Internet Connection Issues

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Internet Connection Issues, Help Needed

Options

mikerox View Member Profile	Nov 15 2008, 01:24 AM Post #1
Member Group: Members Posts: 86 Joined: 23-July 08 From: Columbus, Ohio Member No.: 224,704	I really am at a loss for what happened, as well as for what to do. My computer suffered a spike a few weeks back, and I decided to do a system restore (I'm using Windows Vista). It seemed like that solved my problems. However, as of Thursday, my internet connection has been acting up. For some strange reason, the only thing that works is IE 7. Everything else fails to connect to the internet. This includes my Firefox, Opera, and Safari browsers. I can't even update my antivirus definitions. I think that this is also conflicting with my Norton 360 antivirus program because it wouldn't start up. I uninstalled it, and attempted to reinstall the program, but it's stuck in the configuration stage. This is likely because it needs an internet connection for the remainder of it's configuration. I've tried everything I can think of. I checked the network connection settings for the browsers, I've rebooted the modem, twice, and I've checked the firewall settings. Everything checks out. I've even tried to commence with System Restore again, but when I tried, my restore points up to November 13th were just gone. I hadn't messed with the settings or anything, but it seems like they've been deleted. I have reason to suspect that I have been spiked again during the conducting of a search (I'm something of a spike magnet). Here's the Trend Micro HijackThis log. I've done everything that was required prior to this, and I am using the administrator's account (I only have on account on this computer). Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:42:00 AM, on 11/15/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files (x86)\Internet Explorer\ieuser.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWow64\Macromed\Flash\FlashUtil9f.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.franklin.edu/uPortal/render.userLayoutRootNode.uP R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files (x86)\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [EPSON Stylus Photo R280 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKA.EXE /FU "C:\Windows\TEMP\E_S115E.tmp" /EF "HKCU" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe /startupscan O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing) -- End of file - 8932 bytes If you can analyze this as soon as you can, I would greatly appreciate it. I feel really uncomfortable and particularly vunerable in this situation, and I really don't want to have to re-install this OS. Thank You. -------------------- A Christian and proud of it. Those who use the Button will suffer the wrath of Neapolitan!

Replies (1 - 14)

PropagandaPanda View Member Profile	Nov 21 2008, 05:42 PM Post #2
Group: HJT Team Posts: 6,885 Joined: 10-March 08 Member No.: 195,473	Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log. I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine. You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here. Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post. Download and Run ATFCleaner Please download ATF Cleaner by Atribune. This program will clear out temporary files before we run OTScanIt. You will likely be logged out of the forum where you are recieving help. This program is for XP and Windows 2000 only. Double-click ATF-Cleaner.exe to run the program. Under Main Select Files to Delete choose: Select All. Click the Empty Selected button. If you use any other browsers, select them appropriately from the top and empty all items. Download and Run OTScanIt Download OTScanIt by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop. Open the OTScanIt folder and double-click on OTScanIt.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator. Check the Scan all users box at the top left. Change the Drivers setting from "None" to Non-Microsoft. Under the Additional Scans bar, check: Reg - Disabled MS Config Items Reg - File Associations Reg - Uninstall List Now click the Run Scan* button on the toolbar. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Close Notepad (saving the change if necessary). Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt folder and named OTScanIt.txt. Run Scan with Kaspersky Please do a scan with Kaspersky Online Scanner. This scan is for Internet Explorer Only. If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan. Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how. Open the Kaspersky Scanner page. Click on Accept and install any components it needs. The program will install and then begin downloading the latest definition files. After the files have been downloaded on the left side of the page in the Scan section select My Computer This will start the program and scan your system. The scan will take a while, so be patient and let it run. Once the scan is complete, click on View scan report Now, click on the Save Report as button. Save the file to your desktop. Copy and paste that information in your next post. You can refer to this animation by sundavis. This scanner will only scan. It does not remove any malware it finds. In your next reply include: -the OTScanIt log (attached) -the Kaspersky log (pasted directly into your reply) Please also tell me of any changes you have made to your computer since your topic was started. If you do not make a reply in 5 days, we will need to close your topic. With Regards, The Panda Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed. -------------------- If I have been helping you and do not reply within 24 hours, please send me a message.

