hijack this log - copy-book.com [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

hijack this log - copy-book.com [RESOLVED], redirected to copy-book.com and searchfind - in IE and firefox 3(!

Options

adil View Member Profile	Jul 12 2008, 07:30 PM Post #1
New Member Posts: 7 OS: windows xp	New Firefox browser gets hijacked - old one had no problems(?!) IE too. Sends me to copy-book.com and searchfind sometimes. Ran SuperANTISpyware - nothing. Ran Malwares' Anti-malware and found 2 - deleted - but upon reboot still jacked. Can't seem to download updates for AdAware2008 (can't detect internet connection???) Seems like there is other unnecessary stuff in there - but that is coming from a wannabe-geek... I'd like to get rid of anything not necessary. Appreciate the help! HiJack Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:11:27 PM, on 12/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe C:\Program Files\Stickies\stickies.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\SMART Technologies Inc\SMART Board Software\Aware.exe C:\Program Files\SMART Technologies Inc\SMART Board Software\Marker.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fisher-price.com/fp.aspx?st=10&...ool&site=us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/ O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E3F888F-96D7-4A1B-8514-8991264E8B7D} (iSite 3D Renderer Class) - http://www.pc.gc.ca/apps/dci/source/bin/iS3DCtrl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178977234109 O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...tupv2.0.0.9.cab? O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab? O17 - HKLM\System\CCS\Services\Tcpip\..\{7DD8A699-AB52-4F0F-BB18-35ADAD2606A3}: NameServer = 85.255.116.101 85.255.112.76 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file) O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program Files\Microsoft Office 2007\Office12\GrooveAuditService.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing) O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9555 bytes _____________________________________________________ Uninstal List ABBYY FineReader 5.0 Sprint Ad-Aware Adobe Flash Player 9 ActiveX Adobe Flash Player Plugin Adobe Reader 7.0.9 Adobe Shockwave Player Ashampoo Burning Studio 6 Audacity 1.2.3 AusLogics Disk Defrag Avery® Wizard 2.1 for Microsoft® Word 2002 AVG Free 8.0 AviSynth 2.5 Bazooka Scanner Belarc Advisor 7.2 CCleaner (remove only) CD Audio Reader Filter (remove only) ConvertXtoDVD 2.1.5.173 Courseware CutePDF Writer 2.5 Dell AIO Printer A920 Dell Driver Reset Tool Dell Media Experience DirectVobSub (remove only) DivX ;-) Audio Compressor 4.02 DivX Codec DivX Converter DivX Player DivX Web Player DScaler 5 Mpeg Decoders DVD Ripper Platinum 4 DVD Shrink 3.2 ExamView Assessment Suite ExamView Player FaxTools FirstClass® Client FLV Player 1.3.3 Foxit Reader GrabPro - Toolbar Haali Media Splitter HighMAT Extension to Microsoft Windows XP CD Writing Wizard HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Image Resizer Powertoy for Windows XP ImgBurn (Remove Only) Intel® 537EP V9x DF PCI Modem Intel® Extreme Graphics 2 Driver Intel® PRO Network Adapters and Drivers Intel® PROSet for Wired Connections Java™ 6 Update 3 Java™ 6 Update 5 Malwarebytes' Anti-Malware MarkBook 2007 Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office XP Professional with FrontPage Microsoft Plus! Digital Media Edition Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Works Microsoft Works 2004 Setup Launcher Microsoft Works Suite Add-in for Microsoft Word Modem Event Monitor Modem Helper Modem On Hold Mozilla Firefox (3.0) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) Orbit Downloader Panda ActiveScan 2.0 PeerGuardian 2.0 Picasa 2 PowerDVD 5.3 Quick View Plus QuickTax 2004 QuickTax 2005 QuickTax 2007 QuickTax Tracker QuickTime Alternative 1.77 Quintessential Player RealPlayer Riva FLV Encoder 2.0 Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Excel 2007 (KB936509) Security Update for Microsoft .NET Framework 2.0 (KB928365) Security Update for Office 2007 (KB934062) Security Update for Office 2007 (KB936514) Security Update for Publisher 2007 (KB936646) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for the 2007 Microsoft Office System (KB936960) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913433) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB944653) Shareaza version 2.2.1.0 Shockwave SHOUTcast Source (remove only) Sketchpad SMART Board Software SMART Essentials for Educators SmartSound Quicktracks Plugin SMOz Sonic MyDVD Sonic Update Manager SoundMAX Spybot - Search & Destroy 1.4 SpywareBlaster v3.5.1 Stickies 6.5a SuccessMaker Courseware Installer SUPER © Version 2007.bld.21 (Jan 4, 2007) SUPERAntiSpyware Free Edition SWF Opener Tweak UI Ulead VideoStudio 10 Understanding Math Understanding Numeration Update for Office 2007 (KB932080) Update for Office 2007 (KB934391) Update for Office 2007 (KB934393) Update for Outlook 2007 (KB937608) Update for Outlook 2007 Junk Email Filter (kb943597) Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB900930) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB925720) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Word 2007 (KB934173) VideoLAN VLC media player 0.8.6a VobSub v2.23 (Remove Only) Windows Communication Foundation Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Installer Clean Up Windows Internet Explorer 7 Windows Media Encoder 9 Series Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 11 Windows Media Player 11 Windows Presentation Foundation Windows Workflow Foundation Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB887797 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 WinRAR archiver Wisdom-soft ScreenHunter 4.0 Free WordPerfect Office 2002 Professional Xteq-dotec X-Setup Pro 6.6.300.Final1 XviD MPEG4 Video Codec (remove only) YP-90 yepp Explorer Zoom Player (remove only)

