[Solved] Problem laptop

By Biolund
Aug 1, 2010
Topic Status:
Not open for further replies.
  1. This forum helped me out tremendously recently (Broni helped me with another computer of mine). I am hoping you can take a crack at this one.

    My wife's laptop has been acting up for a long time and it recently refused to install coral draw. Today I tried to update windows without luck and I can see that most updates the last year has failed. I ran Malwarebytes', which was installed and it did not find anything, but I noticed that there was a file in quarantine with the name "Hijack.StartMenu".

    I began doing the 8-step preliminary removal instructions, but did not get very far. I was unable to unstall an antivirus program. I did the temporary file cleaner succesfully. The GMER froze my computer after 1 hour and on the next try I got "the blue screen of death". Please help me with this one!
  2. Biolund

    Biolund Newcomer, in training Topic Starter Posts: 32

    Forgot to mention that the OS is Windows Vista home edition and it is a Gateway laptop
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    It's going to be more helpful to both of us if you can finish running steps in the Preliminary Virus and Malware Removal thread HERE.

    For GMER, try either of these:
    1. Uncheck Devices and see if it will scan.
    2. If not, boot into Safe Mode and try the GMER scan.

    I'm not sure whether you meant 'install' or 'uninstall' an antivirus program. You do not nee to uninstall or disable an antivirus program for these scans, but you should have n AV program running.

    When you have finished, please paste the logs into your next reply. It's okay if you need to split a log to include all of the content.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  4. Biolund

    Biolund Newcomer, in training Topic Starter Posts: 32

    Thanks Bobbye

    I will attempt to do the scans and get back to you.

    In my first post I meant I was unable to install an anti virus program. I tried to install Avira Free, but was unable to, so I could not do the anti virus scan.
  5. Biolund

    Biolund Newcomer, in training Topic Starter Posts: 32

    Here are some logs.

    Malwarebytes'

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4375

    Windows 6.0.6000
    Internet Explorer 7.0.6000.16512

    7/31/2010 11:22:01 PM
    mbam-log-2010-07-31 (23-22-01).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 280190
    Time elapsed: 1 hour(s), 4 minute(s), 20 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER log:

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-08-01 22:51:06
    Windows 6.0.6000
    Running: un2zjr3b.exe; Driver: C:\Users\wner\AppData\Local\Temp\kgroapow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    DDS log:

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by wner at 22:55:43.30 on Sun 08/01/2010
    Internet Explorer: 7.0.6000.16512
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1332 [GMT -4:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\igfxtray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\wner\Desktop\dds.scr
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6714
    mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6714
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6714
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    uRun: [Sidebar] "c:\program files\windows sidebar\Sidebar.exe" /autorun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [BigFix] c:\program files\bigfix\bigfix.exe /atstartup
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\wner\appdata\roaming\mozilla\firefox\profiles\v7e9mvy0.default\
    FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    FF - plugin: c:\users\wner\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\users\wner\appdata\roaming\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\users\wner\appdata\roaming\move networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\users\wner\appdata\roaming\move networks\plugins\npqmp071701000002.dll

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    ============= SERVICES / DRIVERS ===============

    R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2007-10-15 251904]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-10-15 30192]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

    =============== Created Last 30 ================


    ==================== Find3M ====================

    2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
    2008-10-03 20:59:12 51200 ----a-w- c:\windows\inf\infpub.dat
    2008-10-03 20:59:08 86016 ----a-w- c:\windows\inf\infstrng.dat
    2008-10-03 20:59:08 86016 ----a-w- c:\windows\inf\infstor.dat
    2008-10-02 18:21:00 665600 ----a-w- c:\windows\inf\drvindex.dat
    2006-11-02 12:50:50 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-10-17 01:52:54 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2009-10-17 01:52:54 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2009-10-17 01:52:54 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

    ============= FINISH: 22:56:25.53 ===============

    Attach.txt is attached

    Attached Files:

  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    There is an entry for LiveUpdate 3.3 (Symantec Corporation) which means at some point Norton was on the system. But I don't see anything for it running. You need to get an antivirus program on the system- now.

    There are no System Restore Points. Is it turned on? Were restore points removed?
    The logs show nothing was= Created Last 30 =

    So the logs aren't showing malware entries, but are showing system problems. But unless you can get a working antivirus program on the system, there is no point in cleaning it. Do you understand that the AV program doesn't have to be changed if it's current and working? We suggest the following to be used if there is no AV at all. Please try again- I don't need a scan but the system need protection if I send you to download programs to run!
    Both of the following programs are free and known to be good:
    Avira Free
    Avast Home

    Please reboot the system when done.
    ===============================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    I will have you update the Java and remove the old versions later.
  7. Biolund

    Biolund Newcomer, in training Topic Starter Posts: 32

    I am not sure about the restore points since I did not set up the computer and my wife has used it since we got it.

    I was able to install Avast AV, but it would not start. I got the message " the application has failed to start because of its side-by-side configuration is incorrect. Please see application event log for more detail"

    I did run Eset NOD32 Online AntiVirus scan. Here is the log:

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=3f39a13077c67844b6a602ca52997e87
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-08-05 02:42:35
    # local_time=2010-08-04 10:42:35 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=9
    # osver=6.0.6000 NT
    # compatibility_mode=5892 16776573 100 100 0 117578197 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=157472
    # found=0
    # cleaned=0
    # scan_time=5507
  8. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Message from Bobbye:

    ========================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  9. Biolund

    Biolund Newcomer, in training Topic Starter Posts: 32

    Bobbye - Thank you for helping me and countless others on this forum - your work is greatly appreciated!! I hope everything works out for the best for you.

    Broni - thank you for taking over where Bobbye left. I ran the ComboFix. Here is the log:

    ComboFix 10-08-06.01 - wner 08/06/2010 19:46:29.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.989 [GMT -4:00]
    Running from: c:\users\wner\Desktop\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\setup.ini
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
    .

    2010-08-05 01:02 . 2010-08-05 01:02 -------- d-----w- c:\program files\ESET
    2010-08-05 00:49 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-08-05 00:49 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-08-05 00:49 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-08-05 00:49 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-08-05 00:49 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-08-05 00:47 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
    2010-08-05 00:47 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
    2010-08-05 00:46 . 2010-08-05 00:46 -------- d-----w- c:\programdata\Alwil Software
    2010-08-05 00:46 . 2010-08-05 00:46 -------- d-----w- c:\program files\Alwil Software
    2010-08-03 12:59 . 2010-08-03 12:59 -------- d-----w- c:\windows\Sun

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-05 00:50 . 2007-10-16 00:24 -------- d-----w- c:\program files\Google
    2010-06-22 17:31 . 2010-06-22 17:31 50354 ----a-w- c:\users\wner\AppData\Roaming\Facebook\uninstall.exe
    2010-06-22 17:31 . 2010-06-22 17:31 -------- d-----w- c:\users\wner\AppData\Roaming\Facebook
    2010-06-19 01:45 . 2010-06-19 01:45 -------- d-----w- c:\users\wner\AppData\Roaming\Malwarebytes
    2010-06-19 01:45 . 2010-06-19 01:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-19 01:45 . 2010-06-19 01:45 -------- d-----w- c:\programdata\Malwarebytes
    2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\users\wner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    2010-06-06 16:21 . 2007-12-21 21:28 103832 ----a-w- c:\users\wner\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-05-21 18:14 . 2009-10-18 06:39 221568 ------w- c:\windows\system32\MpSigStub.exe
    2009-12-04 17:50 . 2010-01-03 12:28 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2008-01-10 1232896]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-10-16 1006264]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
    "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-01 129560]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-01 141848]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-01 154136]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-04 30192]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 136176]
    R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-04 30192]
    R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
    R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-05-24 251904]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 00:49]

    2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 00:49]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6714
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\wner\AppData\Roaming\Mozilla\Firefox\Profiles\v7e9mvy0.default\
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\users\wner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\users\wner\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\users\wner\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
    HKLM-Run-BigFix - c:\program files\Bigfix\bigfix.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-06 19:51
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2010-08-06 19:53:21
    ComboFix-quarantined-files.txt 2010-08-06 23:53

    Pre-Run: 52,113,498,112 bytes free
    Post-Run: 52,095,594,496 bytes free

    - - End Of File - - A9820896521DF3517826DF099CE09914
  10. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    You're very welcome [​IMG]

    Combofix log looks good :)

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    ====================================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  11. Biolund

    Biolund Newcomer, in training Topic Starter Posts: 32

    Here is the OLT.txt (attached)

    Attached Files:

    • OTL.Txt
      File size:
      73.8 KB
      Views:
      1
     
  12. Biolund

    Biolund Newcomer, in training Topic Starter Posts: 32

    ...and here is the Extras.txt (the OLT.txt was too long for copy/paste):

    OTL Extras logfile created on: 8/6/2010 8:16:39 PM - Run 1
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\wner\Desktop
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.16512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.69 Gb Total Space | 48.54 Gb Free Space | 35.00% Space Free | Partition Type: NTFS
    Drive D: | 10.36 Gb Total Space | 3.87 Gb Free Space | 37.39% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: OWNER-PC
    Current User Name: wner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 1
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1B2B62A9-E380-444A-B565-E176979ACC02}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{1C5B07A9-ACB6-4896-B551-91BB2436666D}" = rport=138 | protocol=17 | dir=out | app=system |
    "{2DB233E9-60DD-4415-AADE-5C293BDB4AA9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{31E509EA-2DAF-43D7-BFFD-1ECCA2214E12}" = rport=137 | protocol=17 | dir=out | app=system |
    "{5818B398-7379-47A2-9C01-E9A57AA3A897}" = lport=137 | protocol=17 | dir=in | app=system |
    "{5B1E8EB3-551B-4F6D-A1D2-9A665000BDE1}" = rport=445 | protocol=6 | dir=out | app=system |
    "{65D031F3-4A79-4BF8-AA62-79E4E317B484}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{7B474FA3-919E-4132-BD5E-896350EF1A8C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{875F73F2-C96A-47F3-BEA6-6241B6EFBC3C}" = lport=445 | protocol=6 | dir=in | app=system |
    "{917DD9AC-1DC2-44B0-B808-829C82D62B81}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{944BF2D0-B75A-42F4-ABA7-04BB2B9C6DFA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{A9B787B7-DA84-48E4-A54B-FDCC6409FF00}" = rport=139 | protocol=6 | dir=out | app=system |
    "{B1817131-D209-46E4-B58D-08E53C3EE720}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BB31A7DE-8A5C-4368-A3BB-0AEFAA8BCC53}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{BDCB8FE4-9B49-4FAD-9593-C85C260EFB1A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{C22CB836-490A-4813-9FC6-2A6679B44A58}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{CA2B5D01-3214-44BF-8831-C5D594F00E4C}" = lport=139 | protocol=6 | dir=in | app=system |
    "{DD78E8FB-90C8-4009-ABDE-7B64C7CF0B82}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{E493C4F1-9AAF-41A2-838F-E2BE0EA8F252}" = lport=138 | protocol=17 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0316F610-20C2-49AB-B068-4783074D944C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{1EF025C8-B810-41FF-8A18-48667C6EF790}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{58478FDE-765C-4DC7-8461-6BEC81B6BCE6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{616D8960-E156-42E8-A46F-0A011B369242}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{639719B0-3B93-4938-8F05-15BBFF4735CA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{68443134-71B8-4FF4-AE8F-66A3EBCBC1F6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{71718F87-A8F1-4B6C-A47A-38088E22EBC5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{80E87CAF-DC94-4480-9E25-824EBAF443CE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{97B53A52-E079-4E14-920E-44C9F90E55E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{A49BF55E-2D90-465E-9D38-CF5E29884314}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{B348E9A4-6436-4819-998C-7A99130AB9D7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{B7B7B470-36CC-4F64-BCFE-FF654C1C9DB4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{DE4BF297-AF41-497F-A52C-381F180065EE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "TCP Query User{576B2BE6-DBDF-4497-8A85-2A18D75308E2}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe |
    "UDP Query User{FF2969DA-10D4-4B66-A307-D8C1259B9E49}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}" = REALTEK USB Wireless LAN Driver
    "{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI
    "{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
    "{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
    "{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
    "{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
    "{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6ABA3523-4F11-4787-8839-C249BBF0B8D1}" = Rosetta Stone 2.2.0.0A
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
    "{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
    "{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "avast5" = avast! Free Antivirus
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "ESET Online Scanner" = ESET Online Scanner v3
    "FAA Test Prep" = FAA Test Prep
    "FAA Test Prep 2006 Edition" = Gleim's FAA Test Prep 2006 Edition
    "Gateway Game Console" = Gateway Game Console
    "Google Chrome" = Google Chrome
    "Google Desktop" = Google Desktop
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "InstallShield_{6ABA3523-4F11-4787-8839-C249BBF0B8D1}" = Rosetta Stone 2.2.0.0A
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Money2007b" = Microsoft Money Essentials
    "Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
    "SMSERIAL" = Motorola SM56 Data Fax Modem
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/6/2010 7:53:26 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe".
    Dependent
    Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/6/2010 7:53:26 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe".
    Dependent
    Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/6/2010 7:53:27 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe".
    Dependent
    Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/6/2010 8:09:49 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe".
    Dependent
    Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/6/2010 8:11:21 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe".
    Dependent
    Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/6/2010 8:11:59 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe".
    Dependent
    Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/6/2010 8:12:01 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe".
    Dependent
    Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/6/2010 8:12:01 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe".
    Dependent
    Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/6/2010 8:12:06 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
    Description = Faulting application sidebar.exe, version 6.0.6000.16615, time stamp
    0x4764fba1, faulting module ole32.dll, version 6.0.6000.16386, time stamp 0x4549bd92,
    exception code 0xc0000005, fault offset 0x0005882c, process id 0xe30, application
    start time 0x01cb35c5278e7897.

    Error - 8/6/2010 8:16:18 PM | Computer Name = Owner-PC | Source = WerSvc | ID = 5007
    Description =

    [ System Events ]
    Error - 3/15/2008 10:32:29 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-Servicing | ID = 4385
    Description =

    Error - 3/15/2008 10:32:34 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =

    Error - 3/15/2008 10:33:06 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 3/15/2008 10:33:06 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-Servicing | ID = 4385
    Description =

    Error - 3/15/2008 10:33:11 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =

    Error - 3/15/2008 10:35:29 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 3/15/2008 10:35:29 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-Servicing | ID = 4385
    Description =

    Error - 3/15/2008 10:35:29 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-Servicing | ID = 4385
    Description =

    Error - 3/15/2008 10:35:29 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-Servicing | ID = 4385
    Description =

    Error - 3/15/2008 10:35:34 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =


    < End of report >
  13. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
      DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
      "EnableFirewall" =dword:00000001
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
      "AntiVirusOverride" =-
      
      :Files
      C:\Program Files\Symantec
      C:\Program Files\Common Files\Symantec Shared
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  14. Biolund

    Biolund Newcomer, in training Topic Starter Posts: 32

    Results of the fix log:

    All processes killed
    ========== OTL ==========
    Service LiveUpdate stopped successfully!
    Service LiveUpdate deleted successfully!
    C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE moved successfully.
    Service SYMREDRV stopped successfully!
    Service SYMREDRV deleted successfully!
    File C:\Windows\System32\Drivers\SYMREDRV.SYS not found.
    Service SPBBCDrv stopped successfully!
    Service SPBBCDrv deleted successfully!
    File C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile\\"EnableFirewall" |dword:00000001 /E : value set successfully!
    Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiVirusOverride scheduled to be deleted on reboot.
    ========== FILES ==========
    C:\Program Files\Symantec\Symantec Endpoint Protection folder moved successfully.
    C:\Program Files\Symantec\LiveUpdate folder moved successfully.
    C:\Program Files\Symantec folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\SRTSP folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\SPManifests folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\Help folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\COH folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: wner
    ->Temp folder emptied: 117704 bytes
    ->Temporary Internet Files folder emptied: 3303569 bytes
    ->Java cache emptied: 23305 bytes
    ->FireFox cache emptied: 37179972 bytes
    ->Flash cache emptied: 3506 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 12972 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 39.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: wner
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.9.1 log created on 08062010_205442

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiVirusOverride scheduled to be deleted on reboot.
  15. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    ...and...
    You can just attach the file.
  16. Biolund

    Biolund Newcomer, in training Topic Starter Posts: 32

    Here it is

    Attached Files:

    • OTL.Txt
      File size:
      61.4 KB
      Views:
      1
  17. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Good :)

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
  18. Biolund

    Biolund Newcomer, in training Topic Starter Posts: 32

    Here is the checkup.txt. I will followe step 2 & 3 now.

    Results of screen317's Security Check version 0.99.5
    Windows Vista (UAC is disabled!)
    Out of date service pack!!
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    avast! Free Antivirus
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 21
    Adobe Flash Player 10.0.42.34
    Adobe Reader 8.1.2
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.5.11) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ````````````````````````````````
    DNS Vulnerability Check:

    Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

    ``````````End of Log````````````
  19. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    You don't have any service pack installed.
    It's dangerous.
    As soon, as Kaspersky will show a clean computer, please install SP2.

    ==========================================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
  20. Biolund

    Biolund Newcomer, in training Topic Starter Posts: 32

    Broni

    Part of my problem with this computer is that windows update fails to install most updates. I tried to install SP2 recently and was unable to do so. I suspected that perhaps Malware were at play.
  21. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Very possible. Let's see, if you can do it, when we're done...
  22. Biolund

    Biolund Newcomer, in training Topic Starter Posts: 32

    Here is the Kaspersky log. It looks like it is clean:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Saturday, August 7, 2010
    Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Friday, August 06, 2010 18:25:52
    Records in database: 4135745
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\

    Scan statistics:
    Objects scanned: 157654
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 03:28:20

    No threats found. Scanned area is clean.

    Selected area has been scanned.
  23. Biolund

    Biolund Newcomer, in training Topic Starter Posts: 32

    Windows update is still not cooperating. Also found out that the computer does not even have service pack 1. I downloaded SP1 and attempted to manually install it without any luck. The install was stopped almost immediately with the message:

    An internal error occurred while installing the service pack
    Error code 0x80073712. See
    http://go.microsoft.com/fwlink/?LinkId=101139 for details
  24. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Let's run last steps first...

    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    =========================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current (skip this one).

    5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.

    =================================================================

    Now...

    Try here: http://support.microsoft.com/kb/971058
    If the above doesn't work, try this: http://support.microsoft.com/kb/931712/
    Do NOT use Method 2: Perform a system restore under any circumstances.
  25. Biolund

    Biolund Newcomer, in training Topic Starter Posts: 32

    Broni - THANK YOU for cleaning my computer!!!. I am still working on the update issue. Have tried step 1 without success. Will try step 2 and report back.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.