Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Integrity Scan Pop Ups


  • This topic is locked This topic is locked
16 replies to this topic

#1 Denise87

Denise87

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 19 April 2008 - 03:04 PM

Hi, for the past few days or so I get a window pop up asking me to run a System Integrity Scan Wizard. I also get another window a few minutes later with a red border and title bar, Security System Warning - it tells me to visit PC-antispyware site.

There is also a yellow warning triangle next to the clock on my task bar, stating that my computer has spyware or a virus.

Below i have posted the DSS reports.

Thanks in advance for the help.




Deckard's System Scanner v20071014.68
Run by Denise on 2008-04-19 14:54:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------




-- Last 1 Restore Point(s) --
1: 2008-04-17 01:05:32 UTC - RP108 - Last known good configuration


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 958 MiB (1024 MiB recommended).


-- HijackThis (run as Denise.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:03 PM, on 4/19/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\ProgramData\arknabsf\ahybwfmt.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\ahudynkf.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Users\Denise\Desktop\dss.exe
c:\PROGRA~1\mcafee\mpf\mc\mpfalert.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Denise.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: 89.163.145.151 l2authd.lineage2.com
O1 - Hosts: 89.163.145.151 l2testauthd.lineage2.com
O1 - Hosts: 89.163.145.151 l2patcher.lineage2.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7228F1FF-6C1C-4A3B-84F5-7F24FDF6B284} - C:\Windows\system32\tuvvtTli.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [gghmvasw] C:\Windows\system32\ahudynkf.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Denise\AppData\Local\Temp\rqRLbyvW.dll,#1
O4 - HKCU\..\Run: [509d7404] rundll32.exe "C:\Users\Denise\AppData\Local\Temp\xwlagfgp.dll",b
O4 - HKLM\..\Policies\Explorer\Run: [ap0DyFXNgi] C:\ProgramData\arknabsf\ahybwfmt.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...275/mcfscan.cab
O23 - Service: McAfee Application Installer Cleanup (0012881208398311) (0012881208398311mcinstcleanup) - Unknown owner - C:\Users\Denise\AppData\Local\Temp\001288~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

--
End of file - 7852 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 npkcrypt - \??\c:\program files\lineage ii\system\npkcrypt.sys
S3 NPPTNT2 - \??\c:\windows\system32\npptnt2.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S2 0012881208398311mcinstcleanup (McAfee Application Installer Cleanup (0012881208398311)) - c:\users\denise\appdata\local\temp\001288~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Mass Storage Controller
Device ID: PCI\VEN_104C&DEV_8033&SUBSYS_0300107B&REV_00\4&928CDF&0&4BA4
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_104C&DEV_8033&SUBSYS_0300107B&REV_00\4&928CDF&0&4BA4
Service:

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP


-- Scheduled Tasks -------------------------------------------------------------

2008-04-18 18:00:30 410 --a----c- C:\Windows\Tasks\Norton Security Scan.job
2008-04-01 01:00:37 334 --a----c- C:\Windows\Tasks\McQcTask.job
2008-03-15 22:51:49 342 --a----c- C:\Windows\Tasks\McDefragTask.job


-- Files created between 2008-03-19 and 2008-04-19 -----------------------------

2008-04-19 12:21:49 0 d------c- C:\Program Files\Trend Micro
2008-04-17 15:32:38 25600 --a----c- C:\Windows\system32\WS2Fix.exe
2008-04-17 15:32:38 289144 --a----c- C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-17 15:32:38 86528 --a----c- C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-17 15:32:38 288417 --a----c- C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-17 15:32:38 82432 --a----c- C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-17 15:32:38 51200 --a----c- C:\Windows\system32\dumphive.exe
2008-04-17 00:40:26 2710 --a----c- C:\Windows\system32\tmp.reg
2008-04-17 00:39:42 0 d------c- C:\Users\Denise\SmitfraudFix
2008-04-17 00:32:28 0 d------c- C:\Program Files\CCleaner
2008-04-16 21:51:57 0 d------c- C:\VundoFix Backups
2008-04-16 21:09:59 0 d------c- C:\Program Files\Common Files\Scanner
2008-04-16 21:09:59 0 d------c- C:\Program Files\ComcastToolbar
2008-04-16 20:37:41 0 d------c- C:\Windows\McAfee.com
2008-04-16 20:03:56 6678 --ahs--c- C:\Windows\system32\ilTtvvut.ini2
2008-04-16 20:03:51 273408 --a----c- C:\Windows\system32\tuvvtTli.dll
2008-04-16 20:02:05 53 --a----c- C:\smp.bat
2008-04-16 19:58:22 98304 --a----c- C:\Windows\rtqmekwg.exe
2008-04-16 19:58:22 184320 --a----c- C:\Windows\qtvglped.dll
2008-04-16 19:58:22 106496 --a----c- C:\Windows\npqtsrak.exe
2008-04-16 19:58:21 217088 --a----c- C:\Windows\pmsoarbf.dll
2008-04-16 19:58:21 286720 --a----c- C:\Windows\omlbpkaw.dll
2008-04-16 19:58:21 241664 --a----c- C:\Windows\lgmxvpatwfq.dll
2008-04-16 19:58:20 4096 --a----c- C:\Windows\userconfig9x.dll
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32winlogonpc.exe
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32temp#01.exe
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32taack.exe
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32taack.dat
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32ssvchost.exe
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32ssvchost.com
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32ssurf022.dll
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32sncntr.exe
2008-04-16 19:58:20 0 d------c- C:\Windows\system32smp
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32regm64.dll
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32regc64.dll
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32psoft1.exe
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32psof1.exe
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32ps1.exe
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32netode.exe
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32mwin32.exe
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32mtr2.exe
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32msvchost.exe
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32msnbho.dll
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32msgp.exe
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32medup020.dll
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32medup012.dll
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32hxiwlgpm.exe
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32hxiwlgpm.dat
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32hoproxy.dll
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32h@tkeysh@@k.dll
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32dpcproxy.exe
2008-04-16 19:58:20 4096 --a----c- C:\Windows\system32bsva-egihsg52.exe
2008-04-16 19:58:20 4096 --a----c- C:\Windows\iTunesMusic.exe
2008-04-16 19:58:20 4096 --a----c- C:\Windows\FVProtect.exe
2008-04-16 19:58:20 4096 --a----c- C:\Windows\a.bat
2008-04-16 19:58:20 0 d------c- C:\Program Files\Inet Delivery
2008-04-16 19:58:19 4096 --a----c- C:\Windows\winsystem.exe
2008-04-16 19:58:19 4096 --a----c- C:\Windows\system32vcatchpi.dll
2008-04-16 19:58:19 4096 --a----c- C:\Windows\system32thun32.dll
2008-04-16 19:58:19 4096 --a----c- C:\Windows\system32thun.dll
2008-04-16 19:58:19 4096 --a----c- C:\Windows\system32Rundl1.exe
2008-04-16 19:58:19 4096 --a----c- C:\Windows\system32newsd32.exe
2008-04-16 19:58:19 4096 --a----c- C:\Windows\system32emesx.dll
2008-04-16 19:58:19 4096 --a----c- C:\Windows\system32anticipator.dll
2008-04-16 19:58:19 4096 --a----c- C:\Windows\system32akttzn.exe
2008-04-16 19:58:19 4096 --a----c- C:\Windows\mssecu.exe
2008-04-16 19:58:19 4096 --a----c- C:\Windows\bdn.com
2008-04-16 19:58:18 4096 --a----c- C:\Windows\system32WINWGPX.EXE
2008-04-16 19:58:18 4096 --a----c- C:\Windows\system32winsystem.exe
2008-04-16 19:58:18 4096 --a----c- C:\Windows\system32vbsys2.dll
2008-04-16 19:58:18 4096 --a----c- C:\Windows\system32sysreq.exe
2008-04-16 19:58:18 4096 --a----c- C:\Windows\system32mssecu.exe
2008-04-16 19:58:18 4096 --a----c- C:\Windows\system32bdn.com
2008-04-16 19:58:18 4096 --a----c- C:\Windows\system32awtoolb.dll
2008-04-16 19:58:18 0 d------c- C:\Windows\mslagent
2008-04-16 19:58:05 94208 --a----c- C:\Windows\system32\ahudynkf.exe
2008-04-16 19:58:05 0 d------c- C:\Users\All Users\arknabsf
2008-04-16 16:35:25 0 d------c- C:\Program Files\Common Files\Adobe
2008-03-29 04:26:44 0 d------c- C:\Windows\Sun
2008-03-27 22:31:17 0 d------c- C:\Program Files\iPod
2008-03-27 22:30:55 0 d------c- C:\Program Files\iTunes
2008-03-20 21:21:21 0 d------c- C:\Users\All Users\Yahoo!


-- Find3M Report ---------------------------------------------------------------

2008-04-18 18:00:11 0 d------c- C:\Program Files\Norton Security Scan
2008-04-17 18:36:47 0 d------c- C:\Users\Denise\AppData\Roaming\ComcastToolbar
2008-04-17 15:32:53 35 --a----c- C:\Users\Denise\AppData\Roaming\SetValue.bat
2008-04-17 15:32:53 691 --a----c- C:\Users\Denise\AppData\Roaming\GetValue.vbs
2008-04-16 21:19:59 0 d------c- C:\Program Files\McAfee
2008-04-16 21:09:59 0 d------c- C:\Program Files\Common Files
2008-04-10 23:12:05 0 d------c- C:\Program Files\Common Files\Symantec Shared
2008-04-09 03:14:14 0 d------c- C:\Program Files\Windows Mail
2008-04-02 09:58:45 52576 --a----c- C:\Users\Denise\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-03-21 12:51:00 0 d------c- C:\Users\Denise\AppData\Roaming\Yahoo!
2008-03-20 21:19:58 0 d------c- C:\Program Files\Yahoo!
2008-02-26 22:33:46 0 d------c- C:\Users\Denise\AppData\Roaming\GlobalSCAPE
2008-02-26 22:32:46 0 d--h---c- C:\Program Files\InstallShield Installation Information
2008-02-26 22:32:46 0 d------c- C:\Program Files\GlobalSCAPE
2008-02-26 22:32:03 0 d------c- C:\Program Files\Common Files\InstallShield
2008-02-26 00:29:21 0 d------c- C:\Users\Denise\AppData\Roaming\Apple Computer
2008-02-25 03:45:16 0 d------c- C:\Program Files\DivX
2008-02-25 03:45:05 0 d------c- C:\Program Files\Common Files\PX Storage Engine
2008-02-20 21:05:44 3596288 --a----c- C:\Windows\system32\qt-dx331.dll
2008-02-20 21:04:16 196608 --a----c- C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-20 21:04:16 81920 --a----c- C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-20 21:04:04 802816 --a----c- C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-20 21:04:04 823296 --a----c- C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 21:04:04 823296 --a----c- C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 21:04:04 682496 --a----c- C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 21:03:24 12288 --a----c- C:\Windows\system32\DivXWMPExtType.dll
2008-02-19 02:40:48 0 d------c- C:\Program Files\Google


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7228F1FF-6C1C-4A3B-84F5-7F24FDF6B284}]
04/16/2008 08:03 PM 273408 --a--c--- C:\Windows\system32\tuvvtTli.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/04/2008 01:09 AM]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [11/16/2006 05:04 PM]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [10/19/2006 08:42 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 11:33 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/09/2008 10:49 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/04/2008 12:35 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 07:36 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 07:35 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"gghmvasw"="C:\Windows\system32\ahudynkf.exe" [04/16/2008 07:58 PM]
"MSServer"="C:\Users\Denise\AppData\Local\Temp\rqRLbyvW.dll,#1" []
"509d7404"="C:\Users\Denise\AppData\Local\Temp\xwlagfgp.dll,b" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"ap0DyFXNgi"=C:\ProgramData\arknabsf\ahybwfmt.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FCBABDA2-801E-4F51-B6E8-0122032FB16B}"= C:\Windows\system32\qoMeBqNd.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\tuvvtTli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8877bc15-dbe5-11dc-b643-00e0b8b6ebd7}]
AutoRun\command- G:\JDSecure\Windows\JDSecure31.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

89.163.145.151 l2authd.lineage2.com
89.163.145.151 l2testauthd.lineage2.com
89.163.145.151 l2patcher.lineage2.com


-- End of Deckard's System Scanner: finished at 2008-04-19 14:57:23 ------------













Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 Mobile Technology ML-40
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 957.69 MiB / 433.9 MiB
Pagefile Memory (total/avail): 2174.39 MiB / 1364.58 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.24 MiB

C: is Fixed (NTFS) - 67.68 GiB total, 33.38 GiB free.
D: is Fixed (FAT32) - 6.83 GiB total, 4.76 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST980829A ATA Device - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 67.68 GiB - C:
\PARTITION1 - Unknown - 6.84 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)
AS: McAfee VirusScan v (McAfee)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Denise\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DENISE-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Denise
LOCALAPPDATA=C:\Users\Denise\AppData\Local
LOGONSERVER=\\DENISE-PC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2402
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Denise\AppData\Local\Temp
TMP=C:\Users\Denise\AppData\Local\Temp
USERDOMAIN=Denise-PC
USERNAME=Denise
USERPROFILE=C:\Users\Denise
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Denise


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Archlord --> "C:\Program Files\Codemasters\Archlord\unins000.exe"
BigFix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34FF0741-EC67-4C05-AC2A-6D257123DF2E}\setup.exe" -l0x9 -uninst -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Comcast Toolbar --> C:\Program Files\ComcastToolbar\uninstall.exe
Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta0300a.INF
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
CuteFTP 8 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPSFO --> MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Kodak EasyShare software --> C:\ProgramData\Kodak\EasyShareSetup\$SETUP_a0005_9aff514\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LimeWire 4.16.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Lineage II --> C:\Program Files\InstallShield Installation Information\{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}\setup.exe -runfromtemp -l0x0009 -removeonly
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Office XP Standard for Students and Teachers --> MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_0300107B\HXFSETUP.EXE -U -Iqta0300m.inf
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Messenger for Vista --> C:\Users\Denise\AppData\Local\Yahoo!\MESSEN~1\UNINST~1.EXE
Yahoo! ¤u¨ă¦C --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type6291 / Error
Event Submitted/Written: 04/19/2008 02:51:53 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.6000.16549, time stamp 0x46d230c5, faulting module xwlagfgp.dll, version 0.0.0.0, time stamp 0x5116a69a, exception code 0xc0000005, fault offset 0x00010a3a,
process id 0x7a8, application start time 0xexplorer.exe0.

Event Record #/Type6290 / Error
Event Submitted/Written: 04/19/2008 01:12:59 PM
Event ID/Source: 33 / SideBySide
Event Description:
Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Event Record #/Type6288 / Error
Event Submitted/Written: 04/19/2008 00:14:02 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program Explorer.EXE version 6.0.6000.16549 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 670
Start Time: 01c8a23df5a3feea
Termination Time: 231

Event Record #/Type6285 / Error
Event Submitted/Written: 04/19/2008 00:07:11 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Explorer.EXE, version 6.0.6000.16549, time stamp 0x46d230c5, faulting module ohhgksxw.dll, version 0.0.0.0, time stamp 0x5116a69a, exception code 0xc0000005, fault offset 0x00010a3a,
process id 0x670, application start time 0xExplorer.EXE0.

Event Record #/Type6279 / Success
Event Submitted/Written: 04/19/2008 11:54:58 AM
Event ID/Source: 5617 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type31538 / Error
Event Submitted/Written: 04/19/2008 11:53:31 AM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 6, function 0.
Please contact your system vendor for technical assistance.

Event Record #/Type31534 / Warning
Event Submitted/Written: 04/19/2008 11:52:54 AM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:


Event Record #/Type31407 / Error
Event Submitted/Written: 04/19/2008 11:08:54 AM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 6, function 0.
Please contact your system vendor for technical assistance.

Event Record #/Type31406 / Warning
Event Submitted/Written: 04/19/2008 06:42:42 AM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:


Event Record #/Type31271 / Error
Event Submitted/Written: 04/19/2008 03:07:50 AM
Event ID/Source: 6008 / EventLog
Event Description:
The previous system shutdown at 3:04:15 AM on 4/19/2008 was unexpected.



-- End of Deckard's System Scanner: finished at 2008-04-19 14:57:23 ------------

Edited by Denise87, 19 April 2008 - 05:10 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:17 PM

Posted 21 April 2008 - 04:17 PM

Hello Denise87,

Welcome to Bleeping Computer :thumbsup:

I see you've already run SmitfraudFix.....do still have the report? I'd really like to see it if you do, please. :blink:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Denise87

Denise87
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 24 April 2008 - 09:02 PM

i have the smitfraud program. should i run this?

a few days ago i installed SuperAntiSpyware. this removed lots of trojans etc and i don't receive the pop ups anymore but i don't know if i completely removed everything.


ComboFix 08-04-22.5 - Denise 2008-04-24 20:35:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.390 [GMT -5:00]
Running from: C:\Users\Denise\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Windows\a.bat
C:\Windows\base64.tmp
C:\Windows\bdn.com
C:\Windows\FVProtect.exe
C:\Windows\iTunesMusic.exe
C:\Windows\mslagent
C:\Windows\mslagent\2_mslagent.dll
C:\Windows\mslagent\mslagent.exe
C:\Windows\mslagent\uninstall.exe
C:\Windows\mssecu.exe
C:\Windows\System32\ilTtvvut.ini
C:\Windows\System32\ilTtvvut.ini2
C:\Windows\system32akttzn.exe
C:\Windows\system32anticipator.dll
C:\Windows\system32awtoolb.dll
C:\Windows\system32bdn.com
C:\Windows\system32bsva-egihsg52.exe
C:\Windows\system32dpcproxy.exe
C:\Windows\system32emesx.dll
C:\Windows\system32h@tkeysh@@k.dll
C:\Windows\system32hoproxy.dll
C:\Windows\system32hxiwlgpm.dat
C:\Windows\system32hxiwlgpm.exe
C:\Windows\system32medup012.dll
C:\Windows\system32medup020.dll
C:\Windows\system32msgp.exe
C:\Windows\system32msnbho.dll
C:\Windows\system32mssecu.exe
C:\Windows\system32msvchost.exe
C:\Windows\system32mtr2.exe
C:\Windows\system32mwin32.exe
C:\Windows\system32netode.exe
C:\Windows\system32newsd32.exe
C:\Windows\system32ps1.exe
C:\Windows\system32psof1.exe
C:\Windows\system32psoft1.exe
C:\Windows\system32regc64.dll
C:\Windows\system32regm64.dll
C:\Windows\system32Rundl1.exe
C:\Windows\system32smp
C:\Windows\system32smp\msrc.exe
C:\Windows\system32sncntr.exe
C:\Windows\system32ssurf022.dll
C:\Windows\system32ssvchost.com
C:\Windows\system32ssvchost.exe
C:\Windows\system32sysreq.exe
C:\Windows\system32taack.dat
C:\Windows\system32taack.exe
C:\Windows\system32temp#01.exe
C:\Windows\system32thun.dll
C:\Windows\system32thun32.dll
C:\Windows\system32VBIEWER.OCX
C:\Windows\system32vbsys2.dll
C:\Windows\system32vcatchpi.dll
C:\Windows\system32winlogonpc.exe
C:\Windows\system32winsystem.exe
C:\Windows\system32WINWGPX.EXE
C:\Windows\userconfig9x.dll
C:\Windows\Web\def.htm
C:\Windows\winsystem.exe
C:\Windows\zip1.tmp
C:\Windows\zip2.tmp
C:\Windows\zip3.tmp
C:\Windows\zipped.tmp
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))
.

2008-04-20 20:10 . 2008-04-20 20:10 <DIR> d----c--- C:\Users\Denise\AppData\Roaming\Malwarebytes
2008-04-20 20:10 . 2008-04-20 20:10 <DIR> d----c--- C:\Users\All Users\Malwarebytes
2008-04-20 20:10 . 2008-04-20 20:10 <DIR> d----c--- C:\ProgramData\Malwarebytes
2008-04-20 20:10 . 2008-04-20 20:10 <DIR> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-20 20:08 . 2008-04-20 20:08 <DIR> d----c--- C:\Users\Denise\AppData\Roaming\Download Manager
2008-04-20 20:07 . 2008-04-20 20:07 <DIR> d----c--- C:\Users\All Users\SUPERAntiSpyware.com
2008-04-20 20:07 . 2008-04-20 20:07 <DIR> d----c--- C:\ProgramData\SUPERAntiSpyware.com
2008-04-20 20:06 . 2008-04-20 20:06 <DIR> d----c--- C:\Users\Denise\AppData\Roaming\SUPERAntiSpyware.com
2008-04-20 20:06 . 2008-04-20 20:06 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
2008-04-20 20:05 . 2008-04-20 20:05 <DIR> d----c--- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 14:54 . 2008-04-19 14:54 <DIR> d----c--- C:\Deckard
2008-04-19 12:21 . 2008-04-19 12:21 <DIR> d----c--- C:\Program Files\Trend Micro
2008-04-17 00:50 . 2008-04-17 15:32 691 --a--c--- C:\Users\Denise\AppData\Roaming\GetValue.vbs
2008-04-17 00:50 . 2008-04-17 15:32 35 --a--c--- C:\Users\Denise\AppData\Roaming\SetValue.bat
2008-04-17 00:40 . 2008-04-17 15:32 2,710 --a--c--- C:\Windows\System32\tmp.reg
2008-04-17 00:39 . 2008-04-24 20:30 <DIR> d----c--- C:\Users\Denise\SmitfraudFix
2008-04-17 00:32 . 2008-04-17 00:32 <DIR> d----c--- C:\Program Files\CCleaner
2008-04-16 21:51 . 2008-04-16 21:51 <DIR> d----c--- C:\VundoFix Backups
2008-04-16 21:09 . 2008-04-20 20:08 <DIR> d----c--- C:\Users\Denise\AppData\Roaming\ComcastToolbar
2008-04-16 21:09 . 2008-04-16 21:10 <DIR> d----c--- C:\Program Files\Common Files\Scanner
2008-04-16 21:09 . 2008-04-16 21:10 <DIR> d----c--- C:\Program Files\ComcastToolbar
2008-04-16 20:37 . 2008-04-16 20:37 <DIR> d----c--- C:\Windows\McAfee.com
2008-04-16 20:02 . 2008-04-16 20:02 53 --a--c--- C:\smp.bat
2008-04-16 19:58 . 2008-04-20 20:43 <DIR> d----c--- C:\Users\All Users\arknabsf
2008-04-16 19:58 . 2008-04-20 20:43 <DIR> d----c--- C:\ProgramData\arknabsf
2008-04-16 16:35 . 2008-04-16 16:35 <DIR> d----c--- C:\Program Files\Common Files\Adobe
2008-04-08 19:13 . 2008-02-14 18:19 944,184 --a--c--- C:\Windows\System32\winload.exe
2008-04-08 19:13 . 2008-02-19 00:10 620,088 --a--c--- C:\Windows\System32\ci.dll
2008-04-08 19:13 . 2008-02-29 01:39 371,712 --a--c--- C:\Windows\System32\srcore.dll
2008-04-08 19:13 . 2008-02-29 01:38 313,856 --a--c--- C:\Windows\System32\rstrui.exe
2008-04-08 19:13 . 2008-02-29 01:39 40,960 --a--c--- C:\Windows\System32\srclient.dll
2008-04-08 19:13 . 2008-02-29 01:51 19,000 --a--c--- C:\Windows\System32\kd1394.dll
2008-04-08 19:13 . 2008-02-29 01:38 16,384 --a--c--- C:\Windows\System32\srdelayed.exe
2008-04-08 19:13 . 2008-02-29 01:34 7,168 --a--c--- C:\Windows\System32\f3ahvoas.dll
2008-04-08 19:13 . 2008-02-29 01:35 6,656 --a--c--- C:\Windows\System32\kbd106n.dll
2008-04-08 19:12 . 2008-02-28 23:16 2,027,008 --a--c--- C:\Windows\System32\win32k.sys
2008-04-08 19:12 . 2008-02-20 23:43 296,448 --a--c--- C:\Windows\System32\gdi32.dll
2008-04-08 19:12 . 2007-12-16 06:42 83,968 --a--c--- C:\Windows\System32\dnsrslvr.dll
2008-04-08 19:12 . 2007-12-16 06:41 24,576 --a--c--- C:\Windows\System32\dnscacheugc.exe
2008-04-02 09:58 . 2008-04-02 09:58 52,576 --a--c--- C:\Users\Denise\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-03-29 04:26 . 2008-03-29 04:26 <DIR> d----c--- C:\Windows\Sun
2008-03-27 22:51 . 2008-03-27 22:51 <DIR> dr---c--- C:\Windows\System32\config\systemprofile\Music
2008-03-27 22:31 . 2008-03-27 22:31 <DIR> d----c--- C:\Program Files\iPod
2008-03-27 22:31 . 2008-04-16 20:18 54,156 --ah-c--- C:\Windows\QTFont.qfn
2008-03-27 22:31 . 2008-03-27 22:31 1,409 --a--c--- C:\Windows\QTFont.for
2008-03-27 22:30 . 2008-03-27 22:31 <DIR> d----c--- C:\Program Files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 13:11 --------- dc----w C:\Program Files\McAfee
2008-04-21 04:09 --------- dc----w C:\Program Files\Common Files\Symantec Shared
2008-04-20 23:00 --------- dc----w C:\Program Files\Norton Security Scan
2008-04-20 00:43 --------- dc----w C:\Users\Denise\AppData\Roaming\Yahoo!
2008-04-19 21:24 --------- dc----w C:\Program Files\Yahoo!
2008-04-19 21:03 --------- dc----w C:\Program Files\Lineage II
2008-04-09 08:14 --------- dc----w C:\Program Files\Windows Mail
2008-03-21 02:21 --------- dc----w C:\ProgramData\Yahoo!
2008-03-06 00:04 --------- dc----w C:\ProgramData\Symantec
2008-02-27 03:33 --------- dc----w C:\Users\Denise\AppData\Roaming\GlobalSCAPE
2008-02-27 03:32 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-02-27 03:32 --------- dc----w C:\Program Files\GlobalSCAPE
2008-02-27 03:32 --------- dc----w C:\Program Files\Common Files\InstallShield
2008-02-26 05:29 --------- dc----w C:\Users\Denise\AppData\Roaming\Apple Computer
2008-02-25 08:45 --------- dc----w C:\Program Files\DivX
2008-02-25 08:45 --------- dc----w C:\Program Files\Common Files\PX Storage Engine
2008-02-21 04:43 52,736 -c--a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 09:05 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 09:05 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 09:05 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 09:05 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 09:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-04 06:33 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96A4461B-AE27-4679-9DE2-106E407BEDBB}]
C:\Windows\system32\tuvvtTli.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 22:49 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-04 00:35 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"509d7404"="C:\Users\Denise\AppData\Local\Temp\xwlagfgp.dll" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-04 01:09 1006264]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 17:04 2348584]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2006-10-19 20:42 161360]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"combofix"="C:\Windows\system32\CF22657.exe" [2006-11-02 04:44 320000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3390427354-350988367-3994786905-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0244E004-164B-4881-A648-AF54E91BA70E}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{D2EA710A-0266-4026-8C06-500179CEF9C6}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{8AA2B218-4818-429D-8EF3-B678517AF53B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{410FB54C-FB35-4AB5-95EC-BBF7FE77DCAB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A8F6E93B-2775-4CD5-96C4-2B695DD032FC}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4D4A93A0-A18F-447A-AD3B-A5331E95C611}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{31C4135B-F214-46AB-A4E6-B5772D73CF31}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{44D04922-66B9-4579-B494-BA35C9619939}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2D39D4F4-E376-4679-A567-267D1AEA4542}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{8AAA4B19-DD33-4267-A769-E9D9E445DB39}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C8275DF7-891B-4F02-9C28-11691594AC49}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 HSFHWATI;HSFHWATI;C:\Windows\system32\DRIVERS\HSFHWATI.sys [2005-01-25 14:26]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-19 01:03]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8877bc15-dbe5-11dc-b643-00e0b8b6ebd7}]
\shell\AutoRun\command - G:\JDSecure\Windows\JDSecure31.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-16 03:51:49 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-01 06:00:37 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-04-20 23:34:47 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 20:45:54
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
.
**************************************************************************
.
Completion time: 2008-04-24 20:52:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-25 01:52:08

Pre-Run: 32,726,413,312 bytes free
Post-Run: 32,566,423,552 bytes free

264 --- E O F --- 2008-04-25 00:39:42





























































Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:09 PM, on 4/24/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {96A4461B-AE27-4679-9DE2-106E407BEDBB} - C:\Windows\system32\tuvvtTli.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...275/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

--
End of file - 7331 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:17 PM

Posted 24 April 2008 - 09:37 PM

Hello,

i have the smitfraud program. should i run this?

No thank you. But if you have the original report still, I would like to see that. Otherwise, please delete SmitfraudFix. ComboFix removed a load of junk. How is it running now please?

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {96A4461B-AE27-4679-9DE2-106E407BEDBB} - C:\Windows\system32\tuvvtTli.dll (file missing)

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

Folder::
C:\VundoFix Backups
C:\Users\All Users\arknabsf
C:\ProgramData\arknabsf

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96A4461B-AE27-4679-9DE2-106E407BEDBB}]

File::
C:\Windows\system32\tuvvtTli.dll


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Denise87

Denise87
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 24 April 2008 - 10:45 PM

ComboFix 08-04-22.5 - Denise 2008-04-24 22:34:51.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.350 [GMT -5:00]
Running from: C:\Users\Denise\Desktop\ComboFix.exe
Command switches used :: C:\Users\Denise\Desktop\CFScript.txt.lnk
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))
.

2008-04-24 21:59 . 2008-04-24 21:59 <DIR> d----c--- C:\Users\Denise\SmitfraudFix
2008-04-20 20:10 . 2008-04-20 20:10 <DIR> d----c--- C:\Users\Denise\AppData\Roaming\Malwarebytes
2008-04-20 20:10 . 2008-04-20 20:10 <DIR> d----c--- C:\Users\All Users\Malwarebytes
2008-04-20 20:10 . 2008-04-20 20:10 <DIR> d----c--- C:\ProgramData\Malwarebytes
2008-04-20 20:10 . 2008-04-20 20:10 <DIR> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-20 20:08 . 2008-04-20 20:08 <DIR> d----c--- C:\Users\Denise\AppData\Roaming\Download Manager
2008-04-20 20:07 . 2008-04-20 20:07 <DIR> d----c--- C:\Users\All Users\SUPERAntiSpyware.com
2008-04-20 20:07 . 2008-04-20 20:07 <DIR> d----c--- C:\ProgramData\SUPERAntiSpyware.com
2008-04-20 20:06 . 2008-04-20 20:06 <DIR> d----c--- C:\Users\Denise\AppData\Roaming\SUPERAntiSpyware.com
2008-04-20 20:06 . 2008-04-20 20:06 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
2008-04-20 20:05 . 2008-04-20 20:05 <DIR> d----c--- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 14:54 . 2008-04-19 14:54 <DIR> d----c--- C:\Deckard
2008-04-19 12:21 . 2008-04-19 12:21 <DIR> d----c--- C:\Program Files\Trend Micro
2008-04-17 00:50 . 2008-04-17 15:32 691 --a--c--- C:\Users\Denise\AppData\Roaming\GetValue.vbs
2008-04-17 00:50 . 2008-04-17 15:32 35 --a--c--- C:\Users\Denise\AppData\Roaming\SetValue.bat
2008-04-17 00:40 . 2008-04-17 15:32 2,710 --a--c--- C:\Windows\System32\tmp.reg
2008-04-17 00:32 . 2008-04-17 00:32 <DIR> d----c--- C:\Program Files\CCleaner
2008-04-16 21:51 . 2008-04-16 21:51 <DIR> d----c--- C:\VundoFix Backups
2008-04-16 21:09 . 2008-04-20 20:08 <DIR> d----c--- C:\Users\Denise\AppData\Roaming\ComcastToolbar
2008-04-16 21:09 . 2008-04-16 21:10 <DIR> d----c--- C:\Program Files\Common Files\Scanner
2008-04-16 21:09 . 2008-04-16 21:10 <DIR> d----c--- C:\Program Files\ComcastToolbar
2008-04-16 20:37 . 2008-04-16 20:37 <DIR> d----c--- C:\Windows\McAfee.com
2008-04-16 20:02 . 2008-04-16 20:02 53 --a--c--- C:\smp.bat
2008-04-16 19:58 . 2008-04-20 20:43 <DIR> d----c--- C:\Users\All Users\arknabsf
2008-04-16 19:58 . 2008-04-20 20:43 <DIR> d----c--- C:\ProgramData\arknabsf
2008-04-16 16:35 . 2008-04-16 16:35 <DIR> d----c--- C:\Program Files\Common Files\Adobe
2008-04-08 19:13 . 2008-02-14 18:19 944,184 --a--c--- C:\Windows\System32\winload.exe
2008-04-08 19:13 . 2008-02-19 00:10 620,088 --a--c--- C:\Windows\System32\ci.dll
2008-04-08 19:13 . 2008-02-29 01:39 371,712 --a--c--- C:\Windows\System32\srcore.dll
2008-04-08 19:13 . 2008-02-29 01:38 313,856 --a--c--- C:\Windows\System32\rstrui.exe
2008-04-08 19:13 . 2008-02-29 01:39 40,960 --a--c--- C:\Windows\System32\srclient.dll
2008-04-08 19:13 . 2008-02-29 01:51 19,000 --a--c--- C:\Windows\System32\kd1394.dll
2008-04-08 19:13 . 2008-02-29 01:38 16,384 --a--c--- C:\Windows\System32\srdelayed.exe
2008-04-08 19:13 . 2008-02-29 01:34 7,168 --a--c--- C:\Windows\System32\f3ahvoas.dll
2008-04-08 19:13 . 2008-02-29 01:35 6,656 --a--c--- C:\Windows\System32\kbd106n.dll
2008-04-08 19:12 . 2008-02-28 23:16 2,027,008 --a--c--- C:\Windows\System32\win32k.sys
2008-04-08 19:12 . 2008-02-20 23:43 296,448 --a--c--- C:\Windows\System32\gdi32.dll
2008-04-08 19:12 . 2007-12-16 06:42 83,968 --a--c--- C:\Windows\System32\dnsrslvr.dll
2008-04-08 19:12 . 2007-12-16 06:41 24,576 --a--c--- C:\Windows\System32\dnscacheugc.exe
2008-04-02 09:58 . 2008-04-02 09:58 52,576 --a--c--- C:\Users\Denise\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-03-29 04:26 . 2008-03-29 04:26 <DIR> d----c--- C:\Windows\Sun
2008-03-27 22:51 . 2008-03-27 22:51 <DIR> dr---c--- C:\Windows\System32\config\systemprofile\Music
2008-03-27 22:31 . 2008-03-27 22:31 <DIR> d----c--- C:\Program Files\iPod
2008-03-27 22:31 . 2008-04-16 20:18 54,156 --ah-c--- C:\Windows\QTFont.qfn
2008-03-27 22:31 . 2008-03-27 22:31 1,409 --a--c--- C:\Windows\QTFont.for
2008-03-27 22:30 . 2008-03-27 22:31 <DIR> d----c--- C:\Program Files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 13:11 --------- dc----w C:\Program Files\McAfee
2008-04-21 04:09 --------- dc----w C:\Program Files\Common Files\Symantec Shared
2008-04-20 23:00 --------- dc----w C:\Program Files\Norton Security Scan
2008-04-20 00:43 --------- dc----w C:\Users\Denise\AppData\Roaming\Yahoo!
2008-04-19 21:24 --------- dc----w C:\Program Files\Yahoo!
2008-04-19 21:03 --------- dc----w C:\Program Files\Lineage II
2008-04-09 08:14 --------- dc----w C:\Program Files\Windows Mail
2008-03-21 02:21 --------- dc----w C:\ProgramData\Yahoo!
2008-03-06 00:04 --------- dc----w C:\ProgramData\Symantec
2008-02-27 03:33 --------- dc----w C:\Users\Denise\AppData\Roaming\GlobalSCAPE
2008-02-27 03:32 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-02-27 03:32 --------- dc----w C:\Program Files\GlobalSCAPE
2008-02-27 03:32 --------- dc----w C:\Program Files\Common Files\InstallShield
2008-02-26 05:29 --------- dc----w C:\Users\Denise\AppData\Roaming\Apple Computer
2008-02-25 08:45 --------- dc----w C:\Program Files\DivX
2008-02-25 08:45 --------- dc----w C:\Program Files\Common Files\PX Storage Engine
2008-02-21 04:43 826,368 -c--a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 -c--a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 -c--a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 26,624 -c--a-w C:\Windows\System32\ieUnatt.exe
2008-02-21 02:05 524,288 -c--a-w C:\Windows\System32\DivXsm.exe
2008-02-21 02:05 3,596,288 -c--a-w C:\Windows\System32\qt-dx331.dll
2008-02-21 02:05 200,704 -c--a-w C:\Windows\System32\ssldivx.dll
2008-02-21 02:05 1,044,480 -c--a-w C:\Windows\System32\libdivx.dll
2008-02-21 02:04 823,296 -c--a-w C:\Windows\System32\divx_xx0c.dll
2008-02-21 02:04 823,296 -c--a-w C:\Windows\System32\divx_xx07.dll
2008-02-21 02:04 81,920 -c--a-w C:\Windows\System32\dpl100.dll
2008-02-21 02:04 802,816 -c--a-w C:\Windows\System32\divx_xx11.dll
2008-02-21 02:04 682,496 -c--a-w C:\Windows\System32\DivX.dll
2008-02-21 02:04 593,920 -c--a-w C:\Windows\System32\dpuGUI11.dll
2008-02-21 02:04 57,344 -c--a-w C:\Windows\System32\dpv11.dll
2008-02-21 02:04 53,248 -c--a-w C:\Windows\System32\dpuGUI10.dll
2008-02-21 02:04 344,064 -c--a-w C:\Windows\System32\dpus11.dll
2008-02-21 02:04 294,912 -c--a-w C:\Windows\System32\dpu11.dll
2008-02-21 02:04 294,912 -c--a-w C:\Windows\System32\dpu10.dll
2008-02-21 02:04 196,608 -c--a-w C:\Windows\System32\dtu100.dll
2008-02-21 02:03 156,992 -c--a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 -c--a-w C:\Windows\System32\DivXWMPExtType.dll
2008-02-14 09:10 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 09:06 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 09:06 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 09:06 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 09:06 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 09:06 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 09:05 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 09:05 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 09:05 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 09:05 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 09:05 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 09:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 09:05 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-01-04 06:33 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-04-24_20.51.15.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-25 01:42:39 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-25 03:23:58 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-25 01:42:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-25 03:24:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-04-25 01:42:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-04-25 03:24:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-25 01:44:01 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-25 03:28:15 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-25 01:45:06 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-25 03:26:33 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-04-25 01:44:00 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-25 03:28:26 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-25 01:45:06 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-25 03:26:28 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-04-25 01:46:15 7,312 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3390427354-350988367-3994786905-1000_UserData.bin
+ 2008-04-25 03:27:01 7,368 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3390427354-350988367-3994786905-1000_UserData.bin
- 2008-04-25 01:46:13 45,948 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-25 03:27:01 46,126 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-25 00:35:53 40,690 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-25 03:07:32 40,698 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 22:49 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-04 00:35 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-04 01:09 1006264]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 17:04 2348584]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2006-10-19 20:42 161360]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3390427354-350988367-3994786905-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0244E004-164B-4881-A648-AF54E91BA70E}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{D2EA710A-0266-4026-8C06-500179CEF9C6}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{8AA2B218-4818-429D-8EF3-B678517AF53B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{410FB54C-FB35-4AB5-95EC-BBF7FE77DCAB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A8F6E93B-2775-4CD5-96C4-2B695DD032FC}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4D4A93A0-A18F-447A-AD3B-A5331E95C611}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{31C4135B-F214-46AB-A4E6-B5772D73CF31}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{44D04922-66B9-4579-B494-BA35C9619939}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2D39D4F4-E376-4679-A567-267D1AEA4542}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{8AAA4B19-DD33-4267-A769-E9D9E445DB39}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C8275DF7-891B-4F02-9C28-11691594AC49}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 HSFHWATI;HSFHWATI;C:\Windows\system32\DRIVERS\HSFHWATI.sys [2005-01-25 14:26]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-19 01:03]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 02:30]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 02:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8877bc15-dbe5-11dc-b643-00e0b8b6ebd7}]
\shell\AutoRun\command - G:\JDSecure\Windows\JDSecure31.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-16 03:51:49 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-01 06:00:37 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-04-20 23:34:47 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 22:38:25
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-24 22:40:13
ComboFix-quarantined-files.txt 2008-04-25 03:39:44
ComboFix2.txt 2008-04-25 03:16:21
ComboFix3.txt 2008-04-25 01:52:29

Pre-Run: 32,233,615,360 bytes free
Post-Run: 32,217,624,576 bytes free

214 --- E O F --- 2008-04-25 00:39:42









































Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:32 PM, on 4/24/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...275/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

--
End of file - 7062 bytes









well before there was an error pop up saying some file was missing. but it doesnt come up now. i believe the O2 - BHO file you told me to fix removed the pop up.

before i did all of these intstructions i had more space on my computer. is there a way to gain it back?

Edited by Denise87, 24 April 2008 - 10:48 PM.


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:17 PM

Posted 25 April 2008 - 12:37 AM

How much space are you talking about? :thumbsup: Have you done your routine cleaning of cookies, temps, etc, since this started?

Delete SmitfraudFix, ComboFix and its accompanying folder C:\Qoobox. I would also uninstall MBAM since you already had SAS and Defender. Empty your Recycle bin and reboot your computer.

Please let me know about the space. :blink:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Denise87

Denise87
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 25 April 2008 - 05:46 PM

well i had about 33.5gb now i have 29.4gb. when u say "etc" what are the other things to clean besides cookies and temp?

i deleted the cookies, temp, SmitfraudFix, ComboFix, C:\Qoobox, and MBAM.

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:17 PM

Posted 25 April 2008 - 07:32 PM

You can also clear your restore points. You don't need but the last one at this point. All those things take up room and continue to do so. If you've never cleared them, or reset the size, then default 10% is set aside for them.....that could be a ton on a 100 gig hard drive. :thumbsup: See what I mean?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 Denise87

Denise87
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 26 April 2008 - 12:08 AM

yea i see what your saying. how do i reset them?

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:17 PM

Posted 26 April 2008 - 12:14 AM

Let's see if the easy way works as easy on Vista :thumbsup: :

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it ( something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

How is it running tonight, please? :blink:

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 Denise87

Denise87
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 26 April 2008 - 12:45 PM

ok i deleted the old restore points and created a new one. it seems to be running alot better.

but in the future how can i protect my computer from virus etc?

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:17 PM

Posted 26 April 2008 - 12:54 PM

Hello,

Good to know. :thumbsup:

You already have the basics in place. One thing you can add would be this:

Download the HostsXpert Here
http://www.funkytoad.com/download/HostsXpert.zip

Unzip HostsXpert to your desktop

Open up the HostsXpert program.

* Make sure that the "make hosts writable?" button in the upper left corner is enabled.
* Click back up Host files
* then click "Restore MS Hosts File"
* close program

Use Firefox exclusively and be careful where you go. Even the best protection programs are totally worthless if things are allowed to bypass them intentionally.
It is very important to maintain your Firewall.
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 Denise87

Denise87
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 26 April 2008 - 01:59 PM

wow the info and links were VERY helpful. but i have a few problems...


1. when i used the HostsXpert and made "make hosts writable?" i could not click on back up hosts file.

2. i'm sure i have a antivirus and firewall but how do i check for them?

3. i have windows defender, is that the same thing as a firewall?

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:17 PM

Posted 26 April 2008 - 02:28 PM

Yes, you have a firewall. :thumbsup: McAfee Personal Firewall

No Defender is not a firewall, and it isn't an AntiVirus. It's more like an AntiSpyware program.

Your McAfee AntiVirus should update on it's own....do you run scans with it?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 Denise87

Denise87
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 26 April 2008 - 11:07 PM

are the mcafee antivirus and firewall all under the mcafee security center?

and yes i run scans with it. i normally do about once a week




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users