmdata19.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
sqmnoopt03.sqm
sqmnoopt04.sqm
sqmnoopt05.sqm
sqmnoopt06.sqm
sqmnoopt07.sqm
sqmnoopt08.sqm
sqmnoopt09.sqm
sqmnoopt10.sqm
sqmnoopt11.sqm
sqmnoopt12.sqm
sqmnoopt13.sqm
sqmnoopt14.sqm
sqmnoopt15.sqm
sqmnoopt16.sqm
sqmnoopt17.sqm
sqmnoopt18.sqm
sqmnoopt19.sqm
System Volume Information
T4Metrics.log

User Profile check

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings
DefaultUserProfile   REG_SZ   Default User
AllUsersProfile   REG_SZ   All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags   REG_DWORD   0xc
State   REG_DWORD   0x0
RefCount   REG_DWORD   0x1
Sid   REG_BINARY   010100000000000512000000
ProfileImagePath   REG_EXPAND_SZ   %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\LocalService
Sid   REG_BINARY   010100000000000513000000
Flags   REG_DWORD   0x9
State   REG_DWORD   0x0
CentralProfile   REG_SZ
ProfileLoadTimeLow   REG_DWORD   0x8fb52fc6
ProfileLoadTimeHigh   REG_DWORD   0x1cb066f
RefCount   REG_DWORD   0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\NetworkService
Sid   REG_BINARY   010100000000000514000000
Flags   REG_DWORD   0x9
State   REG_DWORD   0x0
CentralProfile   REG_SZ
ProfileLoadTimeLow   REG_DWORD   0x8e0ccd32
ProfileLoadTimeHigh   REG_DWORD   0x1cb066f
RefCount   REG_DWORD   0x4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1273659944-3790613762-3211983470-1009
ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\HP_Owner
Sid   REG_BINARY   0105000000000005150000002882EA4B022DF0E 16EFA72BFF1030000
Flags   REG_DWORD   0x0
State   REG_DWORD   0x100
CentralProfile   REG_SZ
ProfileLoadTimeLow   REG_DWORD   0xe0a32600
ProfileLoadTimeHigh   REG_DWORD   0x1cafef5
RefCount   REG_DWORD   0x1
RunLogonScriptSync   REG_DWORD   0x0
OptimizedLogonStatus   REG_DWORD   0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1273659944-3790613762-3211983470-1010
ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\Rachell
Sid   REG_BINARY   0105000000000005150000002882EA4B022DF0E 16EFA72BFF2030000
Flags   REG_DWORD   0x0
State   REG_DWORD   0x100
CentralProfile   REG_SZ
ProfileLoadTimeLow   REG_DWORD   0xa0da7900
ProfileLoadTimeHigh   REG_DWORD   0x1cb066f
RefCount   REG_DWORD   0x1
RunLogonScriptSync   REG_DWORD   0x0
OptimizedLogonStatus   REG_DWORD   0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1273659944-3790613762-3211983470-1011
ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\Deejer
Sid   REG_BINARY   0105000000000005150000002882EA4B022DF0E 16EFA72BFF3030000
Flags   REG_DWORD   0x0
State   REG_DWORD   0x100
CentralProfile   REG_SZ
ProfileLoadTimeLow   REG_DWORD   0xb5e212cc
ProfileLoadTimeHigh   REG_DWORD   0x1cb059d
RefCount   REG_DWORD   0x1
RunLogonScriptSync   REG_DWORD   0x0
OptimizedLogonStatus   REG_DWORD   0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1273659944-3790613762-3211983470-500
ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\Administrator
Sid   REG_BINARY   0105000000000005150000002882EA4B022DF0E 16EFA72BFF4010000
Flags   REG_DWORD   0x0
State   REG_DWORD   0x104
CentralProfile   REG_SZ
ProfileLoadTimeLow   REG_DWORD   0x6997e17c
ProfileLoadTimeHigh   REG_DWORD   0x1c9d663
RefCount   REG_DWORD   0x0
RunLogonScriptSync   REG_DWORD   0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1273659944-3790613762-3211983470-501
ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\Guest
Sid   REG_BINARY   0105000000000005150000002882EA4B022DF0E 16EFA72BFF5010000
Flags   REG_DWORD   0x0
State   REG_DWORD   0x80
CentralProfile   REG_SZ
ProfileLoadTimeLow   REG_DWORD   0xc393c28a
ProfileLoadTimeHigh   REG_DWORD   0x1c7dc74
RefCount   REG_DWORD   0x0
RunLogonScriptSync   REG_DWORD   0x0
OptimizedLogonStatus   REG_DWORD   0xb

Current Scheduled Tasks

PATH: C:\Windows\Tasks

AppleSoftwareUpdate.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
desktop.ini
SA.DAT

Windows Drivers and NT-Services

Volume in drive C is HP_PAVILION
Volume Serial Number is B4FE-4312

Directory of C:\Windows\System32\Drivers

07/30/2005 11:10 PM 4,722 HP_PL382AA-ABA A706N_YC_Pavi_QMXK439_E44NAheBLU5_4_IKe lut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L409_M448 _J160_7AMD_8Athlon XP 3000+_92.1_111063044_N11063065_P_Z_K_A11063059_U11063038_G11067205.MRK
1 File(s) 4,722 bytes
0 Dir(s) 50,262,261,760 bytes free
Volume in drive C is HP_PAVILION
Volume Serial Number is B4FE-4312

