Vista anti-spyware 2011

Solved
By MichaelCorleone
May 9, 2011
Topic Status:
Not open for further replies.
  1. Whenever I try to doubleclick FireFox, a pop-up comes up stating "Vista Anti-Spyware has blocked a program from accessing the internet. When I attempt to access my homepage it says Alert. Visiting this site may pose a threat to your system! What I mean by anything like that, would be anything that needs an internet connection seems to be locked out due to this virus.


    I've attempted to run malware bytes but each time I try to run the program, it never opens up.

    There is also a pop-up on the task bar that says mal ware detected.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Did you mark this thread Active? That is suppose to be done by Broni and I went we pick up a thread. Please do not use the Thread Tools.

    Try the following to run Malwarebytes:
    Please download randmbam.exe

    It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.

    Once done, try running a scan again

    Then please follow the rest of the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  3. MichaelCorleone

    MichaelCorleone Newcomer, in training Topic Starter Posts: 20

    Oops, I put the thread title as active, sorry.

    I already have avria and malware bytes on system. So ill have to remove and reinstall from the above links?

    Also, I am using my phone because I could not access internet on my computer. I won't be back to my computer till about 2 hours from now. How would I download if I can't.get.access from FireFox.

    Thank you for your help!
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    The current version of Malwarebytes is Malwarebytes Anti-Malware 1.50.1 and the database is updated when it's run. If you do have this version on the system, you can run it, but you won't be able to update it. You could go ahead and use it, but I will have you repeat the scan when the connection is restored.

    Avira is fine.

    If you can't access the internet, download the programs to a flash drive, then run them on the problem computer.

    This is most likely from the rogue antispyware program.
  5. MichaelCorleone

    MichaelCorleone Newcomer, in training Topic Starter Posts: 20

    I came back from lunch and my roommate ran super anti spare and niece nothing will work.

    When I click on desk top icon or any program the open with window comes up.

    Ugh
  6. MichaelCorleone

    MichaelCorleone Newcomer, in training Topic Starter Posts: 20

    Ok I.got the programs working with a Vista exe support file I downloaded.

    I have done step 2 and am doing step 3. I have mal ware bytes running and hope it'll be complete when I return from work.

    I will post results from steps, 3, 4 and 5 in about 6 hours.
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Okay. Fine.
  8. MichaelCorleone

    MichaelCorleone Newcomer, in training Topic Starter Posts: 20

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6539

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    5/9/2011 7:53:17 PM
    mbam-log-2011-05-09 (19-53-17).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 298883
    Time elapsed: 46 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Levi\downloads\yontooclientsetup(2).exe (Adware.Agent) -> Quarantined and deleted successfully.
    c:\Users\Levi\downloads\yontooclientsetup.exe (Adware.Agent) -> Quarantined and deleted successfully.






    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit scan 2011-05-09 20:26:41
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 rev.
    Running: j6umgfig.exe; Driver: C:\Users\Levi\AppData\Local\Temp\pxldapod.sys


    ---- System - GMER 1.0.15 ----

    SSDT 9AE39B54 ZwCreateThread
    SSDT 9AE39B40 ZwOpenProcess
    SSDT 9AE39B45 ZwOpenThread
    SSDT 9AE39B4F ZwTerminateProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 221 81EFE9A4 4 Bytes [54, 9B, E3, 9A] {PUSH ESP; WAIT ; JECXZ 0xffffffffffffff9e}
    .text ntkrnlpa.exe!KeSetEvent + 3F1 81EFEB74 4 Bytes [40, 9B, E3, 9A] {INC EAX; WAIT ; JECXZ 0xffffffffffffff9e}
    .text ntkrnlpa.exe!KeSetEvent + 40D 81EFEB90 4 Bytes [45, 9B, E3, 9A] {INC EBP; WAIT ; JECXZ 0xffffffffffffff9e}
    .text ntkrnlpa.exe!KeSetEvent + 621 81EFEDA4 4 Bytes [4F, 9B, E3, 9A] {DEC EDI; WAIT ; JECXZ 0xffffffffffffff9e}
    ? System32\drivers\ahvaqcu.sys The system cannot find the path specified. !
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EC0D000, 0x1F8CAC, 0xE8000020]
    C:\Program Files\CyberLink\PowerDVD DX\000.fcl entry point in "" section [0x9EC2C41C]
    .clc C:\Program Files\CyberLink\PowerDVD DX\000.fcl unknown last code section [0x9EC2D000, 0x1000, 0xE0000020]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E77817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73ECA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E7BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73E6F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73E6E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73EA8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73E7DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73E6FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73E6FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73E671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73EFCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73E9C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73E6D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73E66853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73E6687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E72AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Files - GMER 1.0.15 ----

    ADS C:\Program Files\Retro64 Games\build-a-lot_3:_passport_to_europe.exe 99230672 bytes executable
    ADS C:\Program Files\Retro64 Games\build-a-lot_3:_passport_to_europe.exe 0 bytes executable
    ADS C:\Program Files\Retro64 Games\build-a-lot_3:_passport_to_europe.exe 0 bytes executable
    ADS C:\Program Files\Retro64 Games\build-a-lot_3:_passport_to_europe.exe 0 bytes executable

    ---- EOF - GMER 1.0.15 ----




    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Levi at 20:27:57.76 on Mon 05/09/2011
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2027 [GMT -4:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\AERTSrv.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Dell\DellComms\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Dell\DellComms\gs_agent\bcont.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Levi\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.com/
    uWindow Title = Internet Explorer provided by Dell
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081022
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [DellComms] "c:\program files\dell\dellcomms\bin\sprtcmd.exe" /P DellComms
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
    mRun: [hpqSRMon]
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\levi\appdata\roaming\mozilla\firefox\profiles\k5l5p5uv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=18-06-2010&tb_mrud=18-06-2010
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=oar4MspErF2B8tuwLXPKgg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
    FF - component: c:\users\levi\appdata\roaming\mozilla\firefox\profiles\k5l5p5uv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\users\levi\appdata\roaming\mozilla\firefox\profiles\k5l5p5uv.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\users\levi\appdata\roaming\facebook\npfbplugin_1_0_1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2009-8-8 77004]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-3-22 11608]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 67656]
    R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};c:\program files\cyberlink\powerdvd dx\000.fcl [2008-10-22 61424]
    R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-10-22 73728]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-3-22 108289]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-3-22 185089]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-22 56816]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2008-10-22 27648]
    R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files\dell\dellcomms\bin\sprtsvc.exe [2008-3-4 202544]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-14 24652]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe" --> c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [?]
    S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
    S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\WUSB54GCx86.sys [2007-3-12 256000]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 12872]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-05-06 06:26:37 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{1d53f781-f026-412f-b3d6-dfff60f9b2b6}\mpengine.dll
    2011-04-27 00:24:16 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-04-27 00:24:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-04-27 00:24:14 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-04-17 20:08:18 -------- d-----w- c:\windows\John Tiller's Campaign Series
    2011-04-17 20:08:17 -------- d-----w- C:\Matrix Games
    2011-04-12 22:21:01 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-04-12 22:20:56 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-12 22:14:56 292864 ----a-w- c:\windows\system32\atmfd.dll
    2011-04-12 22:14:55 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-04-12 22:09:11 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-04-12 22:09:11 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-04-12 22:09:11 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-12 22:09:11 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-12 22:07:33 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2011-04-12 22:07:33 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-04-12 22:05:14 305152 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-04-12 22:05:14 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-04-12 22:05:14 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-04-12 22:04:13 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-04-12 22:04:13 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-04-12 22:03:26 834048 ----a-w- c:\windows\system32\wininet.dll
    2011-04-12 22:03:25 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-04-12 22:03:25 389632 ----a-w- c:\windows\system32\html.iec
    2011-04-12 21:59:09 2041856 ----a-w- c:\windows\system32\win32k.sys
    2011-04-12 21:58:04 430080 ----a-w- c:\windows\system32\vbscript.dll
    2011-04-10 17:52:12 -------- d-----w- c:\users\levi\appdata\roaming\StreamTorrent
    2011-04-10 17:52:11 -------- d-----w- c:\program files\StreamTorrent 1.0
    .
    ==================== Find3M ====================
    .
    2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
    .
    ============= FINISH: 20:28:15.27 ===============
  9. MichaelCorleone

    MichaelCorleone Newcomer, in training Topic Starter Posts: 20

    Sorry here is part 2 of step 5





    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 10/21/2008 7:59:04 PM
    System Uptime: 5/9/2011 7:54:21 PM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0M017G
    Processor: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz | CPU 1 | 2533/267mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 581 GiB total, 460.259 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 9.69 GiB free.
    E: is CDROM (UDF)
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1015: 4/13/2011 3:00:12 AM - Windows Update
    RP1016: 4/14/2011 1:50:05 AM - Scheduled Checkpoint
    RP1017: 4/15/2011 2:16:37 AM - Windows Update
    RP1018: 4/16/2011 3:32:40 AM - Scheduled Checkpoint
    RP1019: 4/17/2011 2:43:48 AM - Scheduled Checkpoint
    RP1020: 4/18/2011 1:57:54 AM - Scheduled Checkpoint
    RP1021: 4/19/2011 1:33:06 AM - Scheduled Checkpoint
    RP1022: 4/19/2011 1:54:32 AM - Windows Update
    RP1023: 4/20/2011 1:41:35 AM - Scheduled Checkpoint
    RP1024: 4/21/2011 12:58:10 AM - Scheduled Checkpoint
    RP1025: 4/22/2011 12:00:01 AM - Scheduled Checkpoint
    RP1026: 4/22/2011 1:54:26 AM - Windows Update
    RP1027: 4/22/2011 3:00:10 AM - Windows Update
    RP1028: 4/23/2011 12:00:01 AM - Scheduled Checkpoint
    RP1029: 4/24/2011 12:53:55 AM - Scheduled Checkpoint
    RP1030: 4/25/2011 1:08:42 AM - Scheduled Checkpoint
    RP1031: 4/26/2011 1:19:49 AM - Scheduled Checkpoint
    RP1032: 4/26/2011 1:54:38 AM - Windows Update
    RP1033: 4/27/2011 1:41:07 AM - Scheduled Checkpoint
    RP1034: 4/27/2011 3:00:10 AM - Windows Update
    RP1035: 4/28/2011 12:11:52 AM - Scheduled Checkpoint
    RP1036: 4/29/2011 12:30:13 AM - Scheduled Checkpoint
    RP1037: 4/29/2011 2:26:30 AM - Windows Update
    RP1038: 4/30/2011 1:36:42 AM - Scheduled Checkpoint
    RP1039: 5/1/2011 12:11:02 AM - Scheduled Checkpoint
    RP1040: 5/2/2011 1:30:54 AM - Scheduled Checkpoint
    RP1041: 5/3/2011 12:26:10 AM - Scheduled Checkpoint
    RP1042: 5/3/2011 2:26:27 AM - Windows Update
    RP1043: 5/4/2011 12:08:01 AM - Scheduled Checkpoint
    RP1044: 5/5/2011 1:11:31 AM - Scheduled Checkpoint
    RP1045: 5/6/2011 1:06:41 AM - Scheduled Checkpoint
    RP1046: 5/6/2011 2:26:29 AM - Windows Update
    RP1047: 5/7/2011 12:44:23 AM - Scheduled Checkpoint
    RP1048: 5/8/2011 5:35:15 AM - Scheduled Checkpoint
    RP1049: 5/9/2011 12:00:01 AM - Scheduled Checkpoint
    RP1050: 5/9/2011 2:32:51 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    4500_Help
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.1
    AIM 7
    AIM Toolbar
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Panorama Maker 4
    ATI Catalyst Control Center
    Avira AntiVir Personal - Free Antivirus
    Bonjour
    BPD_HPSU
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    Browser Address Error Redirector
    BufferChm
    Build A Lot 3 Passport To Europe
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Turkish
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help English
    CCC Help French
    CCC Help German
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Portuguese
    CCC Help Spanish
    CCC Help Turkish
    CCleaner
    Comcast High-Speed Internet Install Wizard
    Compatibility Pack for the 2007 Office system
    Conexant D850 PCI V.92 Modem
    Coupon Printer for Windows
    CustomerResearchQFolder
    Dell Communications
    Dell Dock
    Dell Getting Started Guide
    Dell Support Center
    Dell Video Chat (remove only)
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    Digital Line Detect
    DirectXInstallService
    DivX Codec
    DivX Version Checker
    DocMgr
    DocProc
    DocProcQFolder
    Download Updater (AOL LLC)
    EDocs
    eSupportQFolder
    Facebook Plug-In
    Fax
    File Uploader
    GoToAssist 8.0.0.514
    GPBaseService
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 10.0
    HP Document Manager 1.0
    HP Imaging Device Functions 10.0
    HP Memories Disc
    HP Officejet J4500 Series
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    HP Photosmart Essential 2.5
    HP Smart Web Printing 4.60
    HP Solution Center 10.0
    HP Update
    HPProductAssistant
    HPSSupply
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    J4500
    Java 2 Runtime Environment, SE v1.4.2
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 7
    John Tiller's Campaign Series
    Malwarebytes' Anti-Malware
    MarketResearch
    MEET MANAGER 3.0 for Swimming
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2000 SR-1 Professional
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Modem Diagnostic Tool
    Mozilla Firefox (3.6.17)
    MSVCSetup
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NetWaiting
    Nikon Message Center
    Nikon Transfer
    OCR Software by I.R.I.S. 10.0
    PowerDVD
    ProductContext
    PSSWCORE
    QuickTime
    Realtek Ethernet Network Card Diagnostic tool for Windows Vista
    Realtek High Definition Audio Driver
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Shop for HP Supplies
    Skins
    SmartWebPrinting
    SolutionCenter
    SopCast 3.0.3
    Spelling Dictionaries Support For Adobe Reader 9
    SSH Secure Shell
    Status
    StreamTorrent 1.0
    SUPERAntiSpyware Free Edition
    TEAM MANAGER 5.0 for Swimming
    Toolbox
    TrayApp
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VideoToolkit01
    Viewpoint Media Player
    WebReg
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Yahtzee Master v1.47
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/9/2011 8:27:05 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0021703D3AB0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    5/9/2011 8:27:04 AM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
    5/9/2011 7:56:23 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    5/9/2011 7:56:19 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the path specified.
    5/9/2011 12:58:04 PM, Error: Service Control Manager [7034] - The Ati External Event Utility service terminated unexpectedly. It has done this 1 time(s).
    5/9/2011 12:31:17 PM, Error: EventLog [6008] - The previous system shutdown at 12:29:12 PM on 5/9/2011 was unexpected.
    .
    ==== End Of File ===========================
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    2 of these running???
    Got to chuckle about some of this: between the Dell preloads and the unnecessary HP entries, it's a wonder the system moves at all! Someday, when things are slow, do a Google search for Tweaking Dell Preloads and Stopping unneeded HP printer processes. You will have an abundance of sites to check for what isn't needed and what doesn't need to run at all or run on boot!

    Note: Please be sure to use a Site Advisor for this> only choose sites with the Green Circle:
    Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    ===================================================
    Please note: If you have Combofix on the desktop already, please uninstall it. The download the current version and do the scan: Uninstall directions, if needed:
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    ------------------------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ==============================
    P2P or 'file sharing' Warning:
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. The following P2P programs are on your computer:
    1. yontooclientsetup.exe> 2 downloads, both infected> Warning on download site:"This is an executable file. It's recommended that you scan for viruses before use."
    2. Stream Torrent
    3. Zynga Community Toolbar: - a Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality> This has been installed as an extension in Firefox.FF - Ext:
    I suggest that you uninstall all of these for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.
    Please read the information on P2P Warning to help you better understand these dangers.
    ========================================
    You have 4 outdated Java programs. Please run the following which will remove all of their entries and leave a link for current update. The outdated programs are vulnerabilities for the system: Note: I do NOT need this log!
    Please download JavaRa and unzip it to your desktop.

    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.

    Then download and install then most current version and update (v6u25) of Java Runtime Environment (JRE) HERE.

    Reminder: Do not post the JavaRa log.
  11. MichaelCorleone

    MichaelCorleone Newcomer, in training Topic Starter Posts: 20

    ComboFix 11-05-09.03 - Levi 05/10/2011 12:16:46.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.1704 [GMT -4:00]
    Running from: c:\users\Levi\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\msvbvm60.dll
    c:\windows\usp10.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-10 16:20 . 2011-05-10 16:20 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-10 06:15 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AA3332B-17A4-4269-8F6D-9CD191F46F41}\mpengine.dll
    2011-04-27 00:24 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-04-27 00:24 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-04-27 00:24 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-04-17 20:08 . 2011-04-17 20:08 -------- d-----w- c:\windows\John Tiller's Campaign Series
    2011-04-17 20:08 . 2011-04-17 20:08 -------- d-----w- C:\Matrix Games
    2011-04-12 22:21 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-04-12 22:20 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-12 22:14 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
    2011-04-12 22:14 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-04-12 22:09 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-12 22:09 . 2011-02-22 13:24 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-04-12 22:09 . 2011-02-22 13:23 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-12 22:09 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-04-12 22:07 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2011-04-12 22:07 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-04-12 22:05 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-04-12 22:05 . 2011-02-18 14:03 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-04-12 22:05 . 2011-02-18 14:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-04-12 22:04 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-04-12 22:04 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-04-12 22:03 . 2011-02-18 16:38 834048 ----a-w- c:\windows\system32\wininet.dll
    2011-04-12 22:03 . 2011-02-18 15:45 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-04-12 22:03 . 2011-02-18 14:49 389632 ----a-w- c:\windows\system32\html.iec
    2011-04-12 21:59 . 2011-03-03 13:25 2041856 ----a-w- c:\windows\system32\win32k.sys
    2011-04-12 21:58 . 2011-02-16 16:21 430080 ----a-w- c:\windows\system32\vbscript.dll
    2011-04-10 17:52 . 2011-04-10 17:52 -------- d-----w- c:\users\Levi\AppData\Roaming\StreamTorrent
    2011-04-10 17:52 . 2011-04-10 17:52 -------- d-----w- c:\program files\StreamTorrent 1.0
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-03 15:40 . 2011-04-27 00:24 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 15:40 . 2011-04-27 00:24 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 15:40 . 2011-04-27 00:24 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 15:40 . 2011-04-27 00:24 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-02-22 14:13 . 2011-03-23 03:47 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 13:33 . 2011-03-23 03:47 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-22 13:33 . 2011-03-23 03:47 797696 ----a-w- c:\windows\system32\FntCache.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim"="c:\program files\AIM\aim.exe" [2010-04-19 3972440]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-07-18 6246400]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "DellComms"="c:\program files\Dell\DellComms\bin\sprtcmd.exe" [2008-03-04 202544]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-22 50688]
    HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-11-30 00:20 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-10-22 05:29 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2011-05-09 12:27 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
    R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
    R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\WUSB54GCx86.sys [2007-03-12 256000]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-03-30 12872]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 AFS;AFS; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-03-30 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-10-03 67656]
    S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};c:\program files\CyberLink\PowerDVD DX\000.fcl [2008-06-27 61424]
    S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-07-18 73728]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-05-02 161048]
    S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-07-21 27648]
    S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files\Dell\DellComms\bin\sprtsvc.exe [2008-03-04 202544]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - PXLDAPOD
    *Deregistered* - pxldapod
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-09 c:\windows\Tasks\RtlNICDiagVistaStart.job
    - c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-10-22 11:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    FF - ProfilePath - c:\users\Levi\AppData\Roaming\Mozilla\Firefox\Profiles\k5l5p5uv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=18-06-2010&tb_mrud=18-06-2010
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=oar4MspErF2B8tuwLXPKgg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-ECenter - c:\dell\E-Center\EULALauncher.exe
    HKLM-Run-hpqSRMon - (no file)
    MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-10 12:20
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-05-10 12:21:31
    ComboFix-quarantined-files.txt 2011-05-10 16:21
    .
    Pre-Run: 493,496,713,216 bytes free
    Post-Run: 493,433,380,864 bytes free
    .
    - - End Of File - - EC63B3E35BCEA2CB6D050529B60C8217
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\program files\viewpoint\common\ViewpointService.exe
    Folder::
    c:\users\levi\appdata\roaming\StreamTorrent
    c:\program files\StreamTorrent 1.0
    c:\users\Default\AppData\Local\temp
    DDS::
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Extra::
    File::
    c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    Firefox:: Firefox-: - Profile - c:\users\levi\appdata\roaming\mozilla\firefox\profiles\k5l5p5uv.default\
    
    ADS::
    C:\Program Files\Retro64 Games\build-a-lot_3:_passport_to_europe.exe
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    Driver::
    Viewpoint Manager Service
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Make sure that Firefox is closed before you do the following:
    Follow this path: Use Windows key + E to access Windows Explorer>
    • Go to Tools > Folder Options.
    • Select the View tab.
    • Scroll down to Hidden files and folders.
    • Select Show hidden files and folders.
    • Uncheck Hide extensions of known file types.
    • Uncheck Hide protected operating system files (Recommended).
    • Click Yes when prompted.
    • Click OK.

    Find Documents & Settings for your user name> Application Data> Mozilla> Firefox> Profiles>
    • Look for Search URL and click on the + sign to expand.
      This is the full entry in Firefox:
    • Do a right click> Rename on any & all entries for Mywebearch- Change to www.google.com
      [o] Example: rename mywebsearch.com to google.com
    • If you don't see 'SearchURL', look for the mywebsearch and do the right click> Rename
    Close Windows Explorer. Go to Folder Options in the Control Panel and rehide the files and folders.
    ======================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
  13. MichaelCorleone

    MichaelCorleone Newcomer, in training Topic Starter Posts: 20

    ComboFix 11-05-09.04 - Levi 05/10/2011 20:41:23.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2141 [GMT -4:00]
    Running from: c:\users\Levi\Desktop\ComboFix.exe
    Command switches used :: c:\users\Levi\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}"
    "c:\program files\viewpoint\common\ViewpointService.exe"
    "c:\program files\viewpoint\viewpoint media player\npViewpoint.dll"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\dell\bae\BAE.dll
    c:\program files\StreamTorrent 1.0
    c:\program files\StreamTorrent 1.0\ChangeLog.TXT
    c:\program files\StreamTorrent 1.0\Languages\streamtorrent_chs.ini
    c:\program files\StreamTorrent 1.0\Languages\streamtorrent_cht.ini
    c:\program files\StreamTorrent 1.0\Languages\streamtorrent_en.ini
    c:\program files\StreamTorrent 1.0\StreamTorrent.exe
    c:\program files\StreamTorrent 1.0\Uninstall.exe
    c:\program files\viewpoint\common\ViewpointService.exe
    c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    c:\users\Default\AppData\Local\temp
    c:\users\levi\appdata\roaming\StreamTorrent
    c:\users\levi\appdata\roaming\StreamTorrent\1.0\config\ft.dat
    c:\users\levi\appdata\roaming\StreamTorrent\1.0\config\kn.dat
    c:\users\levi\appdata\roaming\StreamTorrent\1.0\config\settings.ini
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_Viewpoint Manager Service
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-10 06:15 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AA3332B-17A4-4269-8F6D-9CD191F46F41}\mpengine.dll
    2011-04-27 00:24 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-04-27 00:24 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-04-27 00:24 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-04-17 20:08 . 2011-04-17 20:08 -------- d-----w- c:\windows\John Tiller's Campaign Series
    2011-04-17 20:08 . 2011-04-17 20:08 -------- d-----w- C:\Matrix Games
    2011-04-12 22:21 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-04-12 22:20 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-12 22:14 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
    2011-04-12 22:14 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-04-12 22:09 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-12 22:09 . 2011-02-22 13:24 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-04-12 22:09 . 2011-02-22 13:23 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-12 22:09 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-04-12 22:07 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2011-04-12 22:07 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-04-12 22:05 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-04-12 22:05 . 2011-02-18 14:03 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-04-12 22:05 . 2011-02-18 14:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-04-12 22:04 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-04-12 22:04 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-04-12 22:03 . 2011-02-18 16:38 834048 ----a-w- c:\windows\system32\wininet.dll
    2011-04-12 22:03 . 2011-02-18 15:45 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-04-12 22:03 . 2011-02-18 14:49 389632 ----a-w- c:\windows\system32\html.iec
    2011-04-12 21:59 . 2011-03-03 13:25 2041856 ----a-w- c:\windows\system32\win32k.sys
    2011-04-12 21:58 . 2011-02-16 16:21 430080 ----a-w- c:\windows\system32\vbscript.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-14 09:07 . 2010-09-09 23:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-03 15:40 . 2011-04-27 00:24 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 15:40 . 2011-04-27 00:24 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 15:40 . 2011-04-27 00:24 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 15:40 . 2011-04-27 00:24 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-02-22 14:13 . 2011-03-23 03:47 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 13:33 . 2011-03-23 03:47 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-22 13:33 . 2011-03-23 03:47 797696 ----a-w- c:\windows\system32\FntCache.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim"="c:\program files\AIM\aim.exe" [2010-04-19 3972440]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-07-18 6246400]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "DellComms"="c:\program files\Dell\DellComms\bin\sprtcmd.exe" [2008-03-04 202544]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-22 50688]
    HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-11-30 00:20 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-10-22 05:29 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2011-05-09 12:27 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
    R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
    R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\WUSB54GCx86.sys [2007-03-12 256000]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-03-30 12872]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 AFS;AFS; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-03-30 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-10-03 67656]
    S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};c:\program files\CyberLink\PowerDVD DX\000.fcl [2008-06-27 61424]
    S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-07-18 73728]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-05-02 161048]
    S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-07-21 27648]
    S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files\Dell\DellComms\bin\sprtsvc.exe [2008-03-04 202544]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-11 c:\windows\Tasks\RtlNICDiagVistaStart.job
    - c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-10-22 11:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    FF - ProfilePath - c:\users\Levi\AppData\Roaming\Mozilla\Firefox\Profiles\k5l5p5uv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=18-06-2010&tb_mrud=18-06-2010
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=oar4MspErF2B8tuwLXPKgg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-StreamTorrent 1.0 - c:\program files\StreamTorrent 1.0\uninstall.exe
    .
    .
    .
    **************************************************************************
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\RtHDVCpl.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2011-05-10 20:53:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-05-11 00:53
    ComboFix2.txt 2011-05-10 16:21
    .
    Pre-Run: 496,568,147,968 bytes free
    Post-Run: 496,086,835,200 bytes free
    .
    - - End Of File - - 7BD30BC9E8A59F55A20C56774C52D635
     
  14. MichaelCorleone

    MichaelCorleone Newcomer, in training Topic Starter Posts: 20

    I can't seem to get this to work. When I click on the folder it won't let me enter



    Make sure that Firefox is closed before you do the following:
    Follow this path: Use Windows key + E to access Windows Explorer>

    * Go to Tools > Folder Options.
    * Select the View tab.
    * Scroll down to Hidden files and folders.
    * Select Show hidden files and folders.
    * Uncheck Hide extensions of known file types.
    * Uncheck Hide protected operating system files (Recommended).
    * Click Yes when prompted.
    * Click OK.


    Find Documents & Settings for your user name> Application Data> Mozilla> Firefox> Profiles>

    * Look for Search URL and click on the + sign to expand.
    This is the full entry in Firefox:
    Quote:
    FF - prefs.js: keyword.URL - hxxp://www. /jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=oar4MspErF2B8tuwLXPKgg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
    * Do a right click> Rename on any & all entries for Mywebearch- Change to www.google.com
    [o] Example: rename mywebsearch.com to google.com
    * If you don't see 'SearchURL', look for the mywebsearch and do the right click> Rename

    Close Windows Explorer. Go to Folder Options in the Control Panel and rehide the files and folders.
  15. MichaelCorleone

    MichaelCorleone Newcomer, in training Topic Starter Posts: 20

    Okay I got to the Mozilla part for Mywebsearch but only found it under searchplugins. I renamed it to google
  16. MichaelCorleone

    MichaelCorleone Newcomer, in training Topic Starter Posts: 20

    No threats on the ESET OnlineScan scan.
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Okay, good. I had tried the path in my Firefox, but it may differ with the versions- if you found it an renamed, that's what matters. You don't want to have anything on the system from 'mywebsearch' It's an insideour site/program/search that brings a multitude of junk whenever it's used. Frequently picked up from FunWeb sites Users visit them for cursors, wallpaper, screen savers and the like.

    Looks like you may have gotten remote help as some time. Citrix left a footprint named GoToAssist on the system. You might want tp uninstall that.

    Please remove both of these from the Firefox extensions:
    Java v6u20 and v6u25
    Java should be updated only on the system. You do not need a separate extension in Firefox. Java v6u25 is the current though so make sure the system has this version.

    As previously mentioned, I would encourage you to remove the Zynga Community Toolbar from the Firefox entensions. (Post 10, #3)

    If the initial problems have been resolved:
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
    Let me know if you have any questions.
  18. MichaelCorleone

    MichaelCorleone Newcomer, in training Topic Starter Posts: 20

    Okay I did all the steps.

    I deleted the Combofix, GMER download file, DDs download file and the plug ins that you mentioned on FireFox.


    Can TFC stay or do I need to delete it?


    I updated JAVA to the newest version. Are there any other updates I need for any other programs?


    I didn't find this or understand this:

    1. yontooclientsetup.exe> 2 downloads, both infected> Warning on download site:"This is an executable file. It's recommended that you scan for viruses before use."



    Thank you for all your help!
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Please remove TFC- for now. We have notice a problem with it currently.

    This was a 'hint' that the download site for this gave you a Warning that you do a virus scan first because it is an .exe file. I thought it was 'interesting' that Mbam found and quarantined these:
    And you downloaded the setup twice! Got to find a bit of warped humor in that! I don't recall ever seeing a download site tell a user to run a virus scan on a program!
  20. MichaelCorleone

    MichaelCorleone Newcomer, in training Topic Starter Posts: 20

    I deleted TFC download file.

    Oh, hahaha.


    Is there any other steps I need to do?


    Thanks for all your help!
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    You're welcome! No more steps- here are some tips ro help you stay clean:
    Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editior in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o] [o]Avast-Free Antivirus
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Tracking Cookies
      Reset Cookie:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
      [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    6. Do regular Maintenance
      [o] Temporary File Cleaner
    7. Restore Points:
      [o]See System Restore Guide
    8. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad link.
  22. MichaelCorleone

    MichaelCorleone Newcomer, in training Topic Starter Posts: 20

    Thank you so much for all your help and advice, it is greatly appreciated
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    You're welcome. Stay safe and enjoy your computer experience.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.