Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Using Malwarebytes, It's asking me if I want to delete the following?


  • This topic is locked This topic is locked
12 replies to this topic

#1 JCatGuy

JCatGuy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 11 June 2009 - 10:27 AM

Hello,
I'm very confused. Sypbot showed up nothing...but Malware bytes, showed up the following, however it did not delete it. It left the decision up to me and I have not a clue of what to do.
Before I show you the file and the hijack this: MY Computer suddenly, can no longer get automatic updates from Microsofts, in fact, I can't even get the June 2009 updates, when I try to do it manually. ALong w/all kinds of kwirky problems....and I am losing a bit of my computer every day, and I'm very worried. Please help:

Here's the file MalwareBytes found, "Documents and Settings\Jay\Application Data\wiaservg.log" and is asking if it should or should not delete it.?

Below is my HIJACKTHIS report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:00 AM, on 6/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Rhapsody\rhaphlpr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

(I deleted the info in the middle becauase they may have obtained sensitive information for the web (Not Sure Though?)...but I left the last one...(see below)

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 10404 bytes
---------------------------------------------------------------------------------------------------

At the beginning I mentioned that my Automatic Window's Updates did not work this month, nor can I get them manually and at the end of this log, it says, 023-Service:Automatic Updates (wuauserv)- Unknownowner- C:\Windows\

So maybe if I delete it, it will cure the problem....or, if I delete it, I read that it could freeze my computer?

Please help and thank you all very much for you time....Jay

Edited by JCatGuy, 11 June 2009 - 10:32 AM.


BC AdBot (Login to Remove)

 


m

#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:06 AM

Posted 20 June 2009 - 05:21 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.



If you still require assistance post a new set of DDS Logs and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log please refer to this page and in step #6 there is instructions on downloading and running DDS. IF you have any problems just let me know in your next reply or simply post a Hijackthis log.

Thanks again and we apologzie for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:06 AM

Posted 22 June 2009 - 04:57 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 JCatGuy

JCatGuy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 22 June 2009 - 06:58 PM

To ExtremeBoy,
Hello, below is my latest HijackThis (I"m surpirsed it even worked), If I made mistakes please forgive me, as I've been very ill lately, and that's also why it took 2 days to get back to you. Homebound and very ill in health, in general, just must worse, as of late. Okay, here goes:

Every page I open says, Error on the page...okay here's the log from HIJACKTHIS (Sorry couldn't do the otherone, but if I check name I'll lose my place (as my passwords are no longer saved either, if I shut computer down, so to reply, I had to have it sent to my email address). Below, I will mention a few more things, in addition to the problems I listed in my original post.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:44 PM, on 6/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/betaactivesca...s/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1241230996890
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1241290832875
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15106/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dldtCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe
O23 - Service: dldt_device - - C:\WINDOWS\system32\dldtcoms.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Nero AG - (no file)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10276 bytes

Ad Aware 2000 Annvisary edition is holding in Quarantine:
1. Win32DialerAgent-Do Nothing "DIALER"
2. 2 of Win32Tr\lr Agent
3. 1 of Win32Tr/Joiner

Hi, it's me again.
I met this techie on Craig's list and he installed, LOGMEIN, but never gave me password and had me keep it on, saying he's got 150 clients and not interested in me. It's just for him to check up on my computer from time to time.
At first he gave me dozens of program (I'm disabled and sat back and let him do his thing)...he even upgaded me to XP professional...but I think it's okay (legit) because I get updates monthly. Nero 8. Tune up utilites, regcure, spyware commander, Window's Office Enterprise 2007, O&O Defrag, Cyberlink PowerDVD...and on and on. I was so impressed. He said he is a profesional tester for microsoft...and he get's 100 licenses...but, I did not get a disc, outside of a homemade Window's XP Pro Sp3. I'm still hoping it's all legit. But, things are happening. His man thing he seemed so proud of was installing ESET 4.0 smart security system. Little by little he stopped helping me and then vanished.

My files and folders are all messed up. And even though the scans run okay usually...it has had virus', and malware it was only able to quarantine. Like WIN32 INJECTOR TROJAN 32, but so many more, and they usually pop right back up. Other things...lots ability to copy and paste w/clicker, have to use Ctrl & C and Ctrl & V, he blamed it on IE 8.0.
Then suddenly I went to Microsoft and they wouldn't recognize my computer and wouldn't even scan it for udpates. Finally I paid him for an expensive visit (and he know's i"m homebound, fixed income...basically, one step away...from bad things)...and he spent 3 hours trying to recover the updates...usings REGCURE, and all of the above...and finally used "System Restore"...for days, my computer acting worse and worse...and I can't get into Adobe media Player anymore, and watch tv shows, because it shows only "Tool Video's now".
And Things dissappear...then re-apper....pages don't open in a new browswer, as it used to...but mainly it's like if I shut off my computer, I never know if it'll go back on or not. Once it didn't for 2 days.
For somereason, he deleted Malwarebytes as he said, it causes viruses'....but Malwarebytes once saved my behind as I could not enter RealPlayer w/all my mp3's and video's...and I did a Malwarebyte scan and fix...and suddenly I was able to use it again...
It's just an unstable computer.

