Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

popups/slow sometimes [RESOLVED]

Started by heat123 , Jul 17 2008 05:05 AM

  • This topic is locked This topic is locked

#1
heat123
Posted 17 July 2008 - 05:05 AM

heat123

    Member

  • Member
  • PipPipPip
  • 298 posts
Hi here is my hjt log below. Thanks for your help in advance. My internet connection is very weird becuase it is good but slow quite often. My last malwarebytes scan detected nothing nor the panda scan. I did the atf cleaner it cleaned 17 megabytes. When i tryed windows update it said it has an error. And when i try troubleshoot I get an error. That could be cuased by the malware maybe?



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:29 AM, on 7/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LevelOne\Common\RaUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: LevelOne Wireless Utility.lnk = C:\Program Files\LevelOne\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1215791776390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188485445937
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - http://utilities.pcp.../pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5648 bytes

Edited by heat123, 17 July 2008 - 07:37 AM.

  • 0

Advertisements

#2
Ltangelic
Posted 17 July 2008 - 08:06 AM

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey heat123,

Welcome to GeekstoGo! I'm Ltangelic and I'll be helping you fix your computer problem.

Take note that I'm still in training, and my posts will have to be checked by an expert. This may cause delays in between my responses, I ask for your patience. Please stick with me until we get your computer cleaned up or it will be a wasted effort on both sides. :)

I'm looking at your log now, and I'll post back with a fix when I'm ready. Thanks for your patience.

PS. If I've not been responding, and you wonder why, feel free to PM me and I'll give an explanation.

LT
  • 0

#3
Rorschach112
Posted 17 July 2008 - 11:07 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#4
heat123
Posted 17 July 2008 - 04:11 PM

heat123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 298 posts
Hi I hope you are doing well. Thanks for all your help so far. I did the mbam log and that worked fine. Here is the log below. With the dss I only got main.txt to come up and followed all directions. Hope you can help me solve that problem. Anyway here is main.txt.





Malwarebytes' Anti-Malware 1.20
Database version: 962
Windows 5.1.2600 Service Pack 3

5:53:43 PM 7/17/2008
mbam-log-7-17-2008 (17-53-43).txt

Scan type: Quick Scan
Objects scanned: 38625
Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





Deckard's System Scanner v20071014.68
Run by troy on 2008-07-17 17:55:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as troy.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:49 PM, on 7/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LevelOne\Common\RaUI.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\troy\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\troy.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: LevelOne Wireless Utility.lnk = C:\Program Files\LevelOne\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1215791776390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188485445937
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - http://utilities.pcp.../pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5655 bytes

-- Files created between 2008-06-17 and 2008-07-17 -----------------------------

2008-07-17 10:14:06 0 dr-h---c- C:\Documents and Settings\troy\Recent
2008-07-17 08:17:08 0 d------c- C:\Program Files\Panda Security
2008-07-16 19:47:01 0 d------c- C:\Documents and Settings\troy\Application Data\Systweak
2008-07-16 19:43:56 0 d------c- C:\Program Files\Advanced System Optimizer
2008-07-16 19:41:02 101888 --a----c- C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-07-16 19:41:02 153600 --a----c- C:\WINDOWS\system32\TLBINF32.DLL <Not Verified; Microsoft Corporation; Object Navigator, Visual Basic>
2008-07-16 19:41:02 0 d------c- C:\Program Files\MalwareSweeper.com
2008-07-14 11:28:45 0 d--h---c- C:\WINDOWS\PIF
2008-07-11 08:18:52 0 d------c- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-11 08:18:49 0 d------c- C:\WINDOWS\system32\Kaspersky Lab
2008-07-10 19:35:43 0 d------c- C:\Documents and Settings\troy\Application Data\IObit
2008-07-10 19:21:18 0 d------c- C:\Program Files\IObit
2008-07-09 20:44:15 0 d-a----c- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-06 18:33:23 0 d------c- C:\fsaua.data
2008-07-02 19:57:02 0 d------c- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-25 19:39:38 0 d------c- C:\Documents and Settings\troy\Application Data\Pointstone
2008-06-25 19:38:11 0 d------c- C:\Program Files\Common Files\Pointstone
2008-06-23 08:23:40 0 d--h---c- C:\$AVG8.VAULT$
2008-06-21 12:53:05 0 d------c- C:\Documents and Settings\troy\Application Data\Malwarebytes
2008-06-21 12:52:52 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-21 09:13:21 0 d------c- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-20 10:27:54 0 d------c- C:\Documents and Settings\troy\.housecall6.6
2008-06-19 08:28:00 0 d------c- C:\Program Files\Trend Micro


-- Find3M Report ---------------------------------------------------------------

2008-07-11 11:09:44 0 d------c- C:\Program Files\Common Files\Symantec Shared
2008-07-09 22:08:40 0 d------c- C:\Program Files\Glary Utilities
2008-07-09 22:04:10 0 d------c- C:\Program Files\Google
2008-07-09 21:06:18 0 d------c- C:\Program Files\QuickTime
2008-07-09 20:05:36 0 d------c- C:\Program Files\SUPERAntiSpyware
2008-07-09 19:59:31 0 d------c- C:\Documents and Settings\troy\Application Data\Macromedia
2008-07-09 19:09:24 0 d------c- C:\Program Files\Common Files
2008-07-09 19:07:51 0 d--h---c- C:\Program Files\InstallShield Installation Information
2008-07-02 21:48:16 0 d------c- C:\Program Files\Viewpoint
2008-07-01 13:20:33 0 d------c- C:\Program Files\Incomplete
2008-06-27 14:13:12 0 d------c- C:\Program Files\Java
2008-06-25 19:39:38 0 d------c- C:\Documents and Settings\troy\Application Data\iolo
2008-06-23 08:21:14 0 d------c- C:\Documents and Settings\troy\Application Data\GlarySoft
2008-06-21 08:50:29 0 d------c- C:\Documents and Settings\troy\Application Data\Adobe
2008-06-21 08:46:51 0 d------c- C:\Program Files\Modem Helper
2008-06-21 08:46:49 0 d------c- C:\Documents and Settings\troy\Application Data\ErrorSmart
2008-06-21 08:46:49 0 d------c- C:\Documents and Settings\troy\Application Data\Apple Computer
2008-06-20 07:39:14 0 d------c- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 07:39:08 0 d------c- C:\Program Files\Lavasoft
2008-06-19 08:15:13 0 d------c- C:\Documents and Settings\troy\Application Data\Uniblue
2008-06-15 17:14:03 0 d------c- C:\Documents and Settings\troy\Application Data\Smart PC Solutions
2008-06-04 21:13:41 0 d------c- C:\Program Files\AVG
2008-05-26 21:33:50 0 d------c- C:\Program Files\Messenger
2008-05-26 21:32:40 0 d------c- C:\Program Files\Movie Maker
2008-05-21 20:07:25 0 d------c- C:\Program Files\Microsoft Silverlight
2008-05-10 07:01:17 206 --a----c- C:\WINDOWS\system32\cbcaefb_z.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]

C:\Documents and Settings\troy\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]
LevelOne Wireless Utility.lnk - C:\Program Files\LevelOne\Common\RaUI.exe [8/27/2007 3:57:05 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCAutoLiveUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystemTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
? 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemGuardAlerter]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-17 17:56:17 ------------
  • 0

#5
Rorschach112
Posted 17 July 2008 - 04:19 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
What are the pop ups for

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt
  • 0

#6
heat123
Posted 17 July 2008 - 04:33 PM

heat123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 298 posts
Hi. Thanks for all your help so far. Still only main.txt displays.
  • 0

#7
Rorschach112
Posted 17 July 2008 - 04:48 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Runscanner to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
  • Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Upload that file here. If the forum doesn't let you upload it then please zip the .run file by right clicking and selecting send to Zip file

Then upload that as an attachment in your next post (you may have to zip the .run file to upload it here).
  • 0

#8
heat123
Posted 17 July 2008 - 05:39 PM

heat123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 298 posts
Here is that file below.




Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

000 General info
----------------
Computer name : DJDHH141
Creation time : 7/17/2008 7:31:08 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.11
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 3
RunScanner Version : 1.6.3.0
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

001 Running processes
---------------------
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe (Apple, Inc.)
* c:\windows\system32\alg.exe (Microsoft Corporation)
* c:\progra~1\avg\avg8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
* c:\progra~1\avg\avg8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
* c:\windows\system32\csrss.exe (Microsoft Corporation)
* c:\windows\system32\ctfmon.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
c:\program files\levelone\common\raui.exe (Digital Data Communications Co., Ltd.)
* c:\windows\system32\lsass.exe (Microsoft Corporation)
* c:\program files\common files\microsoft shared\vs7debug\mdm.exe (Microsoft Corporation)
* c:\docume~1\troy\locals~1\temp\temporary directory 1 for runscanner[1].zip\runscanner.exe (Runscanner.net)
* c:\windows\system32\services.exe (Microsoft Corporation)
* c:\windows\system32\spoolsv.exe (Microsoft Corporation)
* c:\windows\explorer.exe (Microsoft Corporation)
* c:\windows\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\system32\smss.exe (Microsoft Corporation)
* c:\windows\system32\wdfmgr.exe (Microsoft Corporation)

005 C:\Documents and Settings\All Users\Start Menu\Programs\Startup
-------------------------------------------------------------------
c:\progra~1\levelone\common\raui.exe (Digital Data Communications Co., Ltd.)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe (Apple Mobile Device)
* c:\progra~1\avg\avg8\avgwdsvc.exe (AVG8 WatchDog)
* c:\program files\google\common\google updater\googleupdaterservice.exe (Google Updater Service)
c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe (InstallDriver Table Manager)
* c:\program files\ipod\bin\ipodservice.exe (iPod Service)
c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe (Windows CardSpace)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
C:\WINDOWS\system32\drivers\aegisp.sys (AEGIS Protocol (IEEE 802.1x) v3.4.3.0)
* c:\windows\system32\drivers\avgldx86.sys (AVG AVI Loader Driver x86)
* c:\windows\system32\drivers\avgmfx86.sys (AVG On-access Scanner Minifilter Driver x86)
- c:\windows\system32\drivers\bvrp_pci.sys (bvrp_pci)
- c:\windows\system32\drivers\changer.sys (Changer)
C:\WINDOWS\system32\drivers\drvmcdb.sys (drvmcdb)
C:\WINDOWS\system32\drivers\drvnddm.sys (drvnddm)
c:\program files\dellsupport\gtaction\triggers\dsproct.sys (DSproct)
- c:\windows\system32\drivers\iaimtv2.sys (iAimTV2)
- c:\windows\system32\drivers\lbrtfdc.sys (lbrtfdc)
C:\WINDOWS\system32\drivers\omci.sys (OMCI WDM Device Driver)
- c:\windows\system32\drivers\pcidump.sys (PCIDump)
- c:\windows\system32\drivers\pdcomp.sys (PDCOMP)
- c:\windows\system32\drivers\pdframe.sys (PDFRAME)
- c:\windows\system32\drivers\pdreli.sys (PDRELI)
- c:\windows\system32\drivers\pdrframe.sys (PDRFRAME)
- c:\program files\internet explorer\sabprocenum.sys (SABProcEnum)
c:\program files\superantispyware\sasdifsv.sys (SASDIFSV)
c:\program files\superantispyware\sasenum.sys (SASENUM)
c:\program files\superantispyware\saskutil.sys (SASKUTIL)
c:\windows\system32\ddmi2.sys (SDDMI2)
C:\WINDOWS\system32\drivers\sscdbhk5.sys (sscdbhk5)
c:\windows\system32\drivers\ssdefrag.sys (SSDefrag)
C:\WINDOWS\system32\drivers\ssrtln.sys (ssrtln)
- c:\windows\system32\drivers\tffsmon.sys (TfFsMon)
- c:\windows\system32\drivers\tfnetmon.sys (TfNetMon)
C:\WINDOWS\system32\dla\tfsnboio.sys (tfsnboio)
C:\WINDOWS\system32\dla\tfsncofs.sys (tfsncofs)
C:\WINDOWS\system32\dla\tfsndrct.sys (tfsndrct)
C:\WINDOWS\system32\dla\tfsndres.sys (tfsndres)
C:\WINDOWS\system32\dla\tfsnifs.sys (tfsnifs)
C:\WINDOWS\system32\dla\tfsnopio.sys (tfsnopio)
C:\WINDOWS\system32\dla\tfsnpool.sys (tfsnpool)
C:\WINDOWS\system32\dla\tfsnudf.sys (tfsnudf)
C:\WINDOWS\system32\dla\tfsnudfa.sys (tfsnudfa)
- c:\windows\system32\drivers\tfsysmon.sys (TfSysMon)
- c:\windows\system32\drivers\wanatw.sys (WAN Miniport (ATW))
- c:\windows\system32\drivers\wdica.sys (WDICA)

031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
-------------------------------------------
* c:\program files\avg\avg8\avgpp.dll (AVG Technologies CZ, s.r.o.) {F274614C-63F8-47D5-A4D1-FBDDE494F8D1}
c:\program files\common files\microsoft shared\information retrieval\msitss.dll (Microsoft Corporation) {0A9007C0-4076-11D3-8789-0000F8105754}

042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
GUID / CLSID not found {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

050 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
-----------------------------------------------------------------------------
c:\program files\superantispyware\sasseh.dll (SuperAdBlocker.com) {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
c:\windows\system32\dla\tfswshx.dll (Sonic Solutions) {5CA3D70E-1895-11CF-8E15-001234567890}
* c:\program files\google\googletoolbarnotifier\2.1.1119.1736\swg.dll (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
* c:\program files\avg\avg8\avgssie.dll (AVG Technologies CZ, s.r.o.) {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
* c:\program files\avg\avg8\avgse.dll (AVG Technologies CZ, s.r.o.) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
c:\windows\system32\dla\tfswshx.dll (Sonic Solutions) {5CA3D70E-1895-11CF-8E15-001234567890}
c:\progra~1\glaryu~1\contex~1.dll (GlarySoft.com) {72923739-5A47-40A3-9895-25AF0DFBB9E4}
c:\program files\sonic\recordnow!\shlext.dll (Sonic Solutions) {DEE12703-6333-4D4E-8F34-738C4DCC2E04}

063 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
---------------------------------------------------------------------
- autocheck smrgdf c:\documents and settings\troy\application data\iolo\

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
c:\program files\superantispyware\saswinlo.dll (SUPERAntiSpyware.com)

069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
--------------------------------------------------------
- lexlmpm.dll

073 %windir%\Tasks
------------------
GlaryInitialize.job : c:\program files\glary utilities\initialize.exe (GlarySoft.com)
Uniblue SpeedUpMyPC Nag.job : c:\program files\uniblue\speedupmypc 3\speedupmypc.exe
Uniblue SpeedUpMyPC.job : c:\program files\uniblue\speedupmypc 3\speedupmypc.exe

100 Internet Explorer settings
------------------------------
Default_Search_URL HKCU : http://home.microsof...arch/search.asp
Default_Search_URL HKLM : http://home.microsof...arch/search.asp
SearchUrl HKCU : http://home.microsof...search.asp?p=%s
SearchUrl HKLM : http://home.microsof...search.asp?p=%s
Start Page HKLM : http://www.msn.com

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
c:\windows\system32\kaspersky lab\kaspersky online scanner\kavwebscan.dll (Kaspersky Lab) {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
c:\windows\downloaded program files\conflict.1\housecall_activex.dll (Trend Micro Inc.) {215B8138-A3CF-44C5-803F-8226143CFC0A}
GUID / CLSID not found {56762DEC-6B0D-4AB4-A8AD-989993B5D08B}
GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
c:\windows\downloaded program files\sabspx.dll (SuperAdBlocker.com) {B1E2B96C-12FE-45E2-BEF1-44A219113CDD}
c:\windows\downloaded program files\conflict.1\fscax.dll (F-Secure Corporation) {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}
GUID / CLSID not found {FFB3A759-98B1-446F-BDA9-909C6EB18CC7}

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

121 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
--------------------------------------------------------------------------
* C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
GUID / CLSID not found {58C83EE0-5261-11D3-81DC-D2AB3F16133C}
* c:\program files\avg\avg8\avgse.dll (AVG Technologies CZ, s.r.o.) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
c:\program files\advanced system optimizer\shellext.dll (Systweak Inc) {90A07ACC-0331-4aee-9AAD-A854A9C37667}
c:\progra~1\glaryu~1\contex~1.dll (GlarySoft.com) {72923739-5A47-40A3-9895-25AF0DFBB9E4}
c:\program files\superantispyware\sasctxmn.dll (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu

221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
-------------------------------------------------------
GUID / CLSID not found {58C83EE0-5261-11D3-81DC-D2AB3F16133C}
* c:\program files\avg\avg8\avgse.dll (AVG Technologies CZ, s.r.o.) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
c:\program files\advanced system optimizer\shellext.dll (Systweak Inc) {90A07ACC-0331-4aee-9AAD-A854A9C37667}
c:\progra~1\glaryu~1\contex~1.dll (GlarySoft.com) {72923739-5A47-40A3-9895-25AF0DFBB9E4}
c:\program files\superantispyware\sasctxmn.dll (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu

223 HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
--------------------------------------------------------------------------
* c:\program files\malwarebytes' anti-malware\mbamext.dll (Malwarebytes) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
------------------------------------------------------------
GUID / CLSID not found {58C83EE0-5261-11D3-81DC-D2AB3F16133C}
GUID / CLSID not found {58C83EE0-5261-11D3-81DC-D2AB3F16133C}
* c:\program files\avg\avg8\avgse.dll (AVG Technologies CZ, s.r.o.) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
* c:\program files\avg\avg8\avgse.dll (AVG Technologies CZ, s.r.o.) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
c:\progra~1\glaryu~1\contex~1.dll (GlarySoft.com) {72923739-5A47-40A3-9895-25AF0DFBB9E4}
c:\progra~1\glaryu~1\contex~1.dll (GlarySoft.com) {72923739-5A47-40A3-9895-25AF0DFBB9E4}
* c:\program files\malwarebytes' anti-malware\mbamext.dll (Malwarebytes) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
* c:\program files\malwarebytes' anti-malware\mbamext.dll (Malwarebytes) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
---------------------------------------------------------------
c:\program files\advanced system optimizer\shellext.dll (Systweak Inc) {90A07ACC-0331-4aee-9AAD-A854A9C37667}
c:\program files\superantispyware\sasctxmn.dll (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
  • 0

#9
Rorschach112
Posted 18 July 2008 - 05:17 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you upload the .run file please, that is the log file
  • 0

#10
heat123
Posted 18 July 2008 - 05:51 AM

heat123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 298 posts
Here is the file as an attachment zipped

Edited by heat123, 18 July 2008 - 05:57 AM.

  • 0

Advertisements

#11
Rorschach112
Posted 18 July 2008 - 05:55 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download the attachment at the end of this post (this will be your runscanner file fixed by me)

  • Unzip it to your desktop then double click the runscanner icon this will run the program.
  • You will notice several entries in red and in blue.
  • Click the button at the top called Fix selected items
  • Accept the warning(s) and repeat until they are all gone.
  • Reboot your PC



Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#12
heat123
Posted 18 July 2008 - 03:43 PM

heat123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 298 posts
Hello. I did what you said to do with runscanner worked out fine. Here is the scan results below. Thanks for all your help so far.


Friday, July 18, 2008 5:39:39 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/07/2008
Kaspersky Anti-Virus database records: 968327


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 44628
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 01:30:15

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped

C:\Documents and Settings\All Users\Documents\DESKTOP.INI Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\troy\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\troy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\troy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\troy\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\troy\Local Settings\Temp\~DF3291.tmp Object is locked skipped

C:\Documents and Settings\troy\Local Settings\Temp\~DF32AB.tmp Object is locked skipped

C:\Documents and Settings\troy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\troy\ntuser.dat Object is locked skipped

C:\Documents and Settings\troy\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1031\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Edited by heat123, 18 July 2008 - 03:44 PM.

  • 0

#13
Rorschach112
Posted 19 July 2008 - 05:56 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean

  • Make sure you have an Internet Connection.
  • Download OTCleanIt to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#14
heat123
Posted 19 July 2008 - 06:29 AM

heat123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 298 posts
Hi I am done with what you said to do. Thanks for all your help. I had an error in microsoft update and when I try the troubleshoot another error shows up. Can you help me. Here is one of the error number's. Error number: 0x800A0046]
  • 0

#15
Rorschach112
Posted 19 July 2008 - 06:33 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No idea about that

Go to the Windows XP forum if it persists
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP