Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

slow computer / probable infection


  • Please log in to reply
5 replies to this topic

#1 JonnyBGoode

JonnyBGoode

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 18 January 2009 - 08:12 PM

Here's my HJT log:

Thanks in advance!

jon

-----------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10, on 01/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cbs.sportsline.com/
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54A11BF8-808E-4A39-9FED-380B391AC5D4} - (no file)
O2 - BHO: (no name) - {5d8d8ec3-6c1c-4299-9843-d912e96e4668} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - (no file)
O2 - BHO: (no name) - {D6B95EBE-4394-4363-91EA-1EA61A120CE9} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DED378A2-6C25-4B52-AA75-1F75E475B6BC} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {E9B9D274-4DBE-46A1-86BB-45106496B2A4} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [940bf0d7] rundll32.exe "C:\WINDOWS\system32\yqfgaokb.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.6.0_04) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...upv2.0.0.11.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{778FBB9B-A1C0-4148-9487-03EC33FBFC90}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F76495B6-6A00-423D-8F31-3139E855FDFD}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{778FBB9B-A1C0-4148-9487-03EC33FBFC90}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c965da805d7d3a) (gupdate1c965da805d7d3a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7379 bytes

-------------------

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:04 PM

Posted 30 January 2009 - 07:50 AM

Hello JonnyBGoode

Welcome to BleepingComputer :thumbup2:
========================

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
================
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 JonnyBGoode

JonnyBGoode
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 31 January 2009 - 07:29 PM

Here's the latest:


DDS (Ver_09-01-19.01) - NTFSx86
Run by Jon at 0:03:02.68 on 01/31/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1527.995 [GMT -5:00]

AV: avast! antivirus 4.8.1296 [VPS 090130-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jon\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://cbs.sportsline.com/
mDefault_Page_URL = hxxp://www.google.com/
mDefault_Search_URL = hxxp://www.google.com/
mSearch Page = hxxp://www.google.com/
mLocal Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/
mCustomizeSearch = hxxp://www.google.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {54A11BF8-808E-4A39-9FED-380B391AC5D4} - No File
BHO: {5d8d8ec3-6c1c-4299-9843-d912e96e4668} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - No File
BHO: {D6B95EBE-4394-4363-91EA-1EA61A120CE9} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {DED378A2-6C25-4B52-AA75-1F75E475B6BC} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {E9B9D274-4DBE-46A1-86BB-45106496B2A4} - No File
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [940bf0d7] rundll32.exe "c:\windows\system32\yqfgaokb.dll",b
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: {778FBB9B-A1C0-4148-9487-03EC33FBFC90} = 208.67.220.220,208.67.222.222
TCP: {F76495B6-6A00-423D-8F31-3139E855FDFD} = 208.67.220.220,208.67.222.222
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jon\applic~1\mozilla\firefox\profiles\rjb5i9rq.default\
FF - prefs.js: browser.startup.homepage - cbs.sportsline.com
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npdivx32.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npnul32.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npOGAPlugin.dll
FF - plugin: c:\progra~1\mozill~1\plugins\nppdf32.dll
FF - plugin: c:\progra~1\mozill~1\plugins\nppl3260.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\mozill~1\plugins\nprjplug.dll
FF - plugin: c:\progra~1\mozill~1\plugins\nprpjplug.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npsnapfish.dll
FF - plugin: c:\program files\google\google updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-3-31 111184]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-9-25 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-9-25 352920]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-3-31 20560]
R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-9-25 155160]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [2008-11-3 37708]
S4 gupdate1c965da805d7d3a;Google Update Service (gupdate1c965da805d7d3a);c:\program files\google\update\GoogleUpdate.exe [2008-12-24 119280]

=============== Created Last 30 ================

2009-01-26 19:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nokia
2009-01-26 19:45 <DIR> --d----- c:\program files\MSXML 6.0
2009-01-26 19:30 <DIR> --d----- c:\program files\common files\PCSuite
2009-01-26 19:30 <DIR> --d----- c:\program files\common files\Nokia
2009-01-26 19:30 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-01-26 19:30 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-01-26 19:30 90,624 a------- c:\windows\system32\nmwcdcls.dll
2009-01-26 19:30 <DIR> --d----- c:\program files\Nokia
2009-01-26 19:24 45 a------- c:\windows\marscam.ini
2009-01-26 19:23 110,720 a------- c:\windows\system32\drivers\mr97310c.sys
2009-01-26 19:23 <DIR> --d----- c:\program files\Mars
2009-01-26 18:56 <DIR> --d----- c:\program files\common files\LogoManager
2009-01-26 18:56 <DIR> --d----- c:\program files\MobiMB Mobile Media Browser
2009-01-26 18:55 43,264 -------- c:\windows\system32\drivers\ser2pl.sys
2009-01-17 06:14 57 a------- c:\windows\TaxACT08.ini
2009-01-17 05:56 230 a------- c:\windows\system32\spupdsvc.inf

==================== Find3M ====================

2008-12-19 20:50 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-11 06:57 333,184 a------- c:\windows\system32\drivers\srv.sys
2008-12-03 19:59 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 19:59 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-29 13:56 157,556 a------- c:\windows\hpoins27.dat
2008-11-17 15:04 2,306,113 a------- c:\windows\system32\GPhotos.scr
2007-12-19 09:10 207 a--sh--- c:\windows\system32\2483810424.dat

============= FINISH: 0:03:52.78 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 09/24/2007 19:24:12
System Uptime: 01/30/2009 23:59:34 (1 hours ago)

Motherboard: ECS | | Livermore
Processor: Intel® Celeron® D CPU 3.46GHz | CPU 1 | 3467/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 102.284 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP316: 11/03/2008 11:13:28 - Removed PCLinq2 High-Speed USB Bridge Cable
RP317: 11/03/2008 11:15:43 - Installed PCLinq2 High-Speed USB Bridge Cable
RP318: 11/04/2008 11:18:57 - System Checkpoint
RP319: 11/05/2008 12:49:28 - System Checkpoint
RP320: 11/06/2008 14:25:13 - System Checkpoint
RP321: 11/09/2008 08:22:36 - System Checkpoint
RP322: 11/10/2008 11:41:22 - System Checkpoint
RP323: 11/11/2008 12:34:53 - System Checkpoint
RP324: 11/12/2008 12:55:47 - System Checkpoint
RP325: 11/13/2008 14:43:12 - System Checkpoint
RP326: 11/14/2008 20:21:32 - System Checkpoint
RP327: 11/14/2008 21:28:15 - Software Distribution Service 3.0
RP328: 11/16/2008 09:45:37 - System Checkpoint
RP329: 11/17/2008 10:08:58 - System Checkpoint
RP330: 11/18/2008 11:56:25 - System Checkpoint
RP331: 11/19/2008 14:26:20 - System Checkpoint
RP332: 11/21/2008 06:47:23 - System Checkpoint
RP333: 11/22/2008 07:03:04 - System Checkpoint
RP334: 11/23/2008 07:13:57 - System Checkpoint
RP335: 11/24/2008 07:23:22 - System Checkpoint
RP336: 11/25/2008 07:49:34 - System Checkpoint
RP337: 11/26/2008 07:51:18 - System Checkpoint
RP338: 11/27/2008 09:06:49 - System Checkpoint
RP339: 11/29/2008 08:34:10 - System Checkpoint
RP340: 11/29/2008 12:27:21 - Installed Windows Internet Explorer 8.
RP341: 11/29/2008 12:33:13 - Software Distribution Service 3.0
RP342: 11/29/2008 13:36:51 - Removed HPSU306Stub
RP343: 12/01/2008 09:17:36 - System Checkpoint
RP344: 12/02/2008 12:50:22 - System Checkpoint
RP345: 12/03/2008 13:04:06 - System Checkpoint
RP346: 12/04/2008 13:24:05 - System Checkpoint
RP347: 12/05/2008 12:35:58 - Removed Java™ 6 Update 10
RP348: 12/05/2008 12:36:39 - Installed Java™ 6 Update 11
RP349: 12/05/2008 12:37:12 - Installed Java Runtime Environment
RP350: 12/06/2008 16:51:37 - System Checkpoint
RP351: 12/08/2008 07:37:48 - System Checkpoint
RP352: 12/09/2008 09:12:34 - System Checkpoint
RP353: 12/10/2008 10:38:21 - System Checkpoint
RP354: 12/11/2008 12:30:05 - System Checkpoint
RP355: 12/12/2008 12:44:37 - System Checkpoint
RP356: 12/13/2008 07:56:11 - Software Distribution Service 3.0
RP357: 12/13/2008 08:24:30 - Software Distribution Service 3.0
RP358: 12/14/2008 10:49:55 - System Checkpoint
RP359: 12/15/2008 11:19:22 - System Checkpoint
RP360: 12/16/2008 11:46:44 - System Checkpoint
RP361: 12/17/2008 13:01:29 - System Checkpoint
RP362: 12/18/2008 13:26:54 - System Checkpoint
RP363: 12/19/2008 14:53:53 - System Checkpoint
RP364: 12/19/2008 20:37:15 - Removed Apple Software Update
RP365: 12/19/2008 20:39:53 - Removed Java™ 6 Update 11
RP366: 12/19/2008 20:40:30 - Removed Java™ 6 Update 2
RP367: 12/19/2008 20:41:31 - Removed Java™ 6 Update 3
RP368: 12/19/2008 20:42:09 - Removed Java™ 6 Update 4
RP369: 12/19/2008 20:42:44 - Removed Java™ 6 Update 5
RP370: 12/19/2008 20:43:19 - Removed Java™ 6 Update 7
RP371: 12/19/2008 20:43:58 - Removed Microsoft Silverlight
RP372: 12/19/2008 20:50:03 - Installed Java™ 6 Update 11
RP373: 12/20/2008 17:04:42 - Software Distribution Service 3.0
RP374: 12/21/2008 17:49:22 - System Checkpoint
RP375: 12/23/2008 07:39:31 - System Checkpoint
RP376: 12/24/2008 11:15:48 - System Checkpoint
RP377: 12/26/2008 07:40:41 - System Checkpoint
RP378: 01/16/2009 07:32:33 - System Checkpoint
RP379: 01/17/2009 05:46:59 - Removed Ad-Aware 2007
RP380: 01/18/2009 10:47:12 - System Checkpoint
RP381: 01/18/2009 17:58:45 - Software Distribution Service 3.0
RP382: 01/19/2009 18:11:27 - System Checkpoint
RP383: 01/21/2009 05:57:48 - System Checkpoint
RP384: 01/22/2009 06:56:05 - System Checkpoint
RP385: 01/23/2009 10:40:00 - System Checkpoint
RP386: 01/26/2009 07:20:25 - System Checkpoint
RP387: 01/26/2009 18:55:28 - Installed PL-2303 USB-to-Serial
RP388: 01/26/2009 19:23:14 - Installed MY CAMERA.
RP389: 01/26/2009 19:36:26 - Installed Windows XP Wudf01005.
RP390: 01/28/2009 07:23:40 - System Checkpoint
RP391: 01/29/2009 07:06:56 - Software Distribution Service 3.0
RP392: 01/30/2009 08:03:59 - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.3
AutoUpdate
Avance AC'97 Audio
avast! Antivirus
Baseball Mogul 2007
Boilosft AVI to VCD SVCD DVD Converter 3.81
BufferChm
Copy
CustomerResearchQFolder
D1300_Help
Data Fax SoftModem with SmartCP
Destination Component
DeviceDiscovery
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DJ_AIO_03_F2200_ProductContext
DJ_AIO_03_F2200_Software
DJ_AIO_03_F2200_Software_Min
F2200
F2200_Help
File Shredder 2.0
Google Chrome
Google Earth
Google Talk (remove only)
Google Update
Google Updater
GPBaseService
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 10.0
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photo and Imaging 1.2 - Scanjet 4570c Series
HP Photosmart Essential
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
hph_readme
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
HPSSupply
InfraRecorder
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 11
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
MobiMB Mobile Media Browser
Motorola Driver Installation 3.2.0
Mozilla Firefox (3.0.5)
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MY CAMERA
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia PC Suite
Nokia Software Updater
Oblivion
OpenOffice.org 2.4
PC Connectivity Solution
PCLinq2 High-Speed USB Bridge Cable
Picasa 3
PL-2303 USB-to-Serial
PokerTH
PSSWCORE
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Rhapsody Player Engine
Runesword 2.5.0
Scan
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
ShareIns
Shop for HP Supplies
SmartWebPrintingOC
SolutionCenter
Spybot - Search & Destroy
Status
TaxACT 2007
TaxACT 2008
TaxACT 2008 New York
TaxACT New York 2007
Toolbox
TrayApp
Ulead VideoStudio SE DVD
Unload
UnloadSupport
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
USB2.0 Capture Device
Verizon Online Help and Support
VideoToolkit01
WebFldrs XP
WebReg
WinAVI Video Converter
Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image (05/02/2006

2.0.1.0)
Windows Driver Package - Nokia Modem (10/27/2008 3.9)
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2

==== Event Viewer Messages From Past Week ========

01/26/2009 06:41:38, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery

Service service hung on starting.
01/24/2009 13:00:22, error: Service Control Manager [7011] - Timeout (30000 milliseconds)

waiting for a transaction response from the WZCSVC service.

==== End Of File ===========================

---------------------------

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-31 00:49:22
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA716D576]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA716D432]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA716D910]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA716D00A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA716D50C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA716CF4A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA716CFAE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA716D62C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA716D5EC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA716D76C]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[752] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[752] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.14 ----

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:04 PM

Posted 31 January 2009 - 09:29 PM

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 JonnyBGoode

JonnyBGoode
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 07 February 2009 - 12:07 PM

Here's Kapersky's...

---------

KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, February 7, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, February 07, 2009 15:38:11
Records in database: 1765523
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 54835
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 00:57:28

File name Threat name Threats count
C:\Documents and Settings\Jon\Local Settings\Temp\vol_bt_all.exe
Infected: not-a-virus:AdWare.Win32.MegaSearch.p 1
The selected area was scanned.

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:04 PM

Posted 07 February 2009 - 02:49 PM

I will need you to show hidden Files \Folders.
To do this:*Click Start.
*Open My Computer.
*Select the Tools menu and click Folder Options.
*Select the View Tab.
*Under the Hidden files and folders heading select Show hidden files and folders.
*Uncheck the Hide protected operating system files (recommended) option.
*Click Yes to confirm.
*Click OK
After that using Windows Explorer (to get there right-click your Start button and go to "Explore")
Delete this file listed below:

C:\Documents and Settings\Jon\Local Settings\Temp\vol_bt_all.exe

Now close Windows Explorer.

Now reset your Hidden files\folders to hidden.
To do this:
To reset:*Click Start.
*Open My Computer.
*Select the Tools menu and click Folder Options.
*Select the View Tab.
*Under the Hidden files and folders heading select Do not Show hidden files and folders.
*Check the Hide protected operating system files (recommended) option.
*Click Yes to confirm.
*Click OK
=================
After that let me know how things are running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users