Here...When I click on Window's Explorer, I get the same exact page as when I click on "MY Documents"...exactly, no difference, and i lost all the original hyperlinks for things like outlook, Window's Explorer, my documents, recycle bin ...I can still get in...but, as I used to...Truthfully, I've a had a pc since 1989, a Tandy 286 and I never had such instability.

Finally, my brother wants me to install "OSAM" (he said he it cleaned out everything...but it's complicated and I read your reply and it said, "for the next time until we get back to you, do not download any programs). So, I won't do that...plus it's only available in russian right now. IF I loose this compouter, I loose my link to the outside world (as a homebound person), and would probably not be able to get another one again...for a very long time.

Some things work okay though, as my streaming content (at times works good)...

OKay enough out of me. I'm sure i Left out some major problems...

One last thing, when I downlaod a program, my files and folders and so convoluted, that they never end up in the Program list, but in Documents and Settings.

Totally confused.......................I hope and pray you can help.......Thank you so much, Jay

PS....when I want to send a page or link from the internet and click on "Send Page By Email", Micorsoft Office Outlook Express opens up, instead of GMAIL which is how he configured the computer to work, and did work up until a 15 days ago, and still that would fine w/me, but it can take up to 5 days for the person to receive it, or sometimes not at all, and that's just another example, of strange things...that's from the Mic Off Enterprise 2007 Outlook.

Edited by JCatGuy, 22 June 2009 - 07:27 PM.


#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:06 AM

Posted 24 June 2009 - 08:32 AM

Okay...

That was a long explanation. Let's see if we can get this sorted one at a time.

If you still have your Windows disk available, I would strongly encourage you to do a re-install or backup some of your important data information or pictures etc... and format the machine. Your computer seems to be very unstable at the moment.

I would like to see the DDS scan. Please download DDS and run it. Refer to my previoust post for information. If you have any problems, simply let me know.

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 JCatGuy

JCatGuy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 24 June 2009 - 11:17 PM

Hi Extreme Boy,
Okay, even though I sent you the latest HJL, but asked me to get a DDS log. I read through your instructions, but, once i got to save...now I don't know if you want me to use it once and delete it, but, in either case...I just couldn't figure out how to get DDS or any program for that matter, to "end up" in my programs list, as it always did in the past. It doesn't come up as your tutorial shows, although it used to come up that way. Programs, always end up, whether I click run or save, to "Document and folders" and even when I save to desktop, and then click on the install, it will end up in Documents and Folders" and not in Programs.
I went and read other's who have been advised to download it, run it and then delete it...about disabling AV program, then reenabling it, I'm very sorry Extreme Boy, but I do not have the skill set, to do that, although you did not ask me to do this. But, that's why when you asked for a HijackList Log, I was so glad it worked, becuase it was a program I installed a while back, when downloaded programs went from Desktop to Program files, and remained there. Perhaps, I've just messed up my files and folders terribly? I Don't know. Lately, successfully downloaded programs, I can be opened by going to "File and Folders" and finding the .exe folder and runing it from there.
Also, I did not understand the instuction regarding the log of DDS, in terms of transferring them. Usually, I just copy and paste, from Notepad...that's how I sent to you my Hijackthislog of the 22nd.
I don't know if your reply, to get a DDS log, in addition to the HJT log I sent, was due to clear problems that you saw in the HJT log, that need to be handled "one at a time"...and you need further info from DDS, or it's based on my explanation of current problems described?

You mentioned reinstalling Window's operating system (all the technician left me with was a homemade CD copy window's professional XP, sp3...when he upgraded me from home edition XP. However, I think it's legit, because I do get updates, since that problem was fixed. He said he owns the rights to 10 or 100 window's pro XP's? Oh the problem w/ Adobe meda player, was actually not a true problem, when Adobe staff wrote back to me and said, "they stopped showing content on the updated version, and it just so happened the day I updated it, was the very day, so began phasing out showwing content such as movies, tv, etc. The old version may temporarily still work until ti's 100% phased out. Yet, all my other problems still pesist.

