[Closed] I have two Chromes open

By ilam96
Mar 12, 2011
Topic Status:
Not open for further replies.
  1. when there should only be one running. I was told I have a duplicating program, which I should get rid of. After reading around the site I decided to follow the updated 8-step Viruses/spyware/malware Preliminary Removal Instructions. I did so and got as far as step 5, for after downloading DDS by sUBs a screen popped up saying "Windows cannot open this file: Pev.dat..." and i should choose webservice to find a program to open it with or select a program from my files. I chose Notepad, which opened up with a lot of programming language, hence I closed the original black DDS screen...and here I am...looking from help from there.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Before continuing> have you tried to close both of the Chrome browsers, then reboot?

    If not, please do so> then let me know what is happening.
  3. ilam96

    ilam96 Newcomer, in training Topic Starter

    have done so, opened task manager and i still have two Chromes open one with more memory usage than the other :-(
    will i need to re-do the instructions from step one?...and how do i disable script blocking protection...?
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Have you highlighted one of them> End Task? What happens?
  5. ilam96

    ilam96 Newcomer, in training Topic Starter

    both close
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay> so what happens if you launch Chrome again?

    Do you understand that it is normal to see more than one entry for Chrome in the Task Manager when you only have one browser Window open> Just like IEv8 can have more than one iexplore.exe process showing with only one active Window.
  7. ilam96

    ilam96 Newcomer, in training Topic Starter

    I understand what your are saying...only, I do not open two browser windows. Now it seems its getting worse, i'm getting duplicate keystrokes too :-( oh what have i done! you know like when i type like it comes out llliiikkeee, but its only happening with my logins/passwords (i'm presuming). definitely my logins
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, please do these scans and leave the logs in your next reply:

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  9. ilam96

    ilam96 Newcomer, in training Topic Starter

    I have three users on my PC - my husband (mostly used, bcoz he doesn't require a password to login), my teenaged daughter (who I suspect downloaded the malware); and mine. I am the admin, under which do i run the steps?
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Use the Administrative account.
  11. ilam96

    ilam96 Newcomer, in training Topic Starter

    k, thx, next weekend tho, i'm a working mom. i apologize for taking so long.
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, making a note to myself. Do as soon as you can.

    Keep thread open.
  13. ilam96

    ilam96 Newcomer, in training Topic Starter

    sorry it took so long, service was down most of yest. i have run the malware and the log is pasted below:


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6123

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    3/21/2011 6:17:44 PM
    mbam-log-2011-03-21 (18-17-44).txt

    Scan type: Quick scan
    Objects scanned: 174982
    Time elapsed: 15 minute(s), 3 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  14. ilam96

    ilam96 Newcomer, in training Topic Starter

    this is the DDS.txt

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Lety at 18:37:57.46 on Mon 03/21/2011
    Internet Explorer: 8.0.6001.19019
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2039.897 [GMT -5:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Lety\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/webhp?hl=en
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
    mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.5.0.125\ips\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - c:\program files\norton safe web lite\engine\1.2.0.6\coIEPlg.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: @c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
    TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\1.2.0.6\coIEPlg.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun: [<NO NAME>]
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-2-1 64288]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1205000.07d\symds.sys [2011-1-6 340016]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1205000.07d\symefa.sys [2011-1-6 652336]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20110309.001\BHDrvx86.sys [2011-3-10 800376]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20110317.002\IDSvix86.sys [2011-3-17 353912]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1205000.07d\ironx86.sys [2011-1-6 136312]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1205000.07d\symtdiv.sys [2011-1-6 330360]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1405384]
    R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.5.0.125\ccsvchst.exe [2011-1-6 130000]
    R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.2.0.6\ccSvcHst.exe [2011-2-4 130000]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-2-1 102448]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-28 136176]
    S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2011-03-20 23:46:06 -------- d-----w- c:\users\lety\appdata\local\{4FE78D2E-68A1-4806-9F82-2D3FE28983E7}
    2011-03-18 22:08:48 -------- d-----w- c:\program files\iPod
    2011-03-18 22:08:44 -------- d-----w- c:\program files\iTunes
    2011-03-12 16:44:12 94848 ----a-w- C:\kwddafob.sys
    2011-03-12 16:18:51 -------- d-----w- c:\users\lety\appdata\local\{F67106AC-39EC-4ECE-B493-63C0864549F1}
    2011-03-12 15:52:39 -------- d-----w- c:\users\lety\appdata\roaming\Malwarebytes
    2011-03-12 15:52:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-12 15:52:21 -------- d-----w- c:\progra~2\Malwarebytes
    2011-03-12 15:52:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-12 15:52:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-09 13:19:41 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 13:19:41 322560 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 13:19:41 177664 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 13:19:41 153088 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-09 13:19:39 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-09 13:19:38 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-08 20:33:02 -------- d-----w- c:\users\lety\appdata\local\{43BAC96B-D283-41F5-BDDA-4A22501F232E}
    2011-03-07 22:54:13 815104 ----a-w- c:\windows\system32\xvidcore.dll
    2011-03-07 22:54:13 77824 ----a-w- c:\windows\system32\xvid.ax
    2011-03-07 22:54:13 180224 ----a-w- c:\windows\system32\xvidvfw.dll
    2011-03-07 22:54:13 -------- d-----w- c:\program files\Xvid
    2011-03-07 22:52:26 -------- d-----w- c:\program files\common files\xing shared
    2011-03-07 22:46:02 -------- d-----w- c:\users\lety\appdata\local\{56D91CCF-DECB-4212-A326-B3FB97BB8C80}
    2011-03-05 17:50:27 -------- d-----w- c:\progra~2\Immortal Lovers
    2011-03-04 23:24:55 -------- d-----w- c:\program files\Bonjour
    .
    ==================== Find3M ====================
    .
    2011-03-07 22:51:59 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-03-07 22:51:59 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-02-18 22:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-08 12:55:21 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
    .
    ============= FINISH: 18:38:52.51 ===============
  15. ilam96

    ilam96 Newcomer, in training Topic Starter

    this is the attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/7/2010 12:18:48 AM
    System Uptime: 3/21/2011 6:00:51 PM (0 hours ago)
    .
    Motherboard: ELITEGROUP | | 945GCT-M3
    Processor: Intel(R) Celeron(R) CPU E1200 @ 1.60GHz | Socket 775 | 1600/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 287 GiB total, 151.976 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 5.198 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Ad-Aware
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Reader X (10.0.1)
    Adobe Shockwave Player 11.5
    Akamai NetSession Interface
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    Bing Bar
    Bing Bar Platform
    Bing Rewards Client Installer
    Bonjour
    BufferChm
    CameraHelperMsi
    CCScore
    Crystal Maze
    CustomerResearchQFolder
    D3DX10
    Dancing with the Stars
    Deadtime Stories
    DJ_AIO_03_F4200_Software
    DJ_AIO_03_F4200_Software_Min
    eMachines Games
    erLT
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    eSupportQFolder
    Fashion Fits!
    fflink
    Final Drive Fury
    Ghost Town Mysteries - Bodie
    Goddess Chronicles
    Google Chrome
    Google Earth Plug-in
    Google Toolbar for Internet Explorer
    Google Update Helper
    Greeting Card Factory Photo Card Maker
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    House, MD
    HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
    Immortal Lovers
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 23
    Logitech Vid HD
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Magic Academy
    Malwarebytes' Anti-Malware
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Default Manager
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft UI Engine
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MobileMe Control Panel
    Mortimer Beckett and the Lost King
    Mortimer Beckett and the Secrets of Spooky Manor
    Mortimer Beckett and the Time Paradox
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery P.I. - Stolen in San Francisco
    Mystery P.I. - The Lottery Ticket
    netbrdg
    Nightfall Mysteries: Asylum Conspiracy
    Nightfall Mysteries: Curse of the Opera
    Norton AntiVirus
    Norton Safe Web Lite
    OfotoXMI
    OpenOffice.org 3.2
    Operation Mania
    Peggle
    Peggle Nights
    Posh Boutique
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Segoe UI
    SFR
    SHASTA
    skin0001
    SKINXSDK
    Soft Data Fax Modem with SmartCP
    staticcr
    Toolbox
    tooltips
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update Installer for WildTangent Games App
    Vampire Brides - Love Over Death
    Virtual City
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VPRINTOL
    WebReg
    WildTangent Games App (eMachines Games)
    Winamp
    Winamp Detector Plug-in
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mesh
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WIRELESS
    Xvid 1.2.1 final uninstall
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    Youda Survivor
    Zynga Toolbar
    .
    ==== End Of File ===========================
  16. ilam96

    ilam96 Newcomer, in training Topic Starter

    this is the gmer log

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit quick scan 2011-03-21 18:30:33
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST3320820AS rev.3.AAD
    Running: 6mccl3r9.exe; Driver: C:\Users\Lety\AppData\Local\Temp\kwriafob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, lets handle the security first: you have 2 antivirus programs running:
    AV: Lavasoft Ad-Watch Live! Anti-Virus
    AV: Norton AntiVirus

    You should remove one of these. Please reboot the computer when finished.

    Years ago, I used the paid AdAware. Basically, it was an antispyware program. The paid version also had AdWatch which would popups with an alert if any Registry change was being made. But it was not called an AV program. (I ended up disabling AdWatch because all changes in the Registry aren't 'bad' and AdWatch didn't know the difference! I have since uninstalled the program. They have done a couple of major upgrades and it seems that AdWatch is part AV and part antimalware. But representing the program as antivirus means you have to shut it down if you have another AV running!

    There are some entries I'm going to need more information on- for instance, do you know what this is for?
    ======================================
    I know you have a busy schedule, but I'd like you to run the following:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ==================================
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Post logs when you can.
  18. ilam96

    ilam96 Newcomer, in training Topic Starter

    thanks for replying, i have removed Lavasoft. i now only have Norton running. as to the other entry c:\kwddafob.sys, i don't know for sure; the only thing i can think of that may be associated with is my kodak easy share program that i installed for my digital camera. is there any way i can find out for sure if its something i want to keep?
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Yes, I can look into the file with script you'll run through Combofix. Please go ahead and run the Eset scan and Combofix.

    I don't think that file is for Kodak Easyshare- if it was, I should be able to ID it.
  20. ilam96

    ilam96 Newcomer, in training Topic Starter

    well i ran Eset but it took longer than an hour, afterwhich Norton turned on and Eset stalled at about 47%, i had to stop the scan, unfortunately my free trial was over. Now Eset is asking me to purchase or something else which i don't recal, but neither of which i'm able to do. should i uninstall and try downloading it again?
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    The Eset link we give it for a free online virus scan. It is not for a free trial. It is advised to use Internet Explorer. IF you are doing the scan through Firefox: you will get the following message:

    Please uninstall whatever Eset program you have an start again:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ====================================
    Please go ahead and run Combofix after this. IF there is still a problem, run Combofix anyway.
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Thread will be closed in 2 days if there is no reply.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.