Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

spyware - hijackthis log posted - plz help [RESOLVED]


  • This topic is locked This topic is locked

#1
staticVoid

staticVoid

    Member

  • Member
  • PipPip
  • 94 posts
hi, having problems with my laptop - background has changed and popups keep appearing , i would be most greatful if some1 would take a look at this:

Logfile of HijackThis v1.99.1
Scan saved at 19:30:51, on 11/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\keyhook.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mediasportal....5...;pn=0&pid=2
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {47C54F02-1B28-45F1-AE46-B5CDFB6E7926} - C:\WINDOWS\duocore.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: wmpenv - {71E27856-E835-4843-A19F-611C14699C97} - C:\WINDOWS\wmpenv.dll
O21 - SSODL: wmpconf - {6C1D4CCA-AC94-4F39-AA2C-1D7496E4F8F4} - C:\WINDOWS\wmpconf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  • 0

Advertisements


#2
ricox

ricox

    Visiting Staff

  • Visiting Consultant
  • 331 posts
Hello and Welcome to Geeks to Go :whistling:

I am ricox and I will be assisting you with your malware problem.
Currently I'm studying your log and will be back to you as soon as possible. Thank you for your patience. :blink:
  • 0

#3
ricox

ricox

    Visiting Staff

  • Visiting Consultant
  • 331 posts
Hi again :whistling:

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

******************************

Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mediasportal....5...;pn=0&pid=2
O2 - BHO: MSVPS System - {47C54F02-1B28-45F1-AE46-B5CDFB6E7926} - C:\WINDOWS\duocore.dll
O21 - SSODL: wmpenv - {71E27856-E835-4843-A19F-611C14699C97} - C:\WINDOWS\wmpenv.dll
O21 - SSODL: wmpconf - {6C1D4CCA-AC94-4F39-AA2C-1D7496E4F8F4} - C:\WINDOWS\wmpconf.dll


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.

******************************

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix\SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

******************************

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#4
staticVoid

staticVoid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
here are the logs , thanx a lot


SmitFraudFix v2.211

Scan done at 18:17:02.32, 13/08/2007
Run from C:\Documents and Settings\new account\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\main_uninstaller.exe Deleted
C:\WINDOWS\privacy_danger\ Deleted
C:\WINDOWS\wmpconf.dll Deleted
C:\WINDOWS\wmpenv.dll Deleted
C:\DOCUME~1\NEWACC~1\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\NEWACC~1\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\NEWACC~1\Desktop\Spyware?Malware Protection.url Deleted
C:\Program Files\VideoAccessCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS2\Services\Tcpip\..\{7BC05508-EADC-44B3-B72D-B0C5B40D44F6}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////


Deckard's System Scanner v20070809.63
Run by new account on 2007-08-13 at 18:24:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-08-13 17:24:26 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 224 MiB (512 MiB recommended).


-- HijackThis (run as new account.exe) -----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 18:26:04, on 13/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\keyhook.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\new account\Desktop\dss.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\PROGRA~1\HIJACK~1\new account.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20070812-101625-260 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mediasportal....5...;pn=0&pid=2
backup-20070812-101625-281 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
backup-20070813-181420-284 O2 - BHO: MSVPS System - {47C54F02-1B28-45F1-AE46-B5CDFB6E7926} - C:\WINDOWS\duocore.dll
backup-20070813-181420-313 O21 - SSODL: wmpenv - {71E27856-E835-4843-A19F-611C14699C97} - C:\WINDOWS\wmpenv.dll
backup-20070813-181420-367 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
backup-20070813-181421-999 O21 - SSODL: wmpconf - {6C1D4CCA-AC94-4F39-AA2C-1D7496E4F8F4} - C:\WINDOWS\wmpconf.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.10) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.10>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 AR5523 (NETGEAR WG111T USB2.0 Wireless Card Service) - c:\windows\system32\drivers\wg11tnd5.sys (file missing)
S3 ATHFMWDL (NETGEAR WG111T bootloader driver) - c:\windows\system32\drivers\athfmwdl.sys (file missing)
S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\windows\system32\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 RTLWUSB (NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver) - c:\windows\system32\drivers\wg111v2.sys (file missing)
S3 SjyPkt - c:\windows\system32\drivers\sjypkt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-07-13 and 2007-08-13 -----------------------------

2007-08-13 18:17:08 1678 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-13 18:16:46 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-08-13 18:16:46 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-08-13 18:16:46 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-13 07:06:08 0 d-------- C:\Documents and Settings\new account\Application Data\InterVideo
2007-08-11 18:28:14 0 d-------- C:\Documents and Settings\new account\Application Data\Macromedia
2007-08-11 18:15:47 0 d-------- C:\Documents and Settings\new account\Application Data\Google
2007-08-11 18:00:01 0 d-------- C:\Documents and Settings\new account\Application Data\AVG7
2007-08-11 17:59:01 0 d-------- C:\Documents and Settings\new account\WINDOWS
2007-08-11 17:59:01 0 d--h----- C:\Documents and Settings\new account\Templates
2007-08-11 17:59:01 0 dr------- C:\Documents and Settings\new account\Start Menu
2007-08-11 17:59:01 0 dr-h----- C:\Documents and Settings\new account\SendTo
2007-08-11 17:59:01 0 dr-h----- C:\Documents and Settings\new account\Recent
2007-08-11 17:59:01 0 d--h----- C:\Documents and Settings\new account\PrintHood
2007-08-11 17:59:01 1572864 --ah----- C:\Documents and Settings\new account\NTUSER.DAT
2007-08-11 17:59:01 0 d--h----- C:\Documents and Settings\new account\NetHood
2007-08-11 17:59:01 0 dr------- C:\Documents and Settings\new account\My Documents
2007-08-11 17:59:01 0 d--h----- C:\Documents and Settings\new account\Local Settings
2007-08-11 17:59:01 0 dr------- C:\Documents and Settings\new account\Favorites
2007-08-11 17:59:01 0 d-------- C:\Documents and Settings\new account\Desktop
2007-08-11 17:59:01 0 d--hs---- C:\Documents and Settings\new account\Cookies
2007-08-11 17:59:01 0 dr-h----- C:\Documents and Settings\new account\Application Data
2007-08-11 17:59:01 0 d-------- C:\Documents and Settings\new account\Application Data\SampleView
2007-08-11 17:59:01 0 d-------- C:\Documents and Settings\new account\Application Data\Identities
2007-08-11 17:59:01 0 d-------- C:\Documents and Settings\new account\Application Data\Adobe
2007-08-11 16:02:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-08-11 15:52:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-07-30 21:33:33 0 d---s---- C:\Microsoft
2007-07-30 20:53:12 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-07-30 20:49:08 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-07-30 20:48:28 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-07-30 20:48:28 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-30 20:48:28 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2007-07-30 20:48:28 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2007-07-30 20:48:28 638976 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivXNetworks, Inc.; DivX Video for Windows Codec>
2007-07-30 20:48:27 0 d-------- C:\Program Files\AVS4YOU


-- Find3M Report ---------------------------------------------------------------

2007-07-30 20:49:08 0 d-------- C:\Program Files\Common Files
2007-07-25 17:59:56 0 d-------- C:\Program Files\PartyGaming
2007-07-15 08:54:55 0 d-------- C:\Program Files\Yahoo!
2007-07-15 08:54:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-13 18:58:48 0 d-------- C:\Program Files\Super DVD Creator 8.0
2007-06-13 18:58:45 0 d-------- C:\Program Files\Astonsoft
2007-06-08 18:03:52 124215 --a------ C:\WINDOWS\HPHins12.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [14/09/2002 05:42]
"@"="" []
"AGRSMMSG"="AGRSMMSG.exe" [01/08/2005 07:55 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [01/08/2005 07:53]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/08/2005 07:53]
"SiSPower"="SiSPower.dll" [12/04/2005 20:31 C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [22/04/2005 16:44]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [22/04/2007 21:56]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [15/12/2006 03:23]
"SoundMan"="SOUNDMAN.EXE" [02/12/2004 14:54 C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [15/10/2006 16:30]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [19/02/2006 03:41]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [19/08/2003 15:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [26/07/2007 17:50]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ace9dc1-dec9-11d9-821f-806d6172696f}]
AutoRun\command- E:\Launch.exe




-- End of Deckard's System Scanner: finished at 2007-08-13 at 18:27:55 ---------


//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////




Deckard's System Scanner v20070809.63
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® M processor 1.30GHz
Percentage of Memory in Use: 77%
Physical Memory (total/avail): 223.36 MiB / 50.73 MiB
Pagefile Memory (total/avail): 545.53 MiB / 268.27 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1959.89 MiB

C: is Fixed (NTFS) - 33.12 GiB total, 27.43 GiB free.
D: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
AV: AVG 7.5.476 v7.5.476 (GRISOFT)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"="C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal"
"C:\\Program Files\\Grisoft\\AVG Free\\avgw.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgw.exe:*:Enabled:AVG Free Edition for Windows"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\new account\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KIM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\new account
LOGONSERVER=\\KIM
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\NEWACC~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\NEWACC~1\LOCALS~1\Temp
USERDOMAIN=KIM
USERNAME=new account
USERPROFILE=C:\Documents and Settings\new account
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

kim hamilton (admin, profile directory not found)
new account (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Agere Systems AC'97 Modem v2136D --> agrsmdel
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0 Software --> C:\Program Files\HP\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\hpzscr01.exe -datfile hphscr12.dat -showdisconnect -forcereboot
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 AddRemoveCPRun
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
NTI Backup NOW! 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4E68EAA3-775A-4542-A08A-47DB8E8E74A6} /l1033 BUNText
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653} /l1033
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Roxio Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\WINDOWS\SiS\900\Uninst.exe
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem6.inf
SiSAGP driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event ID #1907: Error
Event Submitted/Written: 08/13/2007 07:17:10 AM
Event Source: Application Hang
Event Description:
Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event ID #1906: Error
Event Submitted/Written: 08/13/2007 07:17:08 AM
Event Source: Application Hang
Event Description:
Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event ID #1905: Error
Event Submitted/Written: 08/13/2007 07:17:06 AM
Event Source: Application Hang
Event Description:
Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event ID #1901: Warning
Event Submitted/Written: 08/12/2007 06:29:48 PM
Event Source: Userenv
Event Description:
Windows saved user KIM\new account registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Event ID #1900: Error
Event Submitted/Written: 08/12/2007 10:12:02 AM
Event Source: Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16473, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event ID #4613: Error
Event Submitted/Written: 08/13/2007 06:19:01 PM
Event Source: DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event ID #4612: Error
Event Submitted/Written: 08/13/2007 06:18:25 PM
Event Source: DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event ID #4611: Error
Event Submitted/Written: 08/13/2007 06:18:12 PM
Event Source: DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event ID #4610: Error
Event Submitted/Written: 08/13/2007 06:13:22 PM
Event Source: Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Avg7Core
Avg7RsW
Avg7RsXP
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Event ID #4609: Error
Event Submitted/Written: 08/13/2007 06:13:22 PM
Event Source: Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2007-08-13 at 18:27:55 ---------

Edited by staticVoid, 13 August 2007 - 11:30 AM.

  • 0

#5
ricox

ricox

    Visiting Staff

  • Visiting Consultant
  • 331 posts
Hi,
almost done.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
or

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
If kaspersky doesn't work.
  • 0

#6
staticVoid

staticVoid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
heres the report:

Wednesday, August 15, 2007 5:58:39 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 15/08/2007
Kaspersky Anti-Virus database records: 381532


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 38022
Number of viruses found 2
Number of infected objects 4
Number of suspicious objects 0
Duration of the scan process 00:39:55

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\new account\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\new account\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\new account\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\new account\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped

C:\Documents and Settings\new account\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\new account\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\new account\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\new account\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\new account\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\new account\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\new account\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Hijackthis\backups\backup-20070813-181420-284.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc461 Track 1.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc462 Track 2.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc463 Track 3.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc464 Track 4.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc466 Track 6.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc47\desktop.ini Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc47\Self-Destructive Pattern\AlbumArtSmall.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc47\Self-Destructive Pattern\AlbumArt_{2973052B-77EE-46CC-BB3F-9B0738D294D0}_Large.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc47\Self-Destructive Pattern\AlbumArt_{2973052B-77EE-46CC-BB3F-9B0738D294D0}_Small.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc47\Self-Destructive Pattern\desktop.ini Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc47\Self-Destructive Pattern\Folder.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc47\Self-Destructive Pattern\Thumbs.db Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc47\Thumbs.db Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc491 Track 1.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc492 Track 2.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc493 Track 3.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc501 Track 1.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc502 Track 2.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc503 Track 3.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc504 Track 4.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc512 Track 2.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc513 Track 3.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc514 Track 4.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc515 Track 5.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc516 Track 6.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc517 Track 7.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc518 Track 8.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc519 Track 9.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc521 Track 1.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc522 Track 2.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc523 Track 3.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc531 Track 1.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc532 Track 2.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc533 Track 3.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc534 Track 4.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc535 Track 5.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc536 Track 6.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc537 Track 7.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc538 Track 8.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc539 Track 9.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc541 Track 1.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc542 Track 2.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc551 Track 1.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc552 Track 2.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc553 Track 3.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc554 Track 4.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc561 Track 1.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc562 Track 2.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc563 Track 3.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc564 Track 4.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc571 Track 1.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc572 Track 2.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc573 Track 3.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc574 Track 4.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc575 Track 5.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc576 Track 6.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc577 Track 7.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc578 Track 8.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc579 Track 9.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc57\10 Track 10.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc57\11 Track 11.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc57\12 Track 12.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc581 Track 1.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc582 Track 2.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc583 Track 3.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc584 Track 4.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc585 Track 5.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc586 Track 6.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc591 Track 1.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc592 Track 2.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc611 Track 1.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc612 Track 2.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc613 Track 3.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc614 Track 4.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc621 Track 1.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc622 Track 2.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc631 Track 1.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc632 Track 2.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc641 Track 1.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc642 Track 2.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc643 Track 3.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc644 Track 4.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc645 Track 5.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc646 Track 6.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc647 Track 7.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc648 Track 8.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc649 Track 9.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc64\10 Track 10.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc64\11 Track 11.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc64\12 Track 12.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc64\13 Track 13.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc64\14 Track 14.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc64\15 Track 15.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc64\16 Track 16.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc651 Track 1.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc652 Track 2.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc653 Track 3.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-589415484-806308545-1372108536-1007\Dc654 Track 4.wma Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{3F58DC67-3F10-4BAF-9ECB-B87F7480821A}\RP2\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped
  • 0

#7
ricox

ricox

    Visiting Staff

  • Visiting Consultant
  • 331 posts
Hi again,

Your log looks clean .

Please remove SmitfraudFix folder from your desktop. You don't need it anymore

***********************

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

*****************************

Disable and Enable System Restore- you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here: Windows XP System Restore Guide

Reenable system restore with instructions from tutorial above.

*****************************

Also let me know how your computer is now running - any more problems?
  • 0

#8
staticVoid

staticVoid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
The Computer seems to be working fine thanx for the help
  • 0

#9
ricox

ricox

    Visiting Staff

  • Visiting Consultant
  • 331 posts
Hi,

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Your computer urgently needs a firewall! Without a firewall your computer can be more easily infected. It is used to block a lot of suspicious items from the net. Using a firewall will lower your risk of infection.
Here are some free options you can choose to use:
* ZoneAlarm
* Sunbelt Kerio Personal Firewall
* OutPost Firewall

A tutorial on understanding and using a firewall may be found here


To reduce re-infection potential for malware in the future, I strongly recommend installing three free programs:
[SpywareBlaster] -> SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
[SpywareGuard] -> SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.
[IE-SPYAD] -> IE-Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.

Use of Anti-spyware programs. It's highly reccomended to use programs that protect you from spyware infection. Here are some free programs I reccomend, you can use all of them together for full protection:
[Spybot - Search & Destroy] -> Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
[Ad-Aware SE Personal] -> Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

Windows update -> It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Please also read this article by TonyKlein - How did I get infected in the first place? :whistling:
  • 0

#10
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP