Google redirecting...among MANY other things!

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > Virus, Trojan, Spyware, and Malware Removal Logs

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

DO NOT post a ComboFix log unless requested to.

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages

1 2 >

Google redirecting...among MANY other things!

Options

LornaRose View Member Profile	Jun 29 2009, 01:40 PM Post #1
Member Group: Members Posts: 15 Joined: 11-January 09 Member No.: 281,459	I misposted in another forum, so I'm reposting here - sorry if that's the wrong thing to do... I'm semi-familiar with the problem of Google redirecting links, but I can't seem to fix it on my brother in law's computer. OS: Vista, which I'm not very familiar with. I've tried to download and run Microsoft Malicious Software Removal Tool (which has helped in the past), but I can't download it. I sent the .exe file to myself to open up on his computer, but when it went to run it, it closed with an error message. The browsers (Firefox and IE) are also both extremely slow, and both seem to have the same symptoms. My brother in law said this all has been happening for about a month. He uses AVG, and when I go to update it, there's an error. I just downloaded MalwareBytes (had to use alternate site, as malwarebytes.org gave me a "Page Load Error"). But when I went to install it, it says "Malwarebytes' Anti-Malware has stopped working." It seems like whatever this is, is preventing anything that will detect it from working. I downloaded HijackThis, but when I run a scan, it says "For some reason your system denied write access to the Host file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this." I was still able to run a scan, though. Here are the HJT and DDS logs: HJT LOG Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:39:25 AM, on 6/29/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18226) Boot mode: Normal Running processes: C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\system32\schtasks.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\rundll32.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\jusched.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\hp\kbd\kbd.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Trading\Downloads\HiJackThis.exe C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O1 - Hosts: 64.95.91.171 sr1.ghco.com O1 - Hosts: 64.95.91.172 sr2.ghco.com O1 - Hosts: 64.95.91.173 sr3.ghco.com O1 - Hosts: 64.95.91.174 sr4.ghco.com O1 - Hosts: 64.95.91.175 sr5.ghco.com O1 - Hosts: 64.95.91.181 gstx1.gstrader.com O1 - Hosts: 64.95.91.182 gstx2.gstrader.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...ntage_load.html O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{046FDA4B-8902-4F5D-931F-1E0C82707CAA}: NameServer = 85.255.112.145,85.255.112.194 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.145,85.255.112.194 O17 - HKLM\System\CS1\Services\Tcpip\..\{046FDA4B-8902-4F5D-931F-1E0C82707CAA}: NameServer = 85.255.112.145,85.255.112.194 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.145,85.255.112.194 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcj_device - - C:\Windows\system32\dlcjcoms.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 14433 bytes DDS LOG DDS (Ver_09-06-26.01) - NTFSx86 Run by Trading at 10:20:44.58 on Mon 06/29/2009 Internet Explorer: 7.0.6001.18000 Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.1916.777 [GMT -6:00] AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus Free enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\dlcjcoms.exe C:\Windows\system32\svchost.exe -k hpdevmgmt c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\system32\schtasks.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\rundll32.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\jusched.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\hp\kbd\kbd.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Trading\Downloads\HiJackThis.exe C:\Users\Trading\Downloads\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig?hl=en uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html mStart Page = hxxp://www.yahoo.com/ mDefault_Page_URL = hxxp://www.yahoo.com/ mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/http://www.yahoo.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com uURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe mRun: [KBD] c:\hp\kbd\KbdStub.EXE mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe" mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16 mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.astonmartin.com/configurator/v8vantage_load.html DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 85.255.112.145,85.255.112.194 TCP: {046FDA4B-8902-4F5D-931F-1E0C82707CAA} = 85.255.112.145,85.255.112.194 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL AppInit_DLLs: avgrsstx.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\trading\appdata\roaming\mozilla\firefox\profiles\yel5tbbj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-30 325128] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-30 298264] S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [2008-2-22 252416] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] =============== Created Last 30 ================ ==================== Find3M ==================== 2009-05-02 19:55 51,200 a------- c:\windows\inf\infpub.dat 2009-05-02 19:55 143,360 a------- c:\windows\inf\infstrng.dat 2009-05-02 19:55 86,016 a------- c:\windows\inf\infstor.dat 2008-09-04 03:32 174 a--sh--- c:\program files\desktop.ini 2008-09-04 03:17 665,600 a------- c:\windows\inf\drvindex.dat 2008-07-10 13:54 32 a------- c:\programdata\ezsid.dat 2008-07-10 13:54 32 a------- c:\progra~2\ezsid.dat 2008-02-23 10:46 0 a------- c:\users\trading\appdata\roaming\wklnhst.dat 2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2007-11-26 14:32 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT ============= FINISH: 10:22:27.73 =============== Thanks for the help! This post has been edited by LornaRose: Jun 29 2009, 02:48 PM Attached File(s)* Attach.zip ( 2.99k ) Number of downloads: 2

SifuMike View Member Profile	Jul 1 2009, 10:57 PM Post #2
malware expert Group: Malware Response Team Posts: 14,992 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Hello LornaRose, Download Security Check by screen317 from here or here. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt. Please post the contents of that document. ************* We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make. Open Windows Defender. Click on Tools, General Settings. Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender. After all of the fixes are complete it is very important that you enable Real-time Protection again. Please download Malwarebytes' Anti-Malware from one of these places: http://download.cnet.com/Malwarebytes-Anti...&tag=button http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html http://www.besttechie.net/mbam/mbam-setup.exe Double Click mbam-setup.exe** to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