mikerox View Member Profile	Nov 22 2008, 12:40 AM Post #3
Member Group: Members Posts: 86 Joined: 23-July 08 From: Columbus, Ohio Member No.: 224,704	I performed the ATF clean up and did the OTScan. However, I can't get the Kapersky to work. It says that I need to install Java version 1.6 or later, and yet 1.6 is exactly what I have on there. I tried to download the latest version of Java, just to be safe, and I couldn't get it to pull up... Also, I suppose it would be helpful to point out that I tried to use several antivirus online scanners, but none of them worked. This post has been edited by mikerox: Nov 22 2008, 12:45 AM Attached File(s) OTScanIt.Txt ( 181.14k ) Number of downloads: 22 -------------------- A Christian and proud of it. Those who use the Button will suffer the wrath of Neapolitan!

PropagandaPanda View Member Profile	Nov 22 2008, 09:55 AM Post #4
Group: HJT Team Posts: 6,885 Joined: 10-March 08 Member No.: 195,473	Hello. The symptoms described certainly do sound like a hijacking. However, I see nothing in your log to suggest that. 64x Vista is usually well protected by just being 64x. Let's look a big deeper just in case. Download and Run Scan with GMER Some parts might be slightly different for your operating system. We will use GMER to scan for rootkits. Download gmer.zip and save to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here. Close all other running programs. There is a small chance this application may crash your computer so save any work you have open. Double-click on Gmer.exe to start the program. Allow the gmer.sys driver to load if asked. If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO. Click the >>>. Click on Settings, then check the first five settings: System Protection and Tracing Processes Save created processes to the log Drivers Save loaded drivers to the log Click OK. You will be prompted to restart your computer. Please do so. After the reboot, run Gmer again and click on the Rootkit tab. Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive. Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All. Click on the Scan and wait for the scan to finish. Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan. When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply. Note: If you have any problems, try running GMER in Safe Mode. However, do not use the MsConfig method to edit the Boot.ini. Important!:Please do not select the Show all checkbox during the scan.. Please also include a new HijackThis log. With Regards, The Panda -------------------- If I have been helping you and do not reply within 24 hours, please send me a message.

mikerox View Member Profile	Nov 22 2008, 06:42 PM Post #5
Member Group: Members Posts: 86 Joined: 23-July 08 From: Columbus, Ohio Member No.: 224,704	Looks like it only caught some things in the registry. GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-11-22 18:33:31 Windows 5.1.2600 Service Pack 2 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 900 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2B 0x49 0x33 0x65 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD3 0xD3 0xE2 0x41 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x62 0x27 0xE8 0xE8 ... Reg HKLM\SYSTEM\ControlSet003\Control\Diagnostics\Performance@ActiveShutdownDCL C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001 Reg HKLM\SYSTEM\ControlSet003\Control\Lsa@LsaPid 688 Reg HKLM\SYSTEM\ControlSet003\Control\Session Manager\Memory Management\PrefetchParameters@BootId 83 Reg HKLM\SYSTEM\ControlSet003\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 243250670 Reg HKLM\SYSTEM\ControlSet003\Control\Terminal Server@InstanceID 211650d4-868f-4e60-8e68-9ff15e5 Reg HKLM\SYSTEM\ControlSet003\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{328f25db-eb3b-45b4-904e-a9e33aa76838} Reg HKLM\SYSTEM\ControlSet003\Control\WMI\Autologger\WdiContextLog@FileCounter 2 Reg HKLM\SYSTEM\ControlSet003\Services\Ecache\Parameters@BootMinAvailableMemoryTimeMs 70050 Reg HKLM\SYSTEM\ControlSet003\Services\Ecache\Parameters@LastBootPlanUserTime Sat, Nov 22 08, 04:56:28 PM???????????? Reg HKLM\SYSTEM\ControlSet003\Services\Ecache\Parameters@MemoryCacheSize 494403128 Reg HKLM\SYSTEM\ControlSet003\Services\Ecache\Parameters@LastBootPlanTime 0xED 0x4C 0xC9 0x01 ... Reg HKLM\SYSTEM\ControlSet003\Services\Ecache\Parameters@BootMinAvailableMemory 2582 Reg HKLM\SYSTEM\ControlSet003\Services\Ecache\Parameters\ReadyBootStats@IoReadCount 39322 Reg HKLM\SYSTEM\ControlSet003\Services\Ecache\Parameters\ReadyBootStats@IoReadKB 0x5A 0xBB 0x0A 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\Ecache\Parameters\ReadyBootStats@CacheHitCount 31457 Reg HKLM\SYSTEM\ControlSet003\Services\Ecache\Parameters\ReadyBootStats@CacheHitKB 0xB9 0xFC 0x07 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\Ecache\Parameters\ReadyBootStats@CacheHitPercentage 80.00?????????????????????????????????????????????????????????? Reg HKLM\SYSTEM\ControlSet003\Services\Ecache\Parameters\ReadyBootStats@CacheFragmentation 11.09?????????????????????????????????????????????????????????? Reg HKLM\SYSTEM\ControlSet003\Services\Ecache\Parameters\ReadyBootStats@CompressedDataSizeKB 0xF4 0x03 0x06 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\Ecache\Parameters\ReadyBootStats@RawDataSizeKB 0xF4 0x03 0x06 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\Ecache\Parameters\ReadyBootStats@CompressionRatio 1.80??????????????????????????????????????????????????????????? Reg HKLM\SYSTEM\ControlSet003\Services\Ecache\Parameters\ReadyBootStats@CacheSizeKB 403766 Reg HKLM\SYSTEM\ControlSet003\Services\Ecache\Parameters\ReadyBootStats@LastBootPlanUTC 0x57 0x4C 0xC9 0x01 ... Reg HKLM\SYSTEM\ControlSet003\Services\Ecache\Parameters\ReadyBootStats@BootTimeUTC 0xCF 0x8F 0x21 0x29 ... Reg HKLM\SYSTEM\ControlSet003\Services\Ecache\Parameters\ReadyBootStats@LastBootPlanUserTime Fri, Nov 21 08, 11:04:51 PM???????????????????????????????????? Reg HKLM\SYSTEM\ControlSet003\Services\Ecache\Parameters\ReadyBootStats@BootPrefetchDiskTimeUs 0x30 0x0D 0x51 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\Ecache\Parameters\ReadyBootStats@BootPrefetchDataReadBytes 0x00 0x30 0x01 0x21 ... Reg HKLM\SYSTEM\ControlSet003\Services\gmer@Start 3 Reg HKLM\SYSTEM\ControlSet003\Services\NlaSvc\Parameters\Internet@KnownProxylessGateways 14-89-35 148966; 14-89-67 148970; 14-89-72 148973; 14-89-76 148976; 14-89-77 148978 Reg HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Epoch@Epoch 898 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2B 0x49 0x33 0x65 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD3 0xD3 0xE2 0x41 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x62 0x27 0xE8 0xE8 ... Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{F844D1BF-5CF9-4B75-9660-04781E51A3D1}@LeaseObtainedTime 1227395911 Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{F844D1BF-5CF9-4B75-9660-04781E51A3D1}@T1 1227439111 Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{F844D1BF-5CF9-4B75-9660-04781E51A3D1}@T2 1227471511 Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{F844D1BF-5CF9-4B75-9660-04781E51A3D1}@LeaseTerminatesTime 1227482311 ---- EOF - GMER 1.0.14 ---- Second HajackThis report Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:36:54 PM, on 11/22/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\Internet Explorer\ieuser.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.franklin.edu/uPortal/render.userLayoutRootNode.uP R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files (x86)\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [EPSON Stylus Photo R280 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKA.EXE /FU "C:\Windows\TEMP\E_S115E.tmp" /EF "HKCU" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing) -- End of file - 8265 bytes During the HajackThis scan, the program said something about being denied write access to the Hosts file. -------------------- A Christian and proud of it. Those who use the Button will suffer the wrath of Neapolitan!

PropagandaPanda View Member Profile	Nov 22 2008, 07:00 PM Post #6
Group: HJT Team Posts: 6,885 Joined: 10-March 08 Member No.: 195,473	Hello. That error is normal for Vista. All those logs are clean. I would start a new topic in the Windows Vista forum with a link back to this one. Good luck. With Regards, The Panda -------------------- If I have been helping you and do not reply within 24 hours, please send me a message.

mikerox View Member Profile	Nov 22 2008, 07:14 PM Post #7
Member Group: Members Posts: 86 Joined: 23-July 08 From: Columbus, Ohio Member No.: 224,704	Man, this is a bummer. Well, hopefully it turns out that I just accedently screwed up something. So long as it's not an infection, I'll remain sane. Thanks for trying. By the way, instead of having your nickname be PP (kinda reminds me of...you probably don't wanna know), try something cool like P^2. lol -------------------- A Christian and proud of it. Those who use the Button will suffer the wrath of Neapolitan!

PropagandaPanda View Member Profile	Nov 22 2008, 07:21 PM Post #8
Group: HJT Team Posts: 6,885 Joined: 10-March 08 Member No.: 195,473	Kinda reminds you of South Park's "SH Panda"? I get that way too much This topic is now closed. If you are the topic starter and need this topic reopened, send me a message. Everyone else, please begin a new topic. With Regards, The Panda -------------------- If I have been helping you and do not reply within 24 hours, please send me a message.

PropagandaPanda View Member Profile	Nov 23 2008, 04:43 PM Post #9
Group: HJT Team Posts: 6,885 Joined: 10-March 08 Member No.: 195,473	Topic reopened. Please post that GMER log you were refering to. The Panda -------------------- If I have been helping you and do not reply within 24 hours, please send me a message.

mikerox View Member Profile	Nov 23 2008, 08:56 PM Post #10
Member Group: Members Posts: 86 Joined: 23-July 08 From: Columbus, Ohio Member No.: 224,704	QUOTE(PropagandaPanda @ Nov 23 2008, 04:43 PM) Topic reopened. Please post that GMER log you were refering to. The Panda I have two logs. The first is for the initial detection of the supposed rootkits. GMER 1.0.12.12244 - http://www.gmer.net Rootkit scan 2008-11-23 20:48:03 Windows 6.0.6001 Service Pack 1 ---- Processes - GMER 1.0.12 ---- Process hidden process (* hidden * ) 250114 Process hidden process (* hidden * ) 250328 Process hidden process (* hidden * ) 44957752 The second log is for the results of the scan. GMER 1.0.12.12244 - http://www.gmer.net Rootkit scan 2008-11-23 20:49:49 Windows 6.0.6001 Service Pack 1 ---- Kernel code sections - GMER 1.0.12 ---- ? system32\ntoskrnl.exe The system cannot find the file specified. ? system32\hal.dll The system cannot find the file specified. ? system32\kdcom.dll The system cannot find the file specified. ? system32\PSHED.dll The system cannot find the file specified. ? system32\CLFS.SYS The system cannot find the file specified. ? system32\CI.dll The system cannot find the file specified. ? system32\drivers\Wdf01000.sys The system cannot find the file specified. ? system32\drivers\WDFLDR.SYS The system cannot find the file specified. ? System32\Drivers\spfi.sys The system cannot find the file specified. ? System32\Drivers\WMILIB.SYS The system cannot find the file specified. ? System32\Drivers\SCSIPORT.SYS The system cannot find the file specified. ? system32\drivers\acpi.sys The system cannot find the file specified. ? system32\drivers\msisadrv.sys The system cannot find the file specified. ? system32\drivers\pci.sys The system cannot find the file specified. ? System32\drivers\partmgr.sys The system cannot find the file specified. ? system32\drivers\volmgr.sys The system cannot find the file specified. ? System32\drivers\volmgrx.sys The system cannot find the file specified. ? system32\drivers\pciide.sys The system cannot find the file specified. ? system32\drivers\PCIIDEX.SYS The system cannot find the file specified. ? System32\drivers\mountmgr.sys The system cannot find the file specified. ? system32\drivers\atapi.sys The system cannot find the file specified. ? system32\drivers\ataport.SYS The system cannot find the file specified. ? system32\drivers\fltmgr.sys The system cannot find the file specified. ? system32\drivers\fileinfo.sys The system cannot find the file specified. ? System32\Drivers\PxHlpa64.sys The system cannot find the file specified. ? System32\Drivers\ksecdd.sys The system cannot find the file specified. ? system32\drivers\ndis.sys The system cannot find the file specified. ? system32\drivers\msrpc.sys The system cannot find the file specified. ? system32\drivers\NETIO.SYS The system cannot find the file specified. ? System32\Drivers\Ntfs.sys The system cannot find the file specified. ? system32\drivers\volsnap.sys The system cannot find the file specified. ? System32\Drivers\spldr.sys The system cannot find the file specified. ? System32\Drivers\mup.sys The system cannot find the file specified. ? System32\drivers\ecache.sys The system cannot find the file specified. ? system32\drivers\disk.sys The system cannot find the file specified. ? system32\drivers\CLASSPNP.SYS The system cannot find the file specified. ? system32\DRIVERS\AtiPcie.sys The system cannot find the file specified. ? system32\drivers\crcdisk.sys The system cannot find the file specified. ? system32\DRIVERS\tunnel.sys The system cannot find the file specified. ? system32\DRIVERS\tunmp.sys The system cannot find the file specified. ? system32\DRIVERS\amdk8.sys The system cannot find the file specified. ? system32\DRIVERS\atikmdag.sys The system cannot find the file specified. ? System32\drivers\dxgkrnl.sys The system cannot find the file specified. ? System32\drivers\watchdog.sys The system cannot find the file specified. ? system32\DRIVERS\Rtlh64.sys The system cannot find the file specified. ? system32\DRIVERS\cdrom.sys The system cannot find the file specified. ? System32\Drivers\GEARAspiWDM.sys The system cannot find the file specified. ? system32\DRIVERS\usbohci.sys The system cannot find the file specified. ? system32\DRIVERS\USBPORT.SYS The system cannot find the file specified. ? system32\DRIVERS\usbehci.sys The system cannot find the file specified. ? system32\DRIVERS\HDAudBus.sys The system cannot find the file specified. ? system32\DRIVERS\ohci1394.sys The system cannot find the file specified. ? system32\DRIVERS\1394BUS.SYS The system cannot find the file specified. ? System32\Drivers\amthe8cz.SYS The system cannot find the file specified. ? system32\DRIVERS\msiscsi.sys The system cannot find the file specified. ? system32\DRIVERS\storport.sys The system cannot find the file specified. ? system32\DRIVERS\TDI.SYS The system cannot find the file specified. ? system32\DRIVERS\rasl2tp.sys The system cannot find the file specified. ? system32\DRIVERS\ndistapi.sys The system cannot find the file specified. ? system32\DRIVERS\ndiswan.sys The system cannot find the file specified. ? system32\DRIVERS\raspppoe.sys The system cannot find the file specified. ? system32\DRIVERS\raspptp.sys The system cannot find the file specified. ? system32\DRIVERS\rassstp.sys The system cannot find the file specified. ? system32\DRIVERS\inspect.sys The system cannot find the file specified. ? system32\DRIVERS\termdd.sys The system cannot find the file specified. ? system32\DRIVERS\kbdclass.sys The system cannot find the file specified. ? system32\DRIVERS\mouclass.sys The system cannot find the file specified. ? system32\DRIVERS\swenum.sys The system cannot find the file specified. ? system32\DRIVERS\ks.sys The system cannot find the file specified. ? system32\DRIVERS\mssmbios.sys The system cannot find the file specified. ? system32\DRIVERS\umbus.sys The system cannot find the file specified. ? system32\DRIVERS\usbhub.sys The system cannot find the file specified. ? System32\Drivers\NDProxy.SYS The