Malware / Unknown cannot download photo's + Twitching [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

4 Pages

1 2 3 > »

Malware / Unknown cannot download photo's + Twitching [Solved], Google Toolbar disappeared , Freezes up ,Very Slow

Options

emeraldnzl View Member Profile	Jul 2 2009, 05:19 PM Post #2
Trusted Helper Posts: 7,986 OS: XP Pro	Hello jazzy56, Download the HostsXpert 4.2 - Hosts File Manager. Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager Run HostsXpert 4.2 - Hosts File Manager from its new home Click on "File Handling". Click on "Restore MS Hosts File". Click OK on the Confirmation box. Click on "Make Read Only?" Click the X to exit the program. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself. Next Please run OTL.exe Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :OTLI PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] File not found O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found O33 - MountPoints2\{f93c6d66-4325-11de-ba16-00137208988b}\Shell - "" = AutoRun O33 - MountPoints2\{f93c6d66-4325-11de-ba16-00137208988b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f93c6d66-4325-11de-ba16-00137208988b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found :Files C:\DOCUME~1\MARYSH~1.001\Favorites\CHRISTMAS :Commands [purity] [emptytemp] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done It will produce a log for you on reboot, please post that log in your next reply.

jazzy56 View Member Profile	Jul 2 2009, 08:28 PM Post #3
Member Posts: 78 From: LOUISIANA OS: XP media	I have downloaded HostsXpert 4.2 - Hosts File Manager but do not see file handling. Help I am a novice about this. thanks

jazzy56 View Member Profile	Jul 2 2009, 08:47 PM Post #4
Member Posts: 78 From: LOUISIANA OS: XP media	Log listed All processes killed Error: Unable to interpret <CODE> in the current context! Error: Unable to interpret <:OTLI> in the current context! Error: Unable to interpret <PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [] File not found> in the current context! Error: Unable to interpret <O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] File not found> in the current context! Error: Unable to interpret <O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun> in the current context! Error: Unable to interpret <O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play> in the current context! Error: Unable to interpret <O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found> in the current context! Error: Unable to interpret <O33 - MountPoints2\{f93c6d66-4325-11de-ba16-00137208988b}\Shell - "" = AutoRun> in the current context! Error: Unable to interpret <O33 - MountPoints2\{f93c6d66-4325-11de-ba16-00137208988b}\Shell\AutoRun - "" = Auto&Play> in the current context! Error: Unable to interpret <O33 - MountPoints2\{f93c6d66-4325-11de-ba16-00137208988b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found> in the current context! Error: Unable to interpret <O33 - MountPoints2\F\Shell - "" = AutoRun> in the current context! Error: Unable to interpret <O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play> in the current context! Error: Unable to interpret <O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found> in the current context! ========== FILES ========== C:\DOCUME~1\MARYSH~1.001\Favorites\CHRISTMAS\CHRISTMAS GAMES\SAND CASTLE moved successfully. C:\DOCUME~1\MARYSH~1.001\Favorites\CHRISTMAS\CHRISTMAS GAMES moved successfully. C:\DOCUME~1\MARYSH~1.001\Favorites\CHRISTMAS moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes User: mary shumate ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: mary shumate.D7J9CC91 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: mary shumate.D7J9CC91.000 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: mary shumate.D7J9CC91.001 ->Temp folder emptied: 1803209 bytes ->Temporary Internet Files folder emptied: 23802846 bytes ->Java cache emptied: 13425364 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 82584 bytes RecycleBin emptied: 279 bytes Total Files Cleaned = 37.33 mb OTL by OldTimer - Version 3.0.6.2 log created on 07022009_213757 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

emeraldnzl View Member Profile	Jul 3 2009, 01:14 AM Post #5
Trusted Helper Posts: 7,986 OS: XP Pro	QUOTE I have downloaded HostsXpert 4.2 - Hosts File Manager but do not see file handling. Help I am a novice about this. thanks Not to worry. Leave that for now. Download Lop S&D by Eric_71 and save it to your desktop. Lop S&D will only run on Windows XP and Windows Vista Disable your antivirus and anti-malware programs so they do not interfere with the running of Lop S&D. You can usually do this via a right click on the System Tray icon. Double-click LopSD.exe If you are using Windows Vista, right-click on LopSD.exe* icon and select 'Run as administrator' to perform this scan.* Choose the language by typing of the corresponding letter and press Enter Click OK at the informative window Type 2 to choose Option 2 (Fix + Hosts), then press Enter Wait until the end of the scan A report will be generated, post the contents of it in your next reply. (Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

jazzy56 View Member Profile	Jul 3 2009, 10:46 AM Post #6
Member Posts: 78 From: LOUISIANA OS: XP media	--------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 2.80GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A03 USER : mary shumate ( Administrator ) BOOT : Normal boot Antivirus : Norton Internet Security 16.2.0.7 (Not Activated) Firewall : Norton Internet Security 16.2.0.7 (Activated) C:\ (Local Disk) - NTFS - Total:69 Go (Free:28 Go) D:\ (CD or DVD) E:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008\|23:40 ) Option : [2] ( Jul-03\|11:29 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX Deleted! - C:\DOCUME~1\MARYSH~1.001\Cookies\mary_shumate@advertising[1].txt Deleted! - C:\DOCUME~1\MARYSH~1.001\Cookies\mary_shumate@traveladvertising[1].txt - [ Hosts file ] .. Restored! \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing folders in APPLIC~1 [Jan-30\|12:57:] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Corel [Jan-30\|12:59:] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Google [Aug-16\|05:50:] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities [Mar-16\|07:55:] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft [Jan-30\|12:43:] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun [Mar-31\|04:37:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {63A9FDE6-FCC7-4E26-A4CF-552A08431B32} [May-02\|11:08:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe [Oct-09\|11:34:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe(2) [Feb-20\|10:00:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe(4) [Apr-12\|08:26:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL [Mar-16\|07:55:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8 [Aug-16\|09:54:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DIGStream [Mar-16\|05:57:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Downloaded Installations [Nov-06\|01:39:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FunGames [Jan-26\|12:30:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google [Dec-10\|03:46:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Grisoft [Apr-26\|07:35:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek [Jan-30\|12:52:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield [Jan-30\|12:51:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit [Aug-30\|08:59:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes [Apr-10\|05:25:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee [Apr-12\|08:33:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com [Feb-20\|10:04:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com Personal Firewall(2) [Feb-20\|10:03:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com Personal Firewall(3) [Feb-20\|10:01:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com Personal Firewall(4) [Feb-20\|10:00:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com Personal Firewall(5) [Feb-20\|09:58:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com Personal Firewall(6) [Feb-20\|09:54:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com Personal Firewall(7) [Aug-29\|08:05:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft [Feb-20\|10:01:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MVTLogs [Apr-10\|05:39:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Norton [Apr-10\|04:51:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NortonInstaller [May-02\|02:35:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NOS [Feb-22\|12:44:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PACE Anti-Piracy [Dec-10\|03:13:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Prevx [Jan-30\|12:50:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime [Apr-02\|09:05:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SingleClick Systems [Apr-26\|05:58:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Support.com [Apr-10\|05:40:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec [Apr-19\|10:42:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP [May-14\|02:30:] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage [Jan-30\|12:57:] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Corel [Jan-30\|12:59:] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Google [Aug-16\|05:50:] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities [Jan-30\|12:49:] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft [Jan-30\|12:43:] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun [Feb-22\|01:57:] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> GTek [Feb-22\|01:52:] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia [Mar-16\|07:55:] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft [Feb-19\|10:03:] C:\DOCUME~1\MARYSH~1\APPLIC~1\<DIR> Adobe [Jan-30\|12:57:] C:\DOCUME~1\MARYSH~1\APPLIC~1\<DIR> Corel [Jan-30\|12:54:] C:\DOCUME~1\MARYSH~1\APPLIC~1\<DIR> Gtek [Feb-19\|09:38:] C:\DOCUME~1\MARYSH~1\APPLIC~1\<DIR> Macromedia [Feb-22\|12:45:] C:\DOCUME~1\MARYSH~1\APPLIC~1\<DIR> Microsoft [Jan-30\|12:57:] C:\DOCUME~1\MARYSH~1.D7J\APPLIC~1\<DIR> Corel [Feb-21\|04:57:] C:\DOCUME~1\MARYSH~1.D7J\APPLIC~1\<DIR> Corel Photo Album [Feb-22\|12:44:] C:\DOCUME~1\MARYSH~1.D7J\APPLIC~1\<DIR> FUJIFILM [Jan-30\|12:54:] C:\DOCUME~1\MARYSH~1.D7J\APPLIC~1\<DIR> Gtek [Feb-21\|05:25:] C:\DOCUME~1\MARYSH~1.D7J\APPLIC~1\<DIR> Leadertech [Feb-22\|12:44:] C:\DOCUME~1\MARYSH~1.D7J\APPLIC~1\<DIR> Microsoft [Feb-21\|06:00:] C:\DOCUME~1\MARYSH~1.D7J\APPLIC~1\<DIR> PACE Anti-Piracy [Jan-30\|12:57:] C:\DOCUME~1\MARYSH~1.000\APPLIC~1\<DIR> Corel [Jan-30\|12:54:] C:\DOCUME~1\MARYSH~1.000\APPLIC~1\<DIR> Gtek [Feb-22\|12:43:] C:\DOCUME~1\MARYSH~1.000\APPLIC~1\<DIR> Microsoft [Apr-30\|11:31:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> Adobe [Oct-09\|11:34:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> AdobeUM [Apr-26\|05:59:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> BellSouth [Dec-13\|01:04:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> Corel [Feb-22\|03:03:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> Corel Photo Album [Feb-22\|04:02:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> FUJIFILM [Apr-10\|05:32:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> GetRightToGo [Sep-14\|12:07:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> Google [Dec-10\|03:46:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> Grisoft [Apr-16\|11:11:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> Gtek [Mar-29\|09:43:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> Help [May-12\|05:08:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> Identities [Sep-09\|05:10:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> InstallShield [Apr-18\|05:31:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> IObit [Feb-24\|04:29:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> Leadertech [Apr-30\|11:31:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> Macromedia [Aug-30\|08:59:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> Malwarebytes [Feb-18\|07:47:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> McAfee [Mar-16\|07:55:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> Microsoft [Dec-10\|03:13:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> PrevxCSI [Sep-28\|06:00:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> Sonic [Aug-19\|07:45:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> Sony Corporation [Jan-30\|12:43:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> Sun [May-17\|04:55:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> U3 [Mar-27\|08:52:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> Uniblue [Mar-30\|05:46:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> wsInspector [Apr-18\|05:31:] C:\DOCUME~1\MARYSH~1.001\APPLIC~1\<DIR> Yahoo! [Mar-16\|07:55:] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [Apr-19 11:33: AM][--a------] C:\WINDOWS\tasks\Wise Disk Cleaner 4.job [Jul-03 11:02: AM][--ah-----] C:\WINDOWS\tasks\SA.DAT [Aug-10 06:00: AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [May-02\|11:09:] C:\Program Files\<DIR> Adobe [Aug-30\|05:44:] C:\Program Files\<DIR> Alwil Software [Mar-17\|01:20:] C:\Program Files\<DIR> America Online 9.0 [Mar-17\|01:20:] C:\Program Files\<DIR> AOL Companion [Jun-11\|07:17:] C:\Program Files\<DIR> ATI Technologies [Nov-05\|10:57:] C:\Program Files\<DIR> Auran [Apr-26\|05:59:] C:\Program Files\<DIR> BellSouth [Jan-11\|10:54:] C:\Program Files\<DIR> Big Sky Software [Oct-09\|11:30:] C:\Program Files\<DIR> Broderbund Software [May-02\|11:08:] C:\Program Files\<DIR> Common Files [Oct-14\|02:05:] C:\Program Files\<DIR> Corel [Jun-09\|07:48:] C:\Program Files\<DIR> Coupons [Jan-30\|12:48:] C:\Program Files\<DIR> CyberLink [Mar-12\|06:01:] C:\Program Files\<DIR> Decookie [Mar-17\|01:20:] C:\Program Files\<DIR> Dell [May-15\|12:38:] C:\Program Files\<DIR> Dell Network Assistant [Oct-17\|12:02:] C:\Program Files\<DIR> DellConnect [Apr-16\|10:56:] C:\Program Files\<DIR> DellSupport [Apr-19\|11:41:] C:\Program Files\<DIR> DIGStream [Oct-09\|11:29:] C:\Program Files\<DIR> directx [Mar-15\|02:51:] C:\Program Files\<DIR> Disney [Dec-13\|09:17:] C:\Program Files\<DIR> Disney Interactive [Oct-09\|11:34:] C:\Program Files\<DIR> DK Interactive Learning(2) [Aug-06\|09:38:] C:\Program Files\<DIR> EA GAMES [Mar-24\|06:47:] C:\Program Files\<DIR> EnglishOtto [Apr-18\|09:23:] C:\Program Files\<DIR> Enlight [Jun-28\|11:04:] C:\Program Files\<DIR> ERUNT [Jun-29\|02:50:] C:\Program Files\<DIR> ESET [May-05\|03:37:] C:\Program Files\<DIR> EsetOnlineScanner [Apr-19\|11:41:] C:\Program Files\<DIR> ESPNMotion [Feb-22\|02:44:] C:\Program Files\<DIR> FinePixViewer [Feb-22\|12:44:] C:\Program Files\<DIR> FinePixViewer(2) [Nov-22\|07:18:] C:\Program Files\<DIR> Fox [May-24\|07:30:] C:\Program Files\<DIR> Game Elements [Mar-24\|07:18:] C:\Program Files\<DIR> GemMaster [Jan-26\|03:05:] C:\Program Files\<DIR> Google [Jan-30\|12:59:] C:\Program Files\<DIR> GoogleAFE [May-03\|11:08:] C:\Program Files\<DIR> Grisoft [Nov-05\|10:58:] C:\Program Files\<DIR> Hasbro Interactive [Aug-27\|05:23:] C:\Program Files\<DIR> IBM and Crayola [Oct-09\|11:35:] C:\Program Files\<DIR> Infogrames Interactive [Jun-11\|07:17:] C:\Program Files\<DIR> InstallShield Installation Information [Jan-30\|12:48:] C:\Program Files\<DIR> Intel [Jun-12\|11:45:] C:\Program Files\<DIR> Internet Explorer [Jan-30\|12:51:] C:\Program Files\<DIR> Intuit [Apr-18\|05:31:] C:\Program Files\<DIR> IObit [Apr-11\|01:11:] C:\Program Files\<DIR> Java [Jan-30\|12:50:] C:\Program Files\<DIR> Learn2.com [Dec-30\|12:58:] C:\Program Files\<DIR> LEGO Media [Jun-28\|11:10:] C:\Program Files\<DIR> Malwarebytes' Anti-Malware [Aug-06\|10:06:] C:\Program Files\<DIR> Managed DirectX (0900) [Apr-10\|05:24:] C:\Program Files\<DIR> McAfee [Apr-10\|05:35:] C:\Program Files\<DIR> McAfee.com [Aug-31\|10:18:] C:\Program Files\<DIR> Messenger [May-27\|07:09:] C:\Program Files\<DIR> MFInstall [Aug-16\|05:43:] C:\Program Files\<DIR> microsoft frontpage [Mar-29\|04:25:] C:\Program Files\<DIR> Microsoft Games [Jan-30\|12:49:] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition [Jan-30\|12:49:] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE [Apr-19\|11:41:] C:\Program Files\<DIR> Modem Helper [Jan-30\|12:48:] C:\Program Files\<DIR> Modem On Hold [Apr-18\|10:15:] C:\Program Files\<DIR> Monster Truck Stunt Rally [Aug-31\|10:13:] C:\Program Files\<DIR> Movie Maker [Mar-28\|08:26:] C:\Program Files\<DIR> MSBuild [Oct-04\|01:34:] C:\Program Files\<DIR> MSN [Aug-16\|05:37:] C:\Program Files\<DIR> MSN Gaming Zone [Nov-17\|05:33:] C:\Program Files\<DIR> MSXML 4.0 [Jan-30\|12:54:] C:\Program Files\<DIR> MUSICMATCH [Aug-31\|10:10:] C:\Program Files\<DIR> NetMeeting [Oct-17\|06:30:] C:\Program Files\<DIR> NetZeroInstallers [Apr-10\|05:38:] C:\Program Files\<DIR> Norton Internet Security [Apr-11\|09:58:] C:\Program Files\<DIR> Norton Support [Apr-10\|05:31:] C:\Program Files\<DIR> NortonInstaller [May-02\|02:35:] C:\Program Files\<DIR> NOS [Dec-01\|01:55:] C:\Program Files\<DIR> Online Services [Aug-31\|10:10:] C:\Program Files\<DIR> Outlook Express [Feb-21\|02:06:] C:\Program Files\<DIR> PIXELA [Mar-15\|10:54:] C:\Program Files\<DIR> PopCap Games [Feb-22\|12:45:] C:\Program Files\<DIR> QuickTime [Jan-30\|12:50:] C:\Program Files\<DIR> Real [Mar-28\|08:26:] C:\Program Files\<DIR> Reference Assemblies [Feb-19\|04:54:] C:\Program Files\<DIR> RegistryFix [Feb-22\|02:43:] C:\Program Files\<DIR> REGSHAVE [Aug-16\|09:58:] C:\Program Files\<DIR> RGB [Feb-23\|02:59:] C:\Program Files\<DIR> Scholastic [Nov-19\|09:14:] C:\Program Files\<DIR> Sierra On-Line [Jan-30\|12:45:] C:\Program Files\<DIR> Sigmatel [Mar-17\|01:21:] C:\Program Files\<DIR> SimTheme Park [Jan-30\|12:52:] C:\Program Files\<DIR> Sonic [Aug-30\|06:21:] C:\Program Files\<DIR> SpywareDetector [Mar-30\|05:48:] C:\Program Files\<DIR> Startup Inspector for Windows [Apr-26\|09:30:] C:\Program Files\<DIR> Support.com [Apr-23\|06:38:] C:\Program Files\<DIR> Symantec [Feb-04\|06:02:] C:\Program Files\<DIR> The Learning Company [Oct-09\|11:29:] C:\Program Files\<DIR> THQ [Mar-30\|05:51:] C:\Program Files\<DIR> TrackMania Sunrise [Mar-30\|05:50:] C:\Program Files\<DIR> TrackMania Sunrise(2)(2) [Mar-30\|05:50:] C:\Program Files\<DIR> TrackMania Sunrise(3) [Dec-09\|06:13:] C:\Program Files\<DIR> Trend Micro [Nov-21\|03:09:] C:\Program Files\<DIR> Ubisoft [Aug-28\|11:45:] C:\Program Files\<DIR> Uninstall Information [Oct-09\|11:29:] C:\Program Files\<DIR> ValuSoft [Apr-13\|07:26:] C:\Program Files\<DIR> Virtools Web Player 3.5 [Jan-30\|12:54:] C:\Program Files\<DIR> WebCyberCoach [Mar-12\|05:11:] C:\Program Files\<DIR> WildTangent [Mar-16\|12:08:] C:\Program Files\<DIR> Windows Live Safety Center [Dec-30\|01:26:] C:\Program Files\<DIR> Windows Media Player [Aug-31\|10:10:] C:\Program Files\<DIR> Windows NT [Aug-16\|05:37:] C:\Program Files\<DIR> Windows Plus [Apr-10\|05:38:] C:\Program Files\<DIR> Windows Sidebar [Feb-21\|06:47:] C:\Program Files\<DIR> WindowsUpdate [Jan-30\|12:53:] C:\Program Files\<DIR> WordPerfect Office 12 [Aug-16\|05:43:] C:\Program Files\<DIR> xerox [Apr-19\|10:09:] C:\Program Files\<DIR> Yahoo! [Jul-22\|05:49:] C:\Program Files\<DIR> Zero G Registry --------------------\\ Listing Folders in C:\Program Files\Common Files [May-02\|11:07:] C:\Program Files\Common Files\<DIR> Adobe [May-02\|11:08:] C:\Program Files\Common Files\<DIR> Adobe AIR [Jan-30\|12:51:] C:\Program Files\Common Files\<DIR> AnswerWorks 4.0 [Apr-12\|08:31:] C:\Program Files\Common Files\<DIR> AOL [Apr-12\|08:31:] C:\Program Files\Common Files\<DIR> aolshare [Jan-30\|12:52:] C:\Program Files\Common Files\<DIR> Borland Shared [Oct-14\|02:05:] C:\Program Files\Common Files\<DIR> Corel [Aug-30\|08:04:] C:\Program Files\Common Files\<DIR> Download Manager [Apr-19\|11:41:] C:\Program Files\Common Files\<DIR> EasyInfo [Jan-30\|12:53:] C:\Program Files\Common Files\<DIR> InstallShield [Jan-30\|12:51:] C:\Program Files\Common Files\<DIR> Intuit [Jan-30\|12:42:] C:\Program Files\Common Files\<DIR> Java [Mar-10\|03:28:] C:\Program Files\Common Files\<DIR> Microsoft Shared [Apr-26\|09:30:] C:\Program Files\Common Files\<DIR> Motive [Aug-16\|05:40:] C:\Program Files\Common Files\<DIR> MSSoap [Jan-30\|12:50:] C:\Program Files\Common Files\<DIR> Nullsoft [Aug-16\|05:33:] C:\Program Files\Common Files\<DIR> ODBC [Feb-21\|05:57:] C:\Program Files\Common Files\<DIR> PACE Anti-Piracy [Apr-10\|10:30:] C:\Program Files\Common Files\<DIR> ParetoLogic [Jan-30\|12:50:] C:\Program Files\Common Files\<DIR> Real [Aug-16\|05:40:] C:\Program Files\Common Files\<DIR> Services [Jan-30\|12:52:] C:\Program Files\Common Files\<DIR> Sonic Shared [Aug-16\|05:33:] C:\Program Files\Common Files\<DIR> SpeechEngines [Feb-22\|02:36:] C:\Program Files\Common Files\<DIR> SWF Studio [Apr-10\|05:46:] C:\Program Files\Common Files\<DIR> Symantec Shared [Aug-31\|10:10:] C:\Program Files\Common Files\<DIR> System --------------------\\ Process ( 48 Processes ) ... OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders No Lop folder found ! --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-03 11:32:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections No other infections found ! [F:2][D:0]-> C:\DOCUME~1\MARYSH~1.001\LOCALS~1\Temp [F:1059][D:0]-> C:\DOCUME~1\MARYSH~1.001\Cookies [F:3149][D:4]-> C:\DOCUME~1\MARYSH~1.001\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Jul-03\|11:34 - Option : [2] --------------------\\ Scan completed at 11:34:42 This post has been edited by jazzy56: Jul 3 2009, 12:07 PM