LornaRose View Member Profile	Jul 2 2009, 10:48 AM Post #3
Member Group: Members Posts: 15 Joined: 11-January 09 Member No.: 281,459	Hi SifuMike - thanks for your help! Here are the contents of the SecurityCheck log: Results of screen317's Security Check version 0.98.4 Windows Vista Service Pack 1 Out of date service pack!! `````````````````````````````` Antivirus/Firewall Check: `````````````````````````````` Windows Firewall Enabled! AVGFree8.0 Antivirus up to date! `````````````````````````````` Anti-malware/Other Utilities Check: `````````````````````````````` Malwarebytes' Anti-Malware HijackThis 2.0.2 Java™ SE Runtime Environment 6 Update 1 Adobe Flash Player 10 `````````````````````````````` Process Check: objlist.exe by Laurent `````````````````````````````` Windows Defender MSASCui.exe Windows Defender MsMpEng.exe is disabled! AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe `````````````````````````````` DNS Vulnerability Check: `````````````````````````````` Scan took 17 seconds. `````````End of Log``````````` I tried all of those links for MalwareBytes, but as I mentioned before, it gave me problems downloading it - the page didn't load, said the link was broken, etc. I was able to manually download it through the first page, but when I ran it, about 60% through installation it says "Malwarebytes' Anti-Malware has stopped working A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available." Then it completes, but the same error comes up again. I tried to install again, this time by changing the name of the program file folder and program itself, and it got all the way through installation without an error, but at the end, I got the same exact error as before.

SifuMike View Member Profile	Jul 2 2009, 11:11 AM Post #4
malware expert Group: Malware Response Team Posts: 14,992 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Hi LornaRose, Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14. Click the "Download" button to the right. At the Select Platform and Language for your download drop down box Select Windows and Mult-Language Check the box that says: "*Accept License Agreement" then press Continue* ( Selecting Windows will give you the 32 bit version. ) The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Examples of older versions in Add or Remove Programs: Java SE Runtime Environment 6 Update 1 Java 2 Runtime Environment, SE v1.4.2 J2SE Runtime Environment 5.0 J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u14-windows-i586.exe to install the newest version. AVGFree 8.0 is an old version. I recommend you uninstall it and download AVG Free 8.5 If MBAM will not install, please rename the installer mbam-setup.exe. Example: newtool.exe Proceed installing the renamed installer of MBAM. If MBAM will not run, go to the program directory of MBAM (e.g. C:\Program FIles\Malwarebytes Antimalware\) then rename mbam.exe to newtool.exe, double click newtool.exe to proceed in running a quick scan. If still having problems, then try this random renamer for MBAM http://kixhelp.com/wr/files/mb/randmbam.exe -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

LornaRose View Member Profile	Jul 2 2009, 01:33 PM Post #5
Member Group: Members Posts: 15 Joined: 11-January 09 Member No.: 281,459	Ok, finally got MBAM working! I had to use the random renamer to get it to run. Looks like there was/is some pretty nasty stuff...here is the log: Malwarebytes' Anti-Malware 1.38 Database version: 2297 Windows 6.0.6001 Service Pack 1 7/2/2009 12:31:42 PM mbam-log-2009-07-02 (12-31-42).txt Scan type: Full Scan (C:\\|D:\\|) Objects scanned: 293120 Time elapsed: 54 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 6 Folders Infected: 3 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\UltraVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UltraVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\gxvxc (Rootkit.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.145,85.255.112.194 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{046fda4b-8902-4f5d-931f-1e0c82707caa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.145,85.255.112.194 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.145,85.255.112.194 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{046fda4b-8902-4f5d-931f-1e0c82707caa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.145,85.255.112.194 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.145,85.255.112.194 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{046fda4b-8902-4f5d-931f-1e0c82707caa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.145,85.255.112.194 -> Quarantined and deleted successfully. Folders Infected: c:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Program Files\UltraVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully. Files Infected: c:\program files\ultravideo\Uninstall.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Andrew\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\A1A04VHZ\Free.Movie.License[1].exe (Rogue.FakeAlert) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\ultravideo\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully. c:\RECYCLER\S-4-8-10-100000704-100010509-100011261-2957.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\gxvxccounter (Trojan.DNSChanger) -> Quarantined and deleted successfully.

SifuMike View Member Profile	Jul 2 2009, 01:43 PM Post #6
malware expert Group: Malware Response Team Posts: 14,992 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Hi LornaRose, I think you are still infected, so we will run ComboFix. You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member. You need to disable your AVG Antivirus and Window Defender before running ComboFix, as they will prevent it from running. To disable AVG antivirus: Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: ) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting. When you need to enable the AVG Resident Shield, just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting. To disable Windows Defender: Open Windows Defender. Click on Tools, General Settings. Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender. Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy. Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix To work properly, you must install ComboFix on the Desktop.. Post the log from ComboFix in your next reply, A caution - ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser. ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me. Have no other programs running. Your Task Bar should be clear of any program entries including your Browser. Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work. -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

LornaRose View Member Profile	Jul 2 2009, 01:50 PM Post #7
Member Group: Members Posts: 15 Joined: 11-January 09 Member No.: 281,459	Before I run ComboFix... I uninstalled AVG 8.0 and installed AVG 8.5 as suggested. Upon installation, it detected 3 threats: "Trojan horse Generic13.BLAA." Should I go ahead and remove those with AVG?