system cannot find the file specified. ? system32\drivers\RTKVHD64.sys The system cannot find the file specified. ? system32\drivers\portcls.sys The system cannot find the file specified. ? system32\drivers\drmk.sys The system cannot find the file specified. ? system32\drivers\ksthunk.sys The system cannot find the file specified. ? System32\DRIVERS\cmdguard.sys The system cannot find the file specified. ? System32\Drivers\Fs_Rec.SYS The system cannot find the file specified. ? System32\Drivers\Null.SYS The system cannot find the file specified. ? system32\DRIVERS\HIDPARSE.SYS The system cannot find the file specified. ? System32\drivers\vga.sys The system cannot find the file specified. ? System32\drivers\VIDEOPRT.SYS The system cannot find the file specified. ? System32\DRIVERS\RDPCDD.sys The system cannot find the file specified. ? system32\drivers\rdpencdd.sys The system cannot find the file specified. ? System32\Drivers\Msfs.SYS The system cannot find the file specified. ? System32\Drivers\Npfs.SYS The system cannot find the file specified. ? System32\DRIVERS\rasacd.sys The system cannot find the file specified. ? System32\drivers\tcpip.sys The system cannot find the file specified. ? System32\drivers\fwpkclnt.sys The system cannot find the file specified. ? system32\DRIVERS\tdx.sys The system cannot find the file specified. ? System32\DRIVERS\cmdhlp.sys The system cannot find the file specified. ? System32\Drivers\SYMTDI.SYS The system cannot find the file specified. ? C:\Windows\system32\Drivers\SYMEVENT64x86.SYS The system cannot find the file specified. ? System32\Drivers\SYMREDRV.SYS The system cannot find the file specified. ? System32\Drivers\SYMDNS.SYS The system cannot find the file specified. ? System32\Drivers\SYMNDISV.SYS The system cannot find the file specified. ? System32\Drivers\SYMFW.SYS The system cannot find the file specified. ? system32\DRIVERS\smb.sys The system cannot find the file specified. ? system32\DRIVERS\kl1.sys The system cannot find the file specified. ? system32\drivers\afd.sys The system cannot find the file specified. ? System32\DRIVERS\netbt.sys The system cannot find the file specified. ? system32\DRIVERS\pacer.sys The system cannot find the file specified. ? system32\DRIVERS\netbios.sys The system cannot find the file specified. ? system32\DRIVERS\wanarp.sys The system cannot find the file specified. ? system32\DRIVERS\rdbss.sys The system cannot find the file specified. ? system32\DRIVERS\usbprint.sys The system cannot find the file specified. ? system32\DRIVERS\USBD.SYS The system cannot find the file specified. ? system32\drivers\nsiproxy.sys The system cannot find the file specified. ? System32\Drivers\dfsc.sys The system cannot find the file specified. ? system32\DRIVERS\cdfs.sys The system cannot find the file specified. ? system32\DRIVERS\athrxusb.sys The system cannot find the file specified. ? system32\DRIVERS\dot4usb.sys The system cannot find the file specified. ? system32\DRIVERS\Dot4.sys The system cannot find the file specified. ? system32\DRIVERS\Dot4Prt.sys The system cannot find the file specified. ? System32\Drivers\crashdmp.sys The system cannot find the file specified. ? system32\DRIVERS\hidusb.sys The system cannot find the file specified. ? system32\DRIVERS\HIDCLASS.SYS The system cannot find the file specified. ? system32\DRIVERS\mouhid.sys The system cannot find the file specified. ? system32\DRIVERS\usbccgp.sys The system cannot find the file specified. ? system32\DRIVERS\USBSTOR.SYS The system cannot find the file specified. ? System32\win32k.sys The system cannot find the file specified. ? System32\drivers\Dxapi.sys The system cannot find the file specified. ? system32\DRIVERS\kbdhid.sys The system cannot find the file specified. ? system32\DRIVERS\monitor.sys The system cannot find the file specified. ? System32\cdd.dll The system cannot find the file specified. ? system32\drivers\luafv.sys The system cannot find the file specified. ? system32\drivers\spsys.sys The system cannot find the file specified. ? system32\DRIVERS\lltdio.sys The system cannot find the file specified. ? system32\DRIVERS\nwifi.sys The system cannot find the file specified. ? system32\DRIVERS\ndisuio.sys The system cannot find the file specified. ? system32\DRIVERS\rspndr.sys The system cannot find the file specified. ? system32\DRIVERS\RtNdPt60.sys The system cannot find the file specified. ? system32\drivers\HTTP.sys The system cannot find the file specified. ? System32\DRIVERS\srvnet.sys The system cannot find the file specified. ? system32\DRIVERS\bowser.sys The system cannot find the file specified. ? System32\drivers\mpsdrv.sys The system cannot find the file specified. ? system32\drivers\mrxdav.sys The system cannot find the file specified. ? system32\DRIVERS\mrxsmb.sys The system cannot find the file specified. ? system32\DRIVERS\mrxsmb10.sys The system cannot find the file specified. ? system32\DRIVERS\mrxsmb20.sys The system cannot find the file specified. ? System32\DRIVERS\srv2.sys The system cannot find the file specified. ? System32\DRIVERS\srv.sys The system cannot find the file specified. ? system32\drivers\peauth.sys The system cannot find the file specified. ? System32\Drivers\fastfat.SYS The system cannot find the file specified. ? System32\Drivers\secdrv.SYS The system cannot find the file specified. ? System32\drivers\tcpipreg.sys The system cannot find the file specified. ? system32\DRIVERS\WUDFRd.sys The system cannot find the file specified. ? system32\DRIVERS\WUDFPf.sys The system cannot find the file specified. ---- Processes - GMER 1.0.12 ---- Process hidden process (* hidden * ) 24576 Process hidden process (* hidden * ) 199311 Process hidden process (* hidden * ) 199481 Process hidden process (* hidden * ) 528384 Process hidden process (* hidden * ) 33999616 Process hidden process (* hidden * ) 45154360 Process hidden process (* hidden * ) 45969384 Process hidden process (* hidden * ) 83886080 -------------------- A Christian and proud of it. Those who use the Button will suffer the wrath of Neapolitan!