So if I have a crash or asked to do a possible clean reinstall, I would not have a clue on how to do this. And I have no idea on what's really on the CD copy "Window's XP professional sp3 version, that the techie gave me, after he upgrading me from home to professional edition.
Finally, Eset is telling me it blocked 1 intruder, and quarantined a file of a program I found in files and folders from one of my earler computers from 10 years ago, called, "people putty" which no longer exists, yet, suddenly it has a Trojan Horse in it, that is quarantined? In addition, I had also deleted it about 1 week ago. Eset 4.0 Smart security or NOD 32, couldn't destroy it so it has been quarantined, and the name is: "Win32/Delf.OKY Trojan".

I would be give you gladly give you remoted access, and that may give you a better idea, of what I am trying to explain. Unforutantely, techie give not me the name and password of logmein, so we'd have to use Window's Remote access, a program I've never used.
Thank you, and yes I overwrote again, I cut out about a good 35%. Maybe I should've just wrote, "can't figure out how to give you what you need regading the dds log in addition to the DTL, even though I read your tutorial, because of how my computer runs. THANK YOU Again and sorry again...Jay

PS. I am getting the Microsoft updates now, but not due to his success at using all the tools he put into my computer (listed in previous email) but only after running System Restore, which was his last resort, after techie spent 3 hours trying to fix it).etc.

Edited by JCatGuy, 24 June 2009 - 11:27 PM.


#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:06 AM

Posted 25 June 2009 - 04:35 PM

Hello.

Regarding re-install and format, please start a topic over here: http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/

I would believe re-install and formatting will be the best option here.

Let me know.

~EB
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 JCatGuy

JCatGuy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 25 June 2009 - 05:37 PM

I did it...I have the DDS LOG 4 you! Hope it helps! Thank you, Jay

DDS (Ver_09-05-14.01) - NTFSx86
Run by Jay at 18:32:39.84 on Thu 06/25/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3447.2597 [GMT -4:00]

AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Rhapsody\rhaphlpr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\HHUH0VB1\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - Google Dictionary Compression sdch
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Speed racer] c:\program files\creative\playcenter\CTSRReg.exe
mRun: [AudioHQ] c:\program files\creative\sblive\audiohq\AHQTB.EXE
mRun: [UpdReg] c:\windows\Updreg.exe
mRun: [OODefragTray] c:\windows\system32\oodtray.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/betaactivescan/cabs/as2stubie.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241230996890
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241290832875
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-11 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-5-4 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-11 130936]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-4-9 107256]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-4-9 731840]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-1 47640]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l251x86.sys [2009-5-1 30720]
R3 ICAM3NT5;Intel® PC Camera CS331;c:\windows\system32\drivers\ICAM3D2.SYS [2009-5-2 145184]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2008-2-25 99568]
S3 npggsvc;nProtect GameGuard Service; [x]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-6-11 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-6-11 1095560]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-06-25 01:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-25 01:56 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-25 01:56 <DIR> --d----- c:\docume~1\jay\applic~1\SUPERAntiSpyware.com
2009-06-16 05:37 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-12 18:58 <DIR> --d----- c:\program files\RSDownloader 2.3
2009-06-11 22:37 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-11 22:37 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-11 22:37 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-11 22:37 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-06-11 22:37 <DIR> --d----- c:\docume~1\jay\applic~1\PC Tools
2009-06-11 22:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-06-11 22:35 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-11 22:06 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-11 21:47 <DIR> --d----- c:\windows\Google Earth Pro 4.2
2009-06-11 21:47 <DIR> --d----- c:\program files\Google Earth Pro 4.2
2009-06-11 21:30 <DIR> --d----- c:\program files\ESET
2009-06-11 21:24 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 21:24 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-11 21:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-11 19:47 <DIR> --d----- c:\program files\common files\PC Tools
2009-06-11 19:47 <DIR> --d----- c:\program files\Spyware Doctor
2009-06-11 19:46 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-10 20:23 <DIR> --d----- c:\program files\Jdownloader
2009-06-08 01:48 <DIR> --d----- C:\24_Season_1_Episode_02
2009-06-06 06:39 <DIR> --d----- c:\program files\Easy Trinity
2009-06-06 05:33 <DIR> --d----- c:\program files\RapidBIT
2009-06-04 21:12 <DIR> --d----- c:\program files\vSoft
2009-06-04 18:03 <DIR> --d----- c:\docume~1\jay\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-06-03 12:02 <DIR> --d----- c:\program files\iPod
2009-06-03 12:02 <DIR> --d----- c:\program files\iTunes
2009-06-01 01:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2009-05-31 18:32 <DIR> --d----- c:\program files\CCleaner
2009-05-30 17:58 50 a------- c:\windows\MegaManager.INI
2009-05-30 15:25 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-05-30 15:24 <DIR> --d----- c:\windows\Internet Logs
2009-05-30 14:28 <DIR> --d----- c:\program files\PeerGuardian_1.98b
2009-05-30 14:20 <DIR> --d----- c:\program files\PeerGuardian2
2009-05-30 04:42 <DIR> --d----- c:\docume~1\jay\applic~1\Megaupload
2009-05-28 00:01 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-28 00:01 19,096 a------- c:\windows\system32\drivers\mbam.sys

==================== Find3M ====================

2009-06-12 18:21 23,177 a------- c:\windows\unins000.dat
2009-06-12 18:18 667,998 a------- c:\windows\unins000.exe
2009-06-02 15:12 507,089 a------- c:\program files\skateboarding.swf
2009-05-23 01:57 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-05-23 00:19 203,776 a------- c:\windows\system32\clrviddc.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-17 17:37 337,932 a------- c:\program files\keyfinder.2.0.1.zip
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-05 11:33 750,080 a------- c:\program files\Setup.msi
2009-05-03 14:54 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-02 18:06 44,944 -------- c:\windows\system32\drivers\PxHelp20.sys
2009-05-02 18:06 158,192 -------- c:\windows\system32\pxwma.dll
2009-05-02 01:51 355,584 a------- c:\windows\system32\TuneUpDefragService.exe
2009-05-02 01:41 87,608 a------- c:\docume~1\jay\applic~1\inst.exe
2009-05-02 01:41 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-05-02 01:41 47,360 a------- c:\docume~1\jay\applic~1\pcouffin.sys
2009-05-02 01:40 18,816 a------- c:\windows\system32\drivers\dvd43llh.sys
2009-05-01 22:10 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 16:25 129,784 -------- c:\windows\system32\pxafs.dll
2009-04-15 16:25 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-04-15 16:25 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-04-15 16:24 90,112 a------- c:\windows\system32\dpl100.dll
2009-04-15 16:24 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-04-15 16:24 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-04-15 16:24 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-04-15 16:24 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-04-15 16:24 684,032 a------- c:\windows\system32\DivX.dll
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-08 01:41 1,316,096 a------- c:\windows\system32\ooscrsav.scr
2009-04-08 01:41 730,368 a------- c:\windows\system32\oodsvct.exe
2009-04-08 01:40 1,377,536 a------- c:\windows\system32\oodag.exe
2009-04-08 01:39 2,553,088 a------- c:\windows\system32\oodtray.exe
2009-04-08 01:39 194,816 a------- c:\windows\system32\oodbs.exe
2009-04-08 01:35 951,552 a------- c:\windows\system32\oodtrrs.dll
2009-04-08 01:35 541,952 a------- c:\windows\system32\oodssrs.dll
2009-04-08 01:34 9,984 a------- c:\windows\system32\oodbsrs.dll
2009-04-08 01:34 8,448 a------- c:\windows\system32\OODAGRS.DLL
2009-04-08 01:34 15,616 a------- c:\windows\system32\OODAGMG.DLL
2009-04-07 14:59 15,104 a------- c:\windows\system32\ootmapi.dll
2007-03-22 22:23 1,590,262 a------- c:\program files\acasetup.exe

============= FINISH: 18:32:49.90 ===============

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:06 AM

Posted 25 June 2009 - 09:03 PM

Hello.

Could you post the attach log?

Next, please update Malwarebytes and then do a quick-scan with it. Let it quarantine anything it finds and post back with the log.

Now run GMER for me.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Then please give me a list of issues/problems you still have. I do not need a very long description but just in point form of any problems/issues you currently have.

Thanks.

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 JCatGuy

JCatGuy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 27 June 2009 - 09:12 PM

Here is today MBAM Log
Malwarebytes' Anti-Malware 1.38
Database version: 2340
Windows 5.1.2600 Service Pack 3

6/27/2009 5:37:43 AM
mbam-log-2009-06-27 (05-37-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 176581
Time elapsed: 23 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

****I must add though in previous logs, in the past 3 weeks, I have in quarantine just from yesterday, in quarantine Trojan Key Makers. Trojan Agent (15X in past 3 weeks in every part of computer), Trojan Dropper, Trojan Trace, Key (about 15 of them, as they seem to pop up everywhere from FILES and REGISTRY)...I had just run SuperAntiSpyware before I ran this log because I did not know you would be asking for it. C:\Program Files\setup.exe (Rogue.Installer on the 25th of June).
------------------------------------------------------------
I read in your original instructions that I was referred to in the past...of Bleeping Computer, not to send the the attached DDS log, and it must've dissappeared because it's no longer in notepad? And DDS is gone too? And BTW, after using DDS, I had had 51 system errors created...that Tune Up Utilities brought down to 1, and one program error. Kinda worried about running it again, unless it's absolutely necessary.
----------------------------------------------------------------
Before I download GMER and click Save to Desktop, that will make a Program File for it...is this what I am to do? If so, then I will do it. But I have had so many problems, w/downloaded programs used for detection.

For example, I was advised to download OSAM (Online Solution AutoRun Manager), but, everything came up green (good). However, except for 6 items...which it didn't read...so it gave no rating. But then, it dissappeared from my program file, because I downloaded it to desktop, and now I have a Program file w/am empty entry. 2 hours later, my computer slowed to a crawl.
-----------------------------------------
Problems:
1. Whenever I use Window's Office Enterprise 2007...from Word to Outlook Office, my mail doesn't get delivered for 3-5 days, and it unleashes tons of viruses and malware. I'm afraid to use it.

2. When I used to find a page on the internet and wanted the send page or entire website to someone w/an email, SEND TOck on the top of IE 8.0 (have critical updates for June), and now, it suddenly won't go to my default mail program which is GMAIL. Instead it tries to use the mesed up Office Outlook 2007, the person never receives, or does but 5 days later...and my entire system slows. I never changed that setting. Gmail is default and gmail is where everything used to go. How it switched over to use Office Outlook 2007 just in the past 3 weeks, I'll never know.

4. I can no longer use my mouse to copy and paste, and w/unusable left hand, it's hard to hold down ctrl & C, ctrl v...instead of simple left click to highlight, right click to paste....and so on...makes things realy difficult. My techie said microsoft deleted r/l click on mouse, to stop clipboard ID theft...but, then why does it work w/ctrl c and ctrl v, that's clipboad too. I don't have faith in him anymore.

5. If I were to download a game that's a shooter game...I'll get the download, but, something always goes wrong and I cannot run the game.

Unless I use my PC just for email, music listening, surfing, bill pay (which could be risky), and watching movies/or streaming content, and if heaven forbid (like when I use MBAM and it asks for reboot...I loose all my passwords, all my settings (I have to put back all my preferences for surfing, IE 8, and it is just absolutely unstable).

Finally ESET Smart Security after 2 weeks of not finding anything, and I didn't even use computer the other day, at 2:37 am, it quarantined, in Documents and Settings, "win32.Delf.0ky trojan", and in hxxp://q.hhxzao.info/iz/pdf.php (whatever website that is, I have not a clue), and it was quarantined because it had "PDF/exploit.Gen Trojan".

The good thing is that between ESET (w/nod32) and MBAM, a bunch of others...it does catch them...unless this is normal? But, I don't think so.

Two IP addresses traced to a province in China (eset firewall), tries to infiltrate computer 5-10X daily?

I'm permanently homebound, sick and disabled and can barely sit up. But, I will give you everything you need. Please be patient. If I have to redo something like that Attached log that dissappeared, or this GMER, one way or another, I'lll get it to you...I just don't have the physical resources to do it fast, and the financial resources to get help, as I blew it all on this techie that filled me up with what I believe to be downloaded programs. Except he said he owned the rights to 8 licenses of one, and 100 of another...so, I don't know what is what....it's over my head. Thank you, Jay

PS...or maybe all these programs are doing it's job...but I want my computer to be stable...use clicker to copy and paste, download 1 gig games and have them run normally (trial versions). Something always goes wrong.
(i did it again, didn't I...oh, man...sorry)

Edited by extremeboy, 28 June 2009 - 10:11 AM.
Disabled active links.


#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:06 AM

Posted 28 June 2009 - 10:16 AM

Hello.

Thanks for the reply.

Your computer seems to be unstable as you mentioned. A good option here is to re-install Windows if you have your Windows disk available.

If you can't I'll see what I can do for you and make sure you are clean from malware but I can not guarantee that every problem you may have will be resolved or fixed or your computer be more stable. We'll remove any malware infections you may have active.

I'm not too sure about that system error messages but if you get it again, it would be helpful if you could take a screenshot for me to see. Alternatively, write down the exact error code.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:06 AM

Posted 02 July 2009 - 10:09 AM

Hello.

Are you still there?

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:06 AM

Posted 04 July 2009 - 10:52 AM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users