emeraldnzl View Member Profile	Jul 3 2009, 03:08 PM Post #7
Trusted Helper Posts: 7,986 OS: XP Pro	Hello jazzy56, Please download ComboFix from one of these locations: NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable. Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it will produce a log for you. Please include the C:\ComboFix.txt** in your next reply.

jazzy56 View Member Profile	Jul 3 2009, 04:00 PM Post #8
Member Posts: 78 From: LOUISIANA OS: XP media	Ran combo fix --- at the notepad screen a grey boz appeared -- cannot find the C: Docune~marysh~1-001\locals~temp\log b t.file Do you want to create a new folder yes No I said yes.. after 15 minutes with no sign of activity i had to push reset to close down. Do you want me to try again. Thank You

jazzy56 View Member Profile	Jul 3 2009, 04:25 PM Post #9
Member Posts: 78 From: LOUISIANA OS: XP media	Was finally able to RUN COMBOFIX, Please find Log Below. ComboFix 09-07-03.03 - mary shumate Jul-03 17:03.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.157 [GMT -5:00] Running from: c:\documents and settings\mary shumate.D7J9CC91.001\My Documents\ComboFix.exe AV: Norton Internet Security On-access scanning disabled (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security enabled {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 ))))))))))))))))))))))))))))))) . 2009-07-03 16:15 . 2009-04-11 16:05 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.004\NAVENG.SYS 2009-07-03 16:15 . 2009-04-11 16:05 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.004\NAVEX15.SYS 2009-07-03 16:15 . 2009-04-11 16:05 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.004\NAVENG32.DLL 2009-07-03 16:15 . 2009-04-11 16:05 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.004\NAVEX32A.DLL 2009-07-03 16:14 . 2009-04-11 16:05 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.004\EECTRL.SYS 2009-07-03 16:14 . 2009-04-11 16:05 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.004\ECMSVR32.DLL 2009-07-03 16:14 . 2009-04-11 16:05 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.004\CCERASER.DLL 2009-07-03 16:14 . 2009-04-11 16:05 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.004\ERASER.SYS 2009-07-03 16:13 . 2009-07-03 16:34 -------- d-----w- C:\Lop SD 2009-07-03 02:37 . 2009-07-03 02:37 -------- d-----w- C:\_OTL 2009-07-03 02:31 . 2009-07-03 02:31 -------- d-----w- C:\HostsXpert 4.2 - Hosts File Manager 2009-07-03 02:30 . 2009-07-03 02:30 353485 ----a-w- C:\HostsXpert 4.2 -.zip 2009-07-03 02:24 . 2009-07-03 02:24 353485 ----a-w- C:\HostsXpert 4.2 - Hosts File Manager.zip 2009-07-02 14:02 . 2009-07-02 14:01 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-30 22:34 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\Scxpx86.dll 2009-06-30 22:34 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys 2009-06-30 22:34 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSvix86.sys 2009-06-30 22:34 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSxpx86.dll 2009-06-30 22:34 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSviA64.sys 2009-06-30 16:29 . 2009-06-30 16:29 152576 ----a-w- c:\documents and settings\mary shumate.D7J9CC91.001\Application Data\Sun\Java\jre1.6.0_12\lzma.dll 2009-06-29 19:50 . 2009-06-29 19:50 -------- d-----w- c:\program files\ESET 2009-06-27 20:48 . 2009-06-27 20:48 -------- d-----w- c:\windows\system32\wbem\Repository 2009-06-13 02:49 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\Scxpx86.dll 2009-06-13 02:49 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSXpx86.sys 2009-06-13 02:49 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSvix86.sys 2009-06-13 02:49 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSxpx86.dll 2009-06-13 02:49 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSviA64.sys 2009-06-12 00:18 . 2006-02-10 02:05 520192 ------w- c:\windows\system32\ati2sgag.exe 2009-06-08 18:56 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\Scxpx86.dll 2009-06-08 18:56 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSXpx86.sys 2009-06-08 18:56 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSvix86.sys 2009-06-08 18:56 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSxpx86.dll 2009-06-08 18:56 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSviA64.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-02 13:59 . 2009-04-11 18:10 152576 ----a-w- c:\documents and settings\mary shumate.D7J9CC91.001\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-06-29 04:10 . 2009-03-23 00:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-29 04:04 . 2009-05-02 20:54 -------- d-----w- c:\program files\ERUNT 2009-06-29 03:27 . 2009-04-10 15:11 1593120 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-06-29 03:27 . 2009-04-10 15:11 150428 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-06-29 03:27 . 2009-04-10 15:11 519788 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-06-29 03:27 . 2009-04-10 15:11 38730528 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-06-27 22:05 . 2009-03-30 23:59 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-17 16:27 . 2009-03-23 00:23 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 16:27 . 2009-03-23 00:23 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-12 00:17 . 2006-01-30 05:47 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-12 00:17 . 2006-01-30 05:48 -------- d-----w- c:\program files\ATI Technologies 2009-06-10 00:48 . 2008-06-12 00:02 -------- d-----w- c:\program files\Coupons 2009-05-25 00:30 . 2007-11-19 05:58 -------- d-----w- c:\program files\Game Elements 2009-05-22 23:18 . 2006-02-22 19:57 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-05-22 23:18 . 2006-02-22 19:57 152 --sh--r- c:\windows\system32\580530C9BF.sys 2009-05-17 21:55 . 2009-05-17 21:55 -------- d-----w- c:\documents and settings\mary shumate.D7J9CC91.001\Application Data\U3 2009-05-07 15:32 . 2005-08-16 10:18 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-05 20:37 . 2009-05-05 03:43 -------- d-----w- c:\program files\EsetOnlineScanner 2009-04-29 04:56 . 2005-08-16 10:18 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:55 . 2009-05-02 23:39 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-17 12:26 . 2009-03-11 17:38 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2005-08-16 10:18 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-11 15:10 . 2009-04-10 22:39 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-04-11 15:10 . 2009-04-10 22:39 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-04-10 22:39 . 2009-04-10 22:39 1290584 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll 2009-04-10 22:39 . 2009-04-10 22:39 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll 2009-04-10 22:39 . 2009-04-10 22:39 800112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll 2009-04-10 14:58 . 2006-02-22 20:03 43128 ----a-w- c:\documents and settings\mary shumate.D7J9CC91.001\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-02-12 00:15 . 2006-05-07 18:15 88 --sh--r- c:\windows\system32\BFC9300558.sys . ((((((((((((((((((((((((((((( SnapShot@2009-07-03_21.33.25 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-03 21:51 . 2009-07-03 21:51 16384 c:\windows\Temp\Perflib_Perfdata_730.dat + 2009-07-03 21:51 . 2009-07-03 21:51 16384 c:\windows\Temp\Perflib_Perfdata_6e8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-05 68856] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-30 98304] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-05 1838592] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "BuildBU"="c:\dell\bldbubg.exe" [2006-01-30 61440] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-01-30 26112] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968] c:\documents and settings\mary shumate.D7J9CC91.001\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2006-8-19 225280] PowerReg Scheduler.exe [2006-9-15 256000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2006-1-30 156784] Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2006-2-22 200704] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"= R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [Apr-11 10:10 AM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [Apr-11 10:09 AM 258608] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [Apr-11 10:09 AM 482352] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys [Jun-30 5:34 PM 276344] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [Apr-11 10:09 AM 115560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [Jun-28 8:34 PM 101936] S0 xbdpv;xbdpv;c:\windows\system32\drivers\viwopzuv.sys --> c:\windows\system32\drivers\viwopzuv.sys [?] S3 papycpu;papycpu; [x] S3 pxark;pxark;c:\windows\system32\drivers\pxark.sys [Dec-08 5:10 PM 10624] S3 XPAD910;XPADFilter Service 910;c:\windows\system32\drivers\xpad910.sys [Aug-16 4:35 PM 29405] . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{AEA4DE5E-37ED-4A91-A883-6D8953A84614} - (no file) . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://google.com/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-03 17:16 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1016) c:\windows\system32\cscdll.dll . Completion time: 2009-07-03 17:22 ComboFix-quarantined-files.txt 2009-07-03 22:22 ComboFix2.txt 2009-07-03 21:39 Pre-Run: 30,148,526,080 bytes free Post-Run: 30,131,781,632 bytes free 171 --- E O F --- 2009-06-06 13:07

emeraldnzl View Member Profile	Jul 3 2009, 08:11 PM Post #10
Trusted Helper Posts: 7,986 OS: XP Pro	Hello jazzy56, 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE KillAll:: Driver:: xbdpv papycpu File:: c:\windows\system32\drivers\viwopzuv.sys Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

jazzy56 View Member Profile	Jul 3 2009, 09:40 PM Post #11
Member Posts: 78 From: LOUISIANA OS: XP media	How do I disable Malwarebytes, Do you also mean to disable Internet Explorer.. How do I do that. Thank you

jazzy56 View Member Profile	Jul 3 2009, 11:02 PM Post #12
Member Posts: 78 From: LOUISIANA OS: XP media	Hello, Here is the log: I disabled Nortons Antivirus & spyware. ComboFix 09-07-03.03 - mary shumate Jul-03 23:25.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.221 [GMT -5:00] Running from: c:\documents and settings\mary shumate.D7J9CC91.001\My Documents\ComboFix.exe Command switches used :: c:\documents and settings\mary shumate.D7J9CC91.001\Desktop\CFScript.txt AV: Norton Internet Security On-access scanning disabled (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security enabled {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} FILE :: "c:\windows\system32\drivers\viwopzuv.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_papycpu -------\Service_xbdpv ((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 ))))))))))))))))))))))))))))))) . 2009-07-03 23:15 . 2009-04-11 16:05 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\NAVENG.SYS 2009-07-03 23:15 . 2009-04-11 16:05 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\NAVEX15.SYS 2009-07-03 23:15 . 2009-04-11 16:05 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\NAVENG32.DLL 2009-07-03 23:15 . 2009-04-11 16:05 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\NAVEX32A.DLL 2009-07-03 23:15 . 2009-04-11 16:05 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\EECTRL.SYS 2009-07-03 23:15 . 2009-04-11 16:05 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\ECMSVR32.DLL 2009-07-03 23:15 . 2009-04-11 16:05 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\CCERASER.DLL 2009-07-03 23:15 . 2009-04-11 16:05 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\ERASER.SYS 2009-07-03 16:13 . 2009-07-03 16:34 -------- d-----w- C:\Lop SD 2009-07-03 02:37 . 2009-07-03 02:37 -------- d-----w- C:\_OTL 2009-07-03 02:31 . 2009-07-03 02:31 -------- d-----w- C:\HostsXpert 4.2 - Hosts File Manager 2009-07-03 02:30 . 2009-07-03 02:30 353485 ----a-w- C:\HostsXpert 4.2 -.zip 2009-07-03 02:24 . 2009-07-03 02:24 353485 ----a-w- C:\HostsXpert 4.2 - Hosts File Manager.zip 2009-07-02 14:02 . 2009-07-02 14:01 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-30 22:34 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\Scxpx86.dll 2009-06-30 22:34 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys 2009-06-30 22:34 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSvix86.sys 2009-06-30 22:34 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSxpx86.dll 2009-06-30 22:34 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSviA64.sys 2009-06-30 16:29 . 2009-06-30 16:29 152576 ----a-w- c:\documents and settings\mary shumate.D7J9CC91.001\Application Data\Sun\Java\jre1.6.0_12\lzma.dll 2009-06-29 19:50 . 2009-06-29 19:50 -------- d-----w- c:\program files\ESET 2009-06-27 20:48 . 2009-06-27 20:48 -------- d-----w- c:\windows\system32\wbem\Repository 2009-06-13 02:49 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\Scxpx86.dll 2009-06-13 02:49 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSXpx86.sys 2009-06-13 02:49 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSvix86.sys 2009-06-13 02:49 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSxpx86.dll 2009-06-13 02:49 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSviA64.sys 2009-06-12 00:18 . 2006-02-10 02:05 520192 ------w- c:\windows\system32\ati2sgag.exe 2009-06-08 18:56 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\Scxpx86.dll 2009-06-08 18:56 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSXpx86.sys 2009-06-08 18:56 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSvix86.sys 2009-06-08 18:56 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSxpx86.dll 2009-06-08 18:56 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSviA64.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-02 13:59 . 2009-04-11 18:10 152576 ----a-w- c:\documents and settings\mary shumate.D7J9CC91.001\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-06-29 04:10 . 2009-03-23 00:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-29 04:04 . 2009-05-02 20:54 -------- d-----w- c:\program files\ERUNT 2009-06-29 03:27 . 2009-04-10 15:11 1593120 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-06-29 03:27 . 2009-04-10 15:11 150428 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-06-29 03:27 . 2009-04-10 15:11 519788 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-06-29 03:27 . 2009-04-10 15:11 38730528 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-06-27 22:05 . 2009-03-30 23:59 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-17 16:27 . 2009-03-23 00:23 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 16:27 . 2009-03-23 00:23 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-12 00:17 . 2006-01-30 05:47 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-12 00:17 . 2006-01-30 05:48 -------- d-----w- c:\program files\ATI Technologies 2009-06-10 00:48 . 2008-06-12 00:02 -------- d-----w- c:\program files\Coupons 2009-05-25 00:30 . 2007-11-19 05:58 -------- d-----w- c:\program files\Game Elements 2009-05-22 23:18 . 2006-02-22 19:57 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-05-22 23:18 . 2006-02-22 19:57 152 --sh--r- c:\windows\system32\580530C9BF.sys 2009-05-17 21:55 . 2009-05-17 21:55 -------- d-----w- c:\documents and settings\mary shumate.D7J9CC91.001\Application Data\U3 2009-05-07 15:32 . 2005-08-16 10:18 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-05 20:37 . 2009-05-05 03:43 -------- d-----w- c:\program files\EsetOnlineScanner 2009-04-29 04:56 . 2005-08-16 10:18 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:55 . 2009-05-02 23:39 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-17 12:26 . 2009-03-11 17:38 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2005-08-16 10:18 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-11 15:10 . 2009-04-10 22:39 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-04-11 15:10 . 2009-04-10 22:39 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-04-10 22:39 . 2009-04-10 22:39 1290584 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll 2009-04-10 22:39 . 2009-04-10 22:39 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll 2009-04-10 22:39 . 2009-04-10 22:39 800112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll 2009-04-10 14:58 . 2006-02-22 20:03 43128 ----a-w- c:\documents and settings\mary shumate.D7J9CC91.001\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-02-12 00:15 . 2006-05-07 18:15 88 --sh--r- c:\windows\system32\BFC9300558.sys . ((((((((((((((((((((((((((((( SnapShot@2009-07-03_21.33.25 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-04 04:44 . 2009-07-04 04:44 16384 c:\windows\Temp\Perflib_Perfdata_69c.dat + 2009-07-04 04:44 . 2009-07-04 04:44 16384 c:\windows\Temp\Perflib_Perfdata_618.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-05 68856] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-30 98304] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-05 1838592] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "BuildBU"="c:\dell\bldbubg.exe" [2006-01-30 61440] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-01-30 26112] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968] c:\documents and settings\mary shumate.D7J9CC91.001\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2006-8-19 225280] PowerReg Scheduler.exe [2006-9-15 256000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2006-1-30 156784] Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2006-2-22 200704] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"= R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [Apr-11 10:10 AM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [Apr-11 10:09 AM 258608] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [Apr-11 10:09 AM 482352] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys [Jun-30 5:34 PM 276344] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [Apr-11 10:09 AM 115560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [Jun-28 8:34 PM 101936] S3 pxark;pxark;c:\windows\system32\drivers\pxark.sys [Dec-08 5:10 PM 10624] S3 XPAD910;XPADFilter Service 910;c:\windows\system32\drivers\xpad910.sys [Aug-16 4:35 PM 29405] . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{AEA4DE5E-37ED-4A91-A883-6D8953A84614} - (no file) . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://google.com/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-03 23:44 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1" . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe c:\windows\system32\UAService7.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\ehome\ehmsas.exe . ************************************************************************ . Completion time: 2009-07-04 23:57 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-04 04:56 ComboFix2.txt 2009-07-03 22:22 ComboFix3.txt 2009-07-03 21:39 Pre-Run: 30,297,505,792 bytes free Post-Run: 30,337,126,400 bytes free 193 --- E O F --- 2009-06-06 13:07

emeraldnzl View Member Profile	Jul 3 2009, 11:40 PM Post #13
Trusted Helper Posts: 7,986 OS: XP Pro	QUOTE How do I disable Malwarebytes, Do you also mean to disable Internet Explorer.. How do I do that. Thank you Malwarebytes (the free edition) is not a real time anti-malware program i.e. it is disabled unless you are running a scan with it. Internet Explorer is a browser not an anti-malware program. Now You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here. If you no-longer have Malwarebytes please download from Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Next Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job. Kaspersky works with Internet Explorer and Firefox 3. Go to Kaspersky website and perform an online antivirus scan. Note: you will need to turn off your security programs to allow Kaspersky to do its job. Read through the requirements and privacy statement and click on Accept button. It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Copy and paste that information in your next post. So when you return please post MBAM log Kaspersky scan results and tell me how your machine is performing now

jazzy56 View Member Profile	Jul 4 2009, 12:14 AM Post #14
Member Posts: 78 From: LOUISIANA OS: XP media	Here is the MBAM log it was Clean However I have 68 infections in Quarantine from previous runs.. Can these be removed.?? Thank You Kapersky will follow as soon as I finish running it. Malwarebytes' Anti-Malware 1.38 Database version: 2371 Windows 5.1.2600 Service Pack 3 Jul-04 1:06:24 AM mbam-log-2009-07-04 (01-06-24).txt Scan type: Quick Scan Objects scanned: 109351 Time elapsed: 6 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

jazzy56 View Member Profile	Jul 4 2009, 12:22 AM Post #15
Member Posts: 78 From: LOUISIANA OS: XP media	I cannot run Kapersky !!! A box appeared with this inside. Starting Java applet has failed, please go online to use this program.. I am online with DSL. HELP !!!! I tried going to thier website , it said download java 1.5 or more, I downloaded Jave again and same thing applet has failed.. No change, I cannot run Kapersky. My apology for taking so much of your time. This post has been edited by jazzy56: Jul 4 2009, 12:54 AM

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

4 Pages

1 2 3 > »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Cannot Run Malwarebytes' Anti-Malware or Super Antispyware	7 / 975	18th May 2009 - 10:47 AM doubleleo started - last by admin
Virus, Spyware and Trojan Removal cannot download anything since switching to firefox from ie7 [Solved] 12	16 / 397	23rd June 2009 - 10:29 AM logari started - last by Rorschach112
Virus, Spyware and Trojan Removal nasty virus, malware removal items won't run [Solved] 12	19 / 544	1st September 2009 - 11:25 AM dogman2828 started - last by Essexboy
Virus, Spyware and Trojan Removal Malware Bytes, SPyBot won't run [Solved]	3 / 519	17th September 2009 - 12:27 AM duke2050 started - last by hammerman