Jump to content

Recommended Posts

Helo all,

My 1st post to your site:

The MS Live Onecare Safety Scanner has detected this issue on my computer but is not able to clean (remove) it. I have installed other scanners "Malwarebytes Anti-Malware" and it has not been able to dected ot remove the bpac/purok.class.

Any help would be wonderful.

Thanks so much.. :)

Link to post
Share on other sites

Hi Steve and Welcome!

We need to look at some information about what is going on in your computer:

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool.

    [*]When done, DDS will open two (2) logs

    1. DDS.txt

    2. Attach.txt

    [*] Save both reports to your desktop.

    [*] The instructions here ask you to attach the Attach.txt.

    DDS.jpg

    [*]Instead of attaching, please copy/past both logs into your Thread

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

Link to post
Share on other sites

Hi Steve and Welcome!

We need to look at some information about what is going on in your computer:

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool.

    [*]When done, DDS will open two (2) logs

    1. DDS.txt

    2. Attach.txt

    [*] Save both reports to your desktop.

    [*] The instructions here ask you to attach the Attach.txt.

    DDS.jpg

    [*]Instead of attaching, please copy/past both logs into your Thread

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

Thanks for your help..

Here are the two files: DDS.txt

DDS (Ver_10-12-12.02) - NTFSx86

Run by Administrator at 12:08:41.21 on Tue 02/08/2011

Internet Explorer: 7.0.5730.11

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.631.200 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\OSTORE\BIN\OSCMGR4.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Napster\napster.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\CreataCard\Gold\FMRemind.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Documents and Settings\Administrator\Desktop\dds.scr

C:\WINDOWS\system32\wuauclt.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.tennis-warehouse.com/

uSearch Page =

uSearch Bar =

uWindow Title = Microsoft Internet Explorer provided by Verizon Online

mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

mSearchAssistant =

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

uURLSearchHooks: H - No File

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File

BHO: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-d0fc-e57af4d5fa7d} - c:\progra~1\common~1\verizo~1\sfp\vzbb.dll

BHO: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No File

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-d0fc-e57af4d5fa7d} - c:\progra~1\common~1\verizo~1\sfp\vzbb.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

TB: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [DrvLsnr] c:\program files\analog devices\soundmax\DrvLsnr.exe

mRun: [srmclean] c:\cpqs\scom\srmclean.exe

mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe

mRun: [shStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE

mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey

mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\TBMon.exe"

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [WinampAgent] c:\program files\winamp\winampa.exe

mRun: [NapsterShell] c:\program files\napster\napster.exe /systray

mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\creata~1.lnk - c:\program files\creatacard\gold\FMRemind.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

IE: &Search

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197550251703

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197550240281

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-3-20 58464]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2004-9-22 221191]

R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2004-9-22 28672]

R2 ObjectStore Cache Manager R4.0;ObjectStore Cache Manager R4.0;c:\ostore\bin\oscmgr4.exe [2006-3-20 93696]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-16 24652]

R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-3-20 108480]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]

S2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-3-20 102463]

=============== Created Last 30 ================

2011-02-06 18:46:34 -------- d-----w- c:\docume~1\admini~1\applic~1\AVG10

2011-02-06 18:44:44 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files

2011-02-06 18:41:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2011-02-06 18:32:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2011-02-06 16:33:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2011-02-06 16:33:54 -------- d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com

2011-02-06 16:33:44 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-02-06 13:49:14 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2011-02-06 13:49:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-06 13:49:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-02-06 13:49:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-06 13:49:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-04 05:42:10 -------- d-----w- c:\program files\iPod

2011-02-04 05:41:55 -------- d-----w- c:\program files\iTunes

==================== Find3M ====================

2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

============= FINISH: 12:09:54.87 ===============

ATTACH.txt

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/21/2005 10:14:42 AM

System Uptime: 2/8/2011 11:05:27 AM (1 hours ago)