PropagandaPanda View Member Profile	Nov 24 2008, 08:04 AM Post #11
Group: HJT Team Posts: 6,885 Joined: 10-March 08 Member No.: 195,473	Hello. The older GMER wasn't designed to run on Vista. Vista doesn't show the "system" processes, so GMER detects them as hidden. You will notice that HijackThis doesn't show all the processes that are actually running either. With Regards, The Panda -------------------- If I have been helping you and do not reply within 24 hours, please send me a message.

mikerox View Member Profile	Nov 24 2008, 10:33 PM Post #12
Member Group: Members Posts: 86 Joined: 23-July 08 From: Columbus, Ohio Member No.: 224,704	At first, this was just a minor irritation, but now this is a total pain in the butt. Since last night, it looks like the computer has taken a serious turn for the worse. The Microsoft Word program won't work now and the computer's considerably slow. To go into further detail with the Microsoft Word application issue, whenever I try to perform a task which requires me to use the menu button on the ribbon, the application freezes. I can't even use the keyboard shortcuts without it freezing up. I can't print anything, I can't use the Save As function for new documents, and I'm in the crapper with the open function. The only way I can pull up a document now is by double-clicking it from the document's folder. Another thing that I'm noticing is there are random occasions where I can't use the CTRL+BACKSPACE function with the keyboard. Also, I seem to have an error message popping up which explains that a hosts program seems to experience an error, thus causing the program to shut down. Also, after having deleted the Trend Micro HijackThis application, it mysteously re-appeard as if I had re-installed it, which I haven't. Are you sure there's nothing else that can be done, becuase this is obviously a virus/hacker attack. Update: It looks like IE isn't the only application that can connect to the web (not sure if this was the case before, but it is now). The following applications can successfully connect to the internet: Comodo Internet Security Internet Explorer Windows Update Windows Media Player It still looks like anti-virus programs cannot connect in order to be configured or updated (Malwarebytes - cannot update; Norton Antivirus - cannot complete configuration). Also, browsers outside of IE still cannot connect. Another thing that may be worth mentioning is that I just completed a registry cleaning with Comodo Registry Cleaner. Within three scans, I removed 945 errors, including roughly 250 "unsafe errors". UPDATE: Here's an updated HijackThis log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:06:19 PM, on 11/25/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files (x86)\Internet Explorer\IEUser.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Michael Maddox\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDYVHJ0D\HiJackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.franklin.edu/uPortal/render.userLayoutRootNode.uP R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files (x86)\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [TP CfgWiz] "C:\Program Files (x86)\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SymCuw.exe" -G:{2D617065-1C52-4240-B5BC-C0AE12157777} -T:Config -REBOOT O4 - HKLM\..\Run: [osCheck] "C:\Program Files (x86)\Norton 360\osCheck.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [EPSON Stylus Photo R280 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKA.EXE /FU "C:\Windows\TEMP\E_S115E.tmp" /EF "HKCU" O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe /startupscan O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {E62A8B6B-D91C-457C-B1FB-20CC2D96B4EC} (Comodo AV Scanner ActiveX) - http://www.personalfirewall.comodo.com/sca...doAVScanner.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing) -- End of file - 10371 bytes This post has been edited by mikerox: Nov 25 2008, 02:08 PM -------------------- A Christian and proud of it. Those who use the Button will suffer the wrath of Neapolitan!

PropagandaPanda View Member Profile	Nov 25 2008, 05:05 PM Post #13
Group: HJT Team Posts: 6,885 Joined: 10-March 08 Member No.: 195,473	Hello. Do you have another computer that you can download files with? If so.. Download the update file here, transfer it to the problem computer, double click the file to update, and run MBAM. Please post back with the report log. Registry cleaners do not detect malware. With Regards, The Panda -------------------- If I have been helping you and do not reply within 24 hours, please send me a message.

mikerox View Member Profile	Nov 25 2008, 06:48 PM Post #14
Member Group: Members Posts: 86 Joined: 23-July 08 From: Columbus, Ohio Member No.: 224,704	QUOTE(PropagandaPanda @ Nov 25 2008, 05:05 PM) Hello. Do you have another computer that you can download files with? If so.. Download the update file here, transfer it to the problem computer, double click the file to update, and run MBAM. Please post back with the report log. Registry cleaners do not detect malware. With Regards, The Panda Finally! After I updated the program database using the method you suggested, Malwarebytes finally found something in the registry. Here's the report: Malwarebytes' Anti-Malware 1.30 Database version: 1410 Windows 6.0.6001 Service Pack 1 11/25/2008 6:46:37 PM mbam-log-2008-11-25 (18-46-37).txt Scan type: Full Scan (C:\\|) Objects scanned: 129784 Time elapsed: 40 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) This post has been edited by mikerox: Nov 25 2008, 06:50 PM -------------------- A Christian and proud of it. Those who use the Button will suffer the wrath of Neapolitan!

PropagandaPanda View Member Profile	Nov 25 2008, 07:18 PM Post #15
Group: HJT Team Posts: 6,885 Joined: 10-March 08 Member No.: 195,473	Hello. MalwareBytes merely found a policy settings; one that stops you from changing the desktop background. Open up your Task Manager (Ctrl+Alt+Del). Select Processes. Tell me which process is taking large percentages of CPU. Perhaps we can disable it. -- Can you connect to Kaspersky or Trend Micro? Do one scan or the other. If it takes too long, skip the scan. Run Scan with Kaspersky Please do a scan with Kaspersky Online Scanner. This scan is for Internet Explorer Only. If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan. Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how. Open the Kaspersky Scanner page. Click on Accept and install any components it needs. The program will install and then begin downloading the latest definition files. After the files have been downloaded on the left side of the page in the Scan section select My Computer This will start the program and scan your system. The scan will take a while, so be patient and let it run. Once the scan is complete, click on View scan report Now, click on the Save Report as button. Save the file to your desktop. Copy and paste that information in your next post. You can refer to this animation by sundavis. This scanner will only scan. It does not remove any malware it finds. Run a scan with Trend Micro HouseCall Please disable all realtime protections you have enabled. Refer to this page, if you are unsure how. Please go HERE to run the Trend Micro? HouseCall Scan. Click Get Housecall Free Scan. Read and put a Check next to "Yes I accept the terms of use" and click the Launching HouseCall>> button. If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button. You may receive a Security Warning about the TrendMicro Java applet, click YES. Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button. Please be patient while it installs, updates, and scans your system. Once the scan is complete, it will take you to the summary page. Under Cleanup options, choose clean all detected infections automatically. Click the Clean now>> button. If anything was found you may be prompted to run the scan again, you can just close the browser window. With Regards, The Panda -------------------- If I have been helping you and do not reply within 24 hours, please send me a message.

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)

0 Members:

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides