Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Started To Act Wierd And Now Computer Shows Signs Too


  • This topic is locked This topic is locked
2 replies to this topic

#1 SweetSuzy

SweetSuzy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 16 June 2008 - 07:28 AM

first of all im sorry i didnt post this in this section in the first place.




yesterday i posted in an help forum this message:


"i dont know what to do anymore,

my computer was really fine and i downloaded a lot of stuff from rapidshare(got premium account) and ever since they upgraded with the 50g limit, i downloaded even more then usuall and i even manged to download a lot of links by saving them into a text file then importing it with the DAP.

it all went well for couple of days when suddenly everytime i downloaded almost 90% of the files are corrupted.

i tried downloading again and again, the same files that were corrupted.
tried diffrent files, tried with out dap, and still!

luckily when i download not from rapidshare is ok (maybe im not quite sure)


but now its got even more and more messy.

everytime i start to watch a youtube video, the browser is crashing (firefox is crashing in any video, tried uninstall, reinstall, and even tried the new 3 beta. and IE is crashing just by opening youtube)

when i go into a site or pictures they load only a quarter of the picture and i need to refresh it.

i tried system restore my computer and it gives my a stupid "cannot restore your computer try diffrent date"("i just acted like im doing something but actually i didnt do anything")

and no matter which date i choose it wont restore so i did a trick that supposed to fix it by unable it and enable it(but unfortunately it deleted the restore points but hopefully fix it for the future)

i tried reinstalling java for youtube(dont ask me why) but now it wont install it.

adaware found 20 not critical items that were removed
AVG Pro found 6 "Tracking coockies" which were removed.


im out of ideas.

if anyone could help it will be greatly appreciated.

thanks in advance"


someone suggested that i shall try hijackthis and preharps my java is infected with malware.

im using xp service pack 3

here is with DSS:

Deckard's System Scanner v20071014.68
Run by user on 2008-06-16 15:03:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-06-16 12:03:50 UTC - RP6 - Deckard's System Scanner Restore Point
5: 2008-06-15 23:18:05 UTC - RP5 - Removed Java™ 6 Update 3
4: 2008-06-15 23:17:53 UTC - RP4 - Before uninstall Java™ 6 Update 3
3: 2008-06-15 23:02:51 UTC - RP3 - Configured Viva Piņata
2: 2008-06-15 23:02:11 UTC - RP2 - Before uninstall Viva Piņata


-- First Restore Point --
1: 2008-06-15 23:01:47 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:25 PM, on 6/16/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3311)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\user\My Documents\Dowloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP Premium\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP Premium\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203924944531
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6825 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 SSHDRV85 - c:\windows\system32\drivers\sshdrv85.sys <Not Verified; ; ProtectCD>

S3 Profos - c:\program files\common files\bitdefender\bitdefender threat scanner\profos.sys (file missing)
S3 Trufos - c:\program files\common files\bitdefender\bitdefender threat scanner\trufos.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi


-- Files created between 2008-05-16 and 2008-06-16 -----------------------------

2008-06-16 13:48:25 0 d-------- C:\Program Files\Trend Micro
2008-06-16 01:49:43 0 d-------- C:\Program Files\ARAR
2008-06-15 00:49:28 0 d-------- C:\Program Files\Lavasoft
2008-06-13 01:15:29 0 d-------- C:\WINDOWS\system32\drivers\umdf
2008-06-11 14:20:51 0 d-------- C:\Documents and Settings\user\Application Data\Ascaron Entertainment
2008-06-07 21:51:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-06-07 21:49:32 2337865 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-06-07 21:49:31 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-07 16:19:01 0 d-------- C:\Documents and Settings\user\Application Data\The Longest Journey
2008-06-07 15:55:25 0 d-------- C:\DreamFall_FILES
2008-06-07 03:45:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-06 20:53:32 0 d-------- C:\Program Files\DIFX
2008-06-06 20:43:58 0 d-------- C:\WINDOWS\system32\xlive
2008-06-03 15:30:55 0 d-------- C:\Program Files\DAP Premium
2008-06-03 15:12:56 0 d-------- C:\Downloads
2008-06-03 15:12:49 0 d-------- C:\Documents and Settings\user\Application Data\Orbit
2008-06-03 00:54:12 0 d-------- C:\Program Files\Common Files\DirectX
2008-06-01 18:02:36 0 d-------- C:\Documents and Settings\user\Application Data\Lionhead Studios
2008-06-01 17:47:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Lionhead Studios
2008-05-30 19:02:20 21504 --a------ C:\WINDOWS\jestertb.dll
2008-05-24 01:56:14 4096 --a------ C:\WINDOWS\d3dx.dat
2008-05-24 01:56:11 0 d-------- C:\Documents and Settings\user\Application Data\Wildfire
2008-05-22 21:30:00 0 d-------- C:\Documents and Settings\user\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
2008-05-22 14:31:05 0 d-------- C:\Documents and Settings\user\Application Data\My Battle for Middle-earth™ II Files
2008-05-21 00:41:52 0 d--h----- C:\$AVG8.VAULT$
2008-05-18 15:43:34 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-18 15:43:27 0 d-------- C:\Program Files\AVG
2008-05-18 15:43:27 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8


-- Find3M Report ---------------------------------------------------------------

2008-06-16 02:18:08 0 d-------- C:\Program Files\Java
2008-06-16 02:10:02 0 d-------- C:\Program Files\Games
2008-06-16 02:10:02 0 d-------- C:\Documents and Settings\user\Application Data\Microsoft Games
2008-06-16 01:49:43 0 d-------- C:\Documents and Settings\user\Application Data\Hamachi
2008-06-16 01:49:33 0 d-------- C:\Documents and Settings\user\Application Data\uTorrent
2008-06-16 01:49:16 0 d-------- C:\Documents and Settings\user\Application Data\Hoyle Card Games
2008-06-16 01:48:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 01:48:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-16 01:31:36 0 d-------- C:\Documents and Settings\user\Application Data\Mozilla
2008-06-15 21:27:15 10 --a------ C:\WINDOWS\popcinfo.dat
2008-06-14 00:02:44 0 d-------- C:\Documents and Settings\user\Application Data\Skype
2008-06-13 22:45:12 0 d-------- C:\Documents and Settings\user\Application Data\skypePM
2008-06-13 17:09:32 0 d-------- C:\Documents and Settings\user\Application Data\InstallShield
2008-06-10 02:25:24 0 d-------- C:\Documents and Settings\user\Application Data\U3
2008-06-07 03:37:23 0 d-------- C:\Program Files\Common Files
2008-06-02 19:30:24 0 d-------- C:\Program Files\BFG
2008-06-01 03:02:52 0 d-------- C:\Program Files\Microsoft Games
2008-05-25 16:14:54 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-25 16:14:49 0 d-------- C:\Documents and Settings\user\Application Data\SystemRequirementsLab
2008-05-15 22:14:23 0 d-------- C:\Program Files\JoWooD
2008-05-15 21:52:08 0 d-------- C:\Documents and Settings\user\Application Data\Bioshock
2008-05-15 15:31:53 0 d-------- C:\Program Files\Hamachi
2008-05-15 15:27:45 0 d-------- C:\Documents and Settings\user\Application Data\Touchstone
2008-05-15 14:31:03 0 d-------- C:\Program Files\AGEIA Technologies
2008-05-14 19:09:01 0 d-------- C:\Documents and Settings\user\Application Data\Command & Conquer 3 Tiberium Wars
2008-05-12 18:34:16 82760 --a------ C:\WINDOWS\War3Unin.dat
2008-05-12 18:33:33 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-05-12 18:33:33 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-05-10 20:37:11 0 d-------- C:\Documents and Settings\user\Application Data\ESET
2008-05-09 23:08:05 0 d-------- C:\Program Files\QuickTime
2008-05-05 18:05:32 0 d-------- C:\Documents and Settings\user\Application Data\Adobe
2008-05-03 23:14:00 0 d-------- C:\Program Files\BitDefender
2008-05-02 14:39:01 0 d-------- C:\Documents and Settings\user\Application Data\Leadertech
2008-05-01 04:47:57 0 d-------- C:\Program Files\Majesty - Gold Edition
2008-04-30 15:14:43 0 --a------ C:\WINDOWS\PowerReg.dat
2008-04-29 21:35:28 0 d-------- C:\Program Files\Common Files\BitDefender
2008-04-28 17:59:15 0 d-------- C:\Program Files\Samsung
2008-04-28 17:58:56 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-23 23:37:32 0 -ra------ C:\logwmemory.bin


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [10/30/2006 06:49 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 05:04 AM C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 05:43 AM C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/09/2008 12:53 PM]
"nwiz"="nwiz.exe" [01/09/2008 12:53 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [01/09/2008 12:53 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 04:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08/08/2007 10:25 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM]
"RegistryMechanic"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/19/2008 09:29 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/12/2008 03:59 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [08/03/2007 01:51 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 2:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 1:01:50 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8dd4e88-e372-11dc-b170-001a4d5d9e7e}]
AutoRun\command- F:\LaunchU3.exe -a




-- Hosts -----------------------------------------------------------------------

127.0.0.1 update.bitdefender.com


-- End of Deckard's System Scanner: finished at 2008-06-16 15:05:55 ------------

BC AdBot (Login to Remove)

 


m

#2 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 18 June 2008 - 04:24 PM

Hi

The logs you've posted are clean ...

Your system restore is working now, you have 6 restore points ... by the way, when you turn off/turn on system restore it's supposed delete all your previous restore points, so that went according to plan...

You have jre1.6.0_05 installed and appears to be working OK ... OK there is a newer update, but I wouldn't worry about that at the moment...

I want you to run some more scans & see if they show anything ... but first I want you to clean out all temp/unnecessary files ...

Please Download CCleaner from :-

http://www.filehippo.com/download_ccleaner/ (click the download tab)

During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.

doubleclick the ccsetup.exe file and install the program...

After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Make sure the "windows" tab is selected

Under "internet explorer" tick...

Temporary internet files
Cookies* > see Note below
History
Recently typed URL's
(leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
Delete index.dat files
Last download location
Autocomplete form history


under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"

Other explorer MRU's
(leave this unticked if you DON'T want to clear lists such as the start\run list)

under "System"

Tick ALL these ...


under "Advanced"

no need to tick any of these (but you can if you want, and realise what they do)


Applications tab...

These will mostly clean out old log files for these applications...

Clean:- (if you use them)

Firefox/Mozilla (optional - leave the cookies - see note)
Opera
Sun Java
ZoneAlarm

...
Personally I clean everything in the applications tab... but you tick what you want...

Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your password when you next visit that site) ... click options > cookies > then keep the cookies you want.

click "analyse" if you want to see a list of what is going to be removed, before it is removed.

Or

click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up

"This process will permanently delete files from your system. Are you sure you wish to proceed?"

click OK.

THEN ...

Please run a Kaspersky Online Scan

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

Click Accept

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives Scan Mail Bases
  • Click OK
  • Now under select a target to scan: Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Once finished, save the log to your Desktop as filename KAV.txt
THEN ...

Please Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

THEN ...

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#3 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 24 July 2008 - 03:03 PM

Due to lack of feedback this topic is now closed.

If the original poster would like it re-opened, please send me a PM with a link to this thread.

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users