Directory of C:\Windows\System32\Drivers

06/04/2001 05:00 PM 14,112 PS2.sys
08/01/2001 04:49 PM 805,808 ucdnt.sys
08/17/2001 01:57 PM 16,128 MODEMCSA.sys
08/17/2001 02:48 PM 12,160 mouhid.sys
08/17/2001 04:46 PM 6,400 enum1394.sys
08/17/2001 04:59 PM 3,072 audstub.sys
10/04/2002 08:04 PM 46,976 R8139n51.sys
10/25/2002 05:59 PM 642,958 Intels51.sys
03/17/2003 06:50 PM 16,509 PalmUSBD.sys
07/02/2003 02:42 PM 27,904 VIAAGP1.SYS
07/18/2003 07:58 PM 36,992 SISAGPX.SYS
08/01/2003 10:37 PM 1,040 alcxinit.dat
09/10/2003 11:36 PM 21,060 iviaspi.sys
09/19/2003 01:47 AM 10,368 pfc.sys
11/12/2003 04:41 AM 41,984 fetnd5b.sys
12/02/2003 09:23 PM 142,336 Fasttx2k.sys
12/12/2003 09:54 AM 391,424 ALCXSENS.SYS
03/18/2004 02:10 AM 113,664 Hdaudio.sys
03/19/2004 03:51 AM 21,744 HPZius12.sys
03/19/2004 03:52 AM 16,496 HPZipr12.sys
03/19/2004 03:52 AM 51,088 hpzid412.sys
04/16/2004 06:30 AM 21,024 pcdrsrvc.pkms
04/22/2004 12:02 PM 20,368 pxhelp20.sys
07/09/2004 05:26 AM 15,104 mpe.sys
07/09/2004 05:26 AM 11,392 bdasup.sys
07/09/2004 05:26 AM 52,096 msdv.sys
07/17/2004 07:20 AM 12,160 srvkp.sys
07/17/2004 11:35 AM 67,866 netwlan5.img
07/17/2004 11:36 AM 64,352 ativmc20.cod
07/17/2004 10:55 PM 129,045 cxthsfs2.cty
07/19/2004 08:33 PM 218,112 sisgrp.sys
08/03/2004 10:10 PM 730,653 ialmnt5.sys
08/03/2004 10:29 PM 57,856 atinbtxx.sys
08/03/2004 10:29 PM 701,440 ati2mtag.sys
08/03/2004 10:29 PM 327,040 ati2mtaa.sys
08/03/2004 10:29 PM 13,824 atinmdxx.sys
08/03/2004 10:29 PM 12,047 ati1pdxx.sys
08/03/2004 10:29 PM 11,615 ati1mdxx.sys
08/03/2004 10:29 PM 52,224 atinraxx.sys
08/03/2004 10:29 PM 14,336 atinpdxx.sys
08/03/2004 10:29 PM 56,623 ati1btxx.sys
08/03/2004 10:29 PM 29,455 ati1xbxx.sys
08/03/2004 10:29 PM 21,343 ati1ttxx.sys
08/03/2004 10:29 PM 104,960 atinrvxx.sys
08/03/2004 10:29 PM 28,672 atinsnxx.sys
08/03/2004 10:29 PM 13,824 atinttxx.sys
08/03/2004 10:29 PM 73,216 atintuxx.sys
08/03/2004 10:29 PM 31,744 atinxbxx.sys
08/03/2004 10:29 PM 63,488 atinxsxx.sys
08/03/2004 10:29 PM 26,367 ati1snxx.sys
08/03/2004 10:29 PM 63,663 ati1rvxx.sys
08/03/2004 10:29 PM 30,671 ati1raxx.sys
08/03/2004 10:29 PM 34,735 ati1xsxx.sys
08/03/2004 10:29 PM 36,463 ati1tuxx.sys
08/03/2004 10:29 PM 452,736 mtxparhm.sys
08/03/2004 10:29 PM 11,295 wadv08nt.sys
08/03/2004 10:29 PM 11,807 wadv07nt.sys
08/03/2004 10:29 PM 11,871 wadv09nt.sys
08/03/2004 10:29 PM 11,935 wadv11nt.sys
08/03/2004 10:29 PM 22,271 watv06nt.sys
08/03/2004 10:29 PM 25,471 watv10nt.sys
08/03/2004 10:29 PM 166,912 s3gnbm.sys
08/03/2004 10:41 PM 1,309,184 mtlstrm.sys
08/03/2004 10:41 PM 13,776 recagent.sys
08/03/2004 10:41 PM 126,686 mtlmnt5.sys
08/03/2004 10:41 PM 180,360 ntmtlfax.sys
08/03/2004 10:41 PM 129,535 slnt7554.sys
08/03/2004 10:41 PM 404,990 slntamr.sys
08/03/2004 10:41 PM 95,424 slnthal.sys
08/03/2004 10:41 PM 13,240 slwdmsup.sys
08/03/2004 10:41 PM 220,032 hsfbs2s2.sys
08/03/2004 10:41 PM 685,056 hsfcxts2.sys
08/03/2004 10:41 PM 1,041,536 hsfdpsp2.sys
08/03/2004 10:41 PM 11,868 mdmxsdk.sys
08/04/2004 01:31 AM 20,992 RTL8139.sys
08/04/2004 08:00 AM 11,648 acpiec.sys
08/04/2004 08:00 AM 4,224 beep.sys
08/04/2004 08:00 AM 63,232 nwlnknb.sys
08/04/2004 08:00 AM 32,512 nwlnkfwd.sys
08/04/2004 08:00 AM 12,032 ws2ifsl.sys
08/04/2004 08:00 AM 12,416 nwlnkflt.sys
08/04/2004 08:00 AM 13,952 cbidf2k.sys
08/04/2004 08:00 AM 4,352 wmilib.sys
08/04/2004 08:00 AM 17,792 ptilink.sys
08/04/2004 08:00 AM 32,896 ipfltdrv.sys
08/04/2004 08:00 AM 2,944 null.sys
08/04/2004 08:00 AM 8,832 rasacd.sys
08/04/2004 08:00 AM 3,456 oprghdlr.sys
08/04/2004 08:00 AM 4,736 usbd.sys
08/04/2004 08:00 AM 5,888 dmload.sys
08/04/2004 08:00 AM 646 gmreadme.txt
08/04/2004 08:00 AM 3,440,660 gm.dls
08/04/2004 08:00 AM 352,256 atmuni.sys
08/04/2004 08:00 AM 10,496 dxapi.sys
08/04/2004 08:00 AM 16,512 raspti.sys
08/04/2004 08:00 AM 3,328 dxgthk.sys
08/04/2004 08:00 AM 31,360 atmepvc.sys
08/04/2004 08:00 AM 7,680 mcd.sys
08/04/2004 08:00 AM 34,432 rawwan.sys
08/04/2004 08:00 AM 4,224 rdpcdd.sys
08/04/2004 08:00 AM 3,328 pciide.sys
08/04/2004 08:00 AM 125,056 ftdisk.sys
08/04/2004 08:00 AM 7,936 fs_rec.sys
08/04/2004 08:00 AM 14,592 smclib.sys
08/04/2004 08:00 AM 5,888 rootmdm.sys
08/04/2004 08:00 AM 4,224 mnmdd.sys
08/04/2004 08:00 AM 55,936 nwlnkspx.sys
08/04/2004 08:00 AM 6,784 parvdm.sys
08/04/2004 03:00 PM 12,160 fsvga.sys
08/04/2004 03:00 PM 18,688 cdaudio.sys
08/04/2004 03:00 PM 12,032 riodrv.sys
08/04/2004 03:00 PM 12,032 rio8drv.sys
08/04/2004 03:00 PM 58,112 vdmindvd.sys
08/04/2004 03:00 PM 21,376 tsbvcap.sys
08/04/2004 03:00 PM 51,712 tosdvd.sys
08/04/2004 03:00 PM 262,528 cinemst2.sys
08/04/2004 03:00 PM 11,776 cpqdap01.sys
08/04/2004 03:00 PM 12,032 nikedrv.sys
08/07/2004 07:48 AM <DIR> disdn
10/01/2004 11:24 AM 2,279,424 ALCXWDM.SYS
10/07/2004 09:16 PM 35,840 AFS2K.SYS
12/07/2004 08:08 PM 172,672 vtmini.sys
12/16/2004 02:36 PM 42,496 fetnd5bv.sys
12/18/2004 03:00 AM 24,101 Camd9080.sys
12/25/2005 12:09 AM 12,032 tansgt.sys
12/25/2005 12:09 AM 137,344 litsgt.sys
06/21/2006 06:33 PM 62,698 Capt9080.sys
09/28/2006 07:55 PM 77,568 WudfPf.sys
09/28/2006 08:00 PM 82,944 WudfRd.sys
10/18/2006 09:00 PM 38,528 wpdusb.sys
04/13/2007 01:30 PM 25,136 atwpkt2.sys
04/13/2007 01:30 PM 33,592 atwpkt264.sys
11/13/2007 06:25 AM 20,480 secdrv.sys
12/24/2007 10:27 PM 8,413 mcstrm.sys
12/25/2007 11:17 AM <DIR> UMDF
04/09/2008 12:14 AM 25,272 purendis.sys
04/09/2008 12:14 AM 23,992 pnarp.sys
04/13/2008 12:36 PM 144,384 hdaudbus.sys
04/13/2008 01:39 PM 142,592 aec.sys
04/13/2008 02:31 PM 35,840 processr.sys
04/13/2008 02:31 PM 42,752 p3.sys
04/13/2008 02:31 PM 36,352 intelppm.sys
04/13/2008 02:31 PM 37,376 amdk6.sys
04/13/2008 02:31 PM 36,736 crusoe.sys
04/13/2008 02:31 PM 37,760 amdk7.sys
04/13/2008 02:32 PM 66,048 udfs.sys
04/13/2008 02:32 PM 30,848 npfs.sys
04/13/2008 02:32 PM 19,072 msfs.sys
04/13/2008 02:32 PM 180,608 mrxdav.sys
04/13/2008 02:32 PM 196,224 rdpdr.sys
04/13/2008 02:32 PM 129,792 fltmgr.sys
04/13/2008 02:33 PM 44,544 fips.sys
04/13/2008 02:36 PM 5,888 smbali.sys
04/13/2008 02:36 PM 187,776 acpi.sys
04/13/2008 02:36 PM 42,368 agp440.sys
04/13/2008 02:36 PM 42,752 alim1541.sys
04/13/2008 02:36 PM 44,928 agpcpq.sys
04/13/2008 02:36 PM 40,960 sisagp.sys
04/13/2008 02:36 PM 43,008 amdagp.sys
04/13/2008 02:36 PM 42,240 viaagp.sys
04/13/2008 02:36 PM 44,672 uagp35.sys
04/13/2008 02:36 PM 46,464 gagp30kx.sys
04/13/2008 02:36 PM 37,248 isapnp.sys
04/13/2008 02:36 PM 63,744 mf.sys
04/13/2008 02:36 PM 120,192 pcmcia.sys
04/13/2008 02:36 PM 79,232 sdbus.sys
04/13/2008 02:36 PM 68,224 pci.sys
04/13/2008 02:36 PM 15,488 mssmbios.sys
04/13/2008 02:36 PM 73,472 sr.sys
04/13/2008 02:38 PM 71,168 dxg.sys
04/13/2008 02:39 PM 42,368 mountmgr.sys
04/13/2008 02:39 PM 384,768 update.sys
04/13/2008 02:39 PM 24,576 kbdclass.sys
04/13/2008 02:39 PM 23,040 mouclass.sys
04/13/2008 02:39 PM 5,504 mstee.sys
04/13/2008 02:39 PM 5,376 mspclock.sys
04/13/2008 02:39 PM 4,992 mspqm.sys
04/13/2008 02:39 PM 7,552 mskssrv.sys
04/13/2008 02:39 PM 4,352 swenum.sys
04/13/2008 02:40 PM 80,128 parport.sys
04/13/2008 02:40 PM 15,744 serenum.sys
04/13/2008 02:40 PM 20,480 flpydisk.sys
04/13/2008 02:40 PM 27,392 fdc.sys
04/13/2008 02:40 PM 57,600 redbook.sys
04/13/2008 02:40 PM 5,504 intelide.sys
04/13/2008 02:40 PM 24,960 pciidex.sys
04/13/2008 02:40 PM 96,512 atapi.sys
04/13/2008 02:40 PM 96,384 scsiport.sys
04/13/2008 02:40 PM 5,376 viaide.sys
04/13/2008 02:40 PM 14,208 diskdump.sys
04/13/2008 02:40 PM 62,976 cdrom.sys
04/13/2008 02:40 PM 36,352 disk.sys
04/13/2008 02:40 PM 11,904 sffdisk.sys
04/13/2008 02:40 PM 11,008 sffp_sd.sys
04/13/2008 02:40 PM 10,240 sffp_mmc.sys
04/13/2008 02:40 PM 11,392 sfloppy.sys
04/13/2008 02:40 PM 19,712 partmgr.sys
04/13/2008 02:40 PM 14,976 tape.sys
04/13/2008 02:40 PM 42,112 imapi.sys
04/13/2008 02:41 PM 52,352 volsnap.sys
04/13/2008 02:43 PM 14,208 wacompen.sys
04/13/2008 02:43 PM 12,672 mutohpen.sys
04/13/2008 02:44 PM 20,992 vga.sys
04/13/2008 02:44 PM 81,664 videoprt.sys
04/13/2008 02:44 PM 153,344 dmio.sys
04/13/2008 02:44 PM 799,744 dmboot.sys
04/13/2008 02:45 PM 52,864 dmusic.sys
04/13/2008 02:45 PM 6,272 splitter.sys
04/13/2008 02:45 PM 172,416 kmixer.sys
04/13/2008 02:45 PM 56,576 swmidi.sys
04/13/2008 02:45 PM 2,944 drmkaud.sys
04/13/2008 02:45 PM 60,160 drmk.sys
04/13/2008 02:45 PM 49,408 stream.sys
04/13/2008 02:45 PM 24,960 hidparse.sys
04/13/2008 02:45 PM 36,864 hidclass.sys
04/13/2008 02:45 PM 19,200 hidir.sys
04/13/2008 02:45 PM 10,368 hidusb.sys
04/13/2008 02:45 PM 20,608 usbuhci.sys
04/13/2008 02:45 PM 30,208 usbehci.sys
04/13/2008 02:45 PM 17,152 usbohci.sys
04/13/2008 02:45 PM 143,872 usbport.sys
04/13/2008 02:45 PM 59,520 usbhub.sys
04/13/2008 02:45 PM 26,368 usbstor.sys
04/13/2008 02:45 PM 32,128 usbccgp.sys
04/13/2008 02:45 PM 25,600 usbcamd.sys
04/13/2008 02:45 PM 25,728 usbcamd2.sys
04/13/2008 02:45 PM 15,872 usbintel.sys
04/13/2008 02:46 PM 25,344 sonydcam.sys
04/13/2008 02:46 PM 61,696 ohci1394.sys
04/13/2008 02:46 PM 53,376 1394bus.sys
04/13/2008 02:46 PM 121,984 usbvideo.sys
04/13/2008 02:46 PM 15,232 streamip.sys
04/13/2008 02:46 PM 10,880 ndisip.sys
04/13/2008 02:46 PM 17,024 ccdecode.sys
04/13/2008 02:46 PM 11,136 slip.sys
04/13/2008 02:46 PM 19,200 wstcodec.sys
04/13/2008 02:46 PM 85,248 nabtsfec.sys
04/13/2008 02:46 PM 18,944 bthusb.sys
04/13/2008 02:46 PM 25,600 hidbth.sys
04/13/2008 02:46 PM 36,480 bthprint.sys
04/13/2008 02:46 PM 59,136 rfcomm.sys
04/13/2008 02:46 PM 37,888 bthmodem.sys
04/13/2008 02:46 PM 17,024 bthenum.sys
04/13/2008 02:47 PM 25,856 usbprint.sys
04/13/2008 02:51 PM 59,904 atmarpc.sys
04/13/2008 02:51 PM 60,800 arp1394.sys
04/13/2008 02:51 PM 61,824 nic1394.sys
04/13/2008 02:51 PM 55,808 atmlane.sys
04/13/2008 02:51 PM 101,120 bthpan.sys
04/13/2008 02:53 PM 40,320 nmnt.sys
04/13/2008 02:53 PM 71,552 bridge.sys
04/13/2008 02:53 PM 36,608 ip6fw.sys
04/13/2008 02:54 PM 11,264 irenum.sys
04/13/2008 02:55 PM 14,592 ndisuio.sys
04/13/2008 02:56 PM 12,288 tunmp.sys
04/13/2008 02:56 PM 34,688 netbios.sys
04/13/2008 02:56 PM 88,320 nwlnkipx.sys
04/13/2008 02:56 PM 35,072 msgpc.sys
04/13/2008 02:56 PM 69,120 psched.sys
04/13/2008 02:56 PM 12,800 usb8023.sys
04/13/2008 02:56 PM 30,592 rndismpx.sys
04/13/2008 02:56 PM 30,592 rndismp.sys
04/13/2008 02:56 PM 12,800 usb8023x.sys
04/13/2008 02:57 PM 20,864 ipinip.sys
04/13/2008 02:57 PM 152,832 ipnat.sys
04/13/2008 02:57 PM 34,560 wanarp.sys
04/13/2008 02:57 PM 10,112 ndistapi.sys
04/13/2008 02:57 PM 14,336 asyncmac.sys
04/13/2008 02:57 PM 40,576 ndproxy.sys
04/13/2008 02:57 PM 41,472 raspppoe.sys
04/13/2008 03:00 PM 19,072 tdi.sys
04/13/2008 03:00 PM 30,080 modem.sys
04/13/2008 03:14 PM 63,744 cdfs.sys
04/13/2008 03:14 PM 143,744 fastfat.sys
04/13/2008 03:15 PM 64,512 serial.sys
04/13/2008 03:15 PM 574,976 ntfs.sys
04/13/2008 03:15 PM 60,800 sysaudio.sys
04/13/2008 03:16 PM 49,536 classpnp.sys
04/13/2008 03:16 PM 141,056 ks.sys
04/13/2008 03:17 PM 105,344 mup.sys
04/13/2008 03:17 PM 83,072 wdmaud.sys
04/13/2008 03:18 PM 52,480 i8042prt.sys
04/13/2008 03:19 PM 146,048 portcls.sys
04/13/2008 03:19 PM 75,264 ipsec.sys
04/13/2008 03:19 PM 51,328 rasl2tp.sys
04/13/2008 03:19 PM 48,384 raspptp.sys
04/13/2008 03:20 PM 182,656 ndis.sys
04/13/2008 03:20 PM 91,520 ndiswan.sys
04/13/2008 03:21 PM 162,816 netbt.sys
04/13/2008 03:28 PM 175,744 rdbss.sys
04/13/2008 03:45 PM 15,104 usbscan.sys
04/13/2008 08:11 PM 3,711 adv09nt5.dll
04/13/2008 08:11 PM 3,775 adv11nt5.dll
04/13/2008 08:11 PM 3,647 adv07nt5.dll
04/13/2008 08:11 PM 3,135 adv08nt5.dll
04/13/2008 08:11 PM 3,615 adv05nt5.dll
04/13/2008 08:11 PM 3,967 adv02nt5.dll
04/13/2008 08:11 PM 4,255 adv01nt5.dll
04/13/2008 08:11 PM 17,279 atv10nt5.dll
04/13/2008 08:11 PM 11,359 atv02nt5.dll
04/13/2008 08:11 PM 25,471 atv04nt5.dll
04/13/2008 08:11 PM 21,183 atv01nt5.dll
04/13/2008 08:11 PM 15,423 ch7xxnt5.dll
04/13/2008 08:11 PM 14,143 atv06nt5.dll
04/13/2008 08:12 PM 3,901 siint5.dll
04/13/2008 08:12 PM 11,325 vchnt5.dll
04/13/2008 08:13 PM 40,840 termdd.sys
04/13/2008 08:13 PM 12,040 tdpipe.sys
04/13/2008 08:13 PM 21,896 tdtcp.sys
04/13/2008 08:13 PM 139,656 rdpwd.sys
05/08/2008 10:02 AM 203,136 rmcast.sys
06/13/2008 07:05 AM 272,128 bthport.sys
06/20/2008 07:51 AM 361,600 tcpip.sys
08/14/2008 06:04 AM 138,496 afd.sys
09/17/2008 11:55 PM 6,132,576 nv4_mini.sys
05/18/2009 03:17 PM 26,600 GEARAspiWDM.sys
06/24/2009 07:18 AM 92,928 ksecdd.sys
08/05/2009 11:57 AM 80,000 fsdfw.sys
08/28/2009 08:42 PM 40,448 usbaapl.sys
10/20/2009 12:20 PM 265,728 http.sys
12/03/2009 05:13 PM 19,160 mbam.sys
12/03/2009 05:14 PM 38,224 mbamswissarmy.sys
12/31/2009 12:50 PM 353,792 srv.sys
02/11/2010 08:02 AM 226,880 tcpip6.sys
02/24/2010 09:11 AM 455,680 mrxsmb.sys
03/31/2010 07:42 PM 33,920 fsbts.sys
05/10/2010 06:43 PM 163,712 vidstub.sys
06/07/2010 06:32 PM <DIR> ..
06/07/2010 06:32 PM <DIR> .
06/07/2010 06:42 PM <DIR> etc
325 File(s) 37,328,285 bytes
5 Dir(s) 50,262,245,376 bytes free

Virtual drives found?

Environment variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Rachell\Application Data
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JESUS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Rachell
LOGONSERVER=\\JESUS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Ulead Systems\MPEG;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
sfxcmd="C:\Documents and Settings\Rachell\Desktop\ComboFix.exe"
sfxname=C:\Documents and Settings\Rachell\Desktop\ComboFix.exe
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Rachell\LOCALS~1\Temp
TMP=C:\DOCUME~1\Rachell\LOCALS~1\Temp
USERDOMAIN=JESUS
USERNAME=Rachell
USERPROFILE=C:\Documents and Settings\Rachell
windir=C:\WINDOWS

Stealth malware?

Internet Explorer

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=54896
Search Page   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=54896
Enable_Disk_Cache   REG_SZ   yes
Cache_Percent_of_Disk   REG_BINARY   0A000000
Delete_Temp_Files_On_Exit   REG_SZ   yes
Local Page   REG_SZ   C:\WINDOWS\system32\blank.htm
Anchor_Visitation_Horizon   REG_BINARY   01000000
Use_Async_DNS   REG_SZ   yes
Placeholder_Width   REG_BINARY   1A000000
Placeholder_Height   REG_BINARY   1A000000
CompanyName   REG_SZ   Microsoft Corporation
Custom_Key   REG_SZ   MICROSO
Wizard_Version   REG_SZ   6.00.2800.1017
Search Bar   REG_SZ   http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
FullScreen   REG_SZ   no
Check_Associations   REG_SZ   no
Default_Secondary_Page_URL   REG_MULTI_SZ   \0
Extensions Off Page   REG_SZ   about:NoAdd-ons
Security Risk Page   REG_SZ   about:SecurityRisk

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ins

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\uni

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
User Agent   REG_SZ   Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag   REG_SZ   5.0
NoNetAutodial   REG_DWORD   0x1
MigrateProxy   REG_DWORD   0x1
EnableNegotiate   REG_DWORD   0x1
EmailName   REG_SZ   IEUser@
AutoConfigProxy   REG_SZ   wininet.dll
MimeExclusionListForCache   REG_SZ   multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost   REG_BINARY   01000000
UseSchannelDirectly   REG_BINARY   01000000
PrivacyAdvanced   REG_DWORD   0x0
ProxyEnable   REG_DWORD   0x0
SyncMode5   REG_DWORD   0x3
PrivDiscUiShown   REG_DWORD   0x1
GlobalUserOffline   REG_DWORD   0x0
WarnOnZoneCrossing   REG_DWORD   0x1
SyncMode   REG_DWORD   0x3
EnableAutodial   REG_DWORD   0x1
UrlEncoding   REG_DWORD   0x0
SecureProtocols   REG_DWORD   0xa0
DisableCachingOfSSLPages   REG_DWORD   0x0
CertificateRevocation   REG_DWORD   0x0
ShowPunycode   REG_DWORD   0x0
EnablePunycode   REG_DWORD   0x1
DisableIDNPrompt   REG_DWORD   0x0
WarnonBadCertRecving   REG_DWORD   0x1
WarnOnPostRedirect   REG_DWORD   0x0
DnsCacheEnabled   REG_DWORD   0x0
AllowCookies   REG_DWORD   0x1
ZonesSecurityUpgradeDone   REG_DWORD   0x1
WarnOnIntranet   REG_DWORD   0x0
ZonesSecurityUpgrade   REG_BINARY   558ED326AD16CA01
ProxyOverride   REG_SZ   *.local
EnableHttp1_1   REG_DWORD   0x1
ProxyHttp1.1   REG_DWORD   0x1
WarnOnHTTPSToHTTPRedirect   REG_DWORD   0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Digest

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
NoUpdateCheck   REG_DWORD   0x1
NoJITSetup   REG_DWORD   0x1
Disable Script Debugger   REG_SZ   no
Show_ChannelBand   REG_SZ   No
Anchor Underline   REG_SZ   yes
Cache_Update_Frequency   REG_SZ   Once_Per_Session
Display Inline Images   REG_SZ   yes
Do404Search   REG_BINARY   01000000
Local Page   REG_SZ   C:\WINDOWS\system32\blank.htm
Save_Session_History_On_Exit   REG_SZ   no
Show_FullURL   REG_SZ   no
Show_StatusBar   REG_SZ   yes
Show_ToolBar   REG_SZ   yes
Show_URLinStatusBar   REG_SZ   yes
Show_URLToolBar   REG_SZ   yes
Use_DlgBox_Colors   REG_SZ   yes
Search Page   REG_SZ   http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Window_Placement   REG_BINARY   2C0000000200000003000000FFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFF0300000001000000EF0300 00DC020000
NotifyDownloadComplete   REG_SZ   yes
FullScreen   REG_SZ   no
Use FormSuggest   REG_SZ   no
AddToFavoritesExpanded   REG_DWORD   0x0
StatusBarWeb   REG_DWORD   0x0
AutoSearch   REG_DWORD   0x5
Print_Background   REG_SZ   no
XMLHTTP   REG_DWORD   0x1
UseClearType   REG_SZ   yes
Enable Browser Extensions   REG_SZ   yes
Play_Background_Sounds   REG_SZ   yes
Play_Animations   REG_SZ   yes
CompatibilityFlags   REG_DWORD   0x0
SearchMigrated   REG_DWORD   0x1
Expand Alt Text   REG_SZ   no
Move System Caret   REG_SZ   no
NscSingleExpand   REG_DWORD   0x0
DisableScriptDebuggerIE   REG_SZ   yes
Error Dlg Displayed On Every Error   REG_SZ   no
Page_Transitions   REG_DWORD   0x1
UseThemes   REG_DWORD   0x1
EnableSearchPane   REG_DWORD   0x0
Force Offscreen Composition   REG_DWORD   0x0
AllowWindowReuse   REG_DWORD   0x1
Friendly http errors   REG_SZ   yes
SmoothScroll   REG_DWORD   0x1
Enable AutoImageResize   REG_SZ   yes
Show image placeholders   REG_DWORD   0x0
AlwaysShowMenus   REG_DWORD   0x1
ShowedCheckBrowser   REG_SZ   Yes
Check_Associations   REG_SZ   no
HistoryViewType   REG_BINARY   0000
HistoryTopNSitesView   REG_DWORD   0x14
FavoritesExportFile   REG_SZ   C:\Documents and Settings\Rachell\My Documents\My Downloads\bookmarks.html
FavoritesImportFolder   REG_SZ   C:\Documents and Settings\Rachell\Favorites\AOL Favs
AutoHide   REG_SZ   yes
IE8RunOnceLastShown   REG_DWORD   0x1
IE8RunOnceLastShown_TIMESTAMP   REG_BINARY   827C54F34458CA01
IE8TourShown   REG_DWORD   0x1
IE8TourShownTime   REG_BINARY   72FA84242B1ACA01
Start Page   REG_SZ   http://mystart.incredimail.com/
RunOnceHasShown   REG_DWORD   0x1
RunOnceComplete   REG_DWORD   0x1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
SearchAssistant   REG_SZ   http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
CustomizeSearch   REG_SZ   http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497}   REG_SZ

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
<NO NAME>   REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4fec876-9bb2-4397-83f8-f25875933559}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{724d43a0-0d85-11d4-9908-00400523e39a}   REG_BINARY   00
{b4fec876-9bb2-4397-83f8-f25875933559}   REG_SZ   MillBar Toolbar
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}   REG_SZ
{EF99BD32-C1FB-11D2-892F-0090271D4F88}   REG_BINARY   00

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar search

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&ieSpell Options

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Check &Spelling

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Lookup on Merriam Webster

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Lookup on Wikipedia

Security Center

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
FirstRunDisabled   REG_DWORD   0x1
AntiVirusDisableNotify   REG_DWORD   0x0
FirewallDisableNotify   REG_DWORD   0x0
UpdatesDisableNotify   REG_DWORD   0x0
AntiVirusOverride   REG_DWORD   0x0
FirewallOverride   REG_DWORD   0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
EnableFirewall   REG_DWORD   0x0
DoNotAllowExceptions   REG_DWORD   0x0
DisableNotifications   REG_DWORD   0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
%windir%\system32\sessmgr.exe   REG_SZ   %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe   REG_SZ   C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion
C:\Program Files\IncrediMail\bin\IncMail.exe   REG_SZ   C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\IMApp.exe   REG_SZ   C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\ImpCnt.exe   REG_SZ   C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
C:\Program Files\Messenger\msmsgs.exe   REG_SZ   C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Common Files\AOL\System Information\sinf.exe   REG_SZ   C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
C:\Documents and Settings\HP_Owner\Desktop\magentic_install.exe   REG_SZ   C:\Documents and Settings\HP_Owner\Desktop\magentic_install.exe:*:Enabled:IncrediMail Installer
%windir%\Network Diagnostic\xpnetdiag.exe   REG_SZ   %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Documents and Settings\HP_Owner\Desktop\incredimail_install.exe   REG_SZ   C:\Documents and Settings\HP_Owner\Desktop\incredimail_install.exe:*:Enabled:IncrediMail Installer
C:\Program Files\IncrediMail\bin\ImSc.exe   REG_SZ   C:\Program Files\IncrediMail\bin\ImSc.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe   REG_SZ   C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer
C:\Program Files\Disney\Disney Online\Toontown\Toontown.exe   REG_SZ   C:\Program Files\Disney\Disney Online\Toontown\Toontown.exe:*:Enabled:Toontown
C:\Program Files\IncrediMail\bin\ImLc.exe   RE

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 07, 2010, 05:46:33 PM

Please run a free online scan with the ESET Online Scanner (http://www.eset.com/onlinescan/)

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 08, 2010, 07:14:16 AM

Ok, Done. Here it is..

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1c7770f25280784ca8a70ce538a43a27
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-08 10:26:08
# local_time=2010-06-08 06:26:08 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2304 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=353068
# found=10
# cleaned=10
# scan_time=28345
C:\Documents and Settings\All Users\Documents\Believer\its by grace of god yolonda.mp3   WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Deejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-54f26534-20ed0c4f.class   a variant of Java/TrojanDownloader.OpenStream trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\HP_Owner\My Documents\My Music\francesca battistelli - best track ever.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\HP_Owner\My Documents\My Music\francesca battistelli my paper.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\HP_Owner\My Documents\My Music\Unknown Artist\we all need esterlyn.mp3   WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Kath\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe   probably a variant of Win32/TrojanDownloader.Agent trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Rachell\My Documents\My Music\Believer\francesca battistelli - best track ever.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Rachell\My Documents\My Music\Believer\francesca battistelli my paper.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Rachell\My Documents\My Music\Believer\its by grace of god yolonda.mp3   WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL   a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 08, 2010, 11:36:55 AM

(http://www.malwarebytes.org/forums/style_images/1/bf_new.gif) Please download Malwarebytes Anti-Malware from Malwarebytes.org (http://www.malwarebytes.org/mbam/program/mbam-setup.exe).
Alternate link: BleepingComputer.com (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe).
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 08, 2010, 07:26:10 PM

Yes, I have that. Its what helped me last time allot. It did require an update and after that I did the scan here is the log. Thanks!

**Edit** Wanted to add that I clicked on system restore just to see if it would work and a window popped up that said...

System Restore

System Restore is not able to protect your computer. Please restart your computer, and then run system restore again.

???

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/8/2010 9:09:49 PM
mbam-log-2010-06-08 (21-09-49).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 539784
Time elapsed: 6 hour(s), 38 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 148

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1823122.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1823127.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1823132.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1824137.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1824143.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1825137.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1825143.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1825149.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1825155.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1828155.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1828160.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1830160.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1832167.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1832172.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1833167.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1834167.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1835167.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1836167.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1837167.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1838167.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1838175.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1839175.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1839179.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1840175.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1840181.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1841175.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1841181.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1842175.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1842180.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1843175.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1843179.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1843185.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1844185.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1845185.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1846185.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1846196.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1847195.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1847200.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1848195.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1848201.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1849201.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1849207.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1850207.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1850210.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1850224.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1850225.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1850248.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1852271.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1854271.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1854277.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1855271.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1856271.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1856285.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1857285.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1853271.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1385\A1857288.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1385\A1857295.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1385\A1857299.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1385\A1859295.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1385\A1859298.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1385\A1860295.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1385\A1860298.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1385\A1863537.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1385\A1863809.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1387\A1863846.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1336\A1774371.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1336\A1775374.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1337\A1776759.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1347\A1787000.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1348\A1789000.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1349\A1789033.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1349\A1789034.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1349\A1789035.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1351\A1794001.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1351\A1793001.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1351\A1793002.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1351\A1794000.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1353\A1794105.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1353\A1794106.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1353\A1794107.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1358\A1799033.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1358\A1799049.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1358\A1799050.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800060.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800076.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800080.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800126.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800050.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800119.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800155.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800369.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800152.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800153.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800156.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800157.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800158.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800159.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800160.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800161.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800226.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800227.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800249.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800250.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800256.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800257.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800262.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800263.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800265.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800266.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800269.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800308.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800375.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800433.exe (Worm.Emold) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801846.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801856.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801861.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801865.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801901.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801907.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801932.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801933.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801935.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801936.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801937.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801938.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801939.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801940.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801941.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802002.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802003.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802025.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802026.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802030.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802031.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802036.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802037.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802038.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802039.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802040.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802041.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802080.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802141.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802147.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802256.exe (Worm.Emold) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1392\A1863864.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Start Menu\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 08, 2010, 11:05:09 PM

Please run a free online scan with the ESET Online Scanner (http://www.eset.com/onlinescan/)

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 09, 2010, 01:55:19 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1c7770f25280784ca8a70ce538a43a27
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-08 10:26:08
# local_time=2010-06-08 06:26:08 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2304 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=353068
# found=10
# cleaned=10
# scan_time=28345
C:\Documents and Settings\All Users\Documents\Believer\its by grace of god yolonda.mp3   WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Deejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-54f26534-20ed0c4f.class   a variant of Java/TrojanDownloader.OpenStream trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\HP_Owner\My Documents\My Music\francesca battistelli - best track ever.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\HP_Owner\My Documents\My Music\francesca battistelli my paper.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\HP_Owner\My Documents\My Music\Unknown Artist\we all need esterlyn.mp3   WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Kath\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe   probably a variant of Win32/TrojanDownloader.Agent trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Rachell\My Documents\My Music\Believer\francesca battistelli - best track ever.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Rachell\My Documents\My Music\Believer\francesca battistelli my paper.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Rachell\My Documents\My Music\Believer\its by grace of god yolonda.mp3   WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL   a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1c7770f25280784ca8a70ce538a43a27
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-06-09 07:51:52
# local_time=2010-06-09 03:51:52 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2304 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=353934
# found=1
# cleaned=1
# scan_time=23197
C:\Documents and Settings\Rachell\Desktop\MP3Rocket-Win(2).exe.part   a variant of Win32/AdInstaller application (deleted - quarantined)   00000000000000000000000000000000   C

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 09, 2010, 02:44:57 PM

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 09, 2010, 03:22:10 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4184

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/9/2010 5:26:44 PM
mbam-log-2010-06-09 (17-26-44).txt

Scan type: Quick scan
Objects scanned: 191248
Time elapsed: 20 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 09, 2010, 06:23:52 PM

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe (http://oldtimer.geekstogo.com/OTC.exe) by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or Changelog.fr (http://screen317.changelog.fr/SecurityCheck.exe).

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 09, 2010, 07:20:32 PM

Ok, I tried but when I click system restore a window pops up and says..

System Restore

System Restore is not able to protect your computer. Please restart your computer, and then run system restore again.

I restarted several times but always get the same thing. :-\

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 09, 2010, 07:29:26 PM

1. Right-click the My Computer icon on the Desktop and click Properties.
2. Click the Performance tab.
3. Click the File System button.
4. Click the Troubleshooting tab.
5. Remove the check mark next to Disable System Restore.
6. Click OK.
7. Click Yes when prompted to restart.

Then, please try the process above again.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 09, 2010, 09:58:33 PM

Sorry, but I don't see a Performance tab.. :-[ I see General, Computer Name, Hardware, Advanced, Automatic Updates, Remote? I'm right clicking My Computer, than properties than I'm missing something?

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 09, 2010, 10:15:09 PM

1. Right-click the My Computer icon on the Desktop and click Properties.
2. On the System Restore tab, uncheck Disable System Restore.

See if that helps

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 10, 2010, 07:36:25 AM

There isn't a system restore tab, I'm logged in as an Administrator. I don't know why its not there?

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 10, 2010, 07:50:28 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

Code: [Select]

:filefind
rstrui.exe

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 11, 2010, 07:48:33 AM

ok, here it is.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 09:43 on 11/06/2010 by Rachell (Administrator - Elevation successful)

========== filefind ==========

Searching for "rstrui.exe"
C:\WINDOWS\$NtServicePackUninstall$\rstrui.exe   --a--c 380416 bytes   [08:02 16/10/2008]   [19:00 04/08/2004] 4375CD59161C0A033DF68D9510D1F8CF
C:\WINDOWS\ServicePackFiles\i386\rstrui.exe   --a--c 380416 bytes   [17:31 29/08/2008]   [00:12 14/04/2008] BD6C1488F63D64DEA8EE514802FC2CDD
C:\WINDOWS\system32\dllcache\rstrui.exe   --a--c 380416 bytes   [19:01 07/08/2004]   [00:12 14/04/2008] BD6C1488F63D64DEA8EE514802FC2CDD
C:\WINDOWS\system32\Restore\rstrui.exe   --a--- 380416 bytes   [19:01 07/08/2004]   [00:12 14/04/2008] BD6C1488F63D64DEA8EE514802FC2CDD

-=End Of File=-

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 11, 2010, 09:31:06 PM

Please open Notepad and enter in the following:

Quote

Windows Registry Editor Version 5.00

[HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR"=-

Then, click File > Save as...
Save as enableSR.reg to your Desktop.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on enableSR.reg.

Then, restart your computer.

Then, look in the System Properties window again for the System Restore tab.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 14, 2010, 11:28:44 AM

Sorry for just now writing back, long weekend... I did what you said and it asked if I wanted to add it to my registry I said yes and it said it had. I restarted and still no system restore tab. Also I get the same message still if I try to open System restore.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 14, 2010, 06:16:58 PM

We Need to Diagnose a Possible Problem with WGA

Please download MGADiag (http://go.microsoft.com/fwlink/?linkid=52012) and save it to your desktop.
Double click the (http://img69.imageshack.us/img69/4829/dmjdiag.png) icon on your desktop.
Push (http://img109.imageshack.us/img109/3610/dmjcontinue.png)
Push (http://img85.imageshack.us/img85/1953/dmjcopy.png)
Go to Start -> Run and type in "Notepad"
Go to Edit -> Paste in notepad.
x out all of the numbers and letters in the line beginning with "Windows Product Key:"
Copy and paste that log here.

[/list]

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 14, 2010, 07:22:52 PM

Ok, here it is

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-XXXXX-XXXXX-XXXXX
Windows Product Key Hash: 2V2VyxlfhiaCt/JkDzYQfiNOHMA=
Windows Product ID: 76477-OEM-2111907-00106
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {16CCC64D-E3B3-4DA7-B4CA-7D6BBD0ECCAE}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.17.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 102
Microsoft Office Standard Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{16CCC64D-E3B3-4DA7-B4CA-7D6BBD0ECCAE}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3PMFT</PKey><PID>76477-OEM-2111907-00106</PID><PIDType>2</PIDType><SID>S-1-5-21-1273659944-3790613762-3211983470</SID><SYSTEM><Manufacturer>HP Pavilion 061</Manufacturer><Model>PL382AA-ABA A706N</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.11</Version><SMBIOSVersion major="2" minor="3"/><Date>20040902000000.000000+000</Date><SLPBIOS>HP PAVILION</SLPBIOS></BIOS><HWID>21DD39AF0184205F</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Hewlett-Packard</name><model>Pavilion</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.17.0"/><File Name="WgaLogon.dll" Version="1.7.17.0"/></GANotification></MachineData><Software><Office><Result>102</Result><Products><Product GUID="{91120409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Standard Edition 2003</Name><Ver>11</Ver><Val>606A581CC1FD930</Val><Hash>FEOgdhbkAmkHjihJ9UWrNxearM4=</Hash><Pid>70141-152-3817414-56318</Pid><PidType>10</PidType></Product></Products><Applications><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 106DD:Compaq Computer Corporation|106DD:Compaq Computer Corporation|106DD:Hewlett-Packard Company|10859:Hewlett-Packard Company
Marker string from OEMBIOS.DAT: HP PAVILION

OEM Activation 2.0 Data-->
N/A

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 14, 2010, 07:36:49 PM

-Click Start, and then click My Computer.
-On the Tools menu, click Folder Options.
-On the View tab, click Show hidden files and folders.
-Clear the Hide protected operating system files (Recommended) check box. Click Yes when you are prompted to confirm the change.
-Clear the Use simple file sharing (Recommended) check box.
-Click OK.
-Right-click the System Volume Information folder in the root folder, and then click Properties.
-Click the Security tab.
-Click Add, and then type the name of the user to whom you want to give access to the folder. Typically, this is the account with which you are logged on. Click OK, and then click OK again.

-Then, navigate to C:\SystemVolumeInformation right click on it, and click on Rename.

-Rename it to SystemVolumeBAK

-Restart your computer.

Tell me if you can see the Restore tab.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 14, 2010, 08:05:02 PM

Ok, Can you explain ''-Right-click the System Volume Information folder in the root folder'' I don't know where/what those are exactly? Sorry when I got to that step I was unsure of what to do. I did the first stuff already though. Clicked Show hidden files and folders already, Hide protected operating system files (Recommended) was already unchecked and there is no Use simple file sharing (Recommended) check box.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 15, 2010, 10:47:31 PM

c:\SystemVolumeInformation

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 16, 2010, 07:45:48 AM

It's not there and if I try to RUN it says Windows can not find 'c:\SystemVolumeInformation'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click search.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 16, 2010, 11:43:24 AM

Do you have a Windows XP CD??

We need to do a system in-place upgrade, which is a data-safe process to fully repair Windows.

However, if you do not feel comfortable with this, there are alternative routes to be able to take to backup your system configuration, like ERUNT program.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 16, 2010, 12:46:14 PM

Yes, I have the CD Windows XP Home Edition. Since you say it is Data Safe does that mean I won't like lose or mess up any my programs, photographs and everything? Is there a major difference between doing that and ERUNT? Do you think one way better than the other?

Thanks!

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 16, 2010, 01:08:31 PM

The repair will restore functionality for System Restore, which can be easier down the road.

ERUNT is a little more difficult for beginner users.

If you feel comfortable using ERUNT, then see if this will work:

Install ERUNT (http://"http://www.larshederer.homepage.t-online.de/erunt/").
Let it add an entry to your Start menu during the install process. That
will allow ERUNT to backup your registry each time you boot. It only
takes a few seconds and has no real impact on boot time. Run ERUNT
immediately after installing it to create a full registry backup.

Then if something is deleted that shouldn't have been, simply go to the C:\Windows\erdnt
folder and pick the erdnt.exe wanted to restore the registry to it's
state when it was backed up. This can even be done from the Recovery
Console if needed.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 16, 2010, 05:33:19 PM

Ok, I did the ERUNT thing.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 17, 2010, 12:10:03 PM

Good. Now, do you know what to do to restore your computer, in case something happens?

Go to the C:\Windows\erdnt folder and pick the erdnt.exe wanted to restore the registry to it's state when it was backed up. This can even be done from the Recovery Console if needed.

If you need help from an expert, please post a new topic, then PM me. I will help you get it restored from the Recovery Console in case your computer cannot boot. :)

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 17, 2010, 03:00:33 PM

Ok, Thanks! :D what if I want to fix system restore though? Do you know what happened to it ? Was it deleted or did the fake virus thing just mess it up? Also, I checked and I can boot into safe mode now!

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 18, 2010, 12:09:38 AM

It must be damaged.

If you want to fix it, you will need to do an in-place data-safe upgrade.

http://support.microsoft.com/kb/978788

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 18, 2010, 09:08:53 AM

Ok, Thank you. Maybe I will do that, I will have to read about it first though. Do you know where I can get help for the other problems because they are still happening...They started after all that but what we did didn't fix them. Thanks for helping me!! ;D

*Also I don't know if the windows XP CD we have was used to install windows on this specific computer or not so IDK (I think its pretty old and we have a separate SP 3 cd.) IDK If that would mess it up....maybe theres some way to just reinstall the system restore...IDK

Thanks again for helping!!

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 18, 2010, 11:39:57 AM

Please list any other problems, so I may help or point you in the right direction.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 18, 2010, 03:04:01 PM

Every time the computer loads up to everyones usernames a error comes up nmsrv.exe application error. I just exit it, it doesn't seem to effect anything....

Everytime we log in we get a Pure Platform Networks service error, program needs to close error where it says you can send a report. I just exit it too now.... I believe its tied in with my Linksys Easylink advisor because Linksys Easylink advisor is no longer working as when I try to open Linksys el Advisor its says its not running, so I click connect it tries than that same pure platform error pops up and it exits. Iv tried uninstalling it reinstalling but it hasn't worked since.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 18, 2010, 09:08:18 PM

I will help with the application error there.

However, the network issue is much more complicated. I would recommend to post for help in this section: http://www.computerhope.com/forum/index.php/board,12.0.html

============

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

Code: [Select]

:filefind
nmsrv.exe

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 21, 2010, 01:24:45 PM

Ok, Thanks. Sorry for delay in reply.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 14:15 on 21/06/2010 by Rachell (Administrator - Elevation successful)

========== filefind ==========

Searching for "nmsrv.exe"
No files found.

-=End Of File=-

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 21, 2010, 05:41:45 PM

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

Code: [Select]

:regfind
nmsrv.exe

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 22, 2010, 06:53:42 AM

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 08:52 on 22/06/2010 by Rachell (Administrator - Elevation successful)

========== regfind ==========

Searching for "nmsrv.exe"
No data found.

-=End Of File=-

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 22, 2010, 12:26:27 PM

Ok once more here.

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

Code: [Select]

:regfind
nmsrv

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 22, 2010, 05:25:47 PM

Opps, I thought I did copy all of that... I think i missed a letter too nmsrvc not nmsrv...... ::) sorry. I redid it if it matters...

here ya go...

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 19:16 on 22/06/2010 by Rachell (Administrator - Elevation successful)

========== regfind ==========

Searching for "nmsrv"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\nmsrvc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\mnmsrvc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\mnmsrvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Pure Networks Platform Service]
"EventMessageFile"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvclb.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\mnmsrvc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\mnmsrvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Pure Networks Platform Service]
"EventMessageFile"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvclb.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmsrvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\mnmsrvc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\mnmsrvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\Pure Networks Platform Service]
"EventMessageFile"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvclb.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\mnmsrvc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\mnmsrvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Pure Networks Platform Service]
"EventMessageFile"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvclb.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""

-=End Of File=-

------------------------------------------

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 19:19 on 22/06/2010 by Rachell (Administrator - Elevation successful)

========== filefind ==========

Searching for "nmsrvc.exe"
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe --a--- 648504 bytes [04:15 09/04/2008] [04:15 09/04/2008] 82C5A813E8EA7E94DC1AFA24CD803B80

-=End Of File=-

------------------------------------------

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 19:32 on 22/06/2010 by Rachell (Administrator - Elevation successful)

========== regfind ==========

Searching for "nmsrvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\nmsrvc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\mnmsrvc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\mnmsrvc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\mnmsrvc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\mnmsrvc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""

-=End Of File=-

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 22, 2010, 11:17:05 PM

Please open Notepad and enter in the following:

Code: [Select]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
"Start"="0x4"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmsrvc]
"Start"="0x4"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]
"Start"="0x4"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
"Start"="0x4"

Then, click File > Save as...
Save as disablePure.reg to your Desktop.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on disablePure.reg, and confirm the prompt.

Then, reboot your computer and see if it gives any more issues at Winlogon.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 23, 2010, 02:20:55 PM

I did what you said but the same thing happened. I don't know if it will help but here is a shot of the exact message that pops up on the Log On Screen....

(my other thread is here but no one has answered yet http://www.computerhope.com/forum/index.php/topic,106340.0.html )

[recovering disk space - old attachment deleted by admin]

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 23, 2010, 08:30:58 PM

Can you remove the program without anything happening to your Internet connection?

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 23, 2010, 09:21:17 PM

Linksys no I can't, because is my family router. I did hesitantly uninstall and reinstall it when no one else was using it though..didn't work....As for Pure Networks Platform Service I honestly don't know what it is or if it has to do with my internet. ???

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 24, 2010, 02:46:33 PM

Try to remove the Pure Networks program, and see if that helps anything.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 25, 2010, 01:47:28 PM

Do you know how to do that? It's not in add/remove programs and if I try to just delete C:\Program Files\Common Files\Pure Networks Shared\ its says Access denied to files there.

Edit: This is unrelated to the other thing but

I just got my system restore tab back and system restore opens up!!!! :D It currently doesn't have any points saved...I followed these instructions...

http://forum.soft32.com/windows/System-Restore-Tab-Missing-ftopict318903.html

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 25, 2010, 02:27:05 PM

How did you uninstall it before?

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 25, 2010, 03:12:05 PM

I didn't unistall Pure Networks Platform Service before. I uninstalled my Linksys Easylink Advisor/Router cd because its not working (well the actual router so other people can be the net is but the advisor isn't) and that same Pure Networks Platform Service pops up so I just unistalled the Linksys advisor and reinstalled it but I got the same errors....I don't ever remember installing anything called Pure Networks Platform Service but I thought maybe it was something to do with my Linksys.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 25, 2010, 08:25:25 PM

I see. So have you reinstalled the Pure Networks Platform Service?

If not, try to reinstall the Pure Networks Platform Service, as this may resolve the error.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 26, 2010, 07:50:10 AM

Iv never done any thing with Pure Networks Platform Service. I don't know how to unistall it. I did uninstall and reinstall my Linksys.

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 27, 2010, 02:22:39 PM

Right. But are you able to install the Pure Networks...?

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: SkaterGirl91 on June 27, 2010, 09:12:56 PM

No :-[

Title: Re: Help: Several problems I believed caused by an infection long ago
Post by: Dr Jay on June 27, 2010, 09:34:46 PM

Please go here: http://homesupport.cisco.com/en-us/wireless/linksys/

Enter your model number and try to find the download for Pure Networks.

Let me know if you see it or not.