Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: daver23 on November 07, 2011, 08:27:41 PM
-
I'm having severe issues with Vundo, Iexplorer constantly running in background, searches in yahoo & google being hijacked. I've downloaded several free anti-spyware, anti-virus programs and am having not much luck at all. I'd prefer to get this resolved instead of shelling out alot of money for a new computer since i'm dirt poor at this point. I caught the virus off a sports blog recently, but have had issues with spyware, etc. in the past. Please help with what I should do. I did have a result for Mal_vundog at some point. None of the viruses, trojans found never delete off officially. I've tried for a week now. Thanks
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
********************************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
****************************************************
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.
(http://i424.photobucket.com/albums/pp322/digistar/DDS.jpg)
1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
•Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE (http://www.bleepingcomputer.com/forums/topic114351.html).Then post your DDS logs. (DDS.txt and Attach.txt )
-
Thanks. I might be a little slow responding back with scans for a couple days. I don't have much time to do all the scans simultaneously when i'm home from work. The problem with some of the scans is that you tell me to close my browser, however in the background the virus keeps re-populating iexplorer.exe in my task manager. Should I unscrew my cable modem wire when running them to keep a browser from opening, or will that not do any good?
-
Here is the result after I ran Superantispyware Scan. I mainly keep getting just the adware cookies in the results
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/08/2011 at 10:07 PM
Application Version : 5.0.1134
Core Rules Database Version : 7917
Trace Rules Database Version: 5729
Scan type : Complete Scan
Total Scan Time : 02:18:51
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 511
Memory threats detected : 0
Registry items scanned : 37150
Registry threats detected : 1
File items scanned : 72755
File threats detected : 36
Adware.Tracking Cookie
C:\Documents and Settings\David L\Cookies\SEQEERKL.txt [ /ru4.com ]
C:\Documents and Settings\David L\Cookies\75454F2W.txt [ /atdmt.com ]
C:\Documents and Settings\David L\Cookies\BWRRSMI8.txt [ /invitemedia.com ]
C:\Documents and Settings\David L\Cookies\F5ALP9XJ.txt [ /doubleclick.net ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DP828U63 ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
adserver.zonemedia.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
adserver.zonemedia.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.viewablemedia.net [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
System.BrokenFileAssociation
HKCR\.exe
-
While i'm waiting for my malware bytes scan...here is a current Hijack This log I took a couple things out of platform & MSIE
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:04:35 PM, on 11/8/2011
Platform: Windows XP SP3 (WinNT )
MSIE: Internet Explorer v8.00
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.insightbb.com;localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 9718 bytes
-
I didn't get any results from here.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8122
Service Pack 3
Internet Explorer 8.0
11/9/2011 12:16:55 AM
mbam-log-2011-11-09 (00-16-54).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 306078
Time elapsed: 1 hour(s), 36 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
I still need to see the DDS logs.
-
here is the dds first
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by David L at 17:25:20 on 2011-11-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.57 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = sas.insightbb.com;localhost
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ga311s~1.lnk - c:\program files\netgear ga311 adapter\GA311.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 74.128.17.114 74.128.19.102
TCP: Interfaces\{C1F8BCC7-439B-47E2-B6FE-D1DBDE1A9D9F} : DhcpNameServer = 74.128.17.114 74.128.19.102
TCP: Interfaces\{CDB1D8AE-8FE3-4C1F-9B3C-0850B0C93106} : DhcpNameServer = 74.128.17.114 74.128.19.102
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\yaveyayu.dll c:\windows\system32\sitomoba.dll
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program files\pixiepack codec pack\InstallerHelper.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\david l\application data\mozilla\firefox\profiles\1mzpq7cn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B50f077b9-0371-4059-868b-00aa5df9005e%7D&mid=4c85171e3a3847d19905d16b790da47a-603beb4178b06c01c7fc3d75245f54768a47c957&ds=AVG&v=8.0.0.40&lang=en&pr=fr&d=2011-11-06%2015%3A41%3A31&sap=ku&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50364
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\david l\application data\mozilla\firefox\profiles\1mzpq7cn.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - plugin: c:\documents and settings\david l\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\david l\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\david l\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-3-27 165160]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [2003-12-25 8440]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2003-12-25 11237]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-7 366152]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-8-14 16512]
S3 gtermddo;gtermddo;\??\c:\docume~1\davidl~1\locals~1\temp\gtermddo.sys --> c:\docume~1\davidl~1\locals~1\temp\gtermddo.sys [?]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-23 79880]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-23 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-23 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-23 40552]
S4 IXGUZVESKAH;IXGUZVESKAH;c:\docume~1\davidl~1\locals~1\temp\IXGUZVESKAH.exe [2011-11-6 523136]
.
=============== Created Last 30 ================
.
2011-11-08 00:57:48 -------- d-----w- c:\documents and settings\david l\application data\IObit
2011-11-08 00:57:44 -------- d-----w- c:\program files\IObit
2011-11-07 01:54:12 -------- d-----w- c:\program files\Bazooka Scanner
2011-11-07 00:31:33 -------- d-----w- c:\documents and settings\david l\application data\Immunet
2011-11-07 00:31:33 -------- d-----w- c:\documents and settings\all users\Immunet
2011-11-06 21:43:31 -------- d-----w- c:\documents and settings\david l\application data\AVG2012
2011-11-06 21:41:33 -------- d-----w- c:\documents and settings\david l\application data\AVG Secure Search
2011-11-06 21:41:19 -------- d-----w- c:\program files\common files\AVG Secure Search
2011-11-06 21:41:18 -------- d-----w- c:\program files\AVG Secure Search
2011-11-06 21:39:23 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-06 20:07:45 -------- d-----w- c:\documents and settings\david l\application data\SUPERAntiSpyware.com
2011-11-06 20:07:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-06 19:49:42 -------- d-----w- c:\documents and settings\david l\application data\Systweak
2011-11-06 19:49:14 17280 ----a-w- c:\windows\system32\roboot.exe
2011-11-06 19:49:12 -------- d-----w- c:\program files\YTDSETUP
2011-11-06 17:28:21 -------- d-----w- c:\program files\Safer Networking
2011-11-06 16:58:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-06 16:37:54 2568 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-06 16:33:22 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-06 16:33:22 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-06 16:10:17 -------- d-----w- c:\program files\PC Tools
2011-11-06 16:06:13 660992 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-11-06 16:06:13 341656 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-11-06 16:05:48 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-06 16:05:48 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-11-06 16:05:23 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-06 16:05:22 -------- d-----w- c:\program files\common files\PC Tools
2011-11-06 16:04:10 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-11-06 16:04:09 -------- d-----w- c:\documents and settings\david l\application data\TestApp
2011-11-06 15:44:58 -------- d-----w- c:\documents and settings\david l\application data\CallingID
2011-11-06 06:33:07 -------- d-----w- c:\documents and settings\all users\application data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-11-06 06:21:32 -------- d-----w- c:\program files\Uniblue
2011-11-06 06:21:18 939368 ----a-w- c:\windows\system32\flash.ocx
2011-11-06 06:21:06 -------- d-----w- c:\documents and settings\david l\local settings\application data\PackageAware
2011-11-05 21:15:49 388096 ----a-r- c:\documents and settings\david l\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-05 17:03:59 -------- d-----w- C:\Cache
2011-11-05 16:21:50 -------- d-----w- c:\documents and settings\david l\local settings\application data\adaware
2011-11-05 16:20:39 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2011-11-05 16:19:37 -------- d-----w- c:\program files\Toolbar Cleaner
2011-11-05 16:18:54 -------- d-----w- c:\documents and settings\david l\application data\adawaretb
2011-11-05 16:18:37 -------- d-----w- c:\program files\adawaretb
2011-11-05 16:17:36 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-05 16:15:07 -------- d-----w- c:\program files\Lavasoft
2011-11-05 15:37:11 -------- d-----w- c:\program files\SpywareBlaster
2011-11-05 06:36:00 -------- d-----w- C:\Data
2011-11-05 04:54:33 -------- d-----w- c:\windows\pss
2011-11-05 01:50:48 -------- d-----w- c:\documents and settings\david l\local settings\application data\Temp
2011-11-05 01:45:56 -------- d-----w- c:\program files\AVAST Software
2011-11-05 01:45:56 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-11-04 03:32:41 -------- d-----w- c:\program files\NetEraserDemo1
2011-11-04 03:15:21 53248 ----a-w- c:\windows\system32\IMAGEPLUSCONTROL.OCX
2011-11-04 03:15:20 53248 ----a-w- c:\windows\system32\UNRAR.DLL
2011-11-04 03:15:20 40448 ----a-w- c:\windows\system32\UNACE.DLL
2011-11-04 03:15:20 352256 ----a-w- c:\windows\system32\ijl15.dll
2011-11-04 03:15:20 143360 ----a-w- c:\windows\system32\vbuzip10.dll
2011-11-04 03:15:18 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2011-11-04 03:15:18 667648 ----a-w- c:\windows\system32\FreeImage.dll
2011-11-04 01:31:59 -------- d-----w- c:\documents and settings\david l\application data\Malwarebytes
2011-11-04 01:31:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-04 01:31:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-04 00:45:03 -------- d-----w- c:\program files\CCleaner
2011-11-03 00:27:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-03 00:27:46 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-11-02 06:04:25 95472 ----a-w- c:\windows\system32\Vetredir.dll
2011-11-02 06:04:25 201968 ----a-w- c:\windows\system32\Isafprod.dll
2011-11-02 06:04:25 128240 ----a-w- c:\windows\system32\Isafeif.dll
2011-11-02 06:04:21 1054032 ----a-w- c:\windows\system32\cfgmig32.dll
2011-11-02 06:03:54 -------- d-----w- c:\windows\rnapxs
2011-11-02 05:59:29 -------- d-----w- c:\program files\CA
2011-11-02 05:55:56 -------- d-----w- c:\documents and settings\all users\application data\CA
2011-11-02 04:30:18 -------- d-----w- c:\documents and settings\david l\application data\OpenCandy
2011-11-02 04:30:15 -------- d-----w- c:\documents and settings\david l\application data\Sammsoft
2011-11-02 03:02:42 -------- d--h--w- C:\$AVG
2011-11-01 06:27:31 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-11-01 06:01:56 -------- d-----w- c:\program files\Trend Micro
2011-11-01 01:37:44 -------- d-----w- c:\documents and settings\all users\application data\Common Files
2011-11-01 01:35:12 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-11-01 01:34:19 -------- d-----w- c:\program files\AVG
2011-11-01 01:30:23 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-10-31 06:43:51 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-31 04:35:25 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-10-31 03:18:03 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-31 03:18:01 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-10-31 03:16:13 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-31 03:04:55 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-10-31 03:04:55 215920 ----a-w- c:\windows\system32\muweb.dll
2011-10-31 03:04:55 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-10-31 00:53:29 -------- d-----w- c:\documents and settings\all users\application data\PC1Data
.
==================== Find3M ====================
.
2011-10-07 12:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 12:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-26 16:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 12:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2008-11-02 23:19:13 14138 ----a-w- c:\program files\common files\ysid.com
.
============= FINISH: 17:33:37.57 ===============
-
Here is the attach log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/23/2006 5:00:10 PM
System Uptime: 11/9/2011 4:48:30 PM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0WF887
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 109 GiB total, 84.646 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 36.743 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01D51028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01D51028&REV_02\4&1C660DD6&0&40F0
Service: E100B
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (ATW)
Device ID: ROOT\NET\0000
Manufacturer: America Online, Inc.
Name: WAN Miniport (ATW)
PNP Device ID: ROOT\NET\0000
Service: wanatw
.
==== System Restore Points ===================
.
RP1708: 8/6/2011 11:45:57 PM - System Checkpoint
RP1709: 8/8/2011 9:00:52 AM - System Checkpoint
RP1710: 8/14/2011 6:11:05 AM - System Checkpoint
RP1711: 8/15/2011 7:05:46 AM - System Checkpoint
RP1712: 8/16/2011 4:05:11 PM - System Checkpoint
RP1713: 8/17/2011 10:55:06 PM - System Checkpoint
RP1714: 8/18/2011 11:02:40 PM - System Checkpoint
RP1715: 8/19/2011 11:22:32 PM - System Checkpoint
RP1716: 8/21/2011 12:05:48 AM - System Checkpoint
RP1717: 8/22/2011 7:04:59 PM - System Checkpoint
RP1718: 8/23/2011 8:44:34 PM - System Checkpoint
RP1719: 8/24/2011 9:13:03 PM - System Checkpoint
RP1720: 8/25/2011 10:18:09 PM - System Checkpoint
RP1721: 8/27/2011 4:54:44 AM - System Checkpoint
RP1722: 8/28/2011 11:51:35 AM - System Checkpoint
RP1723: 8/30/2011 9:23:20 PM - System Checkpoint
RP1724: 8/31/2011 10:22:29 PM - System Checkpoint
RP1725: 9/2/2011 1:05:42 AM - System Checkpoint
RP1726: 9/3/2011 1:12:36 AM - System Checkpoint
RP1727: 9/4/2011 3:29:29 AM - System Checkpoint
RP1728: 9/5/2011 4:24:31 AM - System Checkpoint
RP1729: 9/7/2011 10:39:42 PM - System Checkpoint
RP1730: 9/9/2011 8:29:33 AM - System Checkpoint
RP1731: 9/10/2011 10:38:41 AM - System Checkpoint
RP1732: 11/3/2011 8:07:21 PM - Removed Ask Toolbar.
RP1733: 9/12/2011 9:56:33 PM - System Checkpoint
RP1734: 9/14/2011 11:12:40 PM - System Checkpoint
RP1735: 9/16/2011 8:05:56 AM - System Checkpoint
RP1736: 9/17/2011 2:03:24 PM - System Checkpoint
RP1737: 9/18/2011 3:03:51 PM - System Checkpoint
RP1738: 9/19/2011 3:16:46 PM - System Checkpoint
RP1739: 9/20/2011 3:31:19 PM - System Checkpoint
RP1740: 9/21/2011 6:26:48 PM - System Checkpoint
RP1741: 9/22/2011 8:55:24 PM - System Checkpoint
RP1742: 9/23/2011 9:06:33 PM - System Checkpoint
RP1743: 9/24/2011 11:01:13 PM - System Checkpoint
RP1744: 9/25/2011 11:49:27 PM - System Checkpoint
RP1745: 9/27/2011 12:46:21 AM - System Checkpoint
RP1746: 9/28/2011 8:01:11 AM - System Checkpoint
RP1747: 9/29/2011 8:50:47 AM - System Checkpoint
RP1748: 9/30/2011 9:50:37 AM - System Checkpoint
RP1749: 10/1/2011 2:44:47 PM - System Checkpoint
RP1750: 10/2/2011 11:49:36 PM - System Checkpoint
RP1751: 10/4/2011 8:00:37 AM - System Checkpoint
RP1752: 10/5/2011 8:14:05 AM - System Checkpoint
RP1753: 10/6/2011 8:42:19 AM - System Checkpoint
RP1754: 10/7/2011 10:18:14 PM - System Checkpoint
RP1755: 10/8/2011 10:30:46 PM - System Checkpoint
RP1756: 10/9/2011 10:33:24 PM - System Checkpoint
RP1757: 10/10/2011 10:50:14 PM - System Checkpoint
RP1758: 10/12/2011 10:44:40 PM - System Checkpoint
RP1759: 10/13/2011 11:31:58 PM - System Checkpoint
RP1760: 10/15/2011 1:41:12 AM - System Checkpoint
RP1761: 10/16/2011 2:41:57 AM - System Checkpoint
RP1762: 10/17/2011 8:01:29 AM - System Checkpoint
RP1763: 10/18/2011 8:37:00 AM - System Checkpoint
RP1764: 10/19/2011 9:24:30 AM - System Checkpoint
RP1765: 10/21/2011 1:12:59 AM - System Checkpoint
RP1766: 10/22/2011 7:13:16 AM - System Checkpoint
RP1767: 10/23/2011 7:24:22 AM - System Checkpoint
RP1768: 10/24/2011 8:00:16 AM - System Checkpoint
RP1769: 10/25/2011 8:25:19 AM - System Checkpoint
RP1770: 10/26/2011 8:36:25 AM - System Checkpoint
RP1771: 10/27/2011 10:04:56 AM - System Checkpoint
RP1772: 10/28/2011 5:50:10 PM - System Checkpoint
RP1773: 10/29/2011 6:24:21 PM - System Checkpoint
RP1774: 10/30/2011 8:03:40 PM - Restore Operation
RP1775: 10/30/2011 8:10:47 PM - Restore Operation
RP1776: 10/30/2011 9:44:29 PM - Restore Operation
RP1777: 10/30/2011 9:49:02 PM - Restore Operation
RP1778: 10/30/2011 9:52:50 PM - Restore Operation
RP1779: 10/30/2011 9:55:48 PM - Restore Operation
RP1780: 10/30/2011 9:58:39 PM - Restore Operation
RP1781: 10/30/2011 10:02:16 PM - Restore Operation
RP1782: 10/30/2011 10:08:42 PM - Restore Operation
RP1783: 10/30/2011 11:10:52 PM - Software Distribution Service 3.0
RP1784: 10/31/2011 12:32:49 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1785: 10/31/2011 1:05:36 AM - Installed Ad-Aware
RP1786: 10/31/2011 1:07:35 AM - Installed Ad-Aware
RP1787: 10/31/2011 2:04:38 AM - Software Distribution Service 3.0
RP1788: 10/31/2011 7:49:40 AM - Software Distribution Service 3.0
RP1789: 10/31/2011 6:09:38 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1790: 11/3/2011 8:06:47 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1791: 10/31/2011 7:03:09 PM - Software Distribution Service 3.0
RP1792: 11/5/2011 12:05:32 AM - Removed Ad-Aware
RP1793: 10/31/2011 7:53:14 PM - ARO 2011 - Before Installation
RP1794: 10/31/2011 7:55:39 PM - ARO 2011 - FIRST RUN
RP1795: 11/3/2011 8:06:59 PM - ARO 2011 Mon, Oct 31, 11 20:04
RP1796: 11/5/2011 12:05:25 AM - Installed AVG 2012
RP1797: 11/5/2011 12:05:22 AM - Installed AVG 2012
RP1798: 11/3/2011 8:06:51 PM - Removed Support.com Toolbar.
RP1799: 11/3/2011 8:07:04 PM - Installed HiJackThis
RP1800: 11/1/2011 11:21:37 PM - Restore Operation
RP1801: 11/1/2011 11:33:27 PM - Restore Operation
RP1802: 11/5/2011 12:05:19 AM - Removed AVG 2012
RP1803: 11/5/2011 12:05:16 AM - Removed AVG 2012
RP1804: 11/3/2011 8:06:35 PM - Removed HiJackThis
RP1805: 11/2/2011 12:59:27 AM - CA Internet Security Suite
RP1806: 11/3/2011 1:10:15 AM - Restore Operation
RP1807: 11/5/2011 12:05:09 AM - Removed Apple Mobile Device Support
RP1808: 11/5/2011 12:05:05 AM - Removed Apple Software Update
RP1809: 11/5/2011 12:04:55 AM - Removed EarthLink setup files
RP1810: 11/5/2011 12:04:45 AM - Removed iTunes
RP1811: 11/4/2011 8:45:56 PM - avast! Free Antivirus Setup
RP1812: 11/5/2011 10:22:31 AM - Removed Bonjour
RP1813: 11/5/2011 11:14:00 AM - Installed Ad-Aware
RP1814: 11/5/2011 11:15:00 AM - Installed Ad-Aware
RP1815: 11/5/2011 4:15:33 PM - Installed HiJackThis
RP1816: 11/6/2011 9:50:27 AM - CA Internet Security Suite
RP1817: 11/6/2011 10:30:29 AM - Restore Operation
RP1818: 11/6/2011 10:55:08 AM - Removed Adobe Reader 6.0.1
RP1819: 11/6/2011 10:55:58 AM - Removed Adobe Acrobat - Reader 6.0.2 Update
RP1820: 11/6/2011 10:56:06 AM - Installed Adobe Reader X (10.1.1).
RP1821: 11/6/2011 1:24:53 PM - Installed HiJackThis
RP1822: 11/6/2011 1:58:16 PM - RegClean Pro Sun, Nov 06, 11 13:58
RP1823: 11/6/2011 3:37:13 PM - Installed AVG 2012
RP1824: 11/6/2011 3:38:51 PM - Installed AVG 2012
RP1825: 11/6/2011 8:53:44 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1826: 11/6/2011 9:46:44 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1827: 11/6/2011 11:41:24 PM - Removed Lexmark Photo Center
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
AIO_Scan
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
aspi
AutoUpdate
AVG 2012
Banctec Service Agreement
Bonjour
BufferChm
C4200
C4200_doccd
c4200_Help
CCHelp
CCScore
Conexant D850 56K V.9x DFVc Modem
Copy
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Version Checker
DocProc
DocProcQFolder
Documentation & Support Launcher
Download Updater (AOL LLC)
EarthLink setup files
EducateU
ELIcon
ESSAdpt
ESSANUP
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
eSupportQFolder
Facebook Plug-In
Games, Music, & Photos Launcher
Get High Speed Internet!
Google Desktop
Google Toolbar for Internet Explorer
HiJackThis
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Service Offers Launcher
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 7
Kodak EasyShare software
KSU
Last.fm 1.5.4.27091
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Helper
Move Media Player
Mozilla Firefox 6.0.1 (x86 en-US)
Mozilla Thunderbird (1.5.0.7)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NETGEAR GA311 Gigabit Adapter
NETGEAR GA311 Smart Wizard Utility
NetWaiting
NetZeroInstallers
Notifier
OTtBP
PixiePack Codec Pack
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Scan
Seagate Manager Installer
Search Assist
Search Settings 1.2
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SFR
SFR2
SolutionCenter
Sonic Activation Module
Sonic Update Manager
SoulSeek 157 NS 13e
Spybot - Search & Destroy
Status
SUPERAntiSpyware
Toolbox
TrayApp
UnloadSupport
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
USB MassStorage CardReader
VC80CRTRedist - 8.0.50727.762
VideoToolkit01
VS10RuntimeWin32
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WordPerfect Office 12
Yahoo! Anti-Spy
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/7/2011 6:04:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: szkg5 szkgfs
11/6/2011 9:57:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk szkg5 szkgfs
11/6/2011 9:57:38 PM, error: Service Control Manager [7001] - The Print Spooler service depends on the LexBce Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/6/2011 9:44:30 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
11/6/2011 9:44:00 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
11/6/2011 9:07:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde mfehidk
11/6/2011 8:57:05 AM, error: Service Control Manager [7023] - The Terminal Services service terminated with the following error: Access is denied.
11/6/2011 8:57:05 AM, error: Service Control Manager [7001] - The Fast User Switching Compatibility service depends on the Terminal Services service which failed to start because of the following error: Access is denied.
11/6/2011 8:52:22 PM, error: Service Control Manager [7034] - The ScsiAccess service terminated unexpectedly. It has done this 1 time(s).
11/6/2011 7:34:50 PM, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 1 time(s).
11/6/2011 7:14:27 PM, error: Service Control Manager [7031] - The Immunet 3.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
11/6/2011 6:29:56 PM, error: Service Control Manager [7000] - The ImmunetSelfProtectDriver service failed to start due to the following error: A device attached to the system is not functioning.
11/6/2011 6:29:36 PM, error: Service Control Manager [7000] - The ImmunetProtectDriver service failed to start due to the following error: The parameter is incorrect.
11/6/2011 5:15:13 PM, error: Service Control Manager [7034] - The vToolbarUpdater service terminated unexpectedly. It has done this 1 time(s).
11/6/2011 12:07:13 AM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 3 time(s).
11/6/2011 12:06:58 AM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 2 time(s).
11/6/2011 10:41:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm mfehidk SASDIFSV SASKUTIL SbcpHid szkg5 szkgfs
11/6/2011 10:35:32 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk
11/6/2011 10:35:14 AM, error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The system cannot find the path specified.
11/6/2011 10:35:14 AM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The system cannot find the path specified.
11/6/2011 10:35:14 AM, error: Service Control Manager [7000] - The AOL Connectivity Service service failed to start due to the following error: The system cannot find the file specified.
11/6/2011 10:31:51 AM, error: Service Control Manager [7023] - The HIPS Policy Manager service terminated with the following error: Unspecified error
11/6/2011 10:26:53 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 2 time(s).
11/6/2011 10:26:00 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
11/6/2011 10:16:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec mfehidk MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SbcpHid szkg5 szkgfs Tcpip WS2IFSL
11/5/2011 4:17:04 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
11/5/2011 2:08:57 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 3 time(s).
11/5/2011 12:18:32 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {B8417502-7095-4D02-AF41-92134CEA5ED0}
11/5/2011 12:18:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {5EBFD120-E4FE-46C5-8E21-05D903BAAEEC}
11/5/2011 12:17:57 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {8449273F-059F-4B7C-BF37-2E3C028E93D2}
11/5/2011 12:17:47 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service CaCCProvSP with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}
11/5/2011 12:09:49 PM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s).
11/5/2011 11:22:34 AM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
11/5/2011 1:52:51 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 2 time(s).
11/5/2011 1:45:02 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
11/5/2011 1:21:12 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
11/4/2011 9:38:57 PM, error: Service Control Manager [7000] - The Moon Secure Antivirus Core service failed to start due to the following error: The system cannot find the file specified.
11/4/2011 9:34:51 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.
11/4/2011 7:36:12 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/4/2011 7:23:01 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
11/4/2011 7:23:01 AM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/4/2011 5:00:41 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
11/4/2011 12:56:05 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 19 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:54:23 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 18 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:50:30 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 17 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:48:39 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 16 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:45:58 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 15 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:44:22 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 14 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:41:44 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 13 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:40:19 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:38:34 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:37:21 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:34:01 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:30:46 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:10:21 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 11:28:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/4/2011 11:23:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
11/4/2011 10:25:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/4/2011 10:25:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/4/2011 10:10:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec KmxAgent KmxFile KmxFw KmxStart MRxSmb NetBIOS NetBT RasAcd Rdbss SbcpHid Tcpip WS2IFSL
11/4/2011 10:10:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/4/2011 1:40:51 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 24 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 1:18:58 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 23 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 1:17:42 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 22 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 1:10:42 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 21 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 1:04:21 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 20 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/3/2011 9:13:00 PM, error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
11/3/2011 9:13:00 PM, error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
11/3/2011 8:23:27 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/3/2011 8:23:25 PM, error: Service Control Manager [7034] - The CAISafe service terminated unexpectedly. It has done this 1 time(s).
11/3/2011 5:54:04 PM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the path specified.
11/3/2011 12:54:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}
11/3/2011 12:54:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/3/2011 12:52:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/3/2011 12:51:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec KmxAgent KmxFile KmxFw KmxStart MRxSmb NetBIOS NetBT RasAcd Rdbss SbcpHid Tcpip WS2IFSL
11/3/2011 12:51:56 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/3/2011 12:51:56 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/3/2011 12:51:56 AM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
11/3/2011 12:51:56 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/3/2011 12:51:56 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/3/2011 12:51:56 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/3/2011 12:51:56 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/3/2011 11:57:26 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/3/2011 11:40:52 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/3/2011 11:32:01 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/3/2011 11:28:26 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/3/2011 11:00:03 PM, error: Service Control Manager [7034] - The Kodak Camera Connection Software service terminated unexpectedly. It has done this 1 time(s).
11/3/2011 10:55:16 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
11/3/2011 10:55:16 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/3/2011 10:44:26 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/3/2011 10:44:17 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/2/2011 6:00:40 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
11/2/2011 6:00:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
11/2/2011 6:00:25 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
-
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***************************************************
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.
:OTL
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
:files
c:\docume~1\davidl~1\locals~1\temp\gtermddo.sys
c:\docume~1\davidl~1\locals~1\temp\IXGUZVESKAH.exe
:services
gtermddo
IXGUZVESKAH
:COMMANDS
[resethosts]
[purity]
[start explorer]
* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
************************************************************
Please download ComboFix (http://img7.imageshack.us/img7/4930/combofix.gif) from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Alternate link: GeeksToGo.com (http://subs.geekstogo.com/ComboFix.exe)
and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you want to use Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
(http://i424.photobucket.com/albums/pp322/digistar/Query_RC.gif)
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/RC_successful.gif)
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
Here is the OTL log file. I'm trying to run the combofix. I'm having some slight issues so far.
========== OTL ==========
========== FILES ==========
File\Folder c:\docume~1\davidl~1\locals~1\temp\gtermddo.sys not found.
c:\docume~1\davidl~1\locals~1\temp\IXGUZVESKAH.exe moved successfully.
========== SERVICES/DRIVERS ==========
Service gtermddo stopped successfully!
Service gtermddo deleted successfully!
Service IXGUZVESKAH stopped successfully!
Service IXGUZVESKAH deleted successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 11092011_195824
-
Okay I just ran into a big problem with combofix. I had been disabling my AVG anti-virus every 15 minutes to run the program. In the middle of my scan I got a phone call and I noticed I had a detection pop up saying there was a malware detection. I assumed it was from the Combofix and didn't really pay attention before it was too late and deleted the detection. So, should I just delete AVG for the time being so I can get Combofix ran correctly for it's whole process? I do have to get to bed right now, so i'll have to do this tomorrow night if that is the case. I had got all the way to the deleting files process in combofix when this happened.
-
combofix scan(s) log
ComboFix 11-11-09.02 - David L 11/09/2011 23:25:47.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.226 [GMT -6:00]
Running from: c:\documents and settings\David L\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\data
c:\data\default\feed4.data
c:\data\default\us_sres.data
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\David L\Cookies\nymucanor.inf
c:\documents and settings\David L\Cookies\umaz.ban
c:\documents and settings\David L\Start Menu\Programs\System Restore
c:\documents and settings\David L\WINDOWS
c:\windows\afeb.scr
c:\windows\iun6002.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\config\systemprofile\Application Data\Dealio
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\alerts.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\alerts_over.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\alerts_rec.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\alerts_rec_over.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\chevron-small.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\deal_report.jpg
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\DealioSearch.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\deals-leftcap.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\ebay_login.jpg
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\err_mainwindow.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\err_toolbar.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\global_scripts.js
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\headerbgthin.jpg
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\highlight-bg.png
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\logo.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\logo_over.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\man_toolbar.css
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\man_toolbar.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\man_toolbar.js
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\man_toolbarl.js
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\post-this-deal.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\post-this-deal_over.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\scripts.js
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\scroller.js
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\search-chevron.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\search-chevron_over.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\search_bg_blink.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\separator.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\settings.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\settings_over.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\yahoo-search.png
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\index.76.35
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.10.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.109.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.110.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.12.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.13.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.130.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.135.50
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.153.44
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.155.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.156.49
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.16.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.161.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.178.66
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.184.55
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.188.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.189.45
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.196.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.198.56
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.199.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.200.53
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.201.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.202.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.203.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.205.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.213.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.214.49
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.215.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.216.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.217.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.218.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.219.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.220.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.221.57
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.222.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.223.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.226.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.227.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.228.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.229.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.23.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.239.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.24.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.240.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.241.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.242.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.243.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.244.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.245.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.247.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.248.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.249.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.250.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.251.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.252.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.253.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.254.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.255.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.256.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.257.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.279.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.28.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.282.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.283.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.284.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.289.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.290.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.291.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.296.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.297.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.304.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.307.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.308.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.31.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.310.46
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.311.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.315.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.316.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.317.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.318.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.319.49
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.32.48
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.334.44
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.335.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.336.44
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.337.44
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.338.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.339.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.34.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.340.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.341.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.349.50
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.35.48
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.350.50
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.351.51
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.352.54
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.353.51
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.354.51
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.357.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.358.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.359.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.360.53
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.361.54
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.362.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.363.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.364.54
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.365.53
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.367.56
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.368.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.369.55
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.370.56
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.371.56
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.372.57
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.373.55
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.375.56
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.376.57
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.377.55
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.378.65
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.384.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.386.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.387.59
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.388.59
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.389.59
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.390.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.391.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.392.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.393.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.394.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.396.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.397.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.398.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.399.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.403.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.404.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.405.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.406.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.407.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.408.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.409.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.412.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.413.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.414.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.415.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.416.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.417.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.418.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.419.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.420.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.421.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.423.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.424.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.425.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.426.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.427.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.428.65
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.429.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.430.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.432.65
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.433.64
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.434.65
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.435.64
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.436.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.437.64
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.438.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.439.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.440.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.442.73
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.443.73
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.444.73
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.445.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.446.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.450.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.451.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.452.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.453.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.454.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.456.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.457.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.458.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.459.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.460.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.462.74
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.463.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.464.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.465.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.468.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.469.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.470.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.471.73
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.472.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.478.74
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.479.73
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.480.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.481.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.482.74
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.49.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.50.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.500.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.501.74
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.502.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.51.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.52.72
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.520.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.521.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.522.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.53.51
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.531.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.532.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.534.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.54.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.55.45
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.56.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.57.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.58.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.593.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.595.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.63.57
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.66.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.70.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.71.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\dealio-14356.log
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\dealio-14357.log
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\dod_cache.xml
c:\windows\system32\r2
c:\windows\system32\Thumbs.db
c:\windows\yfemel.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-10 to 2011-11-10 )))))))))))))))))))))))))))))))
.
