DayDreams Posted May 19, 2010 ID:252779 Share Posted May 19, 2010 Hello,Obviously I just joined this site, and I hope to not be a hassle to anyone. The reason for my joining was that I believe I have some sort of malware on my computer. Who would have guessed? The only reason I believe it to be there is that the current anti-spyware I run (PC Tools Spyware Doctor) detects the same thing on login (after startup). It then prompts me to restart to complete the removal. I did do this the first to times, but after I realized that it just kept coming back I stopped restarting it. There is no apparent problem with anything, but I downloaded Malware bytes a few weeks ago to scan. The computer was scanned with malwarebytes for the first time in a long time and it found about 39 infections which it removed. Didn't even know they were there, but that all said and done the one issue, stated above, continued. I still have that log from a few weeks ago if you would like to see it though...Like I said no noticeable changes, but I would rather be safe than sorry. This is the only lead I have to the infection... (attachments) Thanks in advance for any assistance.New_Bitmap_Image.bmp Link to post Share on other sites More sharing options...
DayDreams Posted May 19, 2010 Author ID:252784 Share Posted May 19, 2010 Here is the picture if you dont want to download it sorry... Link to post Share on other sites More sharing options...
Blade81 Posted May 20, 2010 ID:252912 Share Posted May 20, 2010 Hi,Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txt[*]Save both reports to your desktop. Post them back to your topic.Download GMER here by clicking download exe -button and then saving it your desktop:Double-click .exe that you downloadedClick rootkit-tab, uncheck files option and then click scan.Don't check Show All box while scanning in progress!When scanning is ready, click Copy.This copies log to clipboardPost log (if the log is long, archive it into a zip file and attach instead of posting) in your reply. Link to post Share on other sites More sharing options...
DayDreams Posted May 20, 2010 Author ID:253201 Share Posted May 20, 2010 Thanks for replying to me Blade. My dad is going to be using the computer for the next few hours, and so I don't think it is a good idea to scan then. I will probably scan both tonight, and post tomorrow when I get back from school. Link to post Share on other sites More sharing options...
DayDreams Posted May 20, 2010 Author ID:253206 Share Posted May 20, 2010 1 more question does my anti-spyware program (Spyware Doctor) need to be turned off? Link to post Share on other sites More sharing options...
Blade81 Posted May 20, 2010 ID:253233 Share Posted May 20, 2010 Hi,Have it turned off for just in case. Link to post Share on other sites More sharing options...
DayDreams Posted May 20, 2010 Author ID:253356 Share Posted May 20, 2010 I followed your instructions... hopefully.DDS:DDS (Ver_10-03-17.01) - NTFSx86 Run by Benjamin at 19:28:31.96 on Thu 05/20/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.509.190 [GMT -4:00]AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\PRISMSVR.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\lexpps.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\Benjamin\Desktop\dds.com============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/uWindow Title = Windows Internet Explorer provided by ComcastmStart Page = about:blankuInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = *.localmWinlogon: Userinit=c:\windows\system32\Userinit.exeBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hidemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kmRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 11.0.0.1213StartupFolder: c:\docume~1\benjamin\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeuPolicies-system: EnableProfileQuota = 1 (0x1)IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLTrusted Zone: facebook.com\wwwDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cabDPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cabHandler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dllNotify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dllHosts: 192.168.1.100 HP0015604A1BAC============= SERVICES / DRIVERS ===============R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2006-10-10 30820]R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-23 207280]R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]S2 DP1112;DP1112;\??\c:\windows\system32\drivers\dp.sys --> c:\windows\system32\drivers\DP.sys [?]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-23 133104]S3 68190f73-0883-459e-818e-79bc83ccb4c8;68190f73-0883-459e-818e-79bc83ccb4c8;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-22 34248]S3 pnicml;pnicml;\??