Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Residuals Of Zlob Infections/ Now No Internet


  • Please log in to reply
1 reply to this topic

#1 jaws978

jaws978

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 17 July 2008 - 01:31 AM

Hi guys,
I am new to these forums but here is my problem. My laptop, a Dell inspiron 1100, contracted a trojan that prevented me from accessing the internet. I also could not clean my temp files and browser history or revert to default homepage as the hijacker would ignore my requests and redirect me to a fake antivirus site. I lost administrative control and even the ability to see anything in "my computer" or use task manager.

I was able to download combofix and run in safemode from a thumbdrive. However, I did not put on the desktop. I just ran it from the thumbdrive itself, so I have no idea where exactly the combofix files were extracted to. It did manage to find and fix many problems the virus was causing and I can even see task manager from all accounts, and have access to my start menu and "mycomputer" again. In fact, everything seems fine except that I cannot connect to the internet and cannot create or restore network connections since that folder is completely empty. My wireless card cannot be found and there are no device options in control panel.

In the hope that you guys can help me I joined this forum and ran DSS here is the log:


Deckard's System Scanner v20071014.68
Run by mario on 2008-07-16 13:39:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-07-16 17:39:34 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-07-16 12:17:11 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as mario.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-16 13:40:44
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Documents and Settings\mario\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1192483660711
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192483719596
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 4255 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20080715-044500-222 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
backup-20080715-044501-927 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080715-061135-667 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
backup-20080715-061138-107 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080715-075911-938 O4 - HKLM\..\Run: [DelayLoad] C:\DOCUME~1\Keithea\LOCALS~1\Temp\atmadm2.exe
backup-20080716-033315-333 O21 - SSODL: evgratsm - {AE557DA2-9C94-42E4-906E-AD3B9EF25618} - C:\WINDOWS\evgratsm.dll
backup-20080716-033315-380 O21 - SSODL: kvxqmtre - {2EC7CE23-B52C-4F53-A205-4B2B237708EB} - C:\WINDOWS\kvxqmtre.dll
backup-20080716-033315-416 O3 - Toolbar: qndsfmao - {9BAB10CC-0EE5-4B15-9017-B7AF2326724D} - C:\WINDOWS\qndsfmao.dll
backup-20080716-034615-418 O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 DOSMEMIO (MEMIO) - c:\windows\system32\memio.sys

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-16 and 2008-07-16 -----------------------------

2008-07-16 08:16:22 68096 --a------ C:\WINDOWS\zip.exe
2008-07-16 08:16:22 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-16 08:16:22 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-16 08:16:22 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-16 08:16:22 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-16 08:16:22 98816 --a------ C:\WINDOWS\sed.exe
2008-07-16 08:16:22 80412 --a------ C:\WINDOWS\grep.exe
2008-07-16 08:16:22 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-16 07:20:35 0 d-------- C:\Documents and Settings\mario\Application Data\Identities
2008-07-16 07:20:03 0 d-------- C:\Documents and Settings\mario\Templates
2008-07-16 07:20:03 0 dr------- C:\Documents and Settings\mario\Start Menu
2008-07-16 07:20:03 0 dr------- C:\Documents and Settings\mario\SendTo
2008-07-16 07:20:03 0 dr------- C:\Documents and Settings\mario\Recent
2008-07-16 07:20:03 0 d-------- C:\Documents and Settings\mario\PrintHood
2008-07-16 07:20:03 0 d-------- C:\Documents and Settings\mario\NetHood
2008-07-16 07:20:03 0 dr------- C:\Documents and Settings\mario\My Documents
2008-07-16 07:20:03 0 d--h----- C:\Documents and Settings\mario\Local Settings
2008-07-16 07:20:03 0 dr------- C:\Documents and Settings\mario\Favorites
2008-07-16 07:20:03 0 d-------- C:\Documents and Settings\mario\Desktop
2008-07-16 07:20:03 0 d---s---- C:\Documents and Settings\mario\Cookies
2008-07-16 07:20:03 0 dr------- C:\Documents and Settings\mario\Application Data
2008-07-16 07:20:02 786432 --a------ C:\Documents and Settings\mario\NTUSER.DAT
2008-07-15 17:19:17 0 d-------- C:\Program Files\AVG
2008-07-15 17:05:40 0 d-------- C:\WINDOWS\pss
2008-07-15 13:40:19 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-15 13:40:19 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-15 13:40:19 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-15 13:40:19 0 dr------- C:\Documents and Settings\Administrator\Application Data
2008-07-15 13:40:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-15 13:40:18 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-07-15 13:40:18 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-15 13:40:18 0 dr------- C:\Documents and Settings\Administrator\SendTo
2008-07-15 13:40:18 0 d-------- C:\Documents and Settings\Administrator\Recent
2008-07-15 13:40:18 0 d-------- C:\Documents and Settings\Administrator\PrintHood
2008-07-15 13:40:18 585728 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-15 13:40:18 0 d-------- C:\Documents and Settings\Administrator\NetHood
2008-07-15 13:40:18 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-15 13:40:18 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-14 19:52:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-14 15:20:45 98304 --a------ C:\WINDOWS\agpqlrfm.exe
2008-07-12 18:22:01 0 d-------- C:\Program Files\MSECache
2008-07-10 15:42:39 0 d-------- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-07-10 15:36:51 0 d-------- C:\WINDOWS\SQL9_KB948109_ENU
2008-07-06 20:56:44 0 d-------- C:\Documents and Settings\Keithea\Application Data\Move Networks
2008-06-29 21:11:18 0 d-------- C:\Documents and Settings\Keithea\Application Data\Media Player Classic
2008-06-29 21:10:23 0 d-------- C:\Program Files\XP Codec Pack
2008-06-29 09:26:27 0 d-------- C:\Documents and Settings\Keithea\Application Data\DivX
2008-06-29 09:23:22 0 d-------- C:\Documents and Settings\Keithea\Application Data\Yahoo!
2008-06-29 09:21:53 0 d-------- C:\Program Files\DivX


-- Find3M Report ---------------------------------------------------------------

2008-07-15 05:44:27 0 d-------- C:\Program Files\Yahoo!
2008-07-10 15:43:13 0 d-------- C:\Program Files\Microsoft SQL Server
2008-06-12 12:25:06 962560 --a------ C:\WINDOWS\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>
2008-06-10 05:09:59 0 d-------- C:\Program Files\Common Files\Motive
2008-06-10 05:09:53 0 d-------- C:\Program Files\SBC Self Support Tool
2008-06-08 11:26:39 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-08 11:23:23 0 d-------- C:\Program Files\Symantec
2008-06-08 11:22:44 0 d-------- C:\Program Files\Common Files
2008-05-31 21:46:03 0 d-------- C:\Program Files\BroadJump


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Keithea^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\Keithea\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HijackThis startup scan]
C:\Program Files\Hijackthis\HijackThis.exe /startupscan

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=3 (0x3)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"wltrysvc"=2 (0x2)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"MSSQL$SQLEXPRESS"=2 (0x2)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"ImapiService"=3 (0x3)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)




-- End of Deckard's System Scanner: finished at 2008-07-16 13:41:24 ------------

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 05 August 2008 - 02:10 PM

Hello there and welcome to Bleeping Computer.
Apologies for the delay in responding to your request for help. We are rather overwhelmed at the moment, and sometimes it takes just a little longer to get to every request for help than we would like. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, please perform the following steps below so we can have a look at the current condition of your machine:

Although you may have carried out the steps detailed above already, I'd like you to run the scanners one more time; the state of your computer may have changed somewhat since you last posted.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
When running DSS, some firewalls may warn that it is trying to access the Internet especially if you are asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so. If you get a warning from your anti-virus while DSS is scanning, allow DSS to continue, as the scan is not harmful.

Please also run a scan with Kaspersky Online Scanner.
You will be promted to install an ActiveX component from Kaspersky, click Yes.
The program will launch and then begin downloading the latest definition files.
Once the files have been downloaded click on Next.
Select a target to scan; click on My Computer.
The scan will take a while so be patient and let it run.
Once the scan is complete choose the option to Save as Text.
I'd like to see this log in your next post.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

In your next reply, please include both of the DSS logs (main.txt and extra.txt) and the Kaspersky scan results.

Edited by rookie147, 05 August 2008 - 02:11 PM.
Typo

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users