.
2011-11-10 04:54 . 2011-11-10 04:54 -------- d-----w- c:\documents and settings\David L\Local Settings\Application Data\Sun
2011-11-10 01:58 . 2011-11-10 01:58 -------- d-----w- C:\_OTL
2011-11-08 00:57 . 2011-11-08 00:58 -------- d-----w- c:\documents and settings\David L\Application Data\IObit
2011-11-08 00:57 . 2011-11-08 00:57 -------- d-----w- c:\program files\IObit
2011-11-07 00:31 . 2011-11-07 01:46 -------- d-----w- c:\documents and settings\All Users\Immunet
2011-11-07 00:31 . 2011-11-07 00:31 -------- d-----w- c:\documents and settings\David L\Application Data\Immunet
2011-11-06 20:07 . 2011-11-06 20:07 -------- d-----w- c:\documents and settings\David L\Application Data\SUPERAntiSpyware.com
2011-11-06 20:07 . 2011-11-06 20:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-06 19:49 . 2011-11-06 20:03 -------- d-----w- c:\documents and settings\David L\Application Data\Systweak
2011-11-06 19:49 . 2011-09-30 21:37 17280 ----a-w- c:\windows\system32\roboot.exe
2011-11-06 19:49 . 2011-11-08 02:29 -------- d-----w- c:\program files\YTDSETUP
2011-11-06 17:28 . 2011-11-06 17:43 -------- d-----w- c:\program files\Safer Networking
2011-11-06 16:58 . 2011-11-06 16:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-06 16:37 . 2011-11-06 16:37 2568 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-06 16:33 . 2011-11-06 16:33 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-06 16:06 . 2011-10-07 23:52 660992 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-11-06 16:06 . 2011-10-07 23:52 341656 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-11-06 16:05 . 2011-10-22 21:11 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-06 16:05 . 2011-10-22 21:11 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-11-06 16:05 . 2011-10-28 17:02 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-06 16:05 . 2011-11-06 16:33 -------- d-----w- c:\program files\Common Files\PC Tools
2011-11-06 16:04 . 2011-11-06 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-11-06 16:04 . 2011-11-06 16:04 -------- d-----w- c:\documents and settings\David L\Application Data\TestApp
2011-11-06 15:44 . 2011-11-06 15:44 -------- d-----w- c:\documents and settings\David L\Application Data\CallingID
2011-11-06 06:33 . 2011-11-06 06:33 -------- d-----w- c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-11-06 06:21 . 2011-11-06 06:21 -------- d-----w- c:\program files\Uniblue
2011-11-06 06:21 . 2011-10-31 15:53 939368 ----a-w- c:\windows\system32\flash.ocx
2011-11-06 06:21 . 2011-11-06 06:21 -------- d-----w- c:\documents and settings\David L\Local Settings\Application Data\PackageAware
2011-11-05 21:15 . 2011-11-06 19:24 388096 ----a-r- c:\documents and settings\David L\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-05 17:03 . 2011-11-05 17:03 -------- d-----w- C:\Cache
2011-11-05 16:21 . 2011-11-05 21:01 -------- d-----w- c:\documents and settings\David L\Local Settings\Application Data\adaware
2011-11-05 16:20 . 2011-11-06 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2011-11-05 16:19 . 2011-11-05 16:19 -------- d-----w- c:\program files\Toolbar Cleaner
2011-11-05 16:18 . 2011-11-05 16:33 -------- d-----w- c:\documents and settings\David L\Application Data\adawaretb
2011-11-05 16:18 . 2011-11-05 16:20 -------- d-----w- c:\program files\adawaretb
2011-11-05 16:17 . 2011-10-29 00:35 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-05 15:37 . 2011-11-06 06:32 -------- d-----w- c:\program files\SpywareBlaster
2011-11-05 07:30 . 2011-11-05 07:30 -------- d-----w- c:\documents and settings\Davetro23
2011-11-05 01:50 . 2011-11-05 01:58 -------- d-----w- c:\documents and settings\David L\Local Settings\Application Data\Temp
2011-11-04 03:32 . 2011-11-05 01:06 -------- d-----w- c:\program files\NetEraserDemo1
2011-11-04 03:15 . 2001-02-01 02:29 53248 ----a-w- c:\windows\system32\IMAGEPLUSCONTROL.OCX
2011-11-04 03:15 . 2001-05-30 15:00 352256 ----a-w- c:\windows\system32\ijl15.dll
2011-11-04 03:15 . 1998-12-03 00:11 143360 ----a-w- c:\windows\system32\vbuzip10.dll
2011-11-04 03:15 . 1998-08-29 18:50 40448 ----a-w- c:\windows\system32\UNACE.DLL
2011-11-04 03:15 . 1997-02-17 21:23 53248 ----a-w- c:\windows\system32\UNRAR.DLL
2011-11-04 03:15 . 2002-07-25 03:43 667648 ----a-w- c:\windows\system32\FreeImage.dll
2011-11-04 03:15 . 1998-06-18 05:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2011-11-04 01:31 . 2011-11-04 01:31 -------- d-----w- c:\documents and settings\David L\Application Data\Malwarebytes
2011-11-04 01:31 . 2011-11-04 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-04 01:31 . 2011-11-08 02:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-04 00:45 . 2011-11-04 00:45 -------- d-----w- c:\program files\CCleaner
2011-11-03 05:51 . 2011-11-05 04:52 -------- d-----w- c:\documents and settings\Administrator
2011-11-03 00:27 . 2011-11-06 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-11-03 00:27 . 2011-11-06 17:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-02 06:04 . 2010-03-20 09:46 201968 ----a-w- c:\windows\system32\Isafprod.dll
2011-11-02 06:04 . 2010-03-20 09:46 95472 ----a-w- c:\windows\system32\Vetredir.dll
2011-11-02 06:04 . 2010-03-20 09:46 128240 ----a-w- c:\windows\system32\Isafeif.dll
2011-11-02 06:04 . 2010-04-06 12:15 1054032 ----a-w- c:\windows\system32\cfgmig32.dll
2011-11-02 06:03 . 2011-11-06 16:34 -------- d-----w- c:\windows\rnapxs
2011-11-02 04:30 . 2011-11-02 04:30 -------- d-----w- c:\documents and settings\David L\Application Data\OpenCandy
2011-11-02 04:30 . 2011-11-02 04:30 -------- d-----w- c:\documents and settings\David L\Application Data\Sammsoft
2011-11-01 06:27 . 2011-11-01 06:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-01 06:01 . 2011-11-01 06:01 -------- d-----w- c:\program files\Trend Micro
2011-11-01 01:37 . 2011-11-01 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2011-11-01 01:34 . 2011-11-01 01:34 -------- d-----w- c:\program files\AVG
2011-11-01 01:30 . 2011-11-10 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-10-31 06:43 . 2011-10-31 06:43 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-31 04:35 . 2011-10-31 04:35 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-10-31 03:18 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-31 03:18 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-10-31 03:16 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-31 03:04 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-10-31 03:04 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-10-31 00:53 . 2011-10-31 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 01:22 . 2011-07-10 04:04 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 01:22 . 2008-09-13 17:38 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 16:41 . 2011-09-26 16:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-08-10 17:51 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-08-10 17:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-10 17:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-10 17:50 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2008-11-02 23:19 . 2008-11-02 23:19 14138 ----a-w- c:\program files\Common Files\ysid.com
2011-11-10 01:10 . 2011-05-12 02:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 4615552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-03-27 181544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
GA311 Smart Wizard Utility.lnk - c:\program files\NETGEAR GA311 Adapter\GA311.exe [2003-12-25 270336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^David L^Start Menu^Programs^Startup^Seagate 2GEYGGZW Product Registration.lnk]
path=c:\documents and settings\David L\Start Menu\Programs\Startup\Seagate 2GEYGGZW Product Registration.lnk
backup=c:\windows\pss\Seagate 2GEYGGZW Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 21:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [3/27/2009 2:54 PM 165160]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [12/25/2003 6:53 PM 8440]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [12/25/2003 6:53 PM 11237]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2011 8:49 PM 366152]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [8/14/2008 7:26 PM 16512]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 21:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-10 c:\windows\Tasks\User_Feed_Synchronization-{7CBB0B5E-E906-454A-9643-EF6CB7A8C568}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = sas.insightbb.com;localhost
uSearchAssistant = hxxp://www.google.com
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: DhcpNameServer = 74.128.17.114 74.128.19.102
FF - ProfilePath - c:\documents and settings\David L\Application Data\Mozilla\Firefox\Profiles\1mzpq7cn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B50f077b9-0371-4059-868b-00aa5df9005e%7D&mid=4c85171e3a3847d19905d16b790da47a-603beb4178b06c01c7fc3d75245f54768a47c957&ds=AVG&v=8.0.0.40&lang=en&pr=fr&d=2011-11-06%2015%3A41%3A31&sap=ku&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50364
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-SITEguard - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-10 00:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3532)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\system32\ScsiAccess.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2011-11-10 00:26:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-10 06:26
.
Pre-Run: 92,078,886,912 bytes free
Post-Run: 91,919,921,152 bytes free
.
- - End Of File - - 96157B7347E96AA9E11E377F5145F300
-
the iexplorer.exe is still regenerating every few minutes by the way.
-
Please go to Jotti's malware scan (http://virusscan.jotti.org/)
(If more than one file needs scanned they must be done separately and links posted for each one)
* Copy the file path in the below Code box:
c:\windows\system32\roboot.exe
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
*********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
http://virusscan.jotti.org/en/scanresult/f8a3fee43501ca4b2637ac884cf3e85d4644fbae
If I did this wrong let me know. I was a little confused by the directions on this one at first. Nothing was found here..i'm unsure why nothing is being found since the iexplorer.exe keeps popping up all the time.
-
The Security Check log
Results of screen317's Security Check version 0.99.25
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Java(TM) 7 Update 1
Java(TM) 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Adobe Reader X (10.1.1)
Mozilla Firefox (Player..)
Mozilla Thunderbird (1.5.0) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
-
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
************************************************************
The Security Check shows that you don't have an anti-virus program installed. Did you remove AVG? If you did, I would suggest that you install MSE from MicroSoft
Remember to only install one antivirus!
1) Avast! Home Edition (http://www.majorgeeks.com/Avast_Home_Edition_d1968.html)
2) AVG Free Edition (http://www.majorgeeks.com/download.php?det=886)
3) Avira AntiVir Personal (http://www.majorgeeks.com/AntiVir_Personal_Edition_7_d955.html)
4) Microsoft Security Essentials for Windows Vista\Windows 7 (http://majorgeeks.com/Microsoft_Security_Essentials_for_Windows_VistaWindows_7_d6242.html) - 64 bit Download (http://majorgeeks.com/downloadget.php?id=6242&file=5&evp=9112d44b71f157fc5d7fcd7724b088ca)
4-a) Microsoft Security Essentials for Windows XP (http://www.microsoft.com/security_essentials/)
5) Comodo Antivirus (http://www.majorgeeks.com/Comodo_AntiVirus_d5109.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition (http://www.majorgeeks.com/PC_Tools_AntiVirus_Free_Edition_d5469.html)
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
******************************************************
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
-
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: Combo-Fix.sys
Service Name: ---
Module Base: F88C8000
Module End: F88D7000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: BA654000
Module End: BA66C000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA7D2000
Module End: BA7D4000
Hidden: Yes
Module Name: \??\C:\ComboFix\catchme.sys
Service Name: catchme
Module Base: F6F89000
Module End: F6F91000
Hidden: Yes
Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: F8E06000
Module End: F8E08000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwTerminateProcess
Address: ED6DD640
Driver Base: ED6D3000
Driver End: ED6F5000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
-
Here's a fresher Hijack This log. Iexplorer.exe is still loading without permission.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.insightbb.com;localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 7889 bytes
-
I still see no evidence of an anti-virus program. Please install one and then run the Security Check again and post the log.
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.insightbb.com;localhost
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O24 - Desktop Component 0: (no name) - (no file)
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
*******************************************************
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx (http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx)
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.
-
Well Insightbb.com is my internet provider. If I check that from hijack this will it screw up my internet service?
Here's the log for the Process Explorer log
Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 76.56 0 K 16 K
System 4 4.69 0 K 28 K
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
smss.exe 572 168 K 40 K Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 636 1,708 K 1,712 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 660 6,664 K 1,348 K Windows NT Logon Application Microsoft Corporation winlogon.exe
services.exe 704 1,776 K 1,376 K Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe
svchost.exe 896 3,608 K 1,472 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k DcomLaunch
iexplore.exe 3368 17.19 82,632 K 86,232 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -Embedding
wmiprvse.exe 2748 2,876 K 4,936 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe
svchost.exe 964 1,960 K 1,476 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k rpcss
MsMpEng.exe 1060 168,084 K 40,872 K Antimalware Service Executable Microsoft Corporation "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
svchost.exe 1140 17,524 K 9,760 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs
wuauclt.exe 3440 2,188 K 252 K Windows Update Microsoft Corporation "C:\WINDOWS\system32\wuauclt.exe"
svchost.exe 1244 2,376 K 80 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe 1560 11,220 K 1,832 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe 1712 1,472 K 924 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
LEXBCES.EXE 1836 1,240 K 80 K LexBce Service Lexmark International, Inc. C:\WINDOWS\system32\LEXBCES.EXE
LEXPPS.EXE 1916 992 K 380 K LEXPPS.EXE Lexmark International, Inc. LEXPPS.EXE
spoolsv.exe 1860 3,936 K 616 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
svchost.exe 468 1,308 K 52 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
SASCore.exe 560 604 K 108 K Core Service SUPERAntiSpyware.com "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE"
FreeAgentService.exe 600 3,864 K 144 K Sync Windows Services Seagate Technology LLC "C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe"
svchost.exe 1028 3,408 K 364 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
jqs.exe 1188 2,036 K 1,400 K Java(TM) Quick Starter Service Oracle Corporation "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
KodakCCS.exe 1208 784 K 40 K Kodak DC Ring 3 Conduit (Win32) Eastman Kodak Company C:\WINDOWS\system32\drivers\KodakCCS.exe
ScsiAccess.EXE 1516 312 K 44 K C:\WINDOWS\system32\ScsiAccess.EXE
sprtsvc.exe 2232 2,676 K 544 K SupportSoft Agent Service SupportSoft, Inc. "C:\Program Files\Dell Support Center\bin\sprtsvc.exe" /service /p dellsupportcenter
svchost.exe 2316 2,404 K 304 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k imgsvc
alg.exe 3120 1,168 K 116 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe
svchost.exe 1652 2,176 K 116 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k HPZ12
lsass.exe 716 1.56 3,972 K 2,136 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
taskmgr.exe 2616 1,356 K 1,972 K Windows TaskManager Microsoft Corporation taskmgr.exe
explorer.exe 1388 40,176 K 19,672 K Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
hkcmd.exe 3604 632 K 348 K hkcmd Module Intel Corporation "C:\WINDOWS\system32\hkcmd.exe"
igfxpers.exe 3648 652 K 356 K persistence Module Intel Corporation "C:\WINDOWS\system32\igfxpers.exe"
DMXLauncher.exe 3700 636 K 360 K "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
DLACTRLW.EXE 3768 1,068 K 592 K Drive Letter Access Component Sonic Solutions "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
hpwuSchd2.exe 3796 576 K 256 K Hewlett-Packard Product Assistant Hewlett-Packard Co. "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
sprtcmd.exe 3824 8,944 K 812 K Dell Support Center Updates SupportSoft, Inc. "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
stxmenumgr.exe 3848 1,080 K 516 K FreeAgent™ Launcher Seagate LLC "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
jusched.exe 4004 776 K 44 K Java(TM) Update Scheduler Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
msseces.exe 4040 5,820 K 456 K Microsoft Security Client User Interface Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
DSAgnt.exe 4080 9,144 K 3,976 K Dell Support Gteko Ltd. "C:\Program Files\DellSupport\DSAgnt.exe" /startup
GA311.exe 224 2,356 K 1,228 K NETGEAR GA311 Configuration Utility "C:\Program Files\NETGEAR GA311 Adapter\GA311.exe"
firefox.exe 3220 114,724 K 81,636 K Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\firefox.exe"
plugin-container.exe 2192 19,136 K 5,688 K Plugin Container for Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\plugin-container.exe" --channel=3220.c3cd300.914513784 "C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" - -greomni "C:\Program Files\Mozilla Firefox\omni.jar" 3220 "\\.\pipe\gecko-crash-server-pipe.3220" plugin
procexp.exe 3572 9,704 K 13,752 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\David L\Desktop\ProcessExplorer\procexp.exe"
hpqste08.exe 2220 3,328 K 456 K HP CUE Status Root Hewlett-Packard Co. "C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Photosmart C4200 series#1245018428" -Startup
SUPERANTISPYWARE.EXE 2180 138,952 K 552 K SUPERAntiSpyware Application SUPERAntiSpyware.com "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /UPDATERESULTS:""
spotify.exe 3732 50,408 K 32,036 K Spotify Spotify Ltd "C:\Documents and Settings\David L\Application Data\Spotify\Spotify.exe" /LOWERELEVATION -ld 4242
ctfmon.exe 3468 920 K 2,488 K CTF Loader Microsoft Corporation ctfmon.exe
-
If I check that from hijack this will it screw up my internet service?
It shouldn't affect it.
i'm unsure why nothing is being found since the iexplorer.exe keeps popping up all the time.
Please explain this or post a screenshot.
I'm still waiting for the log from Security Check.
How to post screenshots or images (http://www.computerhope.com/forum/index.php/topic,61232.0.html)
-
Results of screen317's Security Check version 0.99.25
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Java(TM) 7 Update 1
Java(TM) 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Adobe Reader X (10.1.1)
Mozilla Firefox (Player..)
Mozilla Thunderbird (1.5.0) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````
Well the iexplore.exe just keeps popping up in windows task manager no matter how many times I end the process. That's been the whole problem. Searches are still re-directing also. I use mozilla firefox and the searches are re-directing on there also. I don't really use internet explorer for anything, however this virus or whatever it is continually loads iexplorer.exe in my task manager.
-
Okay, I did a free scan on a ad-aware that took several hours to complete. I got 2 results of malware which I don't think have shown up on any previous scans.
Adware.trojan.win32.generic
and trojan.win32.malware.a
i'd appreciate help with trying to get rid of these 2...thanks
-
Please download TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
- Doubleclick TDSSKiller.exe to run the tool
- Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)
- After the scan has finished, click the Close button
- Click the Report button and copy/paste the contents of it into your next reply
- Note:It will also create a log in the C:\ directory.
-
I've tried downloading the tdsskiller program a couple times...it just won't run on my computer. It doesn't get past the stage of choosing it to run.
-
Download GMER Rootkit Scanner from here. (http://www.gmer.net/download.php)
•Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
•If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
•In the right panel, you will see several boxes that have been checked. Uncheck the following ...
*Sections
*IAT/EAT
*Drives/Partition other than Systemdrive (typically C:\)
*Show All (don't miss this one)
•Then click the Scan button & wait for it to finish
•Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
•Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
-
I did receive a load driver error before the scan ran. Here is the txt log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-14 18:20:07
Windows 5.1.2600 Service Pack 3
Running: d9wh946i.exe; Driver: C:\DOCUME~1\DAVIDL~1\LOCALS~1\Temp\pxtdapod.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Services\MRxDAV\EncryptedDirectories@
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 28031
---- EOF - GMER 1.0.15 ----
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
The results of this last log
C:\Documents and Settings\David L\Desktop\loaristrojanremover.exe a variant of Win32/1AntiVirus application deleted - quarantined
C:\Documents and Settings\David L\My Documents\New Folder\setup-ltr1236.exe a variant of Win32/1AntiVirus application deleted - quarantined
C:\Documents and Settings\David L\My Documents\New Folder\setup-ltr1239.exe a variant of Win32/1AntiVirus application deleted - quarantined
C:\Program Files\Loaris\Trojan Remover\ltr12.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1724\A0247188.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1766\A0252201.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1775\A0253547.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1775\A0253565.exe a variant of Win32/1AntiVirus application deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1806\A0265195.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1811\A0270486.exe Win32/Adware.OpenInstall application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1815\A0273502.exe Win32/RegistryBooster application deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1827\A0277747.exe a variant of Win32/Adware.OpenInstall application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1839\A0283627.sys probably a variant of Win32/Agent.JMJMETP trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1843\A0283667.exe a variant of Win32/1AntiVirus application deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1843\A0283668.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
-
and it's still doing the same thing :(
-
These issues? I'm having severe issues with Vundo, Iexplorer constantly running in background, searches in yahoo & google being hijacked
-
correct...that was the original message. Internet explorer just continually shows up in the windows task manager even though I cancel it several times....and sends several files, cookies, etc in my internet explorer which I continually have to clean out with the Piriform CCleaner program. Also, when I look up anything on yahoo or google re-directs me to a find answers.com search. That's been the issue this whole time.
-
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
-
This program will not run on my computer. Similar to the tdsskiller.exe not working the other day.
-
Let's try this one.
Download the MBR Rootkit Detector (http://www2.gmer.net/mbr/mbr.exe) to your desktop.
* Doubleclick mbr.exe and follow prompts.
* A black DOS window will quickly appear then disappear.
* When mbr.exe is finished it will create a log on your desktop.
* Copy and paste contents of that log file to your next reply.
-
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600JB-75GVC0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
this is all that came up with the MBR
-
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe)
Link 2 (http://ad13.geekstogo.com/MBRCheck.exe)
Link 3 (http://www.kernelmode.info/MBRCheck.exe)
•Double-click on MBRCheck.exe to run it.
•It will open a black window...please do not fix anything (if it gives you an option).
•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.
-
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 147):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8D37000 \WINDOWS\system32\KDCOM.DLL
0xF8C47000 \WINDOWS\system32\BOOTVID.dll
0xF87E8000 ACPI.sys
0xF8D39000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF87D7000 pci.sys
0xF8837000 isapnp.sys
0xF8DFF000 pciide.sys
0xF8AB7000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8D3B000 intelide.sys
0xF8847000 MountMgr.sys
0xF87B8000 ftdisk.sys
0xF8ABF000 PartMgr.sys
0xF8857000 VolSnap.sys
0xF87A0000 atapi.sys
0xF8867000 disk.sys
0xF8877000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8780000 fltmgr.sys
0xF876E000 sr.sys
0xF8887000 Lbd.sys
0xF8758000 DRVMCDB.SYS
0xF8897000 PxHelp20.sys
0xF8741000 KSecDD.sys
0xF872E000 WudfPf.sys
0xF86A1000 Ntfs.sys
0xF8674000 NDIS.sys
0xF865A000 Mup.sys
0xF8947000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF8536000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF8522000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8B57000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF84FE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8B5F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF84ED000 \SystemRoot\system32\DRIVERS\GA311ND5.SYS
0xF84B9000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF8496000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8397000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF82F0000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF8B67000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8957000 \SystemRoot\system32\DRIVERS\serial.sys
0xF8D33000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF82DC000 \SystemRoot\system32\DRIVERS\parport.sys
0xF8967000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8D65000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF8977000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8987000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF8997000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF829C000 \SystemRoot\system32\drivers\smwdm.sys
0xF8278000 \SystemRoot\system32\drivers\portcls.sys
0xF89A7000 \SystemRoot\system32\drivers\drmk.sys
0xF81C5000 \SystemRoot\system32\drivers\senfilt.sys
0xF8EF0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF89B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8625000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF81AE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF89C7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF89E7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8B6F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF819D000 \SystemRoot\system32\DRIVERS\psched.sys
0xF89F7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8B77000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8B7F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8A07000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8B87000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8B8F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8D69000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF8117000 \SystemRoot\system32\DRIVERS\update.sys
0xF8611000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF33F0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF3480000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8D41000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF6D51000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF4E39000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB279D000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF27A6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF8A97000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF508B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8DC3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8A27000 \SystemRoot\system32\DRIVERS\DcCam.sys
0xB0586000 \SystemRoot\system32\DRIVERS\EXPORTIT.SYS
0xF2F60000 \SystemRoot\System32\Drivers\Null.SYS
0xF8DC5000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8B9F000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF8BAF000 \SystemRoot\System32\drivers\vga.sys
0xF8DC7000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8DC9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8BA7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8BB7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB27C4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB0553000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB04FA000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB04D2000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF4E35000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB01E2000 \SystemRoot\System32\drivers\afd.sys
0xF8AA7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF88B7000 \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys
0xB01C0000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF8BBF000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB0195000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB0125000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAEBFE000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9695E6-93B9-4CF1-B4CB-B5B97E79BDEF}\MpKsl7db636b9.sys
0xAE392000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAF3F5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAFEE5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xAF3E5000 \SystemRoot\System32\Drivers\Fips.SYS
0xAFEDD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAF3B5000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAE37A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF33C5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAF9D8000 \SystemRoot\System32\drivers\Dxapi.sys
0xAEBE6000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF2368000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF040000 \SystemRoot\System32\ialmdev5.DLL
0xBF070000 \SystemRoot\System32\ialmdd5.DLL
0xF8055000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF8045000 \SystemRoot\system32\drivers\dcfs2k.sys
0xF8F74000 \SystemRoot\System32\DLA\DLADResN.SYS
0xAE364000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xF8D13000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xB27FE000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xAEBDE000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xAE34C000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xAE336000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xB0204000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAD19A000 \SystemRoot\system32\drivers\wdmaud.sys
0xAEC2E000 \SystemRoot\system32\drivers\sysaudio.sys
0xACDAF000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8DAD000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xF8DB1000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xACE1C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xACC8F000 \SystemRoot\system32\DRIVERS\srv.sys
0xAC5BE000 \SystemRoot\System32\Drivers\HTTP.sys
0xACA57000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xF8BF7000 \??\C:\DOCUME~1\DAVIDL~1\LOCALS~1\Temp\mbr.sys
0xAC45E000 \SystemRoot\system32\DRIVERS\szkg.sys
0xF7CF6000 \SystemRoot\system32\drivers\szkgfs.sys
0xAA868000 \SystemRoot\system32\drivers\kmixer.sys
0xF8D8B000 \SystemRoot\system32\DRIVERS\LANPkt.sys
0xAF9E4000 \SystemRoot\System32\Drivers\Diag69xp.sys
0xF8D99000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0xB0E4E000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{53FC6F7F-B052-49DB-BCC0-4F869AECA196}\MpKslb065ec8d.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 49):
0 System Idle Process
4 System
576 C:\WINDOWS\system32\smss.exe
648 csrss.exe
672 C:\WINDOWS\system32\winlogon.exe
716 C:\WINDOWS\system32\services.exe
728 C:\WINDOWS\system32\lsass.exe
900 C:\WINDOWS\system32\svchost.exe
976 svchost.exe
1072 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1108 C:\WINDOWS\system32\svchost.exe
1148 C:\WINDOWS\system32\svchost.exe
1432 svchost.exe
1612 svchost.exe
1964 C:\WINDOWS\system32\spoolsv.exe
1324 svchost.exe
1388 C:\Program Files\SUPERAntiSpyware\SASCore.exe
1416 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
1500 C:\WINDOWS\system32\svchost.exe
1740 C:\Program Files\Java\jre7\bin\jqs.exe
2092 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
2124 C:\WINDOWS\system32\svchost.exe
2860 alg.exe
3736 C:\WINDOWS\system32\hkcmd.exe
3756 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
3816 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
3840 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3856 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
3896 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
3984 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4012 C:\Program Files\Microsoft Security Client\msseces.exe
4052 C:\Program Files\DellSupport\DSAgnt.exe
220 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
2644 C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
2632 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
1020 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
3272 C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe
3532 C:\WINDOWS\system32\dwwin.exe
2136 C:\WINDOWS\system32\LEXPPS.EXE
216 C:\WINDOWS\system32\LEXBCES.EXE
3424 C:\WINDOWS\system32\wuauclt.exe
140 C:\WINDOWS\system32\taskmgr.exe
424 C:\Program Files\Mozilla Firefox\firefox.exe
3300 C:\Program Files\Mozilla Firefox\plugin-container.exe
2224 C:\Program Files\Mozilla Firefox\plugin-container.exe
2232 C:\WINDOWS\system32\svchost.exe
1336 C:\WINDOWS\explorer.exe
3052 C:\Program Files\CCleaner\CCleaner.exe
3912 C:\Documents and Settings\David L\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001b`27f4c800 (NTFS)
PhysicalDrive0 Model Number: WDCWD1600JB-75GVC0, Rev: 08.02D08
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: B4B6B1E93E76CCFDFCAE6EA604FEB4717943141 3
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
-
Please give TDSSKiller another try. But you will have to rename it as in the following:
•If TDSSKiller does not run, try renaming it.
•To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension. (http://www.mediacollege.com/microsoft/windows/extension-change.html)
-
This might have actually fixed my problem. Since i've rebooted my computer after using the tdsskiller I haven't had iexplore come up in my task manager, and it appears my redirecting problem might be fixed also. Thanks. If I end up having anymore issues i'll get back with you.
-
If I end up having anymore issues i'll get back with you.
We may as well do some cleanup now.
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
- Click the CleanUp button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
***************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
****************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.
Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.
Remember only install ONE firewall
1) Comodo Personal Firewall (http://www.majorgeeks.com/Comodo_Personal_Firewall_d5033.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor (http://www.majorgeeks.com/Online_Armor_Free_d4872.html)
3) Agnitum Outpost (http://www.majorgeeks.com/Outpost_Firewall_Free_d1056.html)
4) PC Tools Firewall Plus (http://www.majorgeeks.com/PC_Tools_Firewall_Plus_d5470.html)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*******************************************************
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
Thanks for everything. So, do I need to download a firewall since I've got the Microsoft Security Essentials now? Do you recommend me getting something else?
-
Thanks for everything. So, do I need to download a firewall since I've got the Microsoft Security Essentials now? Do you recommend me getting something else?
If you want to protect your personal and financial information, a third-party firewall would give you that added protection. I'm running MSE and Comodo firewall. You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.