Motherboard: Hewlett-Packard | | 085Ch

Processor: Intel® Pentium® 4 CPU 2.60GHz | XU1 PROCESSOR | 2593/800mhz

Processor: Intel® Pentium® 4 CPU 2.60GHz | XU1 PROCESSOR | 2593/800mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 38 GiB total, 9.627 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1473: 12/28/2010 11:49:37 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1474: 12/29/2010 8:06:02 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1475: 12/30/2010 8:06:23 AM - System Checkpoint

RP1476: 12/30/2010 8:53:28 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1477: 12/31/2010 9:26:12 AM - System Checkpoint

RP1478: 1/1/2011 10:31:59 AM - System Checkpoint

RP1479: 1/1/2011 8:42:38 PM - Cleaned registry with Windows Live OneCare safety scanner

RP1480: 1/2/2011 9:37:44 PM - System Checkpoint

RP1481: 1/3/2011 8:14:25 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1482: 1/4/2011 6:52:23 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1483: 1/5/2011 7:35:13 AM - System Checkpoint

RP1484: 1/5/2011 9:16:54 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1485: 1/6/2011 9:38:04 AM - System Checkpoint

RP1486: 1/7/2011 9:14:32 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1487: 1/8/2011 7:52:38 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1488: 1/9/2011 8:41:00 AM - System Checkpoint

RP1489: 1/9/2011 11:20:10 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1490: 1/10/2011 9:37:51 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1491: 1/11/2011 9:06:28 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1492: 1/12/2011 9:21:50 AM - System Checkpoint

RP1493: 1/13/2011 10:07:18 AM - System Checkpoint

RP1494: 1/13/2011 11:29:51 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1495: 1/14/2011 8:54:54 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1496: 1/15/2011 9:01:04 AM - System Checkpoint

RP1497: 1/16/2011 9:44:14 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1498: 1/17/2011 7:51:41 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1499: 1/18/2011 7:18:02 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1500: 1/19/2011 7:20:44 AM - System Checkpoint

RP1501: 1/20/2011 7:29:34 AM - System Checkpoint

RP1502: 1/20/2011 8:21:16 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1503: 1/21/2011 9:43:50 AM - System Checkpoint

RP1504: 1/21/2011 10:51:31 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1505: 1/22/2011 11:12:01 AM - System Checkpoint

RP1506: 1/22/2011 12:44:39 PM - Cleaned registry with Windows Live OneCare safety scanner

RP1507: 1/23/2011 12:47:45 PM - Cleaned registry with Windows Live OneCare safety scanner

RP1508: 1/24/2011 1:42:08 PM - System Checkpoint

RP1509: 1/25/2011 8:19:53 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1510: 1/26/2011 8:49:00 AM - System Checkpoint

RP1511: 1/26/2011 9:20:35 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1512: 1/27/2011 7:02:58 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1513: 1/28/2011 7:37:41 AM - System Checkpoint

RP1514: 1/28/2011 10:35:39 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1515: 1/29/2011 12:37:08 PM - System Checkpoint

RP1516: 1/30/2011 1:16:19 PM - System Checkpoint

RP1517: 1/31/2011 9:19:48 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1518: 2/1/2011 9:24:49 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1519: 2/2/2011 9:52:36 AM - System Checkpoint

RP1520: 2/2/2011 11:03:50 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1521: 2/3/2011 9:29:49 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1522: 2/4/2011 12:00:09 PM - System Checkpoint

RP1523: 2/5/2011 10:59:16 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1524: 2/6/2011 8:36:53 AM - Cleaned registry with Windows Live OneCare safety scanner

RP1525: 2/6/2011 1:40:10 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

RP1526: 2/6/2011 1:40:28 PM - Installed AVG 2011

RP1527: 2/6/2011 1:41:17 PM - Installed AVG 2011

RP1528: 2/6/2011 2:36:33 PM - Removed AVG 2011

RP1529: 2/6/2011 2:38:25 PM - Removed AVG 2011

RP1530: 2/6/2011 8:02:11 PM - Cleaned registry with Windows Live OneCare safety scanner

RP1531: 2/8/2011 6:09:10 AM - System Checkpoint

RP1532: 2/8/2011 8:31:15 AM - Cleaned registry with Windows Live OneCare safety scanner

==== Installed Programs ======================

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 7.1.0

Adobe Shockwave Player 11.5

AIM 7

AIM Toolbar

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Astoria Client

Bonjour

Broadcom Management Programs

Carmen Sandiego Jr. Edition

ClueFinders® 6th Grade Adventures

Coupon Printer for Windows

CreataCard Gold 3

DivX Content Uploader

DivX Web Player

Download Updater (AOL LLC)

Gizmos and Gadgets!

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

Intel® Extreme Graphics 2 Driver

iTunes

Java 2 Runtime Environment, SE v1.4.2_01

Java 2 Runtime Environment, SE v1.4.2_03

Java Auto Updater

Java 6 Update 23

Mall Tycoon 2 Deluxe

Malwarebytes' Anti-Malware

McAfee VirusScan Enterprise

Microsoft .NET Framework 2.0

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Converter Pack

Microsoft Office Professional Edition 2003

Microsoft Office XP Professional with FrontPage

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

MobileMe Control Panel

Move Media Player

MSN

MSXML 4.0 SP2 (KB927978)

Napster

Napster Burn Engine

ObjectStore 5.1

QuickTime

RollerCoaster Tycoon 3

Safari

School Tycoon

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

SnagIt 6

Software Setup

SopCast 3.0.3

SoundMAX

SUPERAntiSpyware

The American Girls Premiere 2nd Edition

The ClueFinders® Reading Adventures Ages 9-12

TVUPlayer 2.4.9.1

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

URGE

Verizon Help and Support Tool

Verizon Online

Viewpoint Media Player

Vz In Home Agent

WebFldrs XP

Winamp (remove only)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Windows XP Service Pack 2

WinZip

Zoo Tycoon 2 - Marine Mania

==== Event Viewer Messages From Past Week ========

2/2/2011 7:15:43 AM, error: Service Control Manager [7022] - The Network Associates McShield service hung on starting.

==== End Of File ===========================

Thanks for your efforts... Please let me know how to proceed..

Link to post
Share on other sites

Looking over your log it seems you don't have any evidence of an anti-virus software.

We'll install a free one that I use when we are done.

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Looking over your log it seems you don't have any evidence of an anti-virus software.

We'll install a free one that I use when we are done.

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Hi.. Again...

Here is the Combofix Log:

ComboFix 11-02-08.02 - Administrator 02/08/2011 14:12:01.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.631.351 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS7.tmp

c:\documents and settings\Administrator\Local Settings\Temp\SAS7.tmp

.

---- Previous Run -------

.

c:\documents and settings\Administrator\GoToAssistDownloadHelper.exe

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

c:\windows\system32\drivers\fad.sys

.

((((((((((((((((((((((((( Files Created from 2011-01-08 to 2011-02-08 )))))))))))))))))))))))))))))))

.

2011-02-08 18:58 . 2005-01-15 01:00 41018 ----a-w- c:\windows\system32\EntAPI.dll

2011-02-08 18:33 . 2011-02-08 18:33 -------- d-----w- c:\windows\5DF3D1BB894E4DCD8275159AC9829B43.TMP

2011-02-08 17:50 . 2011-02-08 19:12 -------- d-----w- C:\quarantine

2011-02-06 18:46 . 2011-02-06 18:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG10

2011-02-06 18:44 . 2011-02-06 18:44 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-02-06 18:41 . 2011-02-06 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-02-06 18:32 . 2011-02-06 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-02-06 16:33 . 2011-02-06 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-02-06 13:49 . 2011-02-06 13:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-02-06 13:49 . 2011-02-06 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-02-04 05:42 . 2011-02-04 05:42 -------- d-----w- c:\program files\iPod

2011-02-04 05:41 . 2011-02-04 05:43 -------- d-----w- c:\program files\iTunes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-12 23:53 . 2010-06-20 11:48 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-12 21:34 . 2010-06-19 19:45 73728 ----a-w- c:\windows\system32\javacpl.cpl

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2002-05-28 69632]

"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2002-08-07 485376]

"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-08-24 39424]

"NapsterShell"="c:\program files\Napster\napster.exe" [2008-05-09 323216]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk - c:\program files\CreataCard\Gold\FMRemind.exe [2008-1-28 189952]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [3/20/2006 10:16 AM 58464]

R2 ObjectStore Cache Manager R4.0;ObjectStore Cache Manager R4.0;c:\ostore\bin\oscmgr4.exe [3/20/2006 9:55 AM 93696]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/16/2008 4:24 PM 24652]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 12:11 PM 135664]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ENTDRV51

.

Contents of the 'Scheduled Tasks' folder

2011-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 17:11]

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 17:11]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.tennis-warehouse.com/

mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

.

- - - - ORPHANS REMOVED - - - -

BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)

BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - (no file)

Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-08 14:19

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@DACL=(02 0011)

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

@DACL=(02 0011)

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@DACL=(02 0011)

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@DACL=(02 0011)

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@DACL=(02 0011)

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@DACL=(02 0011)

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@DACL=(02 0011)

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(708)

c:\windows\system32\EntApi.dll

.

Completion time: 2011-02-08 14:23:01

ComboFix-quarantined-files.txt 2011-02-08 19:22

Pre-Run: 15,723,270,144 bytes free

Post-Run: 15,676,071,936 bytes free

- - End Of File - - 4F122CE65AA54904B9AA9AF58CA59503

Link to post
Share on other sites

There are some older versions of Java on your computer. These can be a source of infection.

Go to Start > Control Panel > Add/Remove Programs.

Please remove these entries from Add/Remove Programs in the Control Panel:

Java 2 Runtime Environment, SE v1.4.2_01

Java 2 Runtime Environment, SE v1.4.2_03

Next

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

DDS::
uInternet Settings,ProxyOverride = 127.0.0.1;*.local

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

There are some older versions of Java on your computer. These can be a source of infection.

Go to Start > Control Panel > Add/Remove Programs.

Please remove these entries from Add/Remove Programs in the Control Panel:

Java 2 Runtime Environment, SE v1.4.2_01

Java 2 Runtime Environment, SE v1.4.2_03

Next

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

DDS::
uInternet Settings,ProxyOverride = 127.0.0.1;*.local

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Hi,

I removed the two older versions of Java witrh no problem.

The ComboFix Scan began to run but then stalled at the point where it indicated that the scan could take 10 minutes or more. I closed the application after 45 minutes. Restarted the computer with no problems.

Please advise.. and thanks for all the effort!

Steve

Link to post
Share on other sites

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Then run Run CFScript as in my previous post please.

Link to post
Share on other sites

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Then run Run CFScript as in my previous post please.

Hello Again,

No error messages from DeFogger. Ran fine.. BUT did not ask me to reboot.

When ComboFix was executed.. it hung again.. at the same point as posted above. I was able to exit ComboFix and re-boot.

Thanks again.. Please advise.

Regards,

Steve

Link to post
Share on other sites

Click here to download HJTInstall.exe

  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Link to post
Share on other sites

Click here to download HJTInstall.exe

  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Hi... Here is the logfile:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:08:35 AM, on 2/9/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\OSTORE\BIN\OSCMGR4.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Napster\napster.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\CreataCard\Gold\FMRemind.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Outlook Express\msimn.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tennis-warehouse.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray

O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Gold\FMRemind.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...20Installer.cab

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6886.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1197550251703

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1197550240281

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: ObjectStore Cache Manager R4.0 - Object Design, Inc. - C:\OSTORE\BIN\OSCMGR4.EXE

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 9635 bytes

Link to post
Share on other sites

Open Hijackthis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

R3 - URLSearchHook: (no name) - - (no file)

Again, make sure ALL browser windows are closed when you click FIX.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

In Internet Explorer

1.Tools Menu -> Internet Options -> Connections Tab -> Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox

1.Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"

2.Click the apply button and restart that computer in normal mode.

With that done, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

Link to post
Share on other sites

Open Hijackthis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

R3 - URLSearchHook: (no name) - - (no file)

Again, make sure ALL browser windows are closed when you click FIX.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

In Internet Explorer

1.Tools Menu -> Internet Options -> Connections Tab -> Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox

1.Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"

2.Click the apply button and restart that computer in normal mode.

With that done, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

Completed both tasks.. All seems fine.

Please advise and thank you!

Link to post
Share on other sites

Your Computer is Clean

CLEAN-1.jpg

Some final items:

Follow these steps to uninstall Combofix and tools used in the removal of malware

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Additional Security Measures

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial for Spywareblaster can be found here.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Secunia software inspector & update checker

Visit My Blog for Malware and Spyware Tips

6567E80CC55576485246E130E48A9FA8.png

Link to post
Share on other sites

Your Computer is Clean

CLEAN-1.jpg

Some final items:

Follow these steps to uninstall Combofix and tools used in the removal of malware

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Additional Security Measures

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial for Spywareblaster can be found here.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Secunia software inspector & update checker

Visit My Blog for Malware and Spyware Tips

6567E80CC55576485246E130E48A9FA8.png

Good Afternoon Kenny,

Should the MS Windows Live OneCare Safety Scanner still be reporting this error?

Severe Issue Found

Exploit:Java/CVE-2010-0840

AA

Issue 1

C:\documentsandsettings\administrator\application data\java\deployment\cache\6.0\31\12cfb89f-1b484438

bpac/purok.class

Is this now a false positive or is there cause for concern?

Thanks again..

SteveI

Link to post
Share on other sites

We'll remove them. Lets make sure there's not more of java

Please run this online scan to help look for remnants.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

We'll remove them. Lets make sure there's not more of java

Please run this online scan to help look for remnants.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Hello Again,

Scan completed: It appears it found other issues. Scan log below:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.16473 (vista_gdr.070420-1500)

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=12c43eaf23659b4abdbdee9c463673f6

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-02-09 06:46:22

# local_time=2011-02-09 01:46:22 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1024 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=15350

# found=1

# cleaned=0

# scan_time=1022

C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\31\12cfb89f-1b484438 multiple threats (unable to clean) 00000000000000000000000000000000 I

# version=7

# iexplore.exe=7.00.6000.16473 (vista_gdr.070420-1500)

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=12c43eaf23659b4abdbdee9c463673f6

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-02-09 08:34:27

# local_time=2011-02-09 03:34:27 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1024 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=87739

# found=3

# cleaned=0

# scan_time=6298

C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\31\12cfb89f-1b484438 multiple threats (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\Common Files\Verizon Online\SFP\vzbb.dll Win32/Adware.MegaSearch application (unable to clean) 00000000000000000000000000000000 I

${Memory} Win32/Adware.MegaSearch application 00000000000000000000000000000000 I

Link to post
Share on other sites

Please download the OTM by OldTimer.

  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :Services

    :Reg

    :Files
    C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\31\12cfb89f-1b484438
    C:\Program Files\Common Files\Verizon Online\SFP\vzbb.dll

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [clearallrestorepoints]
    [Reboot]


  • Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Link to post
Share on other sites

Please download the OTM by OldTimer.
  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :Services

    :Reg

    :Files
    C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\31\12cfb89f-1b484438
    C:\Program Files\Common Files\Verizon Online\SFP\vzbb.dll

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [clearallrestorepoints]
    [Reboot]


  • Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Helo Again..

The application ran.. but then stopped working. I could not get a log file. Re-started my PC and ran the appication once again.. with the same result.

Regards,

Steve

Link to post
Share on other sites

Well, there is more than one way to skin a cat, as we say.

To clear your Java Cache.

Click Start > Control Panel.

In the Control Panel, double-click the "Java" icon in the control panel. The Java Control Panel then appears.

Under the header "Temporary Internet Files", select the "Settings" button.

81f6db55.png

Don't change any of the settings, then click "Delete Files".

9e91904d.png

Next, the Delete Temporary Files dialog box appears.

a7252171.png

Make sure both boxes are ticked, and hit the OK button.

.

Next

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

Link to post
Share on other sites

Well, there is more than one way to skin a cat, as we say.

To clear your Java Cache.

Click Start > Control Panel.

In the Control Panel, double-click the "Java" icon in the control panel. The Java Control Panel then appears.

Under the header "Temporary Internet Files", select the "Settings" button.

81f6db55.png

Don't change any of the settings, then click "Delete Files".

9e91904d.png

Next, the Delete Temporary Files dialog box appears.

a7252171.png

Make sure both boxes are ticked, and hit the OK button.

.

Next

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

Good Morning Kenny,

Completed both tasks:

1) Cleared Java Cache

2) Completed Scan: Results Below:

Scanning Report

Thursday, February 10, 2011 05:36:07 - 06:35:14

Computer name: ASSETXXXX002434

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\

--------------------------------------------------------------------------------

12 malware found

TrackingCookie.Questionmarket (spyware)

System (Disinfected)

TrackingCookie.Advertising (spyware)

System (Disinfected)

TrackingCookie.Atdmt (spyware)

System (Disinfected)

TrackingCookie.Doubleclick (spyware)

System (Disinfected)

TrackingCookie.Revsci (spyware)

System (Disinfected)

TrackingCookie.Fastclick (spyware)

System (Disinfected)

TrackingCookie.Adbrite (spyware)

System (Disinfected)

TrackingCookie.Webtrends (spyware)

System (Disinfected)

TrackingCookie.Mediaplex (spyware)

System (Disinfected)

TrackingCookie.Liveperson (spyware)

System (Disinfected)

TrackingCookie.Atwola (spyware)

System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

System (Disinfected)

--------------------------------------------------------------------------------

Statistics

Scanned:

Files: 57548

System: 3522

Not scanned: 39

Actions:

Disinfected: 12

Renamed: 0

Deleted: 0

Not cleaned: 0

Submitted: 0

Files not scanned:

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\$NTUNINSTALLKB835732$\CALLCONT.DLL