Essexboy View Member Profile	Jul 13 2008, 05:50 AM Post #2
GeekU Moderator Posts: 19,171 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Hi there lets see what I can do, this will be a two part fix initially Please download FixWareout from here: http://downloads.subratam.org/Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead. Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log THEN Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close all other windows before proceeding. Double-click on dss.exe and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Logs required : Report.txt and DSS Main and Extra

adil View Member Profile	Jul 13 2008, 07:08 AM Post #4
New Member Posts: 7 OS: windows xp	PS - Just fyi - AVG tells me that the update manager's connection failed - didn't touch it, wasn't sure if this was part of the process...

Essexboy View Member Profile	Jul 13 2008, 08:37 AM Post #5
GeekU Moderator Posts: 19,171 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Hi again, have you tried a manual update with AVG ? Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{7DD8A699-AB52-4F0F-BB18-35ADAD2606A3}: NameServer = 85.255.116.101 85.255.112.76 Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. THEN Please visit this web page for instructions for downloading and running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix This includes installing the Windows XP Recovery Console in case you have not installed it yet. It is imperative that you install this as it will enable a system recovery in the event of problems For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058. Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

adil View Member Profile	Jul 13 2008, 11:59 AM Post #6
New Member Posts: 7 OS: windows xp	Had a minor issue, after deleting: O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{7DD8A699-AB52-4F0F-BB18-35ADAD2606A3}: NameServer = 85.255.116.101 85.255.112.76 My internet connection wouldn't work - but shutting down and unplugging and restarting cured it. AVG then updated okay. Here is the ComboFix log: ComboFix 08-07-12.4 - sean 2008-07-13 13:10:31.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.178 [GMT -4:00] Running from: C:\Documents and Settings\sean\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\sean\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\WINDOWS\system32\oeminfo.ini . ((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 ))))))))))))))))))))))))))))))) . 2008-07-13 08:54 . 2008-07-13 08:54 <DIR> d-------- C:\Deckard 2008-07-13 08:34 . 2008-07-13 08:51 <DIR> d-------- C:\fixwareout 2008-07-13 02:06 . 2008-07-13 02:06 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-07-12 22:17 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavboot.sys 2008-07-12 21:29 . 2008-07-12 21:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-11 15:07 . 2008-07-11 15:07 <DIR> d-------- C:\Program Files\Panda Security 2008-07-11 15:05 . 2008-07-11 15:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-11 15:05 . 2008-07-11 15:05 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2008-07-11 15:05 . 2008-07-11 15:05 <DIR> d-------- C:\Documents and Settings\sean\Application Data\Malwarebytes 2008-07-11 15:05 . 2008-07-11 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-11 15:05 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys 2008-07-11 15:05 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys 2008-07-11 14:49 . 2008-07-11 14:49 <DIR> d-------- C:\Program Files\Bazooka Scanner 2008-07-11 09:40 . 2008-07-11 09:40 <DIR> d-------- C:\Program Files\Lavasoft 2008-07-08 14:16 . 2008-07-08 14:16 <DIR> d-------- C:\Program Files\Stickies 2008-07-08 14:16 . 2008-07-13 11:21 <DIR> d-------- C:\Documents and Settings\sean\Application Data\stickies 2008-07-08 08:16 . 2008-07-08 09:56 <DIR> d-------- C:\Documents and Settings\sean\Application Data\GrabPro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-13 16:37 --------- d-----w C:\Program Files\Zoom Player 2008-07-13 16:37 --------- d-----w C:\Documents and Settings\sean\Application Data\Vso 2008-07-13 15:53 --------- d-----w C:\Program Files\Orbitdownloader 2008-07-13 15:42 --------- d-----w C:\Documents and Settings\sean\Application Data\Orbit 2008-07-13 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-13 14:46 --------- d-----w C:\Documents and Settings\sean\Application Data\Azureus 2008-07-13 01:29 --------- d-----w C:\Program Files\SpywareBlaster 2008-07-13 01:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-11 18:50 --------- d-----w C:\Program Files\Trend Micro 2008-07-11 14:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-11 13:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-07-08 20:46 51,306 ----a-w C:\Documents and Settings\sean\Application Data\wklnhst.dat 2008-07-04 14:51 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-04 14:50 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-04 14:50 10,520 ----a-w C:\WINDOWS\SYSTEM32\avgrsstx.dll 2008-07-02 16:31 --------- d-----w C:\Program Files\Azureus 2008-06-27 15:38 --------- d-----w C:\Program Files\Dell AIO Printer A920 2008-06-16 02:30 --------- d-----w C:\Program Files\DivX 2008-06-11 01:28 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll 2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0a.dll 2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll 2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll 2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll 2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll 2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll 2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll 2008-05-29 01:43 --------- d-----w C:\Documents and Settings\sean\Application Data\dvdcss 2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe 2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll 2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll 2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll 2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll 2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll 2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe 2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll 2008-05-17 00:57 --------- d-----w C:\Program Files\AVG 2008-05-17 00:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8 2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe 2008-05-08 12:28 202,752 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys 2008-03-03 00:27 225,704 ----a-w C:\Documents and Settings\sean\Application Data\GDIPFONTCACHEV1.DAT 2006-12-18 17:17 81,920 ----a-w C:\Documents and Settings\sean\Application Data\ezpinst.exe 2006-12-18 17:17 47,360 ----a-w C:\Documents and Settings\sean\Application Data\pcouffin.sys 2005-09-12 16:42 80 --sh--r C:\WINDOWS\SYSTEM32\154ECB2691.dll 2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\SYSTEM32\flvDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-10 21:28 1506544] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184] "Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2004-04-15 04:32 270336] "QuickFinder Scheduler"="C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2001-10-02 02:36 77887] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-19 18:11 180269] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 22:15 290816] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 10:51 1232152] C:\Documents and Settings\sean\Start Menu\Programs\Startup\ Stickies.lnk - C:\Program Files\Stickies\stickies.exe [2008-01-16 22:39:45 757760] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360] Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2007-11-26 21:07:09 1690824] SMART Board Tools.lnk - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe [2007-11-02 06:48:46 4519176] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-10 21:28 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-09-20 22:22 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "MSACM.MI-SC4"= MI-SC4.acm "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"= "GrooveMonitor"="C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe" "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" "InCD"=C:\Program Files\Ahead\InCD\InCD.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\WinMX\\WinMX.exe"= "C:\\Program Files\\Corel\\WordPerfect Office 2002\\Register\\NAVBrowser.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"= "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 10:50] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 10:51] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 10:51] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 10:51] S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-07-07 17:35] S3 SMART Web Server;SMART Web Server;C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe [2007-11-02 06:48] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f76ff84b-b642-11db-b652-001111b03d7f}] \Shell\AutoRun\command - F:\LaunchU3.exe Newly Created Service - CATCHME . - - - - ORPHANS REMOVED - - - - HKLM-Run-GrooveMonitor - C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-13 13:15:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-07-13 13:18:22 ComboFix-quarantined-files.txt 2008-07-13 17:17:38 Pre-Run: 62,152,921,088 bytes free Post-Run: 62,140,243,968 bytes free 171 --- E O F --- 2008-07-13 14:58:40 ...and the newest HiJack log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:01:58 PM, on 13/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe C:\Program Files\Stickies\stickies.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\SMART Technologies Inc\SMART Board Software\Aware.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\SMART Technologies Inc\SMART Board Software\Marker.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fisher-price.com/fp.aspx?st=10&...ool&site=us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/ O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2007\Office12\ONBttnIE.dll (file missing) O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2007\Office12\ONBttnIE.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E3F888F-96D7-4A1B-8514-8991264E8B7D} (iSite 3D Renderer Class) - http://www.pc.gc.ca/apps/dci/source/bin/iS3DCtrl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178977234109 O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...tupv2.0.0.9.cab? O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab? O17 - HKLM\System\CCS\Services\Tcpip\..\{7DD8A699-AB52-4F0F-BB18-35ADAD2606A3}: NameServer = 85.255.116.101 85.255.112.76 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office 2007\Office12\GrooveSystemServices.dll (file missing) O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program Files\Microsoft Office 2007\Office12\GrooveAuditService.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing) O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9504 bytes

Essexboy View Member Profile	Jul 13 2008, 02:09 PM Post #7
GeekU Moderator Posts: 19,171 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Hmm you still have wareout showing on your 017 and that really does need to be fixed If you could run Fixwareout again please and post the log. I will need to see if it flushes your DNS cache, if not I will need to do it manually I failed to notice that it did not do it on the first run

adil View Member Profile	Jul 13 2008, 03:50 PM Post #8
New Member Posts: 7 OS: windows xp	I'm guessing it didn't flush... Do we need to know the reason or we can just fix a different way? REPORT.TXT Username "sean" - 13/07/2008 17:21:43 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7DD8A699-AB52-4F0F-BB18-35ADAD2606A3} "nameserver"="85.255.116.101" <Value cleared. Could not flush the DNS Resolver Cache: Function failed during execution. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe" "Dell AIO Printer A920"="\"C:\\Program Files\\Dell AIO Printer A920\\dlbkbmgr.exe\"" "QuickFinder Scheduler"="\"C:\\Program Files\\Corel\\WordPerfect Office 2002\\Programs\\QFSCHD100.EXE\"" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\"" "PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\"" "AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" "updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~

Essexboy View Member Profile	Jul 13 2008, 04:18 PM Post #9
GeekU Moderator Posts: 19,171 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	We will try it manually Before doing this write down all the settings, Note that not all system/setups even have these settings, While some connection services will require them. These instructions are basically for home users. In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically Press OK twice to get out of the properties screen and reboot if it asks. That option might not be avaiable one some systems Next Go start run type cmd and hit OK type ipconfig /flushdns then hit enter, type exit hit enter (that space between g and / is needed)

adil View Member Profile	Jul 13 2008, 06:13 PM Post #10
New Member Posts: 7 OS: windows xp	Okay - done quick & easy. fyi - I've been getting windows updates during this process (another right now) - this is alright, right? Reconnected fine - do I still leave the "obtain dns settings" on "auto"? HiJack log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:15:22 PM, on 13/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe C:\Program Files\Stickies\stickies.exe C:\Program Files\SMART Technologies Inc\SMART Board Software\Aware.exe C:\Program Files\SMART Technologies Inc\SMART Board Software\Marker.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\SoftwareDistribution\Download\786d8d10fefe7553d7282b60526a243b\update\update.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fisher-price.com/fp.aspx?st=10&...ool&site=us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/ O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2007\Office12\ONBttnIE.dll (file missing) O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2007\Office12\ONBttnIE.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E3F888F-96D7-4A1B-8514-8991264E8B7D} (iSite 3D Renderer Class) - http://www.pc.gc.ca/apps/dci/source/bin/iS3DCtrl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178977234109 O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...tupv2.0.0.9.cab? O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab? O17 - HKLM\System\CCS\Services\Tcpip\..\{7DD8A699-AB52-4F0F-BB18-35ADAD2606A3}: NameServer = 216.240.0.1 216.240.1.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office 2007\Office12\GrooveSystemServices.dll (file missing) O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program Files\Microsoft Office 2007\Office12\GrooveAuditService.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing) O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9691 bytes

Essexboy View Member Profile	Jul 14 2008, 12:59 PM Post #11
GeekU Moderator Posts: 19,171 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	QUOTE Reconnected fine - do I still leave the "obtain dns settings" on "auto"? Yep that fixed it. Are you experiencing an problems now ? I would like to do a deep search to ensure all the nasties have gone Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop. Close ALL OTHER PROGRAMS. Open the OTScanit folder and double-click on OTScanit.exe to start the program. Check the box that says Scan All User Accounts Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days Under Additional Scans check the following: Reg - BotCheck File - Additional Folder Scans File - Purity Scan Now click the Run Scan button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Please attach the log in your next post. To attach a file, do the following: Click Add Reply Under the reply panel is the Attachments Panel Browse for the attachment file you want to upload, then click the green Upload button Once it has uploaded, click the Manage Current Attachments drop down box Click on to insert the attachment into your post

adil View Member Profile	Jul 14 2008, 08:46 PM Post #12
New Member Posts: 7 OS: windows xp	Wow...I'm glad you can make sense of this... OTScanIt.Txt ( 204.64K ) Number of downloads: 123 ...and now that we are "clean" the question is: how did I end up with this? And should I be doing something different to help protect it? And most importantly...could my teenage son's computer use be to blame??? (I'd love a good reason to cut his time down...) Thanks

Essexboy View Member Profile	Jul 15 2008, 12:09 PM Post #13
GeekU Moderator Posts: 19,171 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	QUOTE ...and now that we are "clean" the question is: how did I end up with this? And should I be doing something different to help protect it? And most importantly...could my teenage son's computer use be to blame??? (I'd love a good reason to cut his time down...) That's what teenagers are for - blaming I see that you have used Limewire and Azareus, in themselves these programmes are safe. However, the content they download does not have the same guarantee. A free MP3 or game may come with hidden extras. You have been infected by a drive by download or closed a popup by clicking cancel (...allways use the X to close them out, as some sneaky people reverse the buttons so no means yes) Now the best part of the day ----- Your log now appears clean Double click OTScanIt once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTScanIt wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method: 1. Select Start > All Programs > Accessories > System tools > System Restore. 2. On the dialogue box that appears select Create a Restore Point 3. Click NEXT 4. Enter a name e.g. Clean 5. Click CREATE You now have a clean restore point, to get rid of the bad ones: 1. Select Start > All Programs > Accessories > System tools > Disk Cleanup. 2. In the Drop down box that appears select your main drive e.g. C 3. Click OK 4. The System will do some calculation and the display a dialogue box with TABS 5. Select the More Options Tab. 6. At the bottom will be a system restore box with a CLEANUP button click this 7. Accept the Warning and select OK again, the program will close and you are done Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: SpywareBlaster to help prevent spyware from installing in the first place. SuperAntispyware Run weekly to keep your system clean It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit Secunia Software inspector To check your programme update status Microsoft Windows Update To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? Keep safe

Essexboy View Member Profile	Jul 16 2008, 12:35 PM Post #14
GeekU Moderator Posts: 19,171 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Hijack This log for Nuttman [RESOLVED]	11 / 849	17th August 2006 - 05:15 PM Nuttman69 started - last by therock247uk
Virus, Spyware and Trojan Removal Recent hijack this log for MySafeTrip.com popup problem 12	29 / 1,506	8th October 2006 - 11:36 PM VinceYim started - last by VinceYim
Virus, Spyware and Trojan Removal My HiJack This Log File - Please Help [RESOLVED]	13 / 1,096	13th September 2007 - 06:31 AM BenJF3 started - last by Stamper19
Virus, Spyware and Trojan Removal Hijack This log copy	0 / 402	28th April 2008 - 09:24 PM riosilk started - last by riosilk