ItsBrucey Posted July 6, 2010 ID:280065 Share Posted July 6, 2010 Hi thank you for even considering to help me.I don't quite exactly know the source of my problem, but so far this is what has happened:Volume/soundcard? has been uninstalled (no volume control in task bar or any sound at all)Can not drag icons on desktop or in folders, but i can right click them and such.Many virus's repetivly popping up in an avira antivirus scan with similiar names and different #'sRandomly quitting out of programs with errors.Any idea of what i can do to find out what is wrong?Thanks for taking your time help. Link to post Share on other sites More sharing options...
RPMcMurphy Posted July 6, 2010 ID:280203 Share Posted July 6, 2010 Hello ItsBrucey and welcome to Malwarebytes. Please follow these guidelines:[*]Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I Link to post Share on other sites More sharing options...
ItsBrucey Posted July 7, 2010 Author ID:280442 Share Posted July 7, 2010 Thank you for your help.Attached are gmer.txt and attach.txthere is the dds.txtDDS (Ver_10-03-17.01) - NTFSx86 Run by Compaq_Administrator at 21:12:19.39 on Tue 07/06/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ============================= Pseudo HJT Report ===============uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mWindow Title = Microsoft Internet Explorer presented by ComcastuInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = <local>uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exedRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tdRunOnce: [RunNarrator] Narrator.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exeIE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dllDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {BADA82CB-BF48-4D76-9611-78E2C6F49F03} - hxxp://95.143.193.60/grep/Bol.CABDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabTCP: {96DBD65A-A2B4-4D94-956C-90B18B18AE01} = 192.168.1.1Notify: AtiExtEvent - Ati2evxx.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\wpgdqdlh.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web SearchFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:officialFF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={E6A98222-B79D-D626-65C3-29CC15FBE14B}&q=FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dllFF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ============================== Created Last 30 ================2100-02-23 19:35:34 768 -c--a-w- c:\program files\x73_lut.dat2100-02-08 21:03:54 53248 -c--a-w- c:\program files\ACMonitor_X73.exe2010-07-03 07:55:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment2010-07-03 07:51:26 0 d-----w- c:\program files\World of Warcraft Trial2010-07-03 07:45:32 0 d-----w- C:\World of Warcraft Trial2010-07-03 07:31:24 59392 ----a-w- c:\windows\~DF9A42.tmp2010-07-03 07:30:33 59392 ----a-w- c:\windows\~DFCCD5.tmp2010-07-01 05:24:44 7168 --sha-w- c:\windows\system32\Thumbs.db2010-06-29 09:02:37 0 d-----w- c:\documents and settings\compaq_administrator\~folder.desktop$2010-06-29 01:44:40 77352 ----a-w- c:\windows\hpqins05.dat2010-06-21 22:21:49 0 d-s---w- C:\ComboFix2010-06-20 01:36:28 3 ----a-w- c:\windows\Twain001.Mtx2010-06-20 01:36:28 156 ----a-w- c:\windows\Twunk001.MTX2010-06-20 01:36:28 0 ----a-w- c:\windows\Twunk002.MTX==================== Find3M ====================2010-06-17 06:54:19 87 -c--a-w- c:\documents and settings\compaq_administrator\jagex_runescape_preferences2.dat2010-06-17 06:54:19 45 -c--a-w- c:\documents and settings\compaq_administrator\jagex_runescape_preferences.dat2010-06-02 04:05:15 176440 ----a-w- c:\windows\hpwins19.dat2010-05-16 21:00:28 411368 -c--a-w- c:\windows\system32\deployJava1.dll2010-05-01 05:03:06 104733 -c--a-w- c:\windows\DIIUnin.dat2010-04-27 23:36:25 73728 -c--a-w- c:\windows\system32\RtNicProp32.dll2010-04-26 20:58:12 256512 -c--a-w- c:\windows\PEV.exe2010-04-25 21:53:58 323624 ----a-w- c:\windows\system32\wiaaut.dll2010-04-13 06:45:20 0 -c--a-w- c:\documents and settings\compaq_administrator\jagex__preferences3.dat2008-08-17 16:04:33 1536 -csha-w- c:\program files\ehthumbs.db2008-08-17 15:04:50 251 -c--a-w- c:\program files\wt3d.ini2001-07-26 21:58:46 47 -c--a-w- c:\program files\ACMonitor_X73.ini2001-07-05 17:46:44 8116 -c--a-w- c:\program files\OSLO3071b2.USB2001-05-08 21:36:42 114688 -c--a-w- c:\program files\lxarscan.dll2001-04-23 19:22:14 1437 -c--a-w- c:\program files\gtx73.ini============= FINISH: 21:12:52.82 ===============Attach.txtgmer.txt Link to post Share on other sites More sharing options...
