Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troublesome script report


  • This topic is locked This topic is locked
18 replies to this topic

#1 GKing

GKing

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:04:38 PM

Posted 14 March 2009 - 03:33 PM

I ran a 'silientrunning' search script and don't like the looks of the report. Here's a hjt log and the sl report-a first report yesterday and a recent...thanks for any help :thumbup2:

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:07:38 PM

Posted 26 March 2009 - 02:05 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:04:38 PM

Posted 30 March 2009 - 02:19 PM

Here they are I hope I don't clogg-up the site cause my zip won't work to compress-thanks>>

DDS (Ver_09-03-16.01) - NTFSx86
Run by Greg at 11:49:25.26 on Mon 03/30/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2188 [GMT -7:00]

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\Common Files\AOL\1237914565\ee\aolsoftware.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\AOL9~1.0A\waol.exe
C:\PROGRA~1\AOL9~1.0A\shellmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Greg\Desktop\dds.com

============== Pseudo HJT Report ===============

uWindow Title =
mWindow Title =
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AOL Fast Start] "c:\progra~1\aol9~1.0a\AOL.EXE" -b
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Disc Detector] c:\program files\creative\sharedll\CtNotify.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
uPolicies-system: DisableRegedit = 0 (0x0)
mPolicies-explorer: <NO NAME> =
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224408287062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-17 64160]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-11-14 11840]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-11-14 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-11-14 151297]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-11-14 52032]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951632]
S3 DarkSpy;DarkSpy;\??\c:\windows\system32\darkspykernel.sys --> c:\windows\system32\DarkSpyKernel.sys [?]
S3 ONASGNTJY;ONASGNTJY;c:\docume~1\owner\locals~1\temp\ONASGNTJY.exe [2009-2-17 478080]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-12-10 7808]
S3 XZG;XZG;c:\docume~1\owner\locals~1\temp\XZG.exe [2009-3-8 465792]

=============== Created Last 30 ================

2009-03-28 18:51 171,280 a------- c:\windows\system32\jit.dll
2009-03-28 18:51 46,352 a------- c:\windows\setdebug.exe
2009-03-28 18:51 313,856 a------- c:\windows\system32\dx3j.dll
2009-03-28 18:51 139,536 a------- c:\windows\system32\javaee.dll
2009-03-28 18:51 7,315 a------- c:\windows\system32\javasup.vxd
2009-03-28 18:51 6,550 a------- c:\windows\jautoexp.dat
2009-03-28 12:23 149,504 a------- C:\CWShredder.exe
2009-03-27 04:41 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-26 20:05 1,351,392 a------- c:\windows\system32\COMCTL32.OCX
2009-03-26 17:13 <DIR> --d----- c:\program files\common files\EasyInfo
2009-03-26 16:52 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-26 16:52 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 16:52 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-26 14:47 <DIR> --d----- c:\program files\ACW
2009-03-26 13:47 <DIR> --d----- c:\program files\Alex Feinman
2009-03-26 09:55 <DIR> --d----- c:\program files\CS Fire Monitor
2009-03-26 09:08 <DIR> --d----- c:\program files\IrfanView
2009-03-25 20:57 <DIR> --d----- c:\program files\Microsoft Easy Assist
2009-03-25 20:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Applications
2009-03-25 12:28 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-03-25 12:26 <DIR> --d----- c:\windows\ERUNT
2009-03-25 11:19 <DIR> --d----- C:\SDFix
2009-03-24 10:09 <DIR> --d----- c:\program files\AOL 9.0a
2009-03-24 09:59 <DIR> --d----- c:\program files\AOL 9.0
2009-03-24 09:40 <DIR> --d----- c:\program files\common files\aolshare
2009-03-24 09:00 <DIR> --d----- c:\program files\LeechGet 2009
2009-03-24 08:26 244,024 a------- c:\windows\system32\MSFLXGRD.OCX
2009-03-24 08:26 203,976 a------- c:\windows\system32\richtx32.ocx
2009-03-24 07:58 <DIR> --d----- C:\hostjack
2009-03-23 15:43 <DIR> --d----- c:\program files\BHODemon 2
2009-03-23 15:35 0 a------- c:\windows\system32\8104297.jun
2009-03-23 15:35 <DIR> --d----- c:\program files\Browser Hijack Recover
2009-03-20 21:50 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-03-20 21:50 <DIR> --d----- C:\NVIDIA
2009-03-20 14:07 159,744 a------- c:\windows\system32\igfxres.dll
2009-03-20 13:59 212,711 a------- c:\windows\system32\nvapps.nvb
2009-03-20 13:59 <DIR> --d----- c:\windows\NV27761312.TMP
2009-03-20 13:58 16,958 a------- c:\windows\system32\evga.ico
2009-03-20 13:58 <DIR> --d----- c:\windows\system32\EVGA
2009-03-19 23:50 <DIR> --d----- c:\program files\Secunia
2009-03-19 23:31 <DIR> --d----- c:\program files\WinMerge
2009-03-19 22:58 <DIR> --d----- c:\program files\SpywareBlaster
2009-03-19 12:00 <DIR> --d----- C:\VundoFix Backups
2009-03-19 10:48 3,986 a------- c:\windows\system32\tmp.reg
2009-03-17 22:52 <DIR> --d----- c:\program files\MSECACHE
2009-03-17 16:00 1,527,808 a------- C:\cpuz.exe
2009-03-17 16:00 180 a------- C:\cpuz.ini
2009-03-17 11:54 119,600 a------- c:\program files\windows-kb841290-x86-enu.exe
2009-03-17 11:51 1,615 a------- c:\program files\mvps.bat
2009-03-17 11:47 149,284 a------- c:\program files\hosts.zip
2009-03-15 21:01 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-15 08:26 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-15 08:25 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-15 08:25 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-15 08:25 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-15 08:25 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-15 08:25 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-15 08:25 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-15 08:25 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-15 08:25 <DIR> --d----- C:\d1f0d577f921a18acbd4
2009-03-15 08:25 <DIR> --d----- c:\windows\SxsCaPendDel
2009-03-14 11:14 353,792 a------- c:\program files\AIMFix.exe
2009-03-14 05:28 400,192 a------- c:\program files\Silent Runners.vbs
2009-03-14 02:33 159,967 a------- c:\program files\ConstructionA5071522.dat
2009-03-14 02:26 168,439 a------- c:\program files\ConstructionA6021212.dat
2009-03-14 02:22 <DIR> --d----- C:\My Documents
2009-03-13 16:55 <DIR> --d----- C:\89f57b4b49afa3c02104
2009-03-13 16:45 <DIR> --d-hr-- C:\AHCache
2009-03-13 16:45 <DIR> --d----- C:\8171ed2d773aaf3b5bbc
2009-03-12 11:12 812,344 a------- c:\program files\HJTInstall.exe
2009-03-12 07:03 3,840 a------- c:\windows\system32\drivers\BANTExt.sys
2009-03-07 00:07 <DIR> --d----- c:\documents and settings\greg\DoctorWeb
2009-03-06 00:20 <DIR> --d----- c:\windows\Security
2009-03-05 10:52 <DIR> --d----- c:\program files\Windows Resource Kits
2009-03-02 09:34 <DIR> --d----- c:\docume~1\greg\applic~1\Stardock
2009-03-02 09:34 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{067CEB81-A49B-4597-9505-A5515881D672}
2009-03-02 09:34 <DIR> --d----- c:\program files\Stardock

==================== Find3M ====================

2009-03-28 18:51 155,995 a------- c:\windows\java\packages\DJDZ3PR9.ZIP
2009-03-28 18:51 2,232 a------- c:\windows\java\packages\data\FPFDBVZP.DAT
2009-03-28 18:51 2,678 a------- c:\windows\java\packages\data\GBH77FLB.DAT
2009-03-28 18:51 2,678 a------- c:\windows\java\packages\data\BZBH33ZD.DAT
2009-03-28 18:50 2,678 a------- c:\windows\java\packages\data\T75BLRNP.DAT
2009-03-28 18:50 2,678 a------- c:\windows\java\packages\data\A6XFDJFZ.DAT
2009-03-28 18:50 2,678 a------- c:\windows\java\packages\data\8QTBPZ9B.DAT
2009-03-27 04:41 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-15 00:23 618,526 a------- c:\program files\HOSTS
2009-03-14 13:25 15,480 a------- c:\program files\Startup Programs (SOMETIME-N-DELL) 2009-03-14 13.25.12.txt
2009-03-14 05:35 15,272 a------- c:\program files\Startup Programs (SOMETIME-N-DELL) 2009-03-14 05.34.13.txt
2009-03-14 05:34 15,272 a------- c:\program files\Startup Programs (SOMETIME-N-DELL) 2009-03-14 05.33.03.txt
2009-03-09 21:52 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-09 21:48 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-09 10:12 647,024 a------- C:\autoruns.exe
2009-01-09 10:12 540,016 a------- C:\autorunsc.exe
2008-11-01 04:15 6,066 a------- c:\program files\readme.txt
2008-10-23 19:33 61,224 a------- c:\documents and settings\greg\GoToAssistDownloadHelper.exe
2008-05-01 13:15 55,541,096 a------- c:\documents and settings\greg\OM205Setup.exe
2007-09-06 01:20 2,007 a------- c:\program files\PrivacyPolicy.txt
2007-09-06 01:12 794 a------- c:\program files\License.txt

============= FINISH: 11:49:47.62 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/18/2008 11:11:38 AM
System Uptime: 3/30/2009 8:15:33 AM (3 hours ago)

Motherboard: Dell Computer Corp. | | 0F4491
Processor: IntelŪ PentiumŪ 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 86 GiB total, 74.999 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 74 GiB total, 74.432 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Adobe SVG Viewer 3.0
AOL Registration
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Belarc Advisor 7.2
Bytescout XLS Viewer 2.20 (FREEWARE)
Celestron's TheSky (Remove only)
Classic PhoneTools
Conexant D850 56K V.9x DFVc Modem
Conexant SmartHSFi V92 56K DF PCI Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Modem-On-Hold
Dell ResourceCD
Digital Line Detect
Download Updater (AOL LLC)
Dynex 5-in-1 card reader
EVEREST Home Edition v2.20
EVGA Display Driver
FileAlyzer Lite 1.0.1
FileASSASSIN
FreeZip
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
IntelŪ PRO Network Connections Drivers
IrfanView (remove only)
ISO Recorder
Java™ 6 Update 13
LoadScout 3.0
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Easy Assist v2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Photo 7.0
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
NetAlyzer
NVIDIA Drivers
OLYMPUS CAMEDIA Master 2.5
OLYMPUS Master 2
PowerDVD
QuickTime
QuickTime 3.0
RunAlyzer
Secunia PSI
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
ShowIP v1.6.6
Skype?3.8
Sound Blaster Live!
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
SpywareBlaster 4.1
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix (SP1) [See Q282784 for more information]
Windows XP Service Pack 3
WinMerge 2.13.5
Works Suite OS Pack
Xdrive Desktop
Yahoo! Install Manager
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

3/26/2009 11:39:01 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/26/2009 10:01:37 PM, error: Service Control Manager [7023] - The Human Interface Device Access service terminated with the following error: The specified module could not be found.
3/26/2009 1:52:57 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
3/26/2009 1:49:13 PM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).
3/26/2009 1:49:13 PM, error: Service Control Manager [7034] - The Imapi Helper service terminated unexpectedly. It has done this 1 time(s).
3/27/2009 4:50:54 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/27/2009 4:50:54 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/27/2009 4:50:54 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/27/2009 4:50:54 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/27/2009 4:50:54 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb BANTExt Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss ssmdrv Tcpip
3/27/2009 4:51:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/27/2009 4:51:15 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/28/2009 4:35:06 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.

==== End Of File ===========================

Edited by PropagandaPanda, 31 March 2009 - 07:20 AM.


#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:07:38 PM

Posted 30 March 2009 - 02:27 PM

Not a problem. Hang on a Tech should be with you within a day or so.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:04:38 PM

Posted 31 March 2009 - 01:04 PM

:thumbup2: Thanks

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 31 March 2009 - 02:15 PM

Hello.

What do you know, almost exactly a day :thumbup2: .

Please describe what problems you are having.

Submit File to Online Scanner
There is a file that I would like you to check out for me using VirusTotal/VirSCAN
  • Open VirusTotal Online Scanner or VirSCAN. If one site is busy or down, try the other
  • At the top of the page you'll see a box. Paste in the following line(s) (do one line at a time).
  • c:\docume~1\owner\locals~1\temp\ONASGNTJY.exe
  • Click Submit.
  • Wait for the scan to finish.
  • Copy Scanner Results into your next reply.
  • If more than one file was listed, repeat for each of them.
With Regards,
The Panda

#7 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:04:38 PM

Posted 01 April 2009 - 12:08 PM

:thumbup2: Seems my policy settings are askew in IE7 and inability to run java applets no matter what I do from clearing browser files to java files- clearing and downloading java again. May have to many run programs on start up can be one issue-but I hand a lot in both safe mode and windows.
File unknown received on 02.17.2009 16:09:36 (CET)Antivirus Version Last Update Result
a-squared - - -
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
Comodo - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
McAfee+Artemis - - -
Microsoft - - -
NOD32 - - -
Norman - - -
nProtect - - -
Panda - - -
PCTools - - -
Prevx1 - - -
Rising - - -
SecureWeb-Gateway - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - suspected of Win32.BrokenEmbeddedSignature (paranoid heuristics)
ViRobot - - -
VirusBuster - - -

Additional information
MD5: 4842101ea4e1955d1e2d6ef1c4dc8ec2
SHA1: ce56269fb8e813ca5fa31c18905509e7fbb63cd7
SHA256: 6a9088dfa921d1e7c09faae3d65a3a0227e1d715bdc37b0c0ca951ed8461834e

#8 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:04:38 PM

Posted 01 April 2009 - 12:13 PM

:thumbup2: Ha..I meant to say I hang a lot in safe mode and windows!

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 01 April 2009 - 03:30 PM

Hello.

No need to work in Safe Mode.

Will you consider upgrading to IE8? Or would you rather try resetting IE7?

Let's run a scan.

Download and Run SUPERAntiSpyware
We will run a scan with SuperAntiSpyware.
  • Download SUPERAntiSpyware to your desktop.
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation. Delete the installer after use.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates".
    If you encounter any problems while downloading the updates, manually download and unzip them from here.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under Scan for Harmful Software, click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive (or whatever drive your system is installed on).
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
  • Make sure everything has a checkmark next to it and click Next.
  • A notification will appear saying that "Quarantine and Removal is Complete". Click OK and then click the Finish button to return to the main menu.
  • If asked if you want to reboot, click Yes.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
With Regards,
The Panda

#10 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:04:38 PM

Posted 02 April 2009 - 01:17 AM

Ok, here's the log Panda and thanks:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/01/2009 at 10:53 PM

Application Version : 4.26.1000

Core Rules Database Version : 3824
Trace Rules Database Version: 1780

Scan type : Complete Scan
Total Scan Time : 00:38:30

Memory items scanned : 564
Memory threats detected : 0
Registry items scanned : 5270
Registry threats detected : 0
File items scanned : 45410
File threats detected : 19

Adware.Tracking Cookie
C:\Documents and Settings\Greg\Cookies\greg@advertising[1].txt
C:\Documents and Settings\Greg\Cookies\greg@kontera[2].txt
C:\Documents and Settings\Greg\Cookies\greg@xiti[1].txt
C:\Documents and Settings\Greg\Cookies\greg@euroclick[1].txt
C:\Documents and Settings\Greg\Cookies\greg@smartadserver[1].txt
C:\Documents and Settings\Greg\Cookies\greg@media6degrees[2].txt
C:\Documents and Settings\Greg\Cookies\greg@cache.trafficmp[1].txt
C:\Documents and Settings\Greg\Cookies\greg@ar.atwola[3].txt
C:\Documents and Settings\Greg\Cookies\greg@atwola[1].txt
C:\Documents and Settings\Greg\Cookies\greg@bravenet[1].txt
C:\Documents and Settings\Greg\Cookies\greg@tacoda[2].txt
C:\Documents and Settings\Greg\Cookies\greg@trafficmp[1].txt
C:\Documents and Settings\Greg\Cookies\greg@ads.web.aol[1].txt
C:\Documents and Settings\Greg\Cookies\greg@ads.web.aol[2].txt
C:\Documents and Settings\Greg\Cookies\greg@at.atwola[1].txt
C:\Documents and Settings\Greg\Cookies\greg@ar.atwola[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ar.atwola[2].txt
C:\Documents and Settings\LocalService\Cookies\system@at.atwola[1].txt
C:\Documents and Settings\LocalService\Cookies\system@atwola[2].txt
:thumbup2:

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 02 April 2009 - 11:32 AM

Hello.

Only cookies were detected. They are mostly harmless.

If you would like to try upgrading to IE8 to see if will resolve the Java issue, download it from here.

With Regards,
The Panda

#12 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:04:38 PM

Posted 02 April 2009 - 11:33 AM

On the IE issue-I'd consider the IE8 if no problems apparent with js. I heard a small percentage of downloads are
are 'broken' and create big problems, (Tech Republic). But if you think IE8 is more reliable than IE7 overall-I'm in. I don't make a lot of use of beta programs as of yet. Does it matter? Thanks. :thumbup2:

#13 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:04:38 PM

Posted 02 April 2009 - 11:58 AM

We must have last posted within seconds of each other-lol...well I went to the IE8 download site and a dialog box appeared stating:

one or more Active X controls could not be displayed either:
1) your current security settings prohibit running Active X controls of this page, or
2) you have blocked a publisher of one of the controls
As a result, the page may not display correctly.

Well I shut down Spyware Blaster-but I don't think it's my AV or Ad-blocker programs. On the internet option controls check box's maybe-which should I check/uncheck exactly- or allow Active X downloads without restrictions until I get the IE8 DL page in right order? Also, I never seem to get the windows dialog box with Block this Site/Un Block anymore-could I have a host file/policy issue? Is it relevant?

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 02 April 2009 - 03:09 PM

Hello.

Please try this link.

With Regards,
The Panda

#15 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:04:38 PM

Posted 03 April 2009 - 06:58 PM

:) Ok partner that's what I did. I'll let you know in a couple of days how IE8 is break'n in. Thanks Panda :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users