\c:\docume~1\laura\locals~1\temp\pnicml.sys --> c:\docume~1\laura\locals~1\temp\pnicml.sys [?]S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-23 358600]S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-11-23 1141200]S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2005-4-11 57344]=============== Created Last 30 ================2010-05-20 01:10:37 0 dc----w- c:\program files\Amazon2010-05-09 18:56:15 0 dc----w- c:\program files\common files\Symantec Shared2010-05-09 14:43:26 0 dc----w- c:\program files\Norton Security Scan2010-05-09 14:43:26 0 dc----w- c:\docume~1\alluse~1\applic~1\Symantec2010-05-09 14:43:26 0 dc----w- c:\docume~1\alluse~1\applic~1\Norton2010-05-09 14:43:23 0 dc----w- c:\docume~1\alluse~1\applic~1\NortonInstaller2010-04-22 21:42:44 0 dc----w- c:\docume~1\benjamin\applic~1\Backyard Baseball 2007==================== Find3M ====================2010-05-06 14:36:38 221568 -c----w- c:\windows\system32\MpSigStub.exe2010-04-12 21:29:19 411368 -c--a-w- c:\windows\system32\deployJava1.dll2010-04-10 15:48:27 104174 -c--a-w- c:\windows\hpoins04.dat2010-03-30 04:46:30 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-03-30 04:45:52 20824 -c--a-w- c:\windows\system32\drivers\mbam.sys2010-03-13 13:35:24 69 -c--a-w- c:\documents and settings\benjamin\jagex_runescape_preferences2.dat2010-03-13 13:32:50 41 -c--a-w- c:\documents and settings\benjamin\jagex_runescape_preferences.dat2008-05-30 18:52:16 56 -csh--r- c:\windows\system32\2B5BCE7350.sys2008-05-30 18:52:17 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys2006-08-01 11:29:00 1074401 -csha-w- c:\windows\system32\vybeg.bak12006-08-01 20:47:51 1153967 -csha-w- c:\windows\system32\vybeg.bak22006-08-02 00:56:53 1153755 -csha-w- c:\windows\system32\vybeg.ini22009-06-11 15:28:25 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat2009-05-18 18:24:27 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051820090519\index.dat============= FINISH: 19:29:11.75 ===============Attach:UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_10-03-17.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 4/20/2005 10:50:11 AMSystem Uptime: 5/20/2010 2:37:59 PM (5 hours ago)Motherboard: Dell Inc. | | 0R7935Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 71 GiB total, 41.896 GiB free.D: is CDROM (CDFS)E: is Removable==== Disabled Device Manager Items ================= System Restore Points ===================RP1639: 3/22/2010 8:11:46 PM - System CheckpointRP1640: 3/22/2010 11:59:07 PM - Software Distribution Service 3.0RP1641: 3/24/2010 12:11:12 AM - System CheckpointRP1642: 3/25/2010 1:22:44 AM - System CheckpointRP1643: 3/25/2010 11:27:10 AM - Software Distribution Service 3.0RP1644: 3/26/2010 1:50:05 AM - Software Distribution Service 3.0RP1645: 3/27/2010 11:08:54 AM - Software Distribution Service 3.0RP1646: 3/27/2010 6:01:32 PM - Spyware Doctor: Cleaning ThreatsRP1647: 3/28/2010 6:07:12 PM - System CheckpointRP1648: 3/28/2010 7:46:09 PM - Spyware Doctor: Cleaning ThreatsRP1649: 3/29/2010 9:57:21 PM - Software Distribution Service 3.0RP1650: 3/30/2010 11:08:04 PM - System CheckpointRP1651: 3/31/2010 3:00:17 AM - Software Distribution Service 3.0RP1652: 3/31/2010 6:04:21 PM - Spyware Doctor: Cleaning ThreatsRP1653: 4/1/2010 9:53:11 PM - System CheckpointRP1654: 4/2/2010 2:13:59 AM - Software Distribution Service 3.0RP1655: 4/3/2010 3:59:38 AM - System CheckpointRP1656: 4/4/2010 5:12:45 AM - System CheckpointRP1657: 4/5/2010 5:59:33 AM - System CheckpointRP1658: 4/5/2010 9:42:03 AM - Software Distribution Service 3.0RP1659: 4/5/2010 7:44:44 PM - Spyware Doctor: Cleaning ThreatsRP1660: 4/6/2010 9:59:37 PM - System CheckpointRP1661: 4/8/2010 9:39:33 AM - System CheckpointRP1662: 4/8/2010 4:52:54 PM - Software Distribution Service 3.0RP1663: 4/9/2010 5:05:17 PM - System CheckpointRP1664: 4/10/2010 1:02:25 AM - Spyware Doctor: Cleaning ThreatsRP1665: 4/10/2010 6:52:46 PM - Spyware Doctor: Cleaning ThreatsRP1666: 4/11/2010 8:19:21 PM - System CheckpointRP1667: 4/12/2010 6:54:22 PM - Software Distribution Service 3.0RP1668: 4/13/2010 9:50:58 PM - System CheckpointRP1669: 4/14/2010 6:04:43 PM - Spyware Doctor: Cleaning ThreatsRP1670: 4/15/2010 9:46:12 PM - Software Distribution Service 3.0RP1671: 4/16/2010 10:11:40 PM - System CheckpointRP1672: 4/16/2010 11:18:56 PM - Installed Java 6 Update 20RP1673: 4/18/2010 2:29:27 AM - System CheckpointRP1674: 4/18/2010 3:00:31 AM - Software Distribution Service 3.0RP1675: 4/18/2010 8:55:19 PM - Spyware Doctor: Cleaning ThreatsRP1676: 4/19/2010 11:37:29 PM - Software Distribution Service 3.0RP1677: 4/21/2010 1:42:00 AM - System CheckpointRP1678: 4/22/2010 2:18:12 AM - System CheckpointRP1679: 4/22/2010 10:54:13 AM - Software Distribution Service 3.0RP1680: 4/23/2010 2:20:22 AM - Software Distribution Service 3.0RP1681: 4/24/2010 1:01:51 AM - Spyware Doctor: Cleaning ThreatsRP1682: 4/24/2010 7:26:22 AM - Installed Backyard SkateboardingRP1683: 4/25/2010 8:23:20 AM - System CheckpointRP1684: 4/26/2010 10:47:48 AM - System CheckpointRP1685: 4/26/2010 6:07:07 PM - Spyware Doctor: Cleaning ThreatsRP1686: 4/27/2010 2:17:02 AM - Software Distribution Service 3.0RP1687: 4/28/2010 2:24:57 AM - System CheckpointRP1688: 4/29/2010 5:06:07 AM - System CheckpointRP1689: 4/29/2010 4:56:23 PM - Software Distribution Service 3.0RP1690: 4/30/2010 10:12:23 PM - Spyware Doctor: Cleaning ThreatsRP1691: 5/1/2010 10:17:58 PM - System CheckpointRP1692: 5/3/2010 1:18:16 AM - System CheckpointRP1693: 5/3/2010 6:29:57 PM - Software Distribution Service 3.0RP1694: 5/4/2010 7:55:53 PM - System CheckpointRP1695: 5/5/2010 8:29:01 PM - System CheckpointRP1696: 5/6/2010 2:28:33 PM - Software Distribution Service 3.0RP1697: 5/7/2010 2:47:02 PM - System CheckpointRP1698: 5/7/2010 9:19:52 PM - Spyware Doctor: Cleaning ThreatsRP1699: 5/9/2010 1:48:02 AM - System CheckpointRP1700: 5/10/2010 4:20:32 AM - System CheckpointRP1701: 5/10/2010 3:35:18 PM - Software Distribution Service 3.0RP1702: 5/11/2010 3:39:50 PM - System CheckpointRP1703: 5/11/2010 6:02:31 PM - Spyware Doctor: Cleaning ThreatsRP1704: 5/12/2010 6:16:04 PM - System CheckpointRP1705: 5/12/2010 7:07:28 PM - Spyware Doctor: Cleaning ThreatsRP1706: 5/13/2010 9:26:26 PM - Software Distribution Service 3.0RP1707: 5/13/2010 9:38:08 PM - Software Distribution Service 3.0RP1708: 5/15/2010 7:53:18 PM - System CheckpointRP1709: 5/16/2010 10:35:07 AM - System CheckpointRP1710: 5/17/2010 12:06:44 PM - System CheckpointRP1711: 5/17/2010 11:32:04 PM - Software Distribution Service 3.0RP1712: 5/18/2010 6:24:07 PM - Spyware Doctor: Cleaning ThreatsRP1713: 5/19/2010 6:36:56 PM - System CheckpointRP1714: 5/20/2010 6:42:11 PM - System Checkpoint==== Installed Programs ======================23_24_2500Tour24002400_2500Help2400_2500trbAdobe AIRAdobe Bridge 1.0Adobe Common File InstallerAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Help Center 1.0Adobe Photoshop CS2Adobe Reader 9.3.2Adobe Shockwave Player 11.5Adobe Stock Photos 1.0AiO_ScanAiOSoftwareAmazon Kindle For PC v1.1AoA Audio Extractor 1.0Apple Application SupportApple Mobile Device SupportApple Software UpdateAudacity 1.2.6Backyard SkateboardingBonjourBroadcom Management ProgramsBufferChmCheat Engine 5.5Comcast High-Speed Internet Install WizardConexant D110 MDC V.9x ModemCopyCreataCard Gold 3CreativeProjectsCreativeProjectsTemplatesCritical Update for Windows Media Player 11 (KB959772)CueTourDell Driver Reset ToolDell System RestoreDeployment ManagerDestinationsDirectorDocProcDocumentViewerFarmVilleBot 1.3.3.1FarmVilleBot 2.0FaxGdiplusUpgradeGoogle ChromeGoogle Update HelperGoogle UpdaterHijackThis 1.99.1Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Internet Explorer 7 (KB947864)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB915800-v4)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)HP Diagnostic AssistantHP Image Zone 4.2HP PSC & OfficeJet 4.2HP Software UpdateHPSystemDiagnosticsHyperCam 2InstantShareIntel® Graphics Media Accelerator DriverInterActual PlayerInternet Explorer Default PageiTunesJava 2 Runtime Environment, SE v1.4.2_03Java Auto UpdaterJava DB 10.4.1.3Java 6 Update 20Java 6 Update 7Java SE Development Kit 6 Update 12Learn2 Player (Uninstall Only)Line RiderLogitech Audio Echo Cancellation ComponentMacromedia Flash PlayerMalwarebytes' Anti-MalwareManyCam 2.4 (remove only)Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB953297)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Access 2002Microsoft Compression Client Pack 1.0 for Windows XPMicrosoft Digital Image Library 9 - BlockerMicrosoft Digital Image Standard 2006Microsoft Digital Image Standard 2006 EditorMicrosoft Digital Image Standard 2006 LibraryMicrosoft IntelliPoint 5.3Microsoft IntelliType Pro 5.3Microsoft Internationalized Domain Names Mitigation APIsMicrosoft Kernel-Mode Driver Framework Feature Pack 1.5Microsoft National Language Support Downlevel APIsMicrosoft Office Basic Edition 2003Microsoft Office Professional Edition 2003Microsoft Plus! Digital Media Edition InstallerMicrosoft SilverlightMicrosoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET FrameworkMicrosoft Windows SDK for Visual Studio 2008 Express Tools for Win32MSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 6 Service Pack 2 (KB954459)MVisionMy Way Search AssistantOctoshape Streaming ServicesOGA Notifier 2.0.0048.0OverlandPCFriendlyPhoTags Express PhotoGalleryPrintScreenProductContextQFolderQuickProjectsQuickTimeReadmeScanSecurity Update for CAPICOM (KB931906)Security Update for Step By Step Interactive Training (KB898458)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB942615)Security Update for Windows Internet Explorer 7 (KB944533)Security Update for Windows Internet Explorer 7 (KB950759)Security Update for Windows Internet Explorer 7 (KB953838)Security Update for Windows Internet Explorer 7 (KB956390)Security Update for Windows Internet Explorer 7 (KB958215)Security Update for Windows Internet Explorer 7 (KB960714)Security Update for Windows Internet Explorer 7 (KB961260)Security Update for Windows Internet Explorer 7 (KB963027)Security Update for Windows Internet Explorer 8 (KB969897)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player 10 (KB911565)Security Update for Windows Media Player 10 (KB917734)Security Update for Windows Media Player 10 (KB936782)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB973346)SkinsHP1Spelling Dictionaries Support For Adobe Reader 9Spyware Doctor 7.0System Requirements LabTrayAppTweak UIUninstall Dual Mode CameraUnloadUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 8 (KB969497)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955839)Update for Windows XP (KB967715)USB 2.0 Wireless LAN Card UtilityViewpoint Media PlayerWebFldrs XPWebRegWindows DefenderWindows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage v1.3.0254.0Windows Imaging ComponentWindows Internet Explorer 7Windows Internet Explorer 8Windows Live Sign-in AssistantWindows Media Format 11 runtimeWindows Media Player 10Windows Media Player 11Windows PowerShell 1.0Windows XP Service Pack 3WinRAR archiverWM Converter 2.0XML Paper Specification Shared Components Pack 1.0Xvid 1.1.3 final uninstallYahtzeeYouTube Downloader 2.5.4==== Event Viewer Messages From Past Week ========5/20/2010 2:43:11 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.5/20/2010 2:43:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.5/20/2010 2:43:00 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}5/15/2010 7:53:02 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000011E' while processing the file 'Microsoft .. d 2003.lnk' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.5/14/2010 6:11:37 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde5/13/2010 9:38:59 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd0000156: Security Update for Windows XP (KB978542).5/13/2010 2:25:01 PM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.5/13/2010 2:25:01 PM, error: Service Control Manager [7000] - The DP1112 service failed to start due to the following error: The system cannot find the file specified.==== End Of File ===========================GMER (this one seemed short...did I do it wrong?):GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-05-20 19:47:49Windows 5.1.2600 Service Pack 3Running: c79sew1d.exe; Driver: C:\DOCUME~1\Benjamin\LOCALS~1\Temp\awrdapog.sys---- System - GMER 1.0.15 ----SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF82AEE22]SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF828FCDC]SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF828FECE]SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF82AF610]SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF82AF8C4]SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF82ADB14]SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF82AFD30]SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF82AF0E2]SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF828F982]---- Kernel code sections - GMER 1.0.15 ----init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF74CEF80]? win32k.sys:1 The system cannot find the file specified. !? win32k.sys:2 The system cannot find the file specified. !---- Devices - GMER 1.0.15 ----Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sdcplh.sysDevice \Driver\atapi \Device\Ide\IdePort0 sdcplh.sysDevice \Driver\atapi \Device\Ide\IdePort1 sdcplh.sysDevice \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sdcplh.sysDevice \FileSystem\Fastfat \Fat A8C58D20AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)---- Registry - GMER 1.0.15 ----Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ C:\Program Files\Acceleration Software\StopSignProducts\Firewall\appinsp.dllReg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ThreadingModel ApartmentReg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\ProgID@ Appinsp.TrustInfo.1Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\TypeLib@ {28CDF2D7-614A-44CC-9563-A6EE82F1A77B}Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\VersionIndependentProgID@ Appinsp.TrustInfo---- EOF - GMER 1.0.15 ---- Link to post Share on other sites More sharing options...
Blade81 Posted May 21, 2010 ID:253444 Share Posted May 21, 2010 Hi,Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here. Link to post Share on other sites More sharing options...