RPMcMurphy Posted July 7, 2010 ID:280462 Share Posted July 7, 2010 ItsBrucey,Did you run DDS in the Safe Mode? If so, can you please try again from the normal mode? Link to post Share on other sites More sharing options...
ItsBrucey Posted July 7, 2010 Author ID:280480 Share Posted July 7, 2010 ItsBrucey,Did you run DDS in the Safe Mode? If so, can you please try again from the normal mode?No, I did not run in safemode, but I will restart and re-run DDS and post a new log? Link to post Share on other sites More sharing options...
RPMcMurphy Posted July 7, 2010 ID:280707 Share Posted July 7, 2010 Please do. The log you posted showed no running processes, services or drivers - something got dropped somewhere. The Attach.txt report was fine, but try DDS.txt again please. Link to post Share on other sites More sharing options...
ItsBrucey Posted July 7, 2010 Author ID:280838 Share Posted July 7, 2010 Please do. The log you posted showed no running processes, services or drivers - something got dropped somewhere. The Attach.txt report was fine, but try DDS.txt again please.Looks like it worked after a restart DDS (Ver_10-03-17.01) - NTFSx86 Run by Compaq_Administrator at 15:22:39.67 on Wed 07/07/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.424 [GMT -5:00]AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\System32\svchost.exe -k AkamaiC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\arservice.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k HPZ12c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\TVersity\Media Server\MediaServer.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEsvchost.exeC:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files\Hp\HP Software Update\HPWUCli.exeC:\WINDOWS\system32\msiexec.exeC:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\dds.scr============== Pseudo HJT Report ===============uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mWindow Title = Microsoft Internet Explorer presented by ComcastuInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = <local>uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exedRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tdRunOnce: [RunNarrator] Narrator.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exeIE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dllDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {BADA82CB-BF48-4D76-9611-78E2C6F49F03} - hxxp://95.143.193.60/grep/Bol.CABDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabTCP: {96DBD65A-A2B4-4D94-956C-90B18B18AE01} = 192.168.1.1Notify: AtiExtEvent - Ati2evxx.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\wpgdqdlh.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web SearchFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:officialFF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={E6A98222-B79D-D626-65C3-29CC15FBE14B}&q=FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dllFF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-1-27 11608]R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-10 14336]R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-1-27 68865]R2 AntiVirService;AntiVir PersonalEdition Classic Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-1-27 151297]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-1-27 52056]S2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccevtmgr.exe" --> c:\program files\common files\symantec shared\ccEvtMgr.exe [?]S2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsetmgr.exe" --> c:\program files\common files\symantec shared\ccSetMgr.exe [?]S3 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccpwdsvc.exe" --> c:\program files\common files\symantec shared\ccPwdSvc.exe [?]S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2008-7-11 96256]S3 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-2-18 204800]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-28 38224]=============== Created Last 30 ================2100-02-23 19:35:34 768 -c--a-w- c:\program files\x73_lut.dat2100-02-08 21:03:54 53248 -c--a-w- c:\program files\ACMonitor_X73.exe2010-07-03 07:55:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment2010-07-03 07:51:26 0 d-----w- c:\program files\World of Warcraft Trial2010-07-03 07:45:32 0 d-----w- C:\World of Warcraft Trial2010-07-03 07:31:24 59392 ----a-w- c:\windows\~DF9A42.tmp2010-07-03 07:30:33 59392 ----a-w- c:\windows\~DFCCD5.tmp2010-07-01 05:24:44 7168 --sha-w- c:\windows\system32\Thumbs.db2010-06-29 09:02:37 0 d-----w- c:\documents and settings\compaq_administrator\~folder.desktop$2010-06-29 01:44:40 77352 ----a-w- c:\windows\hpqins05.dat2010-06-21 22:21:49 0 d-s---w- C:\ComboFix2010-06-20 01:36:28 3 ----a-w- c:\windows\Twain001.Mtx2010-06-20 01:36:28 156 ----a-w- c:\windows\Twunk001.MTX2010-06-20 01:36:28 0 ----a-w- c:\windows\Twunk002.MTX==================== Find3M ====================2010-06-17 06:54:19 87 -c--a-w- c:\documents and settings\compaq_administrator\jagex_runescape_preferences2.dat2010-06-17 06:54:19 45 -c--a-w- c:\documents and settings\compaq_administrator\jagex_runescape_preferences.dat2010-06-02 04:05:15 176440 ----a-w- c:\windows\hpwins19.dat2010-05-16 21:00:28 411368 -c--a-w- c:\windows\system32\deployJava1.dll2010-05-01 05:03:06 104733 -c--a-w- c:\windows\DIIUnin.dat2010-04-27 23:36:25 73728 -c--a-w- c:\windows\system32\RtNicProp32.dll2010-04-26 20:58:12 256512 -c--a-w- c:\windows\PEV.exe2010-04-25 21:53:58 323624 ----a-w- c:\windows\system32\wiaaut.dll2010-04-13 06:45:20 0 -c--a-w- c:\documents and settings\compaq_administrator\jagex__preferences3.dat2008-08-17 16:04:33 1536 -csha-w- c:\program files\ehthumbs.db2008-08-17 15:04:50 251 -c--a-w- c:\program files\wt3d.ini2001-07-26 21:58:46 47 -c--a-w- c:\program files\ACMonitor_X73.ini2001-07-05 17:46:44 8116 -c--a-w- c:\program files\OSLO3071b2.USB2001-05-08 21:36:42 114688 -c--a-w- c:\program files\lxarscan.dll2001-04-23 19:22:14 1437 -c--a-w- c:\program files\gtx73.ini============= FINISH: 15:23:09.28 =============== Link to post Share on other sites More sharing options...
RPMcMurphy Posted July 7, 2010 ID:280853 Share Posted July 7, 2010 ItsBrucey, You have more than one antivirus (AV) program running. Your logs show both Avira and Norton Internet Security (NIS) running. Running more than one AV program does not offer any more protection and often causes conflicts and slow downs with your computer. Please uninstall either Avira or NIS via Control Panel > Add/Remove Programs. Run the removal tool (links below) for whichever app you uninstall also:Avira Removal ToolNorton Removal Tool Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.Notes:1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.Please include the following in your next post:ComboFix log Link to post Share on other sites More sharing options...
ItsBrucey Posted July 7, 2010 Author ID:280899 Share Posted July 7, 2010 Thank you,I think norton came pre-loaded on my computer, I have never used it though I don't like it very much...I have ran the removal tool and disabled Avira, attached is the combofix log. Link to post Share on other sites More sharing options...
ItsBrucey Posted July 7, 2010 Author ID:280900 Share Posted July 7, 2010 Thank you,I think norton came pre-loaded on my computer, I have never used it though I don't like it very much...I have ran the removal tool and disabled Avira, attached is the combofix log.combofixlog.txt Link to post Share on other sites More sharing options...
RPMcMurphy Posted July 7, 2010 ID:280906 Share Posted July 7, 2010 Hi ItsBrucey,Are you still getting frequent messages from Avira? If so, can you be more specific about what it's detecting? Please run these for me now: You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.Open MBAMClick the Update tabClick Check for UpdatesIf an update is found, it will download and install the latest version.The program will close to update and reopen.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Using Internet Explorer or Firefox, visit Kaspersky Online Scanner 1. Click Accept, when prompted to download and install the program files and database of malware definitions.2. To optimize scanning time and produce a more sensible report for review:Close any open programsTurn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.3. Click Run at the Security prompt.The program will then begin downloading and installing and will also update the database.Please be patient as this can take quite a long time to download.Once the update is complete, click on Settings.Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:Spyware, adware, dialers, and other riskwareArchivesE-mail databases[*]Click on My Computer under the green Scan bar to the left to start the scan. [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. [*]Click View report... at the bottom.[*] Click the Save report... button.[*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next replyPlease include the following in your next post:MBAM logKaspersky log Link to post Share on other sites More sharing options...
ItsBrucey Posted July 8, 2010 Author ID:281354 Share Posted July 8, 2010 Hi,Here are the logs,MBAM LogMalwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4290Windows 5.1.2600 Service Pack 3Internet Explorer 6.0.2900.55127/7/2010 7:20:17 PMmbam-log-2010-07-07 (19-20-17).txtScan type: Quick scanObjects scanned: 143275Time elapsed: 6 minute(s), 12 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 3Registry Values Infected: 0Registry Data Items Infected: 1Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\adhlpr.adhlpr (Adware.Adrotator) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\adhlpr.adhlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ave.exe" /START "") Good: (iexplore.exe) -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)And the Kaspersky log--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7.0: scan report Thursday, July 8, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, July 08, 2010 07:28:45 Records in database: 4244228--------------------------------------------------------------------------------Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yesScan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\Scan statistics: Objects scanned: 162021 Threats found: 2 Infected objects found: 2 Suspicious objects found: 0 Scan duration: 04:35:12File name / Threat / Threats countC:\WINDOWS\system32\rn.tmp Infected: Trojan.Win32.Agent.bpgp 1D:\I386\Apps\APP15894\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1Selected area has been scanned. Link to post Share on other sites More sharing options...
RPMcMurphy Posted July 9, 2010 ID:281406 Share Posted July 9, 2010 Hello ItsBrucey,Your logs are looking good. How is the computer running now? Are you still having issues? All that is left malware wise is one bad file and some important updating and cleanup:Click Start > Run or Press Windows Key + R and copy/paste the following single-line command into the Run box and click OK:cmd /c del /f/a/q "C:\WINDOWS\system32\rn.tmp"JavaRa ...by: Paul McLain and Fred de VriesPlease download JavaRa (Copyright Link to post Share on other sites More sharing options...
ItsBrucey Posted July 9, 2010 Author ID:281480 Share Posted July 9, 2010 Hi,Yes my computer does seem to be running.. A little more smooth, but it is nowhere near as fast as it should be.Here are a few problems I've noticed.My volume still doesn't work....PF Usage is way high for some reason (on task manager it shows wuauclt using 95,000k and a svchost using another 95,000k)Unreasonably slow startupUnreasonably slow cpu.I know you are not here to solve every complaint and problem, but if you could do so. Please help me to restore my computer to what it used to be.JavaRa Log:JavaRa 1.15 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Thu Jul 08 22:32:58 2010Found and removed: C:\Program Files\Java\jre1.5.0_05Found and removed: C:\Program Files\Java\jre1.6.0_03Found and removed: C:\Program Files\Java\jre1.6.0_07Found and removed: Software\JavaSoft\Java2D\1.5.0_05Found and removed: Software\JavaSoft\Java2D\1.5.0_09Found and removed: SOFTWARE\Classes\JavaPlugin.150_09Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01Found and removed: Software\JavaSoft\Java2D\1.6.0_01Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_05\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\------------------------------------Finished reporting. Link to post Share on other sites More sharing options...
RPMcMurphy Posted July 9, 2010 ID:281663 Share Posted July 9, 2010 Hello ItsBrucey,I'll take one last look, but I don't think your issues are malware related. If wuauclt is showing up in your task manager you have Windows Updates waiting to be applied; let them run. Please run this for me and another DDS scan (if these look OK, I'll refer you to someone who can help you with your other issues): Download Bootkit remover to your desktopThis is a rar file if you do not have a program to open it then download and install PeazipExtract Remover.exe to your desktopRight click Remover.exe and select Run as AdministratorIt will show a Black screen with some data on itRight click on the screen and select > Select AllPress Control+COpen a notepad and press Control+VPost the resultant log here please Link to post Share on other sites More sharing options...
ItsBrucey Posted July 10, 2010 Author ID:281895 Share Posted July 10, 2010 Bootkit Remover version 1.0.0.1(c) 2009 eSage Labwww.esagelab.com\\.\C: -> \\.\PhysicalDrive0MD5: 04bb945744f67e09eac699dea7655d04\\.\D: -> \\.\PhysicalDrive0 Size Device Name MBR Status -------------------------------------------- 186 GB \\.\PhysicalDrive0 Unknown boot codeUnknown boot code has been found on some of your physical disks.To inspect the boot code manually, dump the master boot sector:remover.exe dump <device_name> [output_file]To disinfect the master boot sector, use the following command:remover.exe fix <device_name>Press any key to quit...DDS (Ver_10-03-17.01) - NTFSx86 Run by Compaq_Administrator at 22:05:03.14 on Fri 07/09/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.199 [GMT -5:00]AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\System32\svchost.exe -k AkamaiC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\arservice.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k HPZ12c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\TVersity\Media Server\MediaServer.exesvchost.exeC:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Documents and Settings\Compaq_Administrator\Desktop\dds(2).scr============== Pseudo HJT Report ===============uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mWindow Title = Microsoft Internet Explorer presented by ComcastuInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = <local>uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exedRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tdRunOnce: [RunNarrator] Narrator.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exeIE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278706678640DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {BADA82CB-BF48-4D76-9611-78E2C6F49F03} - hxxp://95.143.193.60/grep/Bol.CABDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabTCP: {96DBD65A-A2B4-4D94-956C-90B18B18AE01} = 192.168.1.1Notify: AtiExtEvent - Ati2evxx.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\wpgdqdlh.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web SearchFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:officialFF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={E6A98222-B79D-D626-65C3-29CC15FBE14B}&q=FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dllFF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-1-27 11608]R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-10 14336]R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-1-27 68865]R2 AntiVirService;AntiVir PersonalEdition Classic Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-1-27 151297]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-1-27 52056]S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2008-7-11 96256]S3 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-2-18 204800]=============== Created Last 30 ================2100-02-23 19:35:34 768 -c--a-w- c:\program files\x73_lut.dat2100-02-08 21:03:54 53248 -c--a-w- c:\program files\ACMonitor_X73.exe2010-07-10 03:00:51 0 d-----w- C:\ecf68feb761216b900842f4d2d2010-07-09 03:34:27 0 d-s---w- C:\ComboFix2010-07-03 07:55:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment2010-07-03 07:51:26 0 d-----w- c:\program files\World of Warcraft Trial2010-07-03 07:45:32 0 d-----w- C:\World of Warcraft Trial2010-06-29 09:02:37 0 d-----w- c:\documents and settings\compaq_administrator\~folder.desktop$2010-06-29 01:44:40 77352 ----a-w- c:\windows\hpqins05.dat2010-06-20 01:36:28 3 ----a-w- c:\windows\Twain001.Mtx2010-06-20 01:36:28 156 ----a-w- c:\windows\Twunk001.MTX2010-06-20 01:36:28 0 ----a-w- c:\windows\Twunk002.MTX==================== Find3M ====================2010-06-17 06:54:19 87 -c--a-w- c:\documents and settings\compaq_administrator\jagex_runescape_preferences2.dat2010-06-17 06:54:19 45 -c--a-w- c:\documents and settings\compaq_administrator\jagex_runescape_preferences.dat2010-06-02 04:05:15 176440 ----a-w- c:\windows\hpwins19.dat2010-05-16 21:00:28 411368 -c--a-w- c:\windows\system32\deployJava1.dll2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\dllcache\win32k.sys2010-05-01 05:03:06 104733 -c--a-w- c:\windows\DIIUnin.dat2010-04-27 23:36:25 73728 -c--a-w- c:\windows\system32\RtNicProp32.dll2010-04-25 21:53:58 323624 ----a-w- c:\windows\system32\wiaaut.dll2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\dllcache\wininet.dll2010-04-16 16:09:08 627712 ----a-w- c:\windows\system32\dllcache\urlmon.dll2010-04-16 16:09:07 3073024 ----a-w- c:\windows\system32\dllcache\mshtml.dll2010-04-16 16:09:07 1509888 ----a-w- c:\windows\system32\dllcache\shdocvw.dll2010-04-16 16:09:05 81920 ----a-w- c:\windows\system32\ieencode.dll2010-04-16 16:09:05 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll2010-04-16 16:09:05 251904 ----a-w- c:\windows\system32\dllcache\iepeers.dll2010-04-16 16:09:05 1025024 ------w- c:\windows\system32\dllcache\browseui.dll2010-04-13 06:45:20 0 -c--a-w- c:\documents and settings\compaq_administrator\jagex__preferences3.dat2008-08-17 16:04:33 1536 -csha-w- c:\program files\ehthumbs.db2008-08-17 15:04:50 251 -c--a-w- c:\program files\wt3d.ini2001-07-26 21:58:46 47 -c--a-w- c:\program files\ACMonitor_X73.ini2001-07-05 17:46:44 8116 -c--a-w- c:\program files\OSLO3071b2.USB2001-05-08 21:36:42 114688 -c--a-w- c:\program files\lxarscan.dll2001-04-23 19:22:14 1437 -c--a-w- c:\program files\gtx73.ini============= FINISH: 22:07:02.14 ===============Thank you, and please do refer me to someone who can help me. I would love to get my volume back Link to post Share on other sites More sharing options...
RPMcMurphy Posted July 10, 2010 ID:282014 Share Posted July 10, 2010 Please run these next: Click Start > Run or Press Windows Key + R and copy/paste the following single-line command into the Run box and click OK (Note: this command presumes you extracted Bootkit Remover to your desktop, if you extracted it elsewhere, please advise.):"%userprofile%\Desktop\remover.exe" fix \\.\PhysicalDrive0 Reboot your computer and re-run Bootkit remover as we did initiallyRight click Remover.exe and select Run as AdministratorIt will show a Black screen with some data on itRight click on the screen and select > Select AllPress Control+COpen a notepad and press Control+VPost the resultant log here please Link to post Share on other sites More sharing options...
ItsBrucey Posted July 10, 2010 Author ID:282141 Share Posted July 10, 2010 Bootkit Remover version 1.0.0.1(c) 2009 eSage Labwww.esagelab.com\\.\C: -> \\.\PhysicalDrive0MD5: 6def5ffcbcdbdb4082f1015625e597bd\\.\D: -> \\.\PhysicalDrive0 Size Device Name MBR Status -------------------------------------------- 186 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)Press any key to quit... Link to post Share on other sites More sharing options...
RPMcMurphy Posted July 10, 2010 ID:282152 Share Posted July 10, 2010 How is it running now? Link to post Share on other sites More sharing options...
ItsBrucey Posted July 11, 2010 Author ID:282436 Share Posted July 11, 2010 How is it running now?great but can you refer me to whoever knows how to get my volume back? Link to post Share on other sites More sharing options...
RPMcMurphy Posted July 11, 2010 ID:282440 Share Posted July 11, 2010 That bootkit I just cleaned is known to mess with sound, so I was hoping that would have resolved it. Does your sound not work at all or are you just missing the volume control from the taskbar? Is that your only remaining issue with the computer now?Thanks! Link to post Share on other sites More sharing options...
ItsBrucey Posted July 12, 2010 Author ID:282794 Share Posted July 12, 2010 That bootkit I just cleaned is known to mess with sound, so I was hoping that would have resolved it. Does your sound not work at all or are you just missing the volume control from the taskbar? Is that your only remaining issue with the computer now?Thanks!Actually it resolved it. Thank you very much, but yes i would like to know how to get volume control back. Link to post Share on other sites More sharing options...
RPMcMurphy Posted July 12, 2010 ID:282962 Share Posted July 12, 2010 Hello,Follow the instructions in this link to put your volume control in the taskbar.Also, make sure that you've uninstalled ComboFix and cleaned up the rest of the tools we used (instructions were in post #13).Please post once more so I know you are all set and we can mark this solved. Link to post Share on other sites More sharing options...
Recommended Posts