Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2]  All   Go Down

Author Topic: malware removal guide  (Read 10181 times)

0 Members and 1 Guest are viewing this topic.

evilfantasy

  • Malware Removal Specialist
  • Moderator


    • Genius
  • Calm like a bomb
    • Thanked: 493
  • Experience: Experienced
  • OS: Windows 11
Re: malware removal guide
« Reply #15 on: May 16, 2009, 08:36:56 PM »
Cool >:D

Final suggestions...

Use the Secunia Software Inspector to check for out of date software.
  • Click Start Now
  • Check the box next to Enable thorough system inspection.
  • Click Start
  • Allow the scan to finish and scroll down to see if any updates are needed.
  • Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
Logged

notevenclose

    Topic Starter


    Rookie

    Re: malware removal guide
    « Reply #16 on: May 17, 2009, 08:43:23 PM »
    Hi I found a problem.... after i told you it was running fine   my daughter tired to play a video on you tube and  got a msg. to load adobe active x or java i downloaded active x 10... but no videos will play from any site , even her school... they all say i need active x  or java ....any suggestions?

    Logged

    evilfantasy

    • Malware Removal Specialist
    • Moderator


      • Genius
    • Calm like a bomb
      • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: malware removal guide
    « Reply #17 on: May 17, 2009, 09:12:42 PM »
    Download DDS by sUBs and save it to your desktop. Alternate DDS download link

    Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

    * XP users Double click on dds to run it.
    * If your antivirus or firewall try to block DDS then please allow it to run.
    * When finished DDS will open two (2) logs.

    1) DDS.txt
    2) Attach.txt

    * Save both logs to your desktop.
    * Please copy and paste the entire contents of both logs in your next reply.

    Note: DDS will instruct you to post the Attach.txt log as an attachment.
    Please just post it as you would any other log by copy and pasting it into the reply.
    Logged

    notevenclose

      Topic Starter


      Rookie

      Re: malware removal guide
      « Reply #18 on: May 18, 2009, 07:23:42 AM »
      here are the logs thank you



      DDS (Ver_09-05-14.01) - FAT32x86 
      Run by default at  8:37:39.28 on Mon 05/18/2009
      Internet Explorer: 6.0.2900.2180
      Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.511.239 [GMT -4:00]

      AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)   {17DDD097-36FF-435F-9E1B-52D74245D6BF}

      ============== Running Processes ===============

      C:\WINDOWS\system32\svchost -k DcomLaunch
      SVCHOST.EXE
      C:\WINDOWS\System32\svchost.exe -k netsvcs
      SVCHOST.EXE
      SVCHOST.EXE
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      SVCHOST.EXE
      C:\WINDOWS\Nhksrv.exe
      C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      C:\WINDOWS\System32\svchost.exe -k HPZ12
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe -k HPZ12
      C:\PROGRA~1\AVG\AVG8\avgemc.exe
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\AVG\AVG8\avgcsrvx.exe
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\DELLMMKB.EXE
      C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
      C:\Program Files\Netropa\OSD.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\PROGRA~1\AVG\AVG8\avgtray.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\PROGRA~1\AVG\AVG8\avgnsx.exe
      C:\Documents and Settings\default\Desktop\dds.pif

      ============== Pseudo HJT Report ===============

      uStart Page = hxxp://yahoo.com/
      mLocal Page = c:\windows\system\blank.htm
      mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
      uInternet Connection Wizard,ShellNext = hxxp://cf.icq.com/cf/2000/lost_password.html
      uInternet Settings,ProxyServer = http=localhost:7171
      uInternet Settings,ProxyOverride = *.local;<local>
      uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
      uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
      mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
      BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
      BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
      BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
      BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
      BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
      TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
      TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
      TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
      TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
      EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\YHEXBMES0411.DLL
      EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\SHDOCVW.DLL
      EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
      uRun: [MoneyAgent] "c:\program files\microsoft money\system\Money Express.exe"
      mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
      mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
      mRun: [DellTouch] c:\windows\DELLMMKB.EXE
      mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
      mRun: [nwiz] nwiz.exe /installquiet
      mRun: [AS00_Gear511] c:\program files\netgear\wg511scu\utility\Gear511.exe -hide
      mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
      mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
      mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
      mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe"  /autorun
      dRun: [MoneyAgent] "c:\program files\microsoft money\system\Money Express.exe"
      StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
      StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
      dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
      dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
      IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
      IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\YHEXBMES0411.DLL
      IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\SHDOCVW.DLL
      Trusted Zone: aol.com\free
      DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
      DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
      DPF: {17163BB4-107E-11D4-9B76-006097DF2317} - hxxp://aol.ea.com/downloads/games/common/boot_strap/iegils.cab
      DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
      DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
      DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
      DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
      DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} - hxxp://office.microsoft.com/productupdates/content/opuc.cab
      DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164998083052
      DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164998017898
      DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
      DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - hxxp://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
      DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?1038151877710
      DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} - hxxp://windowsupdate.microsoft.com/R1044/V31Controls/x86/mil/en/actsetup.cab
      DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
      Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
      Handler: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5020} -
      Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
      Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
      Notify: avgrsstarter - avgrsstx.dll
      SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

      ============= SERVICES / DRIVERS ===============

      R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-15 325896]
      R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-4-3 27784]
      R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-15 108552]
      R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
      R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
      R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
      R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-19 908568]
      R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-19 298776]
      R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2006-12-1 28672]
      R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2006-12-3 16194]
      R3 maestro;ESS Maestro Audio Driver (WDM);c:\windows\system32\drivers\es198xdl.sys [2002-6-20 414400]
      R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2006-12-1 6942]
      R3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\system32\drivers\wg511nd5.sys [2006-12-3 449888]
      S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]

