Computer Hope
Software => Computer viruses and spyware => Topic started by: arunpedha on November 16, 2009, 09:44:38 AM
-
Hi,
I got a serious issue with my system. Somehow some trogan/rogue has affected my system. It keeps flashing me virus alert and whenever i try to run any program it says "Application cannot be executed. The file **** is infected......." (not even a command prompt or notepad can be opened but with multiple try sometime i get the command prompt but it is ridiculous).
Infact i already had MBAM. Before looking into this forum i tried running MBAM - Malware byte both on Safe mode and normal mode, but i did not find anything.
Then I google'd and searched this forums and tried the instructions from the below link but no luck. The Superantispyware is not getting installed at all. I get the installer screen and quickly it vanishes before i can access anything. i tried renaming it with .SCR instead of .exe but still same issue. I even tried in safe mode, but the installation was stalled saying i can install in safe mode or something similar to this effect. PLEASE ADVISE and ASSIST.
http://www.computerhope.com/forum/index.php?PHPSESSID=3ffee808e87822e364bca900fba99709&/topic,46313.0.html
-
Try this application.
http://www.emsisoft.com/en/software/free/
-
Thanks What is the tool/utility/freeware. do you have any pers. experience with this. How safe is this to use. Thanks again
-
Try renaming the .exe file name to something else, this has helped me. Not the extension, but the actual name of it. Like if its mbam.exe, make it mbam2.exe.
-
Hello arunpedha and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.
1.I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2.The fixes are specific to your problem and should only be used for this issue on this machine.
3.If you don't know or understand something, please don't hesitate to ask.
4.Please DO NOT run any other tools or scans whilst I am helping you.
5.It is important that you reply to this thread. Do not start a new topic.
6.Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7.Absence of symptoms does not mean that everything is clear.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
Rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
Rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
Rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
Once you've gotten one of them to run then try to immediately run the following.
Now download and Run exeHelper.
Please download exeHelper from Raktor (http://www.raktor.net/exeHelper/exeHelper.com) to your desktop.- Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. A log file named log.txt will be created in the directory where you ran exeHelper.com Attach the log.txt file to your next message.
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
-
Thanks SD. I will try and follow the below instructions and keep you posted. Appreciate your help. Many Thanks again.
Hello arunpedha and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.
1.I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2.The fixes are specific to your problem and should only be used for this issue on this machine.
3.If you don't know or understand something, please don't hesitate to ask.
4.Please DO NOT run any other tools or scans whilst I am helping you.
5.It is important that you reply to this thread. Do not start a new topic.
6.Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7.Absence of symptoms does not mean that everything is clear.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
Rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
Rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
Rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
Once you've gotten one of them to run then try to immediately run the following.
Now download and Run exeHelper.
Please download exeHelper from Raktor (http://www.raktor.net/exeHelper/exeHelper.com) to your desktop.- Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. A log file named log.txt will be created in the directory where you ran exeHelper.com Attach the log.txt file to your next message.
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
-
Thanks. I ran rkill.exe and exehelper as suggested. Please find the log. Please advise next course of action.
**********************************************************************************
exeHelper by Raktor
Build 20091021
Run at 20:46:47 on 11/16/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
**************************************************************************
-
Thanks SD. I will try and follow the below instructions and keep you posted. Appreciate your help. Many Thanks again
Don't thank me until I'm able to get your computer working well.
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post
Malwarebytes' Anti-Malware (MBAM)
If you already have Malwarebytes be sure to check for updates before scanning!
Download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop. Alternate download link (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
•Double-click mbam-setup.exe and follow the prompts to install the program.
•Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
•If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
•If an update is found, it will download and install the latest version.
•Once the program has loaded, select Perform Quick Scan, then click Scan.
•When the scan is complete, click OK, then Show Results to view the results.
•Be sure that everything is checked, and click Remove Selected.
•When completed, a log will open in Notepad. Save it to a convenient location like the Desktop.
•The log is also automatically saved and can be viewed later by clicking the Logs tab in MBAM.
•Copy and Paste the contents of the report in your reply.
•Exit MBAM.
.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
HijackThis
Download and rename HijackThis.exe (HJT) (http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe)
* Double-click on HJTInstall.
* Click on the Install button.
* It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
* Upon install, HijackThis should open for you.
•Close HijackThis and rename it.
•Go to C:\Program Files\Trend Micro\HijackThis.exe
•Right click on HijackThis.exe and select Rename.
•Type in sniper.exe and press Enter.
•Right-click on sniper.exe and select Send To > Desktop (create shortcut)
.
* From the desktop open HijackThis.
* If using Windows Vista, Right-click and Run As Administrator.
* Click on the Do a system scanand save a log file button
* HijackThis will scan and then a log will open in notepad.
•Copy and Paste the entire contents of the log in your post.
.
Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
.
Although we have renamed HijackThis to sniper, we will still refer to it as HijackThis or HJT.
Please copy and paste any logs that you are able to generate.
-
Thanks for the instruction. Please find the logs.
FYI. i am no longer getting the error or fake alert message. I know this does not mean the system is fully recovered. i will wait for your confirmation. Many Thanks again.
_______________________________________ _______________________________________ ________
SuperAntiSpyware
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/17/2009 at 01:33 AM
Application Version : 4.30.1004
Core Rules Database Version : 4260
Trace Rules Database Version: 1978
Scan type : Complete Scan
Total Scan Time : 02:49:58
Memory items scanned : 496
Memory threats detected : 1
Registry items scanned : 8760
Registry threats detected : 39
File items scanned : 56489
File threats detected : 6
Trojan.Agent/Gen-FakeSpy[Broad]
C:\USERS\PEDHA\APPDATA\LOCAL\SCEYRK\JXHXSYSGUARD.EXE
C:\USERS\PEDHA\APPDATA\LOCAL\SCEYRK\JXHXSYSGUARD.EXE
[kvxahext] C:\USERS\PEDHA\APPDATA\LOCAL\SCEYRK\JXHXSYSGUARD.EXE
Rogue.Agent/Gen
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#aazalirt
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#skaaanret
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#jungertab
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#zibaglertz
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#iddqdops
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#ronitfst
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#tobmygers
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#jikglond
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#tobykke
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#klopnidret
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#jiklagka
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#salrtybek
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#seeukluba
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#jrjakdsd
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#krkdkdkee
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#dkewiizkjdks
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#dkekkrkska
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#rkaskssd
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#kuruhccdsdd
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#krujmmwlrra
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#kkwknrbsggeg
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#ktknamwerr
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#iqmcnoeqz
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#ienotas
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#krkmahejdk
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#otpeppggq
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#krtawefg
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#oranerkka
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#kitiiwhaas
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#otowjdseww
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#otnnbektre
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#oropbbsee
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#irprokwks
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#ooorjaas
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#id
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#ready
HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#knkd
Adware.Tracking Cookie
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\pedha\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedha@doubleclick[2].txt
C:\Users\pedha\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedha@*censored*.122.2o7[1].txt
Trojan.Agent/Gen
C:\USERS\PEDHA\DESKTOP\ARUN LAPTOP\EXEHELPER.COM
Trojan.Agent/Gen-PEC
C:\WINDOWS\PEV.EXE
_______________________________________ _______________________________________ ________
MBAM logs
Malwarebytes' Anti-Malware 1.41
Database version: 3186
Windows 6.0.6001 Service Pack 1
11/17/2009 8:32:03 AM
mbam-log-2009-11-17 (08-32-03).txt
Scan type: Quick Scan
Objects scanned: 109287
Time elapsed: 6 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
_______________________________________ _______________________________________ ________
hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:37 AM, on 11/17/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\D-Link\D-Link USB VoIP Adapter\DLinkMonitor.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Gizmo Project\Gizmo.exe
C:\Windows\sttray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\cmd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\pedha\Desktop\Arun1\app\coolbar\Coolbar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Scour Toolbar - {A057A204-BACC-4D26-9A9E-3AF287E2699B} - C:\PROGRA~1\SCOURT~1\SCOURT~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Scour Toolbar - {A057A204-BACC-4D26-9A9E-3AF287E2699B} - C:\PROGRA~1\SCOURT~1\SCOURT~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\Windows\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\EULALauncher.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [snpstd] "C:\Windows\vsnpstd.exe"
O4 - HKLM\..\Run: [DLinkMonitor.exe] "C:\Program Files\D-Link\D-Link USB VoIP Adapter\DLinkMonitor.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Gizmo Project] "C:\Program Files\Gizmo Project\Gizmo.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Windows\sttray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Windows\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [cdloader] "C:\Users\pedha\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\pedha\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickSet.lnk = ?
O4 - Global Startup: SJphone 1.65.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Pardon - {302172A1-A2B4-4402-B1D0-F5D54C3E83C6} - C:\Program Files\Pardon 3\Pardon.exe
O9 - Extra 'Tools' menuitem: Pardon - {302172A1-A2B4-4402-B1D0-F5D54C3E83C6} - C:\Program Files\Pardon 3\Pardon.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://asia-ml04.asia.csc.com/dwa8W.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - (no file)
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VService - Unknown owner - C:\Program Files\D-Link\D-Link USB VoIP Adapter\VServ.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11680 bytes
_______________________________________ _______________________________________ ________
-
Hello arunpedha. It looks like we're making some headway.
Right click HijackThis and choose Run as Administrator
Next select Do a system scan only
Place a check mark next to the following entries: (if there)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
-
Arunpedha, I forgot to mention for ComboFix. To start it you will need to right-click it and select Run as Administrator.
-
I hate to jump in like this, but I started out with the same problem. I followed these steps and they seemed to get rid of it. But in my case the audio on my computer no longer works. I hasn't worked since the problem first started. Do you have the same issue with the audio?
I must say though this forum has been extremely helpful.
-
Please find the logs. Please assist next course of action.
_______________________________________ _______________________________________ ________
Hijackthis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:16 AM, on 11/18/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\D-Link\D-Link USB VoIP Adapter\DLinkMonitor.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Gizmo Project\Gizmo.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Scour Toolbar - {A057A204-BACC-4D26-9A9E-3AF287E2699B} - C:\PROGRA~1\SCOURT~1\SCOURT~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Scour Toolbar - {A057A204-BACC-4D26-9A9E-3AF287E2699B} - C:\PROGRA~1\SCOURT~1\SCOURT~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\Windows\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\EULALauncher.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [snpstd] "C:\Windows\vsnpstd.exe"
O4 - HKLM\..\Run: [DLinkMonitor.exe] "C:\Program Files\D-Link\D-Link USB VoIP Adapter\DLinkMonitor.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Gizmo Project] "C:\Program Files\Gizmo Project\Gizmo.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Windows\sttray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Windows\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [cdloader] "C:\Users\pedha\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\pedha\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickSet.lnk = ?
O4 - Global Startup: SJphone 1.65.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Pardon - {302172A1-A2B4-4402-B1D0-F5D54C3E83C6} - C:\Program Files\Pardon 3\Pardon.exe
O9 - Extra 'Tools' menuitem: Pardon - {302172A1-A2B4-4402-B1D0-F5D54C3E83C6} - C:\Program Files\Pardon 3\Pardon.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://asia-ml04.asia.csc.com/dwa8W.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - (no file)
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VService - Unknown owner - C:\Program Files\D-Link\D-Link USB VoIP Adapter\VServ.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11064 bytes
_______________________________________ _______________________________________ ________
Combox fix
ComboFix 09-11-18.06 - pedha 11/18/2009 9:20.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2038.1308 [GMT -5:00]
Running from: c:\users\pedha\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: Webroot Internet Security Essentials *disabled* {2DB6657C-B970-44d3-AB42-6325A913CCC2}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Webroot Spy Sweeper *disabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\progra~1\Webroot\SPYSWE~1\Backup\ntSVc.ocx
c:\users\pedha\AppData\Local\sceyrk
c:\users\pedha\AppData\Local\sceyrk\jxhxsysguard.exe
.
((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 )))))))))))))))))))))))))))))))
.
2009-11-18 14:38 . 2009-11-18 14:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-18 14:38 . 2009-11-18 14:38 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-11-18 14:38 . 2009-11-18 14:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-17 14:11 . 2009-11-17 14:11 -------- d-----w- c:\program files\Trend Micro
2009-11-17 03:41 . 2009-11-17 03:41 117760 ----a-w- c:\users\pedha\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-17 03:40 . 2009-11-17 03:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-17 03:34 . 2009-11-17 03:34 4096 d-----w- c:\program files\SUPERAntiSpyware
2009-11-17 03:34 . 2009-11-17 03:34 -------- d-----w- c:\users\pedha\AppData\Roaming\SUPERAntiSpyware.com
2009-11-16 22:35 . 2009-11-16 23:29 8192 d-----w- c:\program files\a-squared Free
2009-11-16 16:09 . 2009-11-16 16:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-16 15:19 . 2009-11-16 15:40 -------- d-----w- c:\program files\CCleaner
2009-11-16 02:47 . 2009-11-18 14:39 8192 d-----w- c:\users\pedha\AppData\Local\temp
2009-11-13 21:44 . 2009-11-18 13:26 -------- d-----w- c:\users\pedha\Tracing
2009-11-13 21:40 . 2009-11-13 21:40 -------- d-----w- c:\program files\Microsoft
2009-11-13 21:40 . 2009-11-13 21:40 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-13 21:31 . 2009-11-13 21:31 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-10 20:21 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-10-27 14:06 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-27 14:06 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-27 14:06 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-27 14:06 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 14:05 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-27 14:05 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-27 14:05 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 14:05 . 2009-08-06 23:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 14:05 . 2009-08-06 22:44 33792 ----a-w- c:\windows\system32\wuapp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-16 15:48 . 2007-08-20 13:41 5568 ----a-w- c:\users\pedha\AppData\Local\d3d9caps.dat
2009-11-16 03:30 . 2008-10-31 01:26 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-16 03:30 . 2009-01-26 15:51 4045527 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-13 21:42 . 2007-12-22 21:48 4096 d-----w- c:\program files\Windows Live
2009-11-11 23:56 . 2007-04-06 23:17 4096 d-----w- c:\users\pedha\AppData\Roaming\Corel
2009-11-03 01:42 . 2009-10-02 23:33 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 23:50 . 2007-04-06 23:57 14606 ----a-w- c:\users\pedha\AppData\Roaming\wklnhst.dat
2009-10-17 11:23 . 2007-05-10 23:14 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-17 11:16 . 2007-04-05 12:00 24576 d-----w- c:\program files\Microsoft Works
2009-10-12 02:43 . 2008-01-10 03:03 8192 d-----w- c:\users\pedha\AppData\Roaming\mjusbsp
2009-10-11 18:48 . 2009-10-11 18:48 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-26 17:35 . 2009-09-26 17:35 -------- d-----w- c:\users\pedha\AppData\Roaming\Ashampoo
2009-09-26 17:31 . 2009-09-26 17:31 -------- d-----w- c:\program files\Ashampoo
2009-09-25 02:15 . 2009-09-25 02:15 4096 dc-h--w- c:\programdata\{BEC4F512-CB5F-42E6-9ACF-FAEA2CF7A840}
2009-09-25 02:15 . 2009-09-25 02:15 -------- d-----w- c:\programdata\ExamForce
2009-09-23 23:12 . 2007-05-10 22:59 32768 d-----w- c:\programdata\Microsoft Help
2009-09-23 22:44 . 2009-09-16 22:14 4096 d-----w- c:\users\pedha\AppData\Roaming\HpUpdate
2009-09-21 19:15 . 2007-04-01 21:45 84584 ----a-w- c:\users\pedha\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-21 15:11 . 2009-09-21 15:11 -------- d-----w- c:\program files\MSDN
2009-09-21 14:48 . 2009-09-21 14:35 -------- d-----w- c:\program files\HTML Help Workshop
2009-09-21 14:47 . 2009-07-19 18:07 20480 d-----w- c:\program files\Common Files\Merge Modules
2009-09-21 14:46 . 2007-05-10 22:59 4096 d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-14 09:44 . 2009-10-16 23:40 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 19:54 . 2008-10-31 01:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2008-10-31 01:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 17:30 . 2009-10-16 23:50 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 12:24 . 2009-10-16 23:40 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-27 13:32 . 2009-10-16 23:49 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29 . 2009-10-16 23:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 10:58 . 2009-10-16 23:49 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2007-04-05 19:25 . 2007-04-05 19:24 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9A9E-3AF287E2699B}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4670704]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"cdloader"="c:\users\pedha\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\users\pedha\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-12 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-11 2001648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-15 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-15 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-15 81920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-12 29744]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-10-13 184320]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-12 339968]
"DLinkMonitor.exe"="c:\program files\D-Link\D-Link USB VoIP Adapter\DLinkMonitor.exe" [2007-01-03 651264]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-04-05 77824]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-08 98304]
"Gizmo Project"="c:\program files\Gizmo Project\Gizmo.exe" [2007-06-15 3850240]
"SigmatelSysTrayApp"="c:\windows\sttray.exe" [2007-02-08 303104]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-01-20 6278520]
c:\users\pedha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-3-14 385024]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-5 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
QuickSet.lnk - c:\windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-4-5 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [12/7/2008 9:26 PM 29808]
R0 TLRecAgent;TLRecAgent;c:\windows\System32\drivers\TLRecAgent.sys [9/4/2007 7:15 PM 37208]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10:44 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 AM 74480]
R2 Gizmo Plugin;Gizmo VoIP Service;c:\program files\GizmoPlugin\GizmoPlugin.exe [9/22/2007 8:48 PM 962048]
R2 VService;VService;c:\program files\D-Link\D-Link USB VoIP Adapter\VServ.exe [1/2/2007 12:07 PM 105208]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [1/26/2009 11:11 AM 1090936]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 AM 7408]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/5/2007 6:59 AM 29744]
S3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [12/5/2006 10:34 AM 507136]
S3 slusbvip;SL3800 USB Driver;c:\windows\System32\drivers\slusbvip.sys [9/4/2007 7:15 PM 591832]
S3 SLVAD_simple;D-Link Virtual Audio Device;c:\windows\System32\drivers\slvad.sys [9/4/2007 7:16 PM 85656]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 6:01 AM 2799808]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4237141364-4078770496-3588282335-1000Core.job
- c:\users\pedha\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-12 02:39]
2009-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4237141364-4078770496-3588282335-1000UA.job
- c:\users\pedha\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-12 02:39]
2009-11-18 c:\windows\Tasks\User_Feed_Synchronization-{9D4F5082-4799-4D10-A007-3DE4F0A0FF55}.job
- c:\windows\system32\msfeedssync.exe [2008-09-16 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\users\pedha\AppData\Roaming\Mozilla\Firefox\Profiles\m329wuil.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Microsoft Silverlight\3.0.40818.0\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\pedha\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-18 09:39
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-18 09:45
ComboFix-quarantined-files.txt 2009-11-18 14:44
ComboFix2.txt 2009-11-16 02:47
ComboFix3.txt 2009-11-15 21:59
ComboFix4.txt 2009-10-11 14:21
ComboFix5.txt 2009-11-18 14:17
Pre-Run: 7,614,136,320 bytes free
Post-Run: 7,459,921,920 bytes free
- - End Of File - - 46B73A30C809E49E095E25C2F3E4519B
_______________________________________ _______________________________________ ________
-
Hello SuperPat. As I stated in my earlier post, these instructions are for this poster only and trying these fixes on your computer is not advised. Hijacking someone else's thread is also frowned upon. You should start your own thread to get help. It's too confusing to try to help more than one poster in a thread.
Hello arunpedha. How is your computer working now?
-
Thanks SD. Its works great now. Thanks for all your help. Did you had a chance to look at my last log post. Hope my system is completed recovered. Many Thanks again
-
Hello arunpedha. I checked you last set of logs and everything looks ok. I just want to run one more scan to make sure everything is clean.
ESET Online Scan
Scan your computer with the ESET FREE Online Virus Scan (http://eset.com/onlinescan)
* Click the ESET Online Scanner button.
* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.
* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.
In your next reply please include the ESET Online Scan Log
-
Here is the log of eset Scan
_______________________________________ _______________________________________ ________
C:\Program Files\VistaCodecPack\Tools\Settings32.exe Win32/Packed.Autoit.Gen application deleted - quarantined
C:\ProgramData\VistaCodecs\{B01BCF4E-B877-4C3B-8747-9D79CC0EE84D}\Vista Codec Package.msi Win32/Packed.Autoit.Gen application deleted - quarantined
C:\Qoobox\Quarantine\C\Users\pedha\AppData\Local\sceyrk\jxhxsysguard.exe.vir Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Users\pedha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\3403c2c7-3423f5b5 probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
_______________________________________ _______________________________________ ________
-
Hello arunpedha. It looks good now. There is only the issue about a Firewall. Make sure that the Windows Firewall is turned on or you can download and install a third-party Firewall. Let's do some clean-up.
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter
* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.
-
SD,
I tried your method and fixed the "Application cannot be executed" problem. However, I got another one and it's getting popular out there because lots of people started posting the same problem around 10 days ago but no solution so far. The problem is any website I clicked "could" be redirected to some other unknown website. The only way to go to the website I want is to type in the URL word-by-word. This spyware sometimes pops up a website called xxx.thewebsitesurvey.com with audio ad. If you haven't heard of this one, please search "thewebsitesurvey". You'll see lots of folks are suffering from it. With your standing record, I believe you're the one who can figure out the solution. Thanks in advance.
LMB
P.S. If you want me to open a new thread, just say so.
-
SD,
I tried your method and fixed the "Application cannot be executed" problem. However, I got another one and it's getting popular out there because lots of people started posting the same problem around 10 days ago but no solution so far. The problem is any website I clicked "could" be redirected to some other unknown website. The only way to go to the website I want is to type in the URL word-by-word. This spyware sometimes pops up a website called www.thewebsitesurvey.com with audio ad. If you haven't heard of this one, please search "thewebsitesurvey". You'll see lots of folks are suffering from it. With your standing record, I believe you're the one who can figure out the solution. Thanks in advance.
LMB
P.S. If you want me to open a new thread, just say so.
If you're having a problem, it would be best to start a new thread.