C:\WINDOWS\$NTUNINSTALLKB835732$\H323.TSP

C:\WINDOWS\$NTUNINSTALLKB835732$\H323MSP.DLL

C:\WINDOWS\$NTUNINSTALLKB835732$\CMDEVTGPROV.DLL

C:\WINDOWS\$NTUNINSTALLKB835732$\HELPCTR.EXE

C:\WINDOWS\$NTUNINSTALLKB835732$\IPNATHLP.DLL

C:\WINDOWS\$NTUNINSTALLKB835732$\MSASN1.DLL

C:\WINDOWS\$NTUNINSTALLKB835732$\MSGINA.DLL

C:\WINDOWS\$NTUNINSTALLKB835732$\MST120.DLL

C:\WINDOWS\$NTUNINSTALLKB835732$\NETAPI32.DLL

C:\WINDOWS\$NTUNINSTALLKB835732$\NMCOM.DLL

C:\WINDOWS\$NTUNINSTALLKB835732$\SCHANNEL.DLL

C:\WINDOWS\$NTUNINSTALLKB835732$\RTCDLL.DLL

C:\WINDOWS\$NTUNINSTALLKB833987$\SXS.DLL

C:\WINDOWS\$NTUNINSTALLKB828741$\CATSRV.DLL

C:\WINDOWS\$NTUNINSTALLKB828741$\CATSRVUT.DLL

C:\WINDOWS\$NTUNINSTALLKB828741$\CLBCATEX.DLL

C:\WINDOWS\$NTUNINSTALLKB828741$\CLBCATQ.DLL

C:\WINDOWS\$NTUNINSTALLKB828741$\COLBACT.DLL

C:\WINDOWS\$NTUNINSTALLKB828741$\COMREPL.EXE

C:\WINDOWS\$NTUNINSTALLKB828741$\COMADMIN.DLL

C:\WINDOWS\$NTUNINSTALLKB828741$\COMSVCS.DLL

C:\WINDOWS\$NTUNINSTALLKB828741$\COMUID.DLL

C:\WINDOWS\$NTUNINSTALLKB828741$\ES.DLL

C:\WINDOWS\$NTUNINSTALLKB828741$\MSDTCTM.DLL

C:\WINDOWS\$NTUNINSTALLKB828741$\MSDTCPRX.DLL

C:\WINDOWS\$NTUNINSTALLKB828741$\MSDTCUIU.DLL

C:\WINDOWS\$NTUNINSTALLKB828741$\MTXCLU.DLL

C:\WINDOWS\$NTUNINSTALLKB828741$\MTXOCI.DLL

C:\WINDOWS\$NTUNINSTALLKB828741$\OLE32.DLL

C:\WINDOWS\$NTUNINSTALLKB828741$\RPCSS.DLL

C:\WINDOWS\$NTUNINSTALLKB828741$\RPCRT4.DLL

C:\WINDOWS\$NTUNINSTALLKB828741$\TXFLOG.DLL

--------------------------------------------------------------------------------

Options

Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

Use advanced heuristics

--------------------------------------------------------------------------------

Copyright

Link to post
Share on other sites

Your good to go.... :)

Kenny.. thanks so much.

Two last things..

I have a very old version of McAfee VirusSan 8.0 (also out of date) that I can't remove from my system. There is no un-install feature and the Control Panel "Remove Programs" does not seem to work in this case. Please advise..

Is there a free version of a Virus Protection SW that you are aware of that would work for my system..

Link to post
Share on other sites

McAfee Removal Tool

  • Download the removal tool.
  • Click Save and save the file to any folder on the computer.
  • Navigate to the folder where the file is saved.
  • Make sure all McAfee application windows are closed.
  • Double-click MCPR.exe and the removal tool will start automatically.
    Note: Windows Vista users must right-click and select Run as Administrator.
  • Once the removal tool is finished, you will be prompted to restart your computer.
  • Wait for the computer to restart.

Next

I use:

  • Avira AntiVir Personal - Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.

Link to post
Share on other sites

McAfee Removal Tool
  • Download the removal tool.
  • Click Save and save the file to any folder on the computer.
  • Navigate to the folder where the file is saved.
  • Make sure all McAfee application windows are closed.
  • Double-click MCPR.exe and the removal tool will start automatically.
    Note: Windows Vista users must right-click and select Run as Administrator.
  • Once the removal tool is finished, you will be prompted to restart your computer.
  • Wait for the computer to restart.

Next

I use:

  • Avira AntiVir Personal - Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.

Hi Kenny,

All is going well...I seem clean. I have installed the above product. Easy to use. Looks like a real winner!!!

Trying to un-install McAfee VirusScan Enterprise 8.0i looks like a major battle. I have used two tools and a manual approach with no results to date. All I really want at this point is to disable the product and keep it from loading at startup.

If you any other insights..they would of course, be welcome!! You the MAN!!!

Regards,

Steve

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.