SifuMike View Member Profile	Jul 2 2009, 01:55 PM Post #8
malware expert Group: Malware Response Team Posts: 14,992 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Hi LornaRose, Yes, quarantine everything AVG finds. -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

LornaRose View Member Profile	Jul 2 2009, 02:41 PM Post #9
Member Group: Members Posts: 15 Joined: 11-January 09 Member No.: 281,459	Ok, ran ComboFix. Before it ran, it had to restart because it found these files: c:\Windows\system32\drivers\gxvxcpipbotiefbxksvibncpxcomfpgqyquwy.sys c:\Windows\system32\gxvxcivipdormxxwtoirmbbtgduvujxhxntst.dll ComboFix 09-07-01.04 - Trading 07/02/2009 13:16.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1916.855 [GMT -6:00] Running from: c:\users\Trading\Desktop\ComboFix.exe SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\AutoRun.inf c:\windows\system32\drivers\gxvxcpipbotiefbxksvibncpxcomfpgqyquwy.sys c:\windows\system32\gxvxcivipdormxxwtoirmbbtfduvugxhxntst.dll c:\windows\TEMP\logishrd\LVPrcInj02.dll D:\Desktop.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_gxvxcserv.sys ((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 ))))))))))))))))))))))))))))))) . 2009-07-02 19:26 . 2009-07-02 19:30 -------- d-----w- c:\users\Trading\AppData\Local\temp 2009-07-02 19:26 . 2009-07-02 19:26 -------- d-----w- c:\users\Andrew\AppData\Local\temp 2009-07-02 18:59 . 2009-07-02 18:43 2052888 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll 2009-07-02 18:57 . 2009-07-02 18:57 -------- d-----w- c:\users\Trading\AppData\Local\AVG Security Toolbar 2009-07-02 18:45 . 2009-06-14 22:07 1004800 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll 2009-07-02 18:43 . 2009-07-02 18:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-07-02 18:43 . 2009-07-02 18:43 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-07-02 18:43 . 2009-07-02 18:43 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-02 18:43 . 2009-07-02 18:43 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-07-02 18:43 . 2009-07-02 18:45 -------- d-----w- c:\programdata\AVG Security Toolbar 2009-07-02 18:43 . 2009-07-02 18:44 -------- d-----w- c:\windows\system32\drivers\Avg 2009-07-02 17:01 . 2009-07-02 17:01 -------- d-----w- c:\users\Trading\AppData\Roaming\Malwarebytes 2009-07-02 17:00 . 2009-06-17 17:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-02 17:00 . 2009-07-02 17:01 -------- d-----w- c:\program files\Program1 2009-07-02 17:00 . 2009-06-17 17:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-02 16:45 . 2009-07-02 16:45 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-29 16:52 . 2009-06-29 16:52 -------- d-----w- c:\programdata\Malwarebytes 2009-06-29 02:03 . 2009-06-29 02:03 -------- d-----w- c:\program files\Microsoft Silverlight 2009-06-29 01:57 . 2009-06-29 01:57 -------- d-----w- c:\users\Trading\AppData\Local\Mozilla 2009-06-29 01:53 . 2009-06-29 01:53 -------- d-----w- c:\program files\Windows Live Safety Center 2009-06-28 23:25 . 2009-06-28 23:25 -------- d-----w- c:\users\Trading\AppData\Roaming\yahoo! 2009-06-27 09:58 . 2009-06-27 09:58 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-06-11 11:17 . 2009-06-11 11:17 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbC86F.tmp.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-02 19:32 . 2008-02-23 02:32 -------- d-----w- c:\users\Trading\AppData\Roaming\Skype 2009-07-02 18:43 . 2008-07-30 13:19 -------- d-----w- c:\programdata\avg8 2009-07-02 16:45 . 2007-11-26 21:21 -------- d-----w- c:\program files\Java 2009-07-02 16:44 . 2008-02-23 02:35 -------- d-----w- c:\users\Trading\AppData\Roaming\skypePM 2009-07-02 10:25 . 2008-11-04 06:17 -------- d-----w- c:\programdata\Google Updater 2009-06-24 19:18 . 2009-04-03 03:14 -------- d-----w- c:\users\Andrew\AppData\Roaming\Azureus 2009-06-03 21:24 . 2008-06-10 22:51 -------- d-----w- c:\programdata\Viewpoint 2009-06-03 21:24 . 2008-06-10 22:51 -------- d-----w- c:\program files\Viewpoint 2009-05-16 13:25 . 2009-05-16 13:25 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll 2009-05-14 19:28 . 2009-05-14 19:28 176 ----a-w- c:\users\Andrew\AppData\Roaming\Azureus\restart.bat 2009-05-14 19:28 . 2009-04-05 03:45 -------- d-----w- c:\program files\Vuze 2009-04-13 19:27 . 2009-04-13 19:27 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-04-10 00:22 . 2008-02-22 22:30 126240 ----a-w- c:\users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT 2009-04-10 00:02 . 2008-02-23 01:36 126240 ----a-w- c:\users\Trading\AppData\Local\GDIPFONTCACHEV1.DAT 2009-04-04 16:11 . 2009-04-04 16:11 34062 ----a-w- c:\users\Trading\AppData\Roaming\Move Networks\ie_bin\Uninst.exe 2007-11-26 20:32 . 2007-11-26 20:26 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-12-10 00:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-14 22:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-07 21898024] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-04 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-15 565008] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-15 2407184] "DLCJCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2006-10-21 73728] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-10-24 450560] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-02 1948440] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240] c:\users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Billminder.lnk - c:\quickenw\billmind.exe [2008-2-29 25600] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{0F45F889-2185-4A0C-AF0A-335AAC49E04C}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{6FC8AC34-8826-4BFF-B21C-AF184C09294B}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{724CBDEE-16D0-4397-8EAB-2A91BB1FAD6C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{91857A98-3C52-461C-AB06-AAC56CFE3A2D}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{232AFA0F-1858-41D8-B6F1-76CCB66C3A41}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{FD67C2F2-798E-4726-B247-12520BFE53A8}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{BC7DDF54-7511-4339-B55E-B63CB78A9611}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{50BFCB27-8411-4A85-8B24-49272BEA7A69}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{33E3291B-BF25-4695-81DF-88ABA46FBEDE}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{24411084-AACA-4B44-8F2F-09C22C29F5FD}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{7FA9566F-226D-4488-A171-D73CCAEDC5C5}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{F4C5ACD4-1C45-4ACB-95DF-1A10DF5E119E}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "TCP Query User{9C897F0B-1364-46A3-88B8-1B2C14352562}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{F19D4E45-4835-4537-86A1-48902271A04B}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "{D4BD680A-7098-45E9-A3DF-1ED59B411406}"= TCP:6004\|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{8C517CE0-35C0-4399-82DE-C57F2EB25AB3}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{D8B9C523-CFA6-4FA1-B028-577547470BCE}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{768563ED-463B-4518-98C6-A61AE6115075}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{6A0E7AD0-853A-4CCA-AD04-BE2BED6976EE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{94E04E26-12D9-4B02-9565-E8B8474149CA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{B2116785-53F6-461A-A8CC-D6012238A837}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{0D1B274A-A595-472D-98CD-F1BE2F6A174C}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "{37381525-8C22-4016-870D-ABDE8D86A122}"= UDP:c:\program files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax "{F7769672-6997-40D6-8657-0ECD04060FE3}"= TCP:c:\program files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax "{96C04E83-9F72-42EF-AD09-B1517953C47D}"= UDP:c:\program files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager "{9F5503B6-7A16-4010-AB75-EB849D9334CA}"= TCP:c:\program files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager "TCP Query User{C861E5CE-DD3E-48B7-AB29-38F247822A49}c:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= UDP:c:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module "UDP Query User{9533A654-AC03-42AE-8AF7-1A42D462D52C}c:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= TCP:c:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module "{E22C8D1A-8955-46E9-AE83-DC8D43A3F74D}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9 "{A59F0E15-5718-430F-818B-B477FFE42EB4}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9 "{2FCFFDB1-3318-4F46-B8BF-0A674EE327A8}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9 "{82F28562-B757-4D0E-8BEE-D05C0422B75C}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9 "{DA8634A0-158A-4291-AE55-03205C0EFA60}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9 "{C519FB6A-B695-47B1-B45E-3B9CC2BCAD9B}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9 "TCP Query User{1CDDDE85-CC5B-4E54-8960-582B2EE42267}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "UDP Query User{B1858357-43B4-42AC-A2E7-71CAB7DEDE53}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "{A8C2747B-BE22-4C72-9925-706393483D08}"= UDP:c:\windows\System32\dlcjcoms.exe:Dell 964 Server "{72937A10-B4E3-46AE-BEB2-870748F436E2}"= TCP:c:\windows\System32\dlcjcoms.exe:Dell 964 Server "TCP Query User{D672CEE8-9AA9-420C-AE64-CDF1C4BB2D01}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{FAF2A6CE-7060-4723-A78E-F38417F3D894}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{B475BF02-5896-47C3-A307-A255FBB1EF62}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{B810129E-1790-4A0D-8017-0AEF0DC10654}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{4B398547-5793-4102-AEE1-43EC778A7B09}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{275C4C1D-078B-4D33-8D0D-50FFC80A430E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{43504D59-89ED-4C23-AA90-B2AD2AB6EA42}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{05691C88-1911-47F3-AB80-5FB682DB5C95}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "{642BCBD1-E89F-43A9-9740-5CA806497D97}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{F5791393-5FFB-4249-B4D5-D77D032FDCAA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{DFD7C216-5F05-4CF7-9061-098659B0DABC}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher "UDP Query User{B62F59E6-741C-4B12-AAE8-331C0E57995D}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher "{BBC7EE48-8CCF-4942-A0A8-DA42E16EB067}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{3AA94851-08C1-4141-8B34-F028CD6B9AD0}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe::Enabled:Earthlink R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [7/2/2009 12:43 PM 327688] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [7/2/2009 12:43 PM 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/2/2009 12:43 PM 298776] R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088] R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [1/28/2009 1:39 AM 185640] R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/3/2009 3:24 PM 30152] R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [10/24/2008 11:09 AM 102400] S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\System32\drivers\BLKWGU.sys [2/22/2008 4:47 PM 252416] S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [9/12/2007 7:35 PM 25760] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2009-07-02 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-23 04:36] . - - - - ORPHANS REMOVED - - - - HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig?hl=en mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Trading\AppData\Roaming\Mozilla\Firefox\Profiles\yel5tbbj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-02 13:29 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCJCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}] "ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(10768) c:\windows\TEMP\logishrd\LVPrcInj01.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\audiodg.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\System32\dlcjcoms.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\System32\drivers\XAudio.exe c:\windows\System32\WUDFHost.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\System32\rundll32.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\program files\AVG\AVG8\avgtray.exe c:\windows\System32\rundll32.exe c:\windows\ehome\ehmsas.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe c:\program files\iPod\bin\iPodService.exe c:\hp\KBD\kbd.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\windows\servicing\TrustedInstaller.exe . ********************************************************************** . Completion time: 2009-07-02 13:35 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-02 19:35 Pre-Run: 272,243,732,480 bytes free Post-Run: 295,519,064,064 bytes free 280 --- E O F --- 2009-05-04 18:16 This post has been edited by LornaRose**: Jul 2 2009, 02:44 PM

SifuMike View Member Profile	Jul 2 2009, 03:41 PM Post #10
malware expert Group: Malware Response Team Posts: 14,992 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Hi LornaRose, I see Viewpoint installed. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546 I suggest you remove the program now, if you did not install it. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present. Viewpoint Viewpoint Manager Viewpoint Media Player If you uninstalled, please navigate to and delete the following folders C:\Program Files\Viewpoint *************** You need to disable your AVG Antivirus and Window Defender before running ComboFix, as they will prevent it from running. To disable AVG antivirus: Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: ) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting. When you need to enable the AVG Resident Shield, just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting. To disable Windows Defender: Open Windows Defender. Click on Tools, General Settings. Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender. Click Start, then Run and type Notepad and click OK. Open notepad - don't use any other text editor than notepad or the script will fail. Copy/paste the text in the code box below into notepad: CODE Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000000 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"=dword:00000001 Name the Notepad file CFScript.txt and Save it to your desktop. IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format! Then drag the CFScript into ComboFix.exe as you see in the screenshot below. This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.**

LornaRose View Member Profile	Jul 2 2009, 04:40 PM Post #11
Member Group: Members Posts: 15 Joined: 11-January 09 Member No.: 281,459	Ok, I ran ComboFix again with the CFScript. It restarted, I entered the password, then I left the computer while it started up. When I came back, it was back at the login screen, so I entered my password again. On restart, a "Microsoft Windows" error came up that says: "Windows has recovered from an unexpected shutdown" Here are the problem details: Problem signature: Problem Event Name: BlueScreen OS Version: 6.0.6001.2.1.0.768.3 Locale ID: 1033 Additional information about the problem: BCCode: c2 BCP1: 0000000D BCP2: 851CDB88 BCP3: 20206F49 BCP4: 807E935C OS Version: 6_0_6001 Service Pack: 1_0 Product: 768_1 Files that help describe the problem: C:\Windows\Minidump\Mini070209-01.dmp C:\Users\Trading\AppData\Local\temp\WER-183940-0.sysdata.xml C:\Users\Trading\AppData\Local\temp\WER5012.tmp.version.txt Read our privacy statement: http://go.microsoft.com/fwlink/?linkid=501...mp;clcid=0x0409 I can "Check for solution" or cancel - I haven't done anything yet. Here is the second ComboFix log: ComboFix 09-07-02.02 - Trading 07/02/2009 15:14:04.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1916.895 [GMT -6:00] Running from: C:\Users\Trading\Desktop\ComboFix.exe Command switches used :: C:\Users\Trading\Desktop\CFScript.txt SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\TEMP\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 ))))))))))))))))))))))))))))))) . 2009-07-02 21:19:39 . 2009-07-02 21:19:39 0 d-----w- C:\Users\Andrew\AppData\Local\temp 2009-07-02 19:26:46 . 2009-07-02 21:25:23 0 d-----w- C:\Users\Trading\AppData\Local\temp 2009-07-02 18:59:54 . 2009-07-02 18:43:04 2052888 ----a-w- C:\ProgramData\avg8\update\backup\avgcorex.dll 2009-07-02 18:57:23 . 2009-07-02 18:57:23 0 d-----w- C:\Users\Trading\AppData\Local\AVG Security Toolbar 2009-07-02 18:45:29 . 2009-06-14 22:07:58 1004800 ----a-w- C:\ProgramData\AVG Security Toolbar\IEToolbar.dll 2009-07-02 18:43:16 . 2009-07-02 18:43:16 11952 ----a-w- C:\Windows\system32\avgrsstx.dll 2009-07-02 18:43:15 . 2009-07-02 18:43:15 108552 ----a-w- C:\Windows\system32\drivers\avgtdix.sys 2009-07-02 18:43:10 . 2009-07-02 18:43:10 327688 ----a-w- C:\Windows\system32\drivers\avgldx86.sys 2009-07-02 18:43:08 . 2009-07-02 18:43:08 27784 ----a-w- C:\Windows\system32\drivers\avgmfx86.sys 2009-07-02 18:43:07 . 2009-07-02 18:45:29 0 d-----w- C:\ProgramData\AVG Security Toolbar 2009-07-02 18:43:07 . 2009-07-02 18:44:50 0 d-----w- C:\Windows\system32\drivers\Avg 2009-07-02 17:01:58 . 2009-07-02 17:01:58 0 d-----w- C:\Users\Trading\AppData\Roaming\Malwarebytes 2009-07-02 17:00:20 . 2009-06-17 17:27:56 38160 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys 2009-07-02 17:00:19 . 2009-07-02 17:01:44 0 d-----w- C:\Program Files\Program1 2009-07-02 17:00:19 . 2009-06-17 17:27:44 19096 ----a-w- C:\Windows\system32\drivers\mbam.sys 2009-07-02 16:45:42 . 2009-07-02 16:45:35 410984 ----a-w- C:\Windows\system32\deploytk.dll 2009-06-29 16:52:36 . 2009-06-29 16:52:36 0 d-----w- C:\ProgramData\Malwarebytes 2009-06-29 02:03:48 . 2009-06-29 02:03:48 0 d-----w- C:\Program Files\Microsoft Silverlight 2009-06-29 01:57:06 . 2009-06-29 01:57:06 0 d-----w- C:\Users\Trading\AppData\Local\Mozilla 2009-06-29 01:53:32 . 2009-06-29 01:53:32 0 d-----w- C:\Program Files\Windows Live Safety Center 2009-06-28 23:25:22 . 2009-06-28 23:25:22 0 d-----w- C:\Users\Trading\AppData\Roaming\yahoo! 2009-06-27 09:58:03 . 2009-06-27 09:58:03 746744 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-06-11 11:17:41 . 2009-06-11 11:17:38 456304 ----a-w- C:\ProgramData\Google\Google Toolbar\Update\gtbC86F.tmp.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-02 21:08:34 . 2008-06-10 22:51:14 0 d-----w- C:\ProgramData\Viewpoint 2009-07-02 20:44:18 . 2008-02-23 02:32:54 0 d-----w- C:\Users\Trading\AppData\Roaming\Skype 2009-07-02 18:43:04 . 2008-07-30 13:19:14 0 d-----w- C:\ProgramData\avg8 2009-07-02 16:45:34 . 2007-11-26 21:21:18 0 d-----w- C:\Program Files\Java 2009-07-02 16:44:30 . 2008-02-23 02:35:36 0 d-----w- C:\Users\Trading\AppData\Roaming\skypePM 2009-07-02 10:25:17 . 2008-11-04 06:17:13 0 d-----w- C:\ProgramData\Google Updater 2009-06-24 19:18:12 . 2009-04-03 03:14:22 0 d-----w- C:\Users\Andrew\AppData\Roaming\Azureus 2009-05-16 13:25:31 . 2009-05-16 13:25:31 416128 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll 2009-05-14 19:28:43 . 2009-05-14 19:28:03 176 ----a-w- C:\Users\Andrew\AppData\Roaming\Azureus\restart.bat 2009-05-14 19:28:11 . 2009-04-05 03:45:43 0 d-----w- C:\Program Files\Vuze 2009-04-13 19:27:20 . 2009-04-13 19:27:20 75048 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-04-10 00:22:11 . 2008-02-22 22:30:18 126240 ----a-w- C:\Users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT 2009-04-10 00:02:59 . 2008-02-23 01:36:42 126240 ----a-w- C:\Users\Trading\AppData\Local\GDIPFONTCACHEV1.DAT 2009-04-04 16:11:35 . 2009-04-04 16:11:35 34062 ----a-w- C:\Users\Trading\AppData\Roaming\Move Networks\ie_bin\Uninst.exe 2007-11-26 20:32:11 . 2007-11-26 20:26:10 8192 --sha-w- C:\Windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((( SnapShot@2009-07-02_19.29.59 ))))))))))))))))))))))))))))))))))))))))) . - 2008-02-22 22:13:26 . 2009-07-02 18:44:07 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-02-22 22:13:26 . 2009-07-02 19:30:14 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-02-22 22:13:26 . 2009-07-02 18:44:07 32768 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-02-22 22:13:26 . 2009-07-02 19:30:14 32768 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-02-22 22:13:26 . 2009-07-02 18:44:07 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-02-22 22:13:26 . 2009-07-02 19:30:14 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-02 21:21:12 . 2009-07-02 21:21:12 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-07-02 19:27:58 . 2009-07-02 19:27:58 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-07-02 21:21:12 . 2009-07-02 21:21:12 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-02 19:27:58 . 2009-07-02 19:27:58 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-12-10 00:40:14 333192 ----a-w- C:\Program Files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-14 22:07:58 1004800 ----a-w- C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 07:33:30 1233920] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-07 01:37:52 21898024] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 07:33:09 125952] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 07:33:39 202240] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-04 06:17:19 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 15:01:34 65536] "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 16:16:56 65536] "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 11:59:00 118784] "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 10:56:47 54936] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 04:34:40 49152] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 05:16:38 39792] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 13:00:48 33648] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 17:43:50 228088] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 17:14:00 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 17:14:00 8497696] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 17:14:00 81920] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-15 00:11:48 565008] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-08-15 00:15:46 2407184] "DLCJCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2006-10-21 00:45:34 73728] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-01-05 22:18:48 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-04-02 22:11:02 342312] "WD Drive Manager"="C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-10-24 17:09:18 450560] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-07-02 16:45:36 148888] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-07-02 18:43:04 1948440] "RtHDVCpl"="RtHDVCpl.exe" - C:\Windows\RtHDVCpl.exe [2008-01-15 17:26:18 4874240] C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Billminder.lnk - C:\QUICKENW\billmind.exe [2008-2-29 25600] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\Windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk backup=C:\Windows\pss\Desktop Manager.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{0F45F889-2185-4A0C-AF0A-335AAC49E04C}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{6FC8AC34-8826-4BFF-B21C-AF184C09294B}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{724CBDEE-16D0-4397-8EAB-2A91BB1FAD6C}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{91857A98-3C52-461C-AB06-AAC56CFE3A2D}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{232AFA0F-1858-41D8-B6F1-76CCB66C3A41}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{FD67C2F2-798E-4726-B247-12520BFE53A8}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{BC7DDF54-7511-4339-B55E-B63CB78A9611}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{50BFCB27-8411-4A85-8B24-49272BEA7A69}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{33E3291B-BF25-4695-81DF-88ABA46FBEDE}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{24411084-AACA-4B44-8F2F-09C22C29F5FD}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{7FA9566F-226D-4488-A171-D73CCAEDC5C5}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{F4C5ACD4-1C45-4ACB-95DF-1A10DF5E119E}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "TCP Query User{9C897F0B-1364-46A3-88B8-1B2C14352562}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{F19D4E45-4835-4537-86A1-48902271A04B}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "{D4BD680A-7098-45E9-A3DF-1ED59B411406}"= TCP:6004\|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{8C517CE0-35C0-4399-82DE-C57F2EB25AB3}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{D8B9C523-CFA6-4FA1-B028-577547470BCE}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{768563ED-463B-4518-98C6-A61AE6115075}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{6A0E7AD0-853A-4CCA-AD04-BE2BED6976EE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{94E04E26-12D9-4B02-9565-E8B8474149CA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{B2116785-53F6-461A-A8CC-D6012238A837}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{0D1B274A-A595-472D-98CD-F1BE2F6A174C}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "{37381525-8C22-4016-870D-ABDE8D86A122}"= UDP:C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax "{F7769672-6997-40D6-8657-0ECD04060FE3}"= TCP:C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax "{96C04E83-9F72-42EF-AD09-B1517953C47D}"= UDP:C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager "{9F5503B6-7A16-4010-AB75-EB849D9334CA}"= TCP:C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager "TCP Query User{C861E5CE-DD3E-48B7-AB29-38F247822A49}C:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= UDP:C:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module "UDP Query User{9533A654-AC03-42AE-8AF7-1A42D462D52C}C:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= TCP:C:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module "{E22C8D1A-8955-46E9-AE83-DC8D43A3F74D}"= UDP:C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9 "{A59F0E15-5718-430F-818B-B477FFE42EB4}"= TCP:C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9 "{2FCFFDB1-3318-4F46-B8BF-0A674EE327A8}"= UDP:C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9 "{82F28562-B757-4D0E-8BEE-D05C0422B75C}"= TCP:C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9 "{DA8634A0-158A-4291-AE55-03205C0EFA60}"= UDP:C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9 "{C519FB6A-B695-47B1-B45E-3B9CC2BCAD9B}"= TCP:C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9 "TCP Query User{1CDDDE85-CC5B-4E54-8960-582B2EE42267}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "UDP Query User{B1858357-43B4-42AC-A2E7-71CAB7DEDE53}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "{A8C2747B-BE22-4C72-9925-706393483D08}"= UDP:C:\Windows\System32\dlcjcoms.exe:Dell 964 Server "{72937A10-B4E3-46AE-BEB2-870748F436E2}"= TCP:C:\Windows\System32\dlcjcoms.exe:Dell 964 Server "TCP Query User{D672CEE8-9AA9-420C-AE64-CDF1C4BB2D01}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{FAF2A6CE-7060-4723-A78E-F38417F3D894}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{B475BF02-5896-47C3-A307-A255FBB1EF62}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{B810129E-1790-4A0D-8017-0AEF0DC10654}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{4B398547-5793-4102-AEE1-43EC778A7B09}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{275C4C1D-078B-4D33-8D0D-50FFC80A430E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{43504D59-89ED-4C23-AA90-B2AD2AB6EA42}C:\\program files\\vuze\\azureus.exe"= UDP:C:\program files\vuze\azureus.exe:Azureus "UDP Query User{05691C88-1911-47F3-AB80-5FB682DB5C95}C:\\program files\\vuze\\azureus.exe"= TCP:C:\program files\vuze\azureus.exe:Azureus "{642BCBD1-E89F-43A9-9740-5CA806497D97}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{F5791393-5FFB-4249-B4D5-D77D032FDCAA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{DFD7C216-5F05-4CF7-9061-098659B0DABC}C:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:C:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher "UDP Query User{B62F59E6-741C-4B12-AAE8-331C0E57995D}C:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:C:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher "{BBC7EE48-8CCF-4942-A0A8-DA42E16EB067}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe "{3AA94851-08C1-4141-8B34-F028CD6B9AD0}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe::Enabled:Earthlink R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\System32\drivers\avgldx86.sys [7/2/2009 12:43:10 PM 327688] R1 AvgTdiX;AVG Free8 Network Redirector;C:\Windows\System32\drivers\avgtdix.sys [7/2/2009 12:43:15 PM 108552] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [7/2/2009 12:43:04 PM 298776] R2 IntuitUpdateService;Intuit Update Service;C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45:26 AM 13088] R2 TeamViewer4;TeamViewer 4;C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [1/28/2009 1:39:02 AM 185640] R2 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [10/24/2008 11:09:54 AM 102400] S3 BELKIN;Belkin Wireless G USB Network Adapter;C:\Windows\System32\drivers\BLKWGU.sys [2/22/2008 4:47:46 PM 252416] S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [9/12/2007 7:35:54 PM 25760] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam.sys [5/6/2008 4:06:00 PM 11520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2009-07-02 C:\Windows\Tasks\Google Software Updater.job - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-23 02:32:36 . 2009-03-24 04:36:02] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig?hl=en mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - C:\Users\Trading\AppData\Roaming\Mozilla\Firefox\Profiles\yel5tbbj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en FF - component: C:\Program Files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} .

SifuMike View Member Profile	Jul 2 2009, 05:51 PM Post #12
malware expert Group: Malware Response Team Posts: 14,992 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Hi LornaRose, Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.) If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Open the Kaspersky WebScanner page. Click on the button on the main page. The program will launch and fill in the Information section on the left. Read the "Requirements and Limitations" then press the button. The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish. Once the files have been downloaded, click on the ...button. In the scan settings make sure the following are selected: Detect malicious programs of the following categories: Viruses, Worms, Trojan Horses, Rootkits Spyware, Adware, Dialers and other potentially dangerous programs Scan compound files (doesn't apply to the File scan area): Archives Mail databases By default the above items should already be checked. Click the button, if you made any changes. Now under the Scan section on the left: Select My Computer The program will now start and scan your system. This will run for a while, be patient and let it finish. Once the scan is complete, click on View scan report Now, click on the Save Report as button. In the drop down box labeled Files of type change the type to Text file. Save the file to your desktop. Copy and paste that information in your next post. Post the log even if it finds nothing. You can refer to this animation by sundavis if needed. QUOTE I can "Check for solution" or cancel - I haven't done anything yet. Do a check for solution and report back. This post has been edited by SifuMike: Jul 2 2009, 05:52 PM -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

SifuMike View Member Profile	Jul 2 2009, 06:29 PM Post #13
malware expert Group: Malware Response Team Posts: 14,992 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Hi, I would like to see a log from Event Viewer, so have a look at these two topics again: How To Find Bsod Error Messages How To Use Event Viewer Especially follow the instructions in the second one; examine the “System” and “Application” logs in Event Viewer for errors that correspond to the time your had the problem. Click the icon under the up and down arrows to copy the error message to your clipboard and paste it back here so I can see the entire message details. -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

LornaRose View Member Profile	Jul 3 2009, 12:38 PM Post #14
Member Group: Members Posts: 15 Joined: 11-January 09 Member No.: 281,459	I opened the Event Viewer, and it took me a while to find an error, as Vista's Event Viewer is different than XP's. I found an error under Windows Logs -> System I think this is the one... Log Name: System Source: EventLog Date: 7/2/2009 3:31:18 PM Event ID: 6008 Task Category: None Level: Error Keywords: Classic User: N/A Computer: ABTerry-PC Description: The previous system shutdown at 3:29:05 PM on 7/2/2009 was unexpected. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="EventLog" /> <EventID Qualifiers="32768">6008</EventID> <Level>2</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2009-07-02T21:31:18.000Z" /> <EventRecordID>223750</EventRecordID> <Channel>System</Channel> <Computer>ABTerry-PC</Computer> <Security /> </System> <EventData> <Data>3:29:05 PM</Data> <Data>7/2/2009</Data> <Data> </Data> <Data> </Data> <Data>496</Data> <Data> </Data> <Data> </Data> <Binary>D9070700040002000F001D0005003703D90707000400020015001D0005003703600900003C000 000010000006009000000000000B00400000100000000000000</Binary> </EventData> </Event> I'm not sure if this helps, or if it's even the right thing. I'm working on the Kaspersky right now.

SifuMike View Member Profile	Jul 3 2009, 01:40 PM Post #15
malware expert Group: Malware Response Team Posts: 14,992 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Hi LornaRose, That log is no help to me. The HijackThis forum deals exclusively with virus and malware issues. HijackThis does not have the capability to analyze performance, hardware or application issues. For the type of issue(s) you describe I would suggest posting to the Windows Vista forum. The techs in that forum specialize in matters pertaining to Vista error issues. Let them know that you have been to this forum and that no malware was found. When posting to any other forum, do not post a HijackThis log or the post will simply be moved back to this forum for infection analysis. That is what HijackThis is used for and that is what we specialize in here in this forum. Also, when posting in any other forum for assistance, give as much detail as possible regarding any issues that are occurring. The more information they have, the better the techs can analyze the issue and make any recommendations for resolving it. -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

« Next Oldest · Virus, Trojan, Spyware, and Malware Removal Logs · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 20th March 2010 - 07:46 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides