1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Computer accessing Internet on its own

By MelissaP · 4 replies
May 13, 2010
  1. this is the second pc.

    logs attached...
    Malwarebytes' Anti-Malware 1.45

    Database version: 3930

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18904

    2010/05/12 04:28:29 PM
    mbam-log-2010-05-12 (16-28-29).txt

    Scan type: Quick scan
    Objects scanned: 104368
    Time elapsed: 6 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER - http://www.gmer.net
    Rootkit scan 2010-05-12 16:56:48
    Windows 6.0.6002 Service Pack 2
    Running: jk7yo365.exe; Driver: C:\Users\User\AppData\Local\Temp\agldqpod.sys

    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8B40A340, 0x3D94C7, 0xE8000020]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\services.exe[612] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
    IAT C:\Windows\system32\services.exe[612] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
    IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
    IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
    IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
    IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs OsaFsLoc.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs eLock2FSCTLDriver.sys (ELock File System Filter Driver/Acer, Inc.)

    Device \Driver\netbt \Device\NetBT_Tcpip_{01E6DA7C-B433-4D34-9EC1-326B840DFCD8} netlock.sys

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\tdx \Device\Tcp netlimiter.sys
    AttachedDevice \Driver\tdx \Device\Tcp netlock.sys

    Device \Driver\netbt \Device\NetBt_Wins_Export netlock.sys

    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\tdx \Device\Udp netlimiter.sys
    AttachedDevice \Driver\tdx \Device\Udp netlock.sys

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogName C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy167.gthr

    ---- Files - GMER 1.0.15 ----

    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0CCE0.log 131072 bytes
    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0CCE1.log 0 bytes

    ---- EOF - GMER 1.0.15 ----


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by User at 16:22:47.06 on 2010/05/13
    Internet Explorer: 8.0.6001.18904
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.27.1033.18.1791.963 [GMT 2:00]

    AV: avast! antivirus 4.8.1169 [VPS 100128-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: avast! antivirus 4.8.1169 [VPS 100128-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Acer\Empowering Technology\SysMonitor.exe
    C:\Acer\Empowering Technology\eLock\autolockprocess\AutoLockProcess.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Program Files\Acer\eProtection\Service\eProtectionServ.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe

    ============== Pseudo HJT Report ===============

    uSearch Bar = Preserve
    uStart Page = hxxp://www.google.co.za/
    mStart Page = hxxp://en.za.acer.yahoo.com
    mDefault_Page_URL = hxxp://en.za.acer.yahoo.com
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
    mRun: [AutoLockProcess] c:\acer\empowering technology\elock\autolockprocess\autolockprocess.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
    mRun: [AdminWorks Tray] "c:\acer\lanscope agent\awtray.exe"
    mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
    mRun: [eRecoveryService]
    mRun: [<NO NAME>]
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: unisa.ac.za\my
    DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    Hosts: www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R0 eLock2BurnerLockDriver;Disk Performance Monitor Filter Driver;c:\windows\system32\drivers\eLock2burnerlockdriver.sys [2002-4-11 22048]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-28 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-28 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-28 53328]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-28 138680]
    R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\drivers\eLock2FSCTLDriver.sys [2002-4-11 86048]
    R2 eProtection;eProtection Service;c:\program files\acer\eprotection\service\eProtectionServ.exe [2002-4-11 24576]
    R2 netlimiter;netlimiter;c:\windows\system32\drivers\NetLimiter.sys [2006-10-3 18072]
    R2 netlock;netlock;c:\windows\system32\drivers\NetLock.sys [2007-5-31 14616]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-21 1153368]
    S2 gupdate1ca2c968d5b1939;Google Update Service (gupdate1ca2c968d5b1939);c:\program files\google\update\GoogleUpdate.exe [2009-9-3 133104]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-28 254040]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-28 352920]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

    =============== Created Last 30 ================

    2010-05-10 05:41:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-05-10 05:41:06 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
    2010-05-10 05:41:06 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
    2010-05-10 05:40:45 172032 ----a-w- c:\windows\system32\wintrust.dll
    2010-05-10 05:40:34 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-05-10 05:40:34 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-05-10 05:40:30 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-05-10 05:40:29 98304 ----a-w- c:\windows\system32\cabview.dll
    2010-05-10 05:40:27 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2010-05-10 05:40:26 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-05-10 05:40:26 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-05-10 05:40:24 62464 ----a-w- c:\windows\system32\l3codeca.acm
    2010-05-10 05:40:23 220672 ----a-w- c:\windows\system32\l3codecp.acm
    2010-04-21 10:17:19 0 d-----w- c:\program files\Trend Micro
    2010-04-21 07:59:54 0 d-----w- c:\windows\Internet Logs
    2010-04-21 06:15:56 144 ----a-w- c:\windows\system32\lkfl.dat
    2010-04-21 06:15:47 0 d-----w- c:\program files\CheckPoint
    2010-04-21 06:12:47 0 d-----w- c:\programdata\CheckPoint
    2010-04-21 05:35:16 0 d-----w- c:\programdata\Spybot - Search & Destroy
    2010-04-21 05:35:16 0 d-----w- c:\program files\Spybot - Search & Destroy

    ==================== Find3M ====================

    2010-05-06 08:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-04-21 06:30:18 86016 ----a-w- c:\windows\inf\infstrng.dat
    2010-04-21 06:30:18 86016 ----a-w- c:\windows\inf\infstor.dat
    2010-04-21 06:30:18 51200 ----a-w- c:\windows\inf\infpub.dat
    2010-03-29 22:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-29 22:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
    2009-11-04 05:37:32 665600 ----a-w- c:\windows\inf\drvindex.dat
    2008-01-21 02:43:58 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-10-15 05:19:25 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

    ============= FINISH: 16:24:15.90 ===============
  2. MelissaP

    MelissaP TS Rookie Topic Starter


    DDS (Ver_10-03-17.01)

    Microsoft® Windows Vista™ Business
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2008/06/29 12:17:15 AM
    System Uptime: 2010/05/13 04:14:32 PM (0 hours ago)

    Motherboard: ACER | | MCP73VE
    Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | SOCKET775 M/B | 1203/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 70 GiB total, 36.401 GiB free.
    D: is Removable
    E: is Removable
    F: is Removable
    G: is Removable
    H: is FIXED (NTFS) - 70 GiB total, 69.384 GiB free.
    I: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&8CB234F&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&8CB234F&0
    Service: i8042prt

    ==== System Restore Points ===================

    RP449: 2010/04/23 08:49:31 AM - Windows Update
    RP450: 2010/04/26 12:27:12 PM - Scheduled Checkpoint
    RP451: 2010/04/29 08:45:17 AM - Windows Update
    RP452: 2010/04/30 08:45:34 AM - Windows Update
    RP453: 2010/05/04 08:45:18 AM - Windows Update
    RP454: 2010/05/07 08:45:37 AM - Windows Update
    RP455: 2010/05/10 07:44:10 AM - Windows Update
    RP456: 2010/05/11 08:45:39 AM - Windows Update
    RP457: 2010/05/13 12:27:15 PM - Scheduled Checkpoint

    ==== Installed Programs ======================

    2007 Microsoft Office system
    Acer eDataSecurity Management
    Acer eLock Management
    Acer Empowering Technology
    Acer ePerformance Management
    Acer eSettings Management
    Acer LANScope Agent
    Acer ScreenSaver
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.2
    Adobe® Photoshop® Album Starter Edition 3.2
    ATI Catalyst Install Manager
    avast! Antivirus
    Business Contact Manager for Outlook 2007 SP2
    eSobi v2
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    Google Toolbar for Internet Explorer
    Google Update Helper
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP LaserJet P2010 Series
    Java Auto Updater
    Java(TM) 6 Update 18
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    NTI Backup NOW! 4.7
    NTI CD & DVD-Maker
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    Opera 10.51
    Realtek High Definition Audio Driver
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB978380)
    Security Update for Microsoft Office Excel 2007 (KB978382)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB980470)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Spybot - Search & Destroy
    Update for 2007 Microsoft Office System (KB967642)
    Update for 2007 Microsoft Office System (KB981715)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 (KB974561)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (kb981433)

    ==== Event Viewer Messages From Past Week ========

    2010/05/12 07:42:04 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease for the Network Card with network address 001D929B01B3 has been denied by the DHCP server (The DHCP Server sent a DHCPNACK message).
    2010/05/12 04:15:34 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

    ==== End Of File ===========================
  3. Broni

    Broni Malware Annihilator Posts: 53,874   +370

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Download HijackThis:
    by clicking on Installer under Version 2.0.4
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
  4. MelissaP

    MelissaP TS Rookie Topic Starter

    please help. after disabling avast, windows firewall and windows defender combofix still says that avast and defender are enabled. it still ran the program and now microsoft word won't open.
  5. Broni

    Broni Malware Annihilator Posts: 53,874   +370

    Disregard warnings and run Combofix anyway.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...