      =============== Created Last 30 ================

      2009-05-16 22:55   410,984   a-------   c:\windows\system32\deploytk.dll
      2009-05-16 14:00   <DIR>   --d-----   c:\program files\EsetOnlineScanner
      2009-05-15 01:19   <DIR>   a-dshr--   C:\cmdcons
      2009-05-11 23:59   <DIR>   --d-----   c:\program files\Trend Micro
      2009-05-11 23:19   <DIR>   --d-----   c:\docume~1\default\applic~1\Malwarebytes
      2009-05-11 23:19   15,504   a-------   c:\windows\system32\drivers\mbam.sys
      2009-05-11 23:19   38,496   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
      2009-05-11 23:19   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
      2009-05-11 23:19   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
      2009-05-11 21:22   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
      2009-05-11 21:22   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
      2009-05-11 21:22   <DIR>   --d-----   c:\docume~1\default\applic~1\SUPERAntiSpyware.com
      2009-05-11 14:24   <DIR>   --d-----   c:\program files\CCleaner
      2009-05-09 16:46   <DIR>   --d-----   c:\documents and settings\default\Apps
      2009-05-09 15:35   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\WEBREG
      2009-05-09 14:49   16,496   a----r--   c:\windows\system32\drivers\HPZipr12.sys
      2009-05-09 14:49   49,920   a----r--   c:\windows\system32\drivers\HPZid412.sys
      2009-05-09 14:49   271,704   a----r--   c:\windows\system32\hpzids01.dll
      2009-05-09 14:49   118,272   a-------   c:\windows\system32\hpz3l5mu.dll
      2009-05-09 14:48   372,736   a----r--   c:\windows\system32\hppldcoi.dll
      2009-05-09 14:48   309,760   a----r--   c:\windows\system32\difxapi.dll
      2009-05-09 14:48   21,568   a----r--   c:\windows\system32\drivers\HPZius12.sys
      2009-05-09 14:38   <DIR>   --d-----   c:\program files\HP
      2009-05-09 14:38   25,856   a-------   c:\windows\system32\drivers\usbprint.sys
      2009-05-09 14:38   25,856   a-------   c:\windows\system32\dllcache\usbprint.sys
      2009-05-09 14:38   31,616   a-------   c:\windows\system32\drivers\usbccgp.sys
      2009-05-09 14:38   31,616   a-------   c:\windows\system32\dllcache\usbccgp.sys
      2009-05-08 21:29   <DIR>   --d-----   c:\program files\common files\AOLSHARE
      2009-05-07 21:47   118   a-------   c:\windows\system32\MRT.INI
      2009-05-07 19:35   <DIR>   --d-----   c:\windows\pss
      2009-05-07 11:07   283,648   --------   c:\windows\system32\dllcache\pdh.dll
      2009-05-07 11:07   60,416   --------   c:\windows\system32\dllcache\colbact.dll
      2009-05-07 11:07   473,088   --------   c:\windows\system32\dllcache\fastprox.dll
      2009-05-07 11:07   453,120   --------   c:\windows\system32\dllcache\wmiprvsd.dll
      2009-05-07 11:07   399,360   --------   c:\windows\system32\dllcache\rpcss.dll
      2009-05-07 11:07   227,840   --------   c:\windows\system32\dllcache\wmiprvse.exe
      2009-05-07 11:07   110,592   --------   c:\windows\system32\dllcache\services.exe
      2009-05-07 11:07   616,960   --------   c:\windows\system32\dllcache\advapi32.dll
      2009-05-07 11:07   714,752   --------   c:\windows\system32\dllcache\ntdll.dll
      2009-05-07 11:05   1,193,414   --------   c:\windows\system32\dllcache\sysmain.sdb
      2009-05-07 11:05   215,552   --------   c:\windows\system32\dllcache\wordpad.exe
      2009-05-06 20:44   <DIR>   --d-----   c:\program files\RegistryRepair
      2009-05-04 10:28   <DIR>   --d-----   c:\program files\TeaTimer (Spybot - Search & Destroy)
      2009-05-04 10:28   <DIR>   --d-----   c:\program files\SDHelper (Spybot - Search & Destroy)
      2009-05-04 10:28   <DIR>   --d-----   c:\program files\Misc. Support Library (Spybot - Search & Destroy)
      2009-05-04 10:28   <DIR>   --d-----   c:\program files\File Scanner Library (Spybot - Search & Destroy)
      2009-05-04 10:21   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
      2009-05-04 10:21   <DIR>   --d-----   c:\program files\Spybot - Search & Destroy
      2009-04-26 21:15   28,776   a-------   C:\vffbvrg.jpg

      ==================== Find3M  ====================

      2009-05-17 10:25   325,896   a-------   c:\windows\system32\drivers\avgldx86.sys
      2009-05-17 10:25   11,952   a-------   c:\windows\system32\avgrsstx.dll
      2009-05-17 10:25   108,552   a-------   c:\windows\system32\drivers\avgtdix.sys
      2009-05-16 23:32   17,015   a-------   c:\windows\system32\nvModes.dat
      2009-05-15 00:29   90,112   a-------   c:\windows\DUMP88cc.tmp
      2009-04-14 09:16   74,352   a-------   c:\docume~1\default\applic~1\GDIPFONTCACHEV1.DAT
      2009-03-28 18:55   61,224   a-------   c:\windows\java\GoToAssistDownloadHelper.exe
      2009-03-21 10:18   986,112   --------   c:\windows\system32\dllcache\kernel32.dll
      2009-03-06 10:44   283,648   a-------   c:\windows\system32\pdh.dll
      2009-03-02 19:27   1,499,136   --------   c:\windows\system32\dllcache\shdocvw.dll
      2009-02-20 17:44   3,067,904   --------   c:\windows\system32\dllcache\mshtml.dll
      2009-02-19 05:50   18,432   --------   c:\windows\system32\dllcache\iedw.exe
      2004-07-04 21:02   75   a-------   c:\docume~1\default\applic~1\fusioncache.dat
      2000-10-13 16:56   271   ---sh---   c:\program files\desktop.ini
      2000-10-13 16:56   23,357   ----h---   c:\program files\folder.htt

      ============= FINISH:  8:38:41.74 ===============


      UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
      IF REQUESTED, ZIP IT UP & ATTACH IT

      DDS (Ver_09-05-14.01)

      Microsoft Windows XP Home Edition
      Boot Device: \Device\HarddiskVolume1
      Install Date: 12/1/2006 11:33:09 AM
      System Uptime: 5/18/2009 8:26:23 AM (0 hours ago)

      Motherboard: Dell Computer Corporation |  | Inspiron 8100           
      Processor: Intel(R) Pentium(R) III Mobile CPU      1000MHz | Microprocessor | 996/133mhz

      ==== Disk Partitions =========================

      A: is Removable
      C: is FIXED (FAT32) - 19 GiB total, 10.36 GiB free.
      D: is CDROM ()
      E: is Removable

      ==== Disabled Device Manager Items =============

      ==== System Restore Points ===================

      RP299: 5/16/2009 1:48:47 PM - System Checkpoint
      RP300: 5/16/2009 10:54:14 PM - Installed Java(TM) 6 Update 13
      RP301: 5/17/2009 10:12:29 AM - Avg8 Update
      RP302: 5/17/2009 10:26:06 AM - Avg8 Update
      RP303: 5/17/2009 11:44:39 AM - Removed Java(TM) 6 Update 13

      ==== Installed Programs ======================

      32 Bit HP CIO Components Installer
      Ad-Aware
      Adobe Flash Player 10 ActiveX
      Adobe Photoshop 6.0
      Adobe Reader 7.0.8
      Adobe SVG Viewer 3.0
      AOL Coach Version 2.0(Build:20041026.5 en)
      AOL Deskbar
      AOL You've Got Pictures Screensaver
      AVG Free 8.5
      BarSim 1.5.2
      CCleaner (remove only)
      Dell AccessDirect
      Dell Dock Quick Install for Windows
      Dell Internal Modem Diagnostics Tool
      Dell Solution Center
      DellTouch
      DivX Codec
      DivX Player
      EACOM Game Installer
      ESET Online Scanner
      FoneSync
      Google Toolbar for Internet Explorer
      HijackThis 2.0.2
      Hotfix for Windows Media Format SDK (KB902344)
      Hotfix for Windows XP (KB896344)
      Hotfix for Windows XP (KB928388)
      Hotfix for Windows XP (KB952287)
      Image Expert 2000 v3.2
      Intel SpeedStep technology Applet
      Intel(R) PRO Ethernet Adapter and Software
      Internet Explorer Q903235
      iTunes
      Learn2 Player (Uninstall Only)
      LiveInfoPro
      Malwarebytes' Anti-Malware
      MathPlayer
      Microsoft .NET Framework (English)
      Microsoft .NET Framework (English) v1.0.3705
      Microsoft .NET Framework 1.1
      Microsoft .NET Framework 1.1 Hotfix (KB928366)
      Microsoft .NET Framework 2.0 Service Pack 1
      Microsoft Base Smart Card Cryptographic Service Provider Package
      Microsoft Data Access Components KB870669
      Microsoft Money 2001
      Microsoft Office 2000 Premium
      Microsoft Picture It! Publishing 2001
      Microsoft Visual C++ 2005 Redistributable
      Microsoft Works 2001 Setup Launcher
      Microsoft XML Parser and SDK
      MSXML 4.0 SP2 (KB927978)
      MSXML 4.0 SP2 (KB936181)
      MSXML 4.0 SP2 (KB954430)
      MSXML4 Parser
      NETGEAR 108 Mbps Wireless PC Card WG511T
      NVIDIA Windows 2000/XP Display Drivers
      OS Updates for WinME and Win2K
      QuickTime
      RealPlayer
      Security Update for Step By Step Interactive Training (KB898458)
      Security Update for Step By Step Interactive Training (KB923723)
      Security Update for Windows Media Player (KB911564)
      Security Update for Windows Media Player (KB952069)
      Security Update for Windows Media Player 10 (KB917734)
      Security Update for Windows Media Player 10 (KB936782)
      Security Update for Windows Media Player 6.4 (KB925398)
      Security Update for Windows XP (KB890046)
      Security Update for Windows XP (KB893756)
      Security Update for Windows XP (KB896358)
      Security Update for Windows XP (KB896423)
      Security Update for Windows XP (KB896424)
      Security Update for Windows XP (KB896428)
      Security Update for Windows XP (KB899587)
      Security Update for Windows XP (KB899591)
      Security Update for Windows XP (KB900725)
      Security Update for Windows XP (KB901017)
      Security Update for Windows XP (KB901214)
      Security Update for Windows XP (KB902400)
      Security Update for Windows XP (KB904706)
      Security Update for Windows XP (KB905414)
      Security Update for Windows XP (KB905749)
      Security Update for Windows XP (KB908519)
      Security Update for Windows XP (KB911562)
      Security Update for Windows XP (KB911567)
      Security Update for Windows XP (KB911927)
      Security Update for Windows XP (KB912919)
      Security Update for Windows XP (KB913580)
      Security Update for Windows XP (KB914388)
      Security Update for Windows XP (KB914389)
      Security Update for Windows XP (KB917344)
      Security Update for Windows XP (KB917422)
      Security Update for Windows XP (KB917953)
      Security Update for Windows XP (KB918118)
      Security Update for Windows XP (KB919007)
      Security Update for Windows XP (KB920213)
      Security Update for Windows XP (KB920214)
      Security Update for Windows XP (KB920670)
      Security Update for Windows XP (KB920683)
      Security Update for Windows XP (KB920685)
      Security Update for Windows XP (KB921398)
      Security Update for Windows XP (KB921503)
      Security Update for Windows XP (KB921883)
      Security Update for Windows XP (KB922616)
      Security Update for Windows XP (KB922760)
      Security Update for Windows XP (KB922819)
      Security Update for Windows XP (KB923191)
      Security Update for Windows XP (KB923414)
      Security Update for Windows XP (KB923561)
      Security Update for Windows XP (KB923689)
      Security Update for Windows XP (KB923694)
      Security Update for Windows XP (KB923980)
      Security Update for Windows XP (KB924191)
      Security Update for Windows XP (KB924270)
      Security Update for Windows XP (KB924496)
      Security Update for Windows XP (KB924667)
      Security Update for Windows XP (KB925454)
      Security Update for Windows XP (KB925486)
      Security Update for Windows XP (KB925902)
      Security Update for Windows XP (KB926255)
      Security Update for Windows XP (KB926436)
      Security Update for Windows XP (KB927779)
      Security Update for Windows XP (KB927802)
      Security Update for Windows XP (KB928090)
      Security Update for Windows XP (KB928255)
      Security Update for Windows XP (KB928843)
      Security Update for Windows XP (KB929123)
      Security Update for Windows XP (KB929969)
      Security Update for Windows XP (KB930178)
      Security Update for Windows XP (KB931261)
      Security Update for Windows XP (KB931768)
      Security Update for Windows XP (KB931784)
      Security Update for Windows XP (KB932168)
      Security Update for Windows XP (KB933566)
      Security Update for Windows XP (KB933729)
      Security Update for Windows XP (KB935839)
      Security Update for Windows XP (KB935840)
      Security Update for Windows XP (KB936021)
      Security Update for Windows XP (KB937143)
      Security Update for Windows XP (KB938127)
      Security Update for Windows XP (KB938464)
      Security Update for Windows XP (KB938829)
      Security Update for Windows XP (KB939653)
      Security Update for Windows XP (KB941202)
      Security Update for Windows XP (KB941568)
      Security Update for Windows XP (KB941569)
      Security Update for Windows XP (KB941644)
      Security Update for Windows XP (KB941693)
      Security Update for Windows XP (KB942615)
      Security Update for Windows XP (KB943055)
      Security Update for Windows XP (KB943460)
      Security Update for Windows XP (KB943485)
      Security Update for Windows XP (KB944338)
      Security Update for Windows XP (KB944533)
      Security Update for Windows XP (KB944653)
      Security Update for Windows XP (KB945553)
      Security Update for Windows XP (KB946026)
      Security Update for Windows XP (KB946648)
      Security Update for Windows XP (KB947864)
      Security Update for Windows XP (KB948590)
      Security Update for Windows XP (KB948881)
      Security Update for Windows XP (KB950749)
      Security Update for Windows XP (KB950762)
      Security Update for Windows XP (KB950974)
      Security Update for Windows XP (KB951066)
      Security Update for Windows XP (KB951376-v2)
      Security Update for Windows XP (KB951698)
      Security Update for Windows XP (KB951748)
      Security Update for Windows XP (KB952004)
      Security Update for Windows XP (KB952954)
      Security Update for Windows XP (KB954211)
      Security Update for Windows XP (KB954600)
      Security Update for Windows XP (KB955069)
      Security Update for Windows XP (KB956391)
      Security Update for Windows XP (KB956572)
      Security Update for Windows XP (KB956802)
      Security Update for Windows XP (KB956803)
      Security Update for Windows XP (KB956841)
      Security Update for Windows XP (KB957097)
      Security Update for Windows XP (KB958215)
      Security Update for Windows XP (KB958644)
      Security Update for Windows XP (KB958687)
      Security Update for Windows XP (KB958690)
      Security Update for Windows XP (KB959426)
      Security Update for Windows XP (KB960225)
      Security Update for Windows XP (KB960714)
      Security Update for Windows XP (KB960715)
      Security Update for Windows XP (KB960803)
      Security Update for Windows XP (KB961373)
      Security Update for Windows XP (KB963027)
      Shockwave
      Snood for Windows version 3.0-W
      Softex BayManager
      Spybot - Search & Destroy 1.3
      SUPERAntiSpyware Free Edition
      Synaptics TouchPad
      Update for Windows XP (KB898461)
      Update for Windows XP (KB900485)
      Update for Windows XP (KB900930)
      Update for Windows XP (KB908531)
      Update for Windows XP (KB910437)
      Update for Windows XP (KB911280)
      Update for Windows XP (KB916595)
      Update for Windows XP (KB920872)
      Update for Windows XP (KB922582)
      Update for Windows XP (KB927891)
      Update for Windows XP (KB929338)
      Update for Windows XP (KB930916)
      Update for Windows XP (KB931836)
      Update for Windows XP (KB933360)
      Update for Windows XP (KB936357)
      Update for Windows XP (KB938828)
      Update for Windows XP (KB942763)
      Update for Windows XP (KB942840)
      Update for Windows XP (KB946627)
      Update for Windows XP (KB955839)
      Update for Windows XP (KB967715)
      User's Guides
      Verizon Yahoo! Applications
      Viewpoint Media Player
      WebFldrs XP
      Windows Genuine Advantage Notifications (KB905474)
      Windows Genuine Advantage Validation Tool (KB892130)
      Windows Installer 3.1 (KB893803)
      Windows Media Format Runtime
      Windows Media Format SDK Hotfix - KB891122
      Windows Media Player 10
      Windows XP Hotfix - KB873339
      Windows XP Hotfix - KB885835
      Windows XP Hotfix - KB885836
      Windows XP Hotfix - KB886185
      Windows XP Hotfix - KB887472
      Windows XP Hotfix - KB888302
      Windows XP Hotfix - KB890859
      Windows XP Hotfix - KB891781
      Windows XP Service Pack 2
      WinRAR archiver
      Works Suite OS Pack
      Works Synchronization
      Yahoo! Toolbar

      ==== Event Viewer Messages From Past Week ========

      5/17/2009 11:45:12 AM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
      5/15/2009 1:41:31 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the 7F3300AEC5DB29D6F7AE8C96105DD640 service to connect.
      5/15/2009 1:41:06 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the 0624B29CDD53C5C2B4D49AC9BAC6B32F service to connect.
      5/15/2009 1:37:12 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the 7D9761E0E5600B6001EDFB377419661E service to connect.
      5/14/2009 9:55:45 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
      5/14/2009 9:51:01 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
      5/14/2009 8:50:59 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
      5/14/2009 8:20:58 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
      5/14/2009 8:05:58 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
      5/14/2009 6:34:33 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT P3 RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
      5/14/2009 6:34:33 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:  A device attached to the system is not functioning.
      5/14/2009 6:34:33 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
      5/14/2009 6:34:33 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
      5/14/2009 6:34:33 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
      5/14/2009 6:33:36 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
      5/14/2009 3:25:02 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AvgLdx86 AvgMfx86 Fips P3 SASDIFSV SASKUTIL
      5/13/2009 10:53:07 AM, error: E100B [4]  - Adapter Intel 8255x-based PCI Ethernet Adapter (10/100): Adapter Link Down
      5/13/2009 10:49:01 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
      5/13/2009 10:36:38 AM, error: System Error [1003]  - Error code 1000000a, parameter1 000000b1, parameter2 00000002, parameter3 00000000, parameter4 8050af1a.
      5/12/2009 7:45:12 AM, error: System Error [1003]  - Error code 1000000a, parameter1 00000018, parameter2 00000002, parameter3 00000000, parameter4 8050af20.
      5/11/2009 4:53:27 PM, error: System Error [1003]  - Error code 1000000a, parameter1 bad0b0c8, parameter2 00000002, parameter3 00000000, parameter4 8050af20.

      ==== End Of File ===========================

      Logged

      evilfantasy

      • Malware Removal Specialist
      • Moderator


        • Genius
      • Calm like a bomb
        • Thanked: 493
      • Experience: Experienced
      • OS: Windows 11
      Re: malware removal guide
      « Reply #19 on: May 18, 2009, 11:09:41 AM »
      Go to Add or Remove Programs and uninstall Spybot - Search & Destroy 1.3 <- This is about 3 years out of date.

      ----------

      Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

      Link #1
      Link #2

      **Note:  It is important that it is saved directly to your Desktop

      DO NOT run it yet!

      Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

      Delete these files/folders, as follows:

      1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
      It must be Notepad, not Wordpad.
      2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

      Code: [Select]
      KillAll::

      DDS::
      TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
      TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
      EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
      IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
      Handler: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5020} -

      3. Go to the Notepad window and click Edit > Paste
      4. Then click File > Save
      5. Name the file CFScript.txt - Save the file to your Desktop
      6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



      ComboFix will begin to execute, just follow the prompts.
      After reboot (in case it asks to reboot), it will produce a log for you.
      Post that log (Combofix.txt) in your next reply.

      Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
      Logged

      notevenclose

        Topic Starter


        Rookie

        Re: malware removal guide
        « Reply #20 on: May 18, 2009, 07:43:33 PM »
        Combofix log

        ComboFix 09-05-18.02 - default 05/18/2009 21:25.2 - FAT32x86
        Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.511.243 [GMT -4:00]
        Running from: c:\documents and settings\default\Desktop\ComboFix.exe
        Command switches used :: c:\documents and settings\default\Desktop\CFScript.txt
        AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
        .

        (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        c:\program files\messenger\msmsgs.exe

        .
        (((((((((((((((((((((((((   Files Created from 2009-04-19 to 2009-05-19  )))))))))))))))))))))))))))))))
        .

        2009-05-17 15:37 . 2009-05-17 15:37   --------   d-----w   c:\windows\Sun
        2009-05-17 03:28 . 2009-05-17 03:28   --------   d-----w   c:\documents and settings\Guest\Local Settings\Application Data\Google
        2009-05-17 02:55 . 2009-05-17 02:54   410984   ----a-w   c:\windows\system32\deploytk.dll
        2009-05-16 18:00 . 2009-05-16 18:00   --------   d-----w   c:\program files\EsetOnlineScanner
        2009-05-14 21:10 . 2009-05-14 21:10   --------   d-----w   c:\documents and settings\Administrator\Application Data\Malwarebytes
        2009-05-14 21:08 . 2009-05-14 21:08   --------   d-----w   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
        2009-05-14 02:18 . 2009-05-14 02:18   74352   ----a-w   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
        2009-05-12 03:59 . 2009-05-12 03:59   --------   d-----w   c:\program files\Trend Micro
        2009-05-12 03:19 . 2009-05-12 03:19   --------   d-----w   c:\documents and settings\default\Application Data\Malwarebytes
        2009-05-12 03:19 . 2009-05-12 03:19   --------   d-----w   c:\documents and settings\default\Application Data\Malwarebytes
        2009-05-12 03:19 . 2009-04-06 19:32   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
        2009-05-12 03:19 . 2009-04-06 19:32   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
        2009-05-12 03:19 . 2009-05-12 03:19   --------   d-----w   c:\documents and settings\All Users\Application Data\Malwarebytes
        2009-05-12 03:19 . 2009-05-12 03:19   --------   d-----w   c:\program files\Malwarebytes' Anti-Malware
        2009-05-12 01:22 . 2009-05-12 01:22   --------   d-----w   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
        2009-05-12 01:22 . 2009-05-12 01:22   --------   d-----w   c:\program files\SUPERAntiSpyware
        2009-05-12 01:22 . 2009-05-12 01:22   --------   d-----w   c:\documents and settings\default\Application Data\SUPERAntiSpyware.com
        2009-05-12 01:22 . 2009-05-12 01:22   --------   d-----w   c:\documents and settings\default\Application Data\SUPERAntiSpyware.com
        2009-05-11 18:24 . 2009-05-11 18:24   --------   d-----w   c:\program files\CCleaner
        2009-05-09 20:46 . 2009-05-09 20:46   --------   d-----w   c:\documents and settings\default\Apps
        2009-05-09 19:35 . 2009-05-09 19:35   --------   d-----w   c:\documents and settings\All Users\Application Data\WEBREG
        2009-05-09 18:51 . 2009-05-09 18:51   --------   d-----w   c:\documents and settings\default\Application Data\HP
        2009-05-09 18:51 . 2009-05-09 18:51   --------   d-----w   c:\documents and settings\default\Application Data\HP
        2009-05-09 18:49 . 2008-01-24 21:29   16496   ----a-r   c:\windows\system32\drivers\HPZipr12.sys
        2009-05-09 18:49 . 2008-01-24 21:29   49920   ----a-r   c:\windows\system32\drivers\HPZid412.sys
        2009-05-09 18:49 . 2009-05-09 18:49   --------   d-----w   c:\documents and settings\All Users\Application Data\Hewlett-Packard
        2009-05-09 18:49 . 2008-01-24 21:31   271704   ----a-r   c:\windows\system32\hpzids01.dll
        2009-05-09 18:49 . 2007-10-20 22:25   118272   ----a-w   c:\windows\system32\hpz3l5mu.dll
        2009-05-09 18:48 . 2008-01-24 21:30   309760   ----a-r   c:\windows\system32\difxapi.dll
        2009-05-09 18:48 . 2008-01-24 21:30   372736   ----a-r   c:\windows\system32\hppldcoi.dll
        2009-05-09 18:48 . 2008-01-24 21:30   21568   ----a-r   c:\windows\system32\drivers\HPZius12.sys
        2009-05-09 18:41 . 2009-05-09 18:41   --------   d-----w   c:\documents and settings\All Users\Application Data\HP
        2009-05-09 18:39 . 2009-05-09 18:39   --------   d-----w   c:\windows\system32\DRVSTORE
        2009-05-09 18:38 . 2009-05-09 18:38   --------   d-----w   c:\program files\HP
        2009-05-09 18:38 . 2004-08-04 05:01   25856   ----a-w   c:\windows\system32\dllcache\usbprint.sys
        2009-05-09 18:38 . 2004-08-04 05:01   25856   ----a-w   c:\windows\system32\drivers\usbprint.sys
        2009-05-09 18:38 . 2004-08-04 05:08   31616   ----a-w   c:\windows\system32\dllcache\usbccgp.sys
        2009-05-09 18:38 . 2004-08-04 05:08   31616   ----a-w   c:\windows\system32\drivers\usbccgp.sys
        2009-05-09 01:29 . 2009-05-09 01:29   --------   d-----w   c:\program files\Common Files\AOLSHARE
        2009-05-07 15:07 . 2009-03-06 14:44   283648   ------w   c:\windows\system32\dllcache\pdh.dll
        2009-05-07 15:07 . 2005-07-26 04:39   60416   ------w   c:\windows\system32\dllcache\colbact.dll
        2009-05-07 15:07 . 2009-02-09 10:20   399360   ------w   c:\windows\system32\dllcache\rpcss.dll
        2009-05-07 15:07 . 2009-02-06 17:14   110592   ------w   c:\windows\system32\dllcache\services.exe
        2009-05-07 15:07 . 2009-02-09 10:20   473088   ------w   c:\windows\system32\dllcache\fastprox.dll
        2009-05-07 15:07 . 2009-02-06 16:39   227840   ------w   c:\windows\system32\dllcache\wmiprvse.exe
        2009-05-07 15:07 . 2009-02-09 10:20   453120   ------w   c:\windows\system32\dllcache\wmiprvsd.dll
        2009-05-07 15:07 . 2009-02-09 10:20   616960   ------w   c:\windows\system32\dllcache\advapi32.dll
        2009-05-07 15:07 . 2009-02-09 10:20   714752   ------w   c:\windows\system32\dllcache\ntdll.dll
        2009-05-07 15:05 . 2008-04-21 10:02   215552   ------w   c:\windows\system32\dllcache\wordpad.exe
        2009-05-07 00:44 . 2009-05-07 00:44   --------   d-----w   c:\program files\RegistryRepair
        2009-05-04 14:28 . 2009-05-04 14:28   --------   d-----w   c:\program files\TeaTimer (Spybot - Search & Destroy)
        2009-05-04 14:28 . 2009-05-04 14:28   --------   d-----w   c:\program files\Misc. Support Library (Spybot - Search & Destroy)
        2009-05-04 14:28 . 2009-05-04 14:28   --------   d-----w   c:\program files\SDHelper (Spybot - Search & Destroy)
        2009-05-04 14:28 . 2009-05-04 14:28   --------   d-----w   c:\program files\File Scanner Library (Spybot - Search & Destroy)
        2009-05-04 14:21 . 2009-05-04 14:21   --------   d-----w   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
        2009-05-04 14:21 . 2009-05-04 14:21   --------   d-----w   c:\program files\Spybot - Search & Destroy