DayDreams Posted May 22, 2010 Author ID:253872 Share Posted May 22, 2010 Apparently the size is too big so it is attached.Win32kDiag.txt Link to post Share on other sites More sharing options...
Blade81 Posted May 22, 2010 ID:254154 Share Posted May 22, 2010 Hi,Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.@ECHO OFFDIR /a/s C:\WINDOWS\scecli.dll C:\WINDOWS\netlogon.dll C:\WINDOWS\eventlog.dll C:\Windows\cngaudit.dll >Log.txtSTART Log.txtDEL %0Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please. Link to post Share on other sites More sharing options...
DayDreams Posted May 22, 2010 Author ID:254198 Share Posted May 22, 2010 Log: Volume in drive C has no label. Volume Serial Number is 7C56-BB0C Directory of C:\WINDOWS\$NtServicePackUninstall$08/04/2004 06:00 AM 180,224 scecli.dll Directory of C:\WINDOWS\$NtServicePackUninstall$08/04/2004 06:00 AM 407,040 netlogon.dll Directory of C:\WINDOWS\$NtServicePackUninstall$08/04/2004 06:00 AM 55,808 eventlog.dll 3 File(s) 643,072 bytes Directory of C:\WINDOWS\ServicePackFiles\i38604/13/2008 08:12 PM 181,248 scecli.dll Directory of C:\WINDOWS\ServicePackFiles\i38604/13/2008 08:12 PM 407,040 netlogon.dll Directory of C:\WINDOWS\ServicePackFiles\i38604/13/2008 08:11 PM 56,320 eventlog.dll 3 File(s) 644,608 bytes Directory of C:\WINDOWS\SYSTEM3204/13/2008 08:12 PM 181,248 scecli.dll Directory of C:\WINDOWS\SYSTEM3204/13/2008 08:12 PM 407,040 netlogon.dll Directory of C:\WINDOWS\SYSTEM3204/13/2008 08:11 PM 56,320 eventlog.dll 3 File(s) 644,608 bytes Total Files Listed: 9 File(s) 1,932,288 bytes 0 Dir(s) 44,774,023,168 bytes free Link to post Share on other sites More sharing options...
Blade81 Posted May 22, 2010 ID:254224 Share Posted May 22, 2010 Hi,Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the Open box, and click OK. When it's finished (give it 15mins to be sure it has finished), there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here. "%userprofile%\desktop\win32kdiag.exe" -f -r Link to post Share on other sites More sharing options...
DayDreams Posted May 22, 2010 Author ID:254330 Share Posted May 22, 2010 How did you learn what everything means and how to determine between good and bad? log:Running from: C:\Documents and Settings\Benjamin\desktop\win32kdiag.exeLog file at : C:\Documents and Settings\Benjamin\Desktop\Win32kDiag.txtRemoving all found mount points.Attempting to reset file permissions.WARNING: Could not get backup privileges!Searching 'C:\WINDOWS'...Found mount point : C:\WINDOWS\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF}Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF}Cannot access: C:\WINDOWS\Installer\10d8f474.msiAttempting to restore permissions of : C:\WINDOWS\Installer\10d8f474.msi[1] 2009-02-09 08:10:48 60928 C:\WINDOWS\Installer\10d8f474.msi ()Cannot access: C:\WINDOWS\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\035cdeeef9eaa07de20138b420444b17\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\035cdeeef9eaa07de20138b420444b17\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\22f1a1e628f2ceada1948d2c604b5154\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\22f1a1e628f2ceada1948d2c604b5154\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\248802b74506342031e926839639c729\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\248802b74506342031e926839639c729\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\269630a60abe4177f0ba214686d6ebda\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\269630a60abe4177f0ba214686d6ebda\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\284a430ed4a998417200bec9f0c45f85\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\284a430ed4a998417200bec9f0c45f85\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\3724a78548e17e8215a17353ec597ae3\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\3724a78548e17e8215a17353ec597ae3\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\3aaae38d3fc3ac97f34ad4b0d335b406\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\3aaae38d3fc3ac97f34ad4b0d335b406\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\3e17316becee1d41b884695bbf7f49db\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\3e17316becee1d41b884695bbf7f49db\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\4de233d8d67cd9916ac28a2d43724f55\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\4de233d8d67cd9916ac28a2d43724f55\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\5e5aab0184cde550e4ba21f1d2bd377e\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\5e5aab0184cde550e4ba21f1d2bd377e\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\638d2a273cb5d34a9f7e327666b9e38c\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\638d2a273cb5d34a9f7e327666b9e38c\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\75cd10bc79782317976e2a857798ad9f\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\75cd10bc79782317976e2a857798ad9f\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\7dc77bad5469553a68ef5efe55070b06\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\7dc77bad5469553a68ef5efe55070b06\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\8f6570639abf0586cc1aaf1fc76726f6\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\8f6570639abf0586cc1aaf1fc76726f6\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\91fdb2bb23ba8edd195d7bed698912e5\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\91fdb2bb23ba8edd195d7bed698912e5\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\ab0676fe50d78a2ee35a6cca883a9b02\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\ab0676fe50d78a2ee35a6cca883a9b02\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\c6bdb40c9241b85d304fd5cdfbebec2f\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\c6bdb40c9241b85d304fd5cdfbebec2f\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\d8ef7c8f90f509563f255df3e967b057\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\d8ef7c8f90f509563f255df3e967b057\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\da7fee2d51e2e59bdd47cb9e03387bcc\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\da7fee2d51e2e59bdd47cb9e03387bcc\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\e639ef786ddd695030aad48a97363146\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\e639ef786ddd695030aad48a97363146\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\update.exeCannot access: C:\WINDOWS\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exeFinished! Link to post Share on other sites More sharing options...
DayDreams Posted May 23, 2010 Author ID:254395 Share Posted May 23, 2010 Apart from the log I just posted I wanted to let you know that I got back on my computer to watch some MW2 gameplay and I noticed the yellow shield (update) at the bottom right. Upon clicking it I discovered 39 new updates were needed.I was wondering if those had been blocked by the virus or ?? Link to post Share on other sites More sharing options...
Blade81 Posted May 23, 2010 ID:254577 Share Posted May 23, 2010 Hi,How did you learn what everything means and how to determine between good and bad?Got years long experience behind I was wondering if those had been blocked by the virus or ??Could be. However, please don't install those until the case is finished.Uninstall these old Javas:Java 2 Runtime Environment, SE v1.4.2_03Java Link to post Share on other sites More sharing options...
DayDreams Posted May 23, 2010 Author ID:254637 Share Posted May 23, 2010 Before I follow your instructions I wanted to let you know that when I woke up (5min ago) the computer was off so I turned it on and upon logging in it showed the green shield (Which I assume means all the updates were downloaded automatically) and also this...I wouldn't worry too much about this because I was the one that made a few changes to it about 2 months ago because some wierd things were running in startup and I stopped them... Link to post Share on other sites More sharing options...
Blade81 Posted May 23, 2010 ID:254708 Share Posted May 23, 2010 Hi,Yes, neither of those two is malware caused things. I'll wait for those other reports. Link to post Share on other sites More sharing options...
DayDreams Posted May 23, 2010 Author ID:254771 Share Posted May 23, 2010 I got the dds logs, but Kaspersky did this... (apparently I need Safari??)Attach:UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_10-03-17.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 4/20/2005 10:50:11 AMSystem Uptime: 5/23/2010 8:42:57 AM (5 hours ago)Motherboard: Dell Inc. | | 0R7935Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 71 GiB total, 47.408 GiB free.D: is CDROM (CDFS)E: is Removable==== Disabled Device Manager Items ================= System Restore Points ===================RP1716: 5/22/2010 6:06:38 PM - System CheckpointRP1717: 5/23/2010 3:00:21 AM - Software Distribution Service 3.0RP1718: 5/23/2010 8:58:25 AM - Removed Java 2 Runtime Environment, SE v1.4.2_03RP1719: 5/23/2010 8:59:31 AM - Removed Java SE Development Kit 6 Update 12RP1720: 5/23/2010 1:05:02 PM - Removed Java 6 Update 7RP1721: 5/23/2010 1:05:47 PM - Removed Macromedia Flash Player==== Installed Programs ======================23_24_2500Tour24002400_2500Help2400_2500trbAdobe AIRAdobe Bridge 1.0Adobe Common File InstallerAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Help Center 1.0Adobe Photoshop CS2Adobe Reader 9.3.2Adobe Shockwave Player 11.5Adobe Stock Photos 1.0AiO_ScanAiOSoftwareAmazon Kindle For PC v1.1AoA Audio Extractor 1.0Apple Application SupportApple Mobile Device SupportApple Software UpdateAudacity 1.2.6Backyard SkateboardingBonjourBroadcom Management ProgramsBufferChmCheat Engine 5.5Comcast High-Speed Internet Install WizardConexant D110 MDC V.9x ModemCopyCreataCard Gold 3CreativeProjectsCreativeProjectsTemplatesCritical Update for Windows Media Player 11 (KB959772)CueTourDell Driver Reset ToolDell System RestoreDeployment ManagerDestinationsDirectorDocProcDocumentViewerFarmVilleBot 1.3.3.1FarmVilleBot 2.0FaxGdiplusUpgradeGoogle ChromeGoogle Update HelperGoogle UpdaterHijackThis 1.99.1Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Internet Explorer 7 (KB947864)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB915800-v4)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)HP Diagnostic AssistantHP Image Zone 4.2HP PSC & OfficeJet 4.2HP Software UpdateHPSystemDiagnosticsHyperCam 2InstantShareIntel® Graphics Media Accelerator DriverInterActual PlayerInternet Explorer Default PageiTunesJava Auto UpdaterJava DB 10.4.1.3Java 6 Update 20Learn2 Player (Uninstall Only)Line RiderLogitech Audio Echo Cancellation ComponentMalwarebytes' Anti-MalwareManyCam 2.4 (remove only)Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB953297)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Access 2002Microsoft Compression Client Pack 1.0 for Windows XPMicrosoft Digital Image Library 9 - BlockerMicrosoft Digital Image Standard 2006Microsoft Digital Image Standard 2006 EditorMicrosoft Digital Image Standard 2006 LibraryMicrosoft IntelliPoint 5.3Microsoft IntelliType Pro 5.3Microsoft Internationalized Domain Names Mitigation APIsMicrosoft Kernel-Mode Driver Framework Feature Pack 1.5Microsoft National Language Support Downlevel APIsMicrosoft Office Basic Edition 2003Microsoft Office Professional Edition 2003Microsoft Plus! Digital Media Edition InstallerMicrosoft SilverlightMicrosoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET FrameworkMicrosoft Windows SDK for Visual Studio 2008 Express Tools for Win32MSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 6 Service Pack 2 (KB954459)MVisionMy Way Search AssistantMy Web Search (Cursor Mania)Octoshape Streaming ServicesOGA Notifier 2.0.0048.0overlandPCFriendlyPhoTags Express PhotoGalleryPrintScreenProductContextQFolderQuickProjectsQuickTimeReadmeScanSecurity Update for CAPICOM (KB931906)Security Update for Step By Step Interactive Training (KB898458)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB942615)Security Update for Windows Internet Explorer 7 (KB944533)Security Update for Windows Internet Explorer 7 (KB950759)Security Update for Windows Internet Explorer 7 (KB953838)Security Update for Windows Internet Explorer 7 (KB956390)Security Update for Windows Internet Explorer 7 (KB958215)Security Update for Windows Internet Explorer 7 (KB960714)Security Update for Windows Internet Explorer 7 (KB961260)Security Update for Windows Internet Explorer 7 (KB963027)Security Update for Windows Internet Explorer 8 (KB969897)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player 10 (KB911565)Security Update for Windows Media Player 10 (KB917734)Security Update for Windows Media Player 10 (KB936782)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB980232)SkinsHP1Spelling Dictionaries Support For Adobe Reader 9Spyware Doctor 7.0System Requirements LabTrayAppTweak UIUninstall Dual Mode CameraUnloadUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 8 (KB969497)Update for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB980182)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB973687)Update for Windows XP (KB973815)USB 2.0 Wireless LAN Card UtilityViewpoint Media PlayerWebFldrs XPWebRegWindows DefenderWindows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage v1.3.0254.0Windows Imaging ComponentWindows Internet Explorer 7Windows Internet Explorer 8Windows Live Sign-in AssistantWindows Media Format 11 runtimeWindows Media Player 10Windows Media Player 11Windows PowerShell 1.0Windows XP Service Pack 3WinRAR archiverWM Converter 2.0XML Paper Specification Shared Components Pack 1.0Xvid 1.1.3 final uninstallYahtzeeYouTube Downloader 2.5.4==== Event Viewer Messages From Past Week ========5/23/2010 8:43:52 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)5/22/2010 8:16:34 AM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.5/22/2010 8:16:34 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}5/22/2010 6:04:46 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000D' while processing the file '{29F8DDC1- .. C3C1298FF}' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.5/22/2010 11:51:00 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.5/22/2010 11:50:56 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.5/20/2010 2:43:11 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.5/20/2010 2:43:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.5/20/2010 2:43:00 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}5/19/2010 6:35:49 AM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.5/19/2010 6:35:49 AM, error: Service Control Manager [7000] - The DP1112 service failed to start due to the following error: The system cannot find the file specified.==== End Of File ===========================DDS:DDS (Ver_10-03-17.01) - NTFSx86 Run by Benjamin at 13:18:47.93 on Sun 05/23/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.509.228 [GMT -4:00]AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEsvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\PRISMSVR.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeC:\Documents and Settings\Benjamin\Desktop\dds.com============== Pseudo HJT Report ===============uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZCman000&ptb=U7wka2VELyPIW3C0pWIOFQuWindow Title = Windows Internet Explorer provided by ComcastmStart Page = about:blankuInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = *.localuURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLLmWinlogon: Userinit=c:\windows\system32\Userinit.exeBHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLLBHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLLBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLLTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exemRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hidemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /hmRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exemRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 11.0.0.1213StartupFolder: c:\docume~1\benjamin\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeuPolicies-system: EnableProfileQuota = 1 (0x1)IE: &Search - http://edits.mywebsearch.com/toolbaredits/...mp;n=2010052309IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLTrusted Zone: facebook.com\wwwDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cabHandler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dllNotify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dllHosts: 192.168.1.100 HP0015604A1BAC============= SERVICES / DRIVERS ===============R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2006-10-10 30820]R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-23 207280]R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]S2 DP1112;DP1112;\??\c:\windows\system32\drivers\dp.sys --> c:\windows\system32\drivers\DP.sys [?]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-23 133104]S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2010-5-23 28762]S3 68190f73-0883-459e-818e-79bc83ccb4c8;68190f73-0883-459e-818e-79bc83ccb4c8;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-22 34248]S3 pnicml;pnicml;\??\c:\docume~1\laura\locals~1\temp\pnicml.sys --> c:\docume~1\laura\locals~1\temp\pnicml.sys [?]S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-23 358600]S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-11-23 1141200]S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2005-4-11 57344]=============== Created Last 30 ================2010-05-23 13:08:25 32768 -c--a-w- c:\windows\system32\f3PSSavr.scr2010-05-23 13:08:25 0 dc----w- c:\program files\FunWebProducts2010-05-23 13:08:24 0 dc----w- c:\program files\MyWebSearch2010-05-20 01:10:37 0 dc----w- c:\program files\Amazon2010-05-09 18:56:15 0 dc----w- c:\program files\common files\Symantec Shared2010-05-09 14:43:26 0 dc----w- c:\program files\Norton Security Scan2010-05-09 14:43:26 0 dc----w- c:\docume~1\alluse~1\applic~1\Symantec2010-05-09 14:43:26 0 dc----w- c:\docume~1\alluse~1\applic~1\Norton2010-05-09 14:43:23 0 dc----w- c:\docume~1\alluse~1\applic~1\NortonInstaller==================== Find3M ====================2010-05-12 15:21:16 221568 -c----w- c:\windows\system32\MpSigStub.exe2010-04-12 21:29:19 411368 -c--a-w- c:\windows\system32\deployJava1.dll2010-04-10 15:48:27 104174 -c--a-w- c:\windows\hpoins04.dat2010-03-30 04:46:30 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-03-30 04:45:52 20824 -c--a-w- c:\windows\system32\drivers\mbam.sys2010-03-13 13:35:24 69 -c--a-w- c:\documents and settings\benjamin\jagex_runescape_preferences2.dat2010-03-13 13:32:50 41 -c--a-w- c:\documents and settings\benjamin\jagex_runescape_preferences.dat2010-03-10 06:15:52 420352 -c--a-w- c:\windows\system32\vbscript.dll2010-02-25 06:24:37 916480 -c--a-w- c:\windows\system32\wininet.dll2008-05-30 18:52:16 56 -csh--r- c:\windows\system32\2B5BCE7350.sys2008-05-30 18:52:17 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys2006-08-01 11:29:00 1074401 -csha-w- c:\windows\system32\vybeg.bak12006-08-01 20:47:51 1153967 -csha-w- c:\windows\system32\vybeg.bak22006-08-02 00:56:53 1153755 -csha-w- c:\windows\system32\vybeg.ini22009-06-11 15:28:25 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat2009-05-18 18:24:27 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051820090519\index.dat============= FINISH: 13:19:32.11 =============== Link to post Share on other sites More sharing options...
Blade81 Posted May 23, 2010 ID:254827 Share Posted May 23, 2010 Hi,Run Kaspersky scanner with Internet Explorer. Link to post Share on other sites More sharing options...
DayDreams Posted May 24, 2010 Author ID:254989 Share Posted May 24, 2010 Following your instructions forced me to download IE8 which I had previously un-installed due to redirection virus. After trying to run the scan on IE8 I got this message... After seeing if IE8 still got redirected I went to google and typed in "gamestop". It brought up the page could not be found. Which leads me to believe that there is something screwed up with my IE8 (did I mention I hate it). Link to post Share on other sites More sharing options...
Blade81 Posted May 24, 2010 ID:255101 Share Posted May 24, 2010 You need to make sure Java is enabled for Internet Explorer. Probably easier to reinstall Java 6 Update 20. Link to post Share on other sites More sharing options...
DayDreams Posted May 25, 2010 Author ID:256199 Share Posted May 25, 2010 sorry for not getting back to you. Hopefully I'll get it tomorrow because today I have a poster project to do for my English class Link to post Share on other sites More sharing options...
Blade81 Posted May 26, 2010 ID:256447 Share Posted May 26, 2010 Ok. Thanks for the heads up. Link to post Share on other sites More sharing options...
DayDreams Posted May 28, 2010 Author ID:257829 Share Posted May 28, 2010 Hey, after downloading the Java that you linked to the website still says get a version of Java over 1.5, even when on internet explorer Link to post Share on other sites More sharing options...
Blade81 Posted May 28, 2010 ID:257956 Share Posted May 28, 2010 Hello,Let's try ESET Online Scanner instead.* Go here to run an online scanner from ESET.Tick the box next to YES, I accept the Terms of Use.Click StartMake sure that the option Remove found threats is UNchecked.Click ScanWait for the scan to finishCopy and paste report as a reply to this topic, along with a description of any remaining problems. Link to post Share on other sites More sharing options...
Recommended Posts