        .
        ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2009-05-19 01:23 . 2006-12-03 15:33   74352   ----a-w   c:\documents and settings\default\Application Data\GDIPFONTCACHEV1.DAT
        2009-05-19 01:23 . 2006-12-03 15:33   74352   ----a-w   c:\documents and settings\default\Application Data\GDIPFONTCACHEV1.DAT
        2009-05-17 14:25 . 2008-05-15 15:17   11952   ----a-w   c:\windows\system32\avgrsstx.dll
        2009-05-17 14:25 . 2008-05-15 15:17   325896   ----a-w   c:\windows\system32\drivers\avgldx86.sys
        2009-05-17 14:25 . 2008-05-15 15:17   108552   ----a-w   c:\windows\system32\drivers\avgtdix.sys
        2009-05-17 03:32 . 2006-12-02 17:58   17015   ----a-w   c:\windows\system32\nvModes.dat
        2009-05-15 04:29 . 2006-12-01 14:49   90112   ----a-w   c:\windows\DUMP88cc.tmp
        2009-03-23 21:48 . 2009-03-23 21:48   --------   d-----w   c:\program files\Common Files\Wise Installation Wizard
        2009-03-06 14:44 . 2006-12-02 19:01   283648   ----a-w   c:\windows\system32\pdh.dll
        2009-02-20 08:14 . 2006-06-23 15:33   668160   ----a-w   c:\windows\system32\wininet.dll
        2009-02-20 08:14 . 2004-08-04 06:56   81920   ------w   c:\windows\system32\ieencode.dll
        2000-10-13 20:56 . 2000-10-13 20:56   271   --sh--w   c:\program files\desktop.ini
        2000-10-13 20:56 . 2000-10-13 20:56   23357   ---h--w   c:\program files\folder.htt
        .

        (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2000-07-19 176183]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2001-10-08 110592]
        "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2001-10-08 401408]
        "DellTouch"="c:\windows\DELLMMKB.EXE" [2001-09-23 163840]
        "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-06-24 4800512]
        "AS00_Gear511"="c:\program files\NETGEAR\WG511SCU\Utility\Gear511.exe" [2006-01-20 1122412]
        "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
        "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
        "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-17 1947928]
        "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-07 68592]
        "nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2003-06-24 323584]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2000-07-19 176183]

        c:\documents and settings\All Users\Start Menu\Programs\Startup\
        Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
        Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

        [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
        "NoSetActiveDesktop"= 1 (0x1)
        "NoActiveDesktopChanges"= 1 (0x1)

        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
        "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
        2008-12-22 16:05   356352   ----a-w   c:\program files\SUPERAntiSpyware\SASWINLO.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
        2009-05-17 14:25   11952   ----a-w   c:\windows\SYSTEM32\avgrsstx.dll

        HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
        "wave1"= serwvdrv.dll

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
        "MSMSGS"="c:\program files\MESSENGER\MSMSGS.EXE" /background
        "Mirabilis ICQ"=c:\program files\ICQ\NDetect.exe
        "Weather"=c:\program files\AWS\WEATHERBUG\WEATHER.EXE 1
        "Microsoft Works Update Detection"=c:\program files\Microsoft Works\WkDetect.exe
        "Yahoo! Pager"=c:\program files\Yahoo!\Messenger\ypager.exe -quiet

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
        "MMTray"=c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
        "LapLink Scheduler"="c:\program files\Common Files\LapLink\Scheduler\LLSCHED.EXE"
        "SynTPLpr"=c:\program files\Synaptics\SynTP\SynTPLpr.exe
        "SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
        "WorksFUD"=c:\program files\Microsoft Works\wkfud.exe
        "Microsoft Works Portfolio"=c:\program files\Microsoft Works\WksSb.exe /AllUsers
        "Microsoft Works Update Detection"=c:\program files\Microsoft Works\WkDetect.exe
        "seticlient"=c:\program files\SETI@home\[email protected] -min
        "TkBellExe"=c:\program files\Common Files\Real\Update_OB\realsched.exe -osboot
        "QuickTime Task"="c:\windows\SYSTEM32\qttask.exe" -atboottime
        "AOLDialer"=c:\program files\Common Files\AOL\ACS\AOLDial.exe
        "DadApp"=c:\program files\DELL\AccessDirect\dadapp.exe
        "BayMgr"=DockApp.exe
        "AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
        "HostManager"=c:\program files\Common Files\AOL\1106251464\EE\AOLHostManager.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
        "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
        "Promon.exe"=Promon.exe
        "CPortPatch"=c:\windows\Quick Install\CPPatch.exe
        "PRPCMonitor"=PRPCUI.exe
        "LoadQM"=loadqm.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
        "SchedulingAgent"=mstask.exe
        "AolAcsDaemon1"="c:\program files\COMMON FILES\AOL\ACS\AOLACSD.EXE"
        "AOL TopSpeedMonitor"=c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
        "NVSvc"=c:\windows\SYSTEM32\NVSVC.EXE -runservice
        "KB891711"=c:\windows\SYSTEM\KB891711\KB891711.EXE
        "MSNIA"=c:\progra~1\MSN\MSNIA\MSNIASVC.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\security center]
        "FirewallOverride"=dword:00000001

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
        "EnableFirewall"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
        "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
        "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
        "c:\\Program Files\\iTunes\\iTunes.exe"=

        R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [5/15/2008 11:17 AM 325896]
        R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [5/15/2008 11:17 AM 108552]
        R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
        R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
        R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/19/2009 1:43 PM 908568]
        R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/19/2009 1:43 PM 298776]
        R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [12/1/2006 12:30 PM 28672]
        R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\SYSTEM32\AWINDIS5.SYS [12/3/2006 1:40 PM 16194]
        R3 maestro;ESS Maestro Audio Driver (WDM);c:\windows\SYSTEM32\DRIVERS\es198xdl.sys [6/20/2002 5:53 PM 414400]
        R3 Msikbd2k;DellTouch;c:\windows\SYSTEM32\DRIVERS\Msikbd2k.sys [12/1/2006 12:30 PM 6942]
        R3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\SYSTEM32\DRIVERS\wg511nd5.sys [12/3/2006 1:39 PM 449888]
        S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
        HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12

        [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\^RNA]
        rundll rnasetup.dll,installoptionalcomponent rna

        [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
        "c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

        [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
        "c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
        "c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

        [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
        "c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

        [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
        "c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
        "c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

        [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
        c:\windows\SYSTEM32\updcrl.exe -e -u c:\windows\SYSTEM\verisignpub1.crl
        .
        Contents of the 'Scheduled Tasks' folder
        .
        .
        ------- Supplementary Scan -------
        .
        uStart Page = hxxp://yahoo.com/
        mLocal Page = c:\windows\SYSTEM\blank.htm
        mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
        uInternet Connection Wizard,ShellNext = hxxp://cf.icq.com/cf/2000/lost_password.html
        uInternet Settings,ProxyServer = http=localhost:7171
        uInternet Settings,ProxyOverride = *.local;<local>
        uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
        Trusted Zone: aol.com\free
        Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
        DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
        DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
        .

        **************************************************************************

        catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2009-05-18 21:32
        Windows 5.1.2600 Service Pack 2 FAT NTAPI

        scanning hidden processes ... 

        scanning hidden autostart entries ...

        scanning hidden files ... 

        scan completed successfully
        hidden files: 0

        **************************************************************************
        .
        --------------------- DLLs Loaded Under Running Processes ---------------------

        - - - - - - - > 'winlogon.exe'(456)
        c:\program files\SUPERAntiSpyware\SASWINLO.dll
        .
        ------------------------ Other Running Processes ------------------------
        .
        c:\program files\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
        c:\program files\AVG\AVG8\AVGWDSVC.EXE
        c:\windows\SYSTEM32\NVSVC32.EXE
        c:\windows\SYSTEM32\WDFMGR.EXE
        c:\program files\AVG\AVG8\AVGRSX.EXE
        c:\progra~1\AVG\AVG8\avgnsx.exe
        c:\program files\AVG\AVG8\avgcsrvx.exe
        c:\windows\system32\wscntfy.exe
        c:\program files\Netropa\OSD.exe
        c:\program files\iPod\bin\iPodService.exe
        .
        **************************************************************************
        .
        Completion time: 2009-05-19 21:36 - machine was rebooted
        ComboFix-quarantined-files.txt  2009-05-19 01:36

        Pre-Run: 10,996,350,976 bytes free
        Post-Run: 11,031,134,208 bytes free

        244   --- E O F ---   2009-05-15 06:00
        Logged

        evilfantasy

        • Malware Removal Specialist
        • Moderator


          • Genius
        • Calm like a bomb
          • Thanked: 493
        • Experience: Experienced
        • OS: Windows 11
        Re: malware removal guide
        « Reply #21 on: May 18, 2009, 08:06:37 PM »
        I'm not seeing anything malware related. How is the computer running now?
        Logged

        notevenclose

          Topic Starter


          Rookie

          Re: malware removal guide
          « Reply #22 on: May 21, 2009, 10:18:42 AM »
           hi sorry for late reply... . mom in hospital .....thought u were done with me  huh? no such luck... ;D

          any road...  sill not playing any vidoes still saying need active x.......i checked  video adaters said wroking properly ..went to  dell and did a hardware scan everthing passed... with  my other cumputers ...2 Dells and an HP ....when i go to boot menu there is a diagnostic scan u can run ..i cant seem to find it on this one....  any suggestions or can u direct me any where? do u think i should update the drivers ? do a system restore ? i'm nowhere near this in my repair course and my pc guy is expensive

          thank you

          Logged

          evilfantasy

          • Malware Removal Specialist
          • Moderator


            • Genius
          • Calm like a bomb
            • Thanked: 493
          • Experience: Experienced
          • OS: Windows 11
          Re: malware removal guide
          « Reply #23 on: May 21, 2009, 01:50:36 PM »
          Try posting in the Windows forum.
          Logged

          notevenclose

            Topic Starter


            Rookie

            Re: malware removal guide
            « Reply #24 on: May 26, 2009, 09:42:28 AM »
            HI
             thanks  i will ... I went to Abobe support and I found It could be registry permissions ..since it downloaded with no prob... but its not being recognized...makes sense with all the cleaning ... if you'd like I'll let you know what i find and  how it was fixed ....might take awhile cuz moms still in hosp.

            hope soon  I can do the malware removal  and hijack this self help with my other pcs

            Thank you again for all your help your a godsend
            Logged
            Pages: 1 [2]  All   Go Up
            « previous next »