Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gino's PC lags hard dropping pop-ups at every address change.


  • This topic is locked This topic is locked
3 replies to this topic

#1 AndReAlly

AndReAlly

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 04 October 2009 - 12:24 AM

:) Hello,
I am a tech geek in the making. The only reason that I use windows is because it is the most used OS around where I grew up so all the good games were developed for MS :( . I am trying to fix the windows on my BiL's (Bro-in-Law's) comp. Right now i am getting a lot of pop ups for "http://media2.tmlatn.com/images/defaults41/approved/404.htm" and various other sites, but that is the main one. All I know is that it is seriously messing with my Armada Playing. :(

I was reading thepep guide and so I did the DDS, and rootrepeal . I hopefully have done everything right and attached the text file read-outs. I hoping that you can help me out. We have norton 360 as the main provider for this computer. It runs on XP Home SP3 On an AMD Athlon. It is a Shaw hookup so we can get Shaw Secure this coming bill if you could provide insight on that as well that would be awsome.

Thanks a bunch for all helping out. It is because of that kind of community that we have civilization. So thanks in advance.

Ps. I can't load windows update page and the computer hasn't updated in a long time. :)

DDS (Ver_09-09-29.01) - NTFSx86
Run by HP_Administrator at 19:29:34.92 on 03/10/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.325 [GMT -6:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\HP_ADM~1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1253478800&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-CA
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: System=lsass.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.5.2.11\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [A00FD7E29.exe] c:\docume~1\hp_adm~1\locals~1\temp\_A00FD7E29.exe
uRun: [A00F2AE2D2.exe] c:\docume~1\hp_adm~1\locals~1\temp\_A00F2AE2D2.exe
uRun: [A00FA6B8A.exe] c:\docume~1\hp_adm~1\locals~1\temp\_A00FA6B8A.exe
uRun: [A00F57E20.exe] c:\docume~1\hp_adm~1\locals~1\temp\_A00F57E20.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [BigDogPath] c:\windows\VM_STI.EXE VIMICRO USB PC Camera
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [RECGUARD] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler] "c:\program files\pc-doctor 5 for windows\RunProfiler.exe" -r
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
Trusted Zone: trymedia.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177864533421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: NameServer = 85.255.114.87 85.255.112.62
TCP: {3F316F09-4777-45CB-B81D-CE6B75EADD31} = 85.255.114.87,85.255.112.62
TCP: {892900FC-9814-4488-99C0-81491C1EE93D} = 85.255.114.87
TCP: {E63F9913-68D8-41F9-A16E-5FA928EAC3BC} = 85.255.114.87
TCP: {FBBA6E2D-C1DB-403B-8694-3961EA49E7FA} = 85.255.114.87,85.255.112.62
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.5.2.11\CoIEPlg.dll
Notify: 71ff1886670 - c:\windows\system32\d3dx10_3732.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: __c005572E - c:\windows\system32\__c005572E.dat
AppInit_DLLs: c:\windows\system32\d3dx10_3732.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0305020.00b\SymEFA.sys [2009-9-9 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0305020.00b\BHDrvx86.sys [2009-9-9 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0305020.00b\cchpx86.sys [2009-9-9 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090916.003\IDSXpx86.sys [2009-9-16 329080]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.5.2.11\ccSvcHst.exe [2009-9-9 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-12-18 57376]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091003.020\NAVENG.SYS [2009-10-3 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091003.020\NAVEX15.SYS [2009-10-3 1323568]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2008-12-18 377920]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\documents and settings\hp_administrator\common\database\bin\fbserver.exe [2008-3-7 1527900]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\d-link\rangebooster g wua-2340\jswutil\jswpsapi.exe [2008-12-18 352338]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\drivers\usbVM31b.sys [2008-7-13 90568]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-10-03 18:54 28,160 a------- c:\windows\system32\__c006C8E2.dat
2009-10-03 17:46 28,160 a------- c:\windows\system32\__c0034640.dat
2009-10-03 10:16 <DIR> --d----- c:\program files\AskBarDis
2009-10-03 10:15 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\GlarySoft
2009-10-03 10:15 <DIR> --d----- c:\program files\Glary Registry Repair
2009-10-03 09:43 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Reg Tool
2009-10-03 09:43 <DIR> --d----- c:\program files\Reg Tool
2009-10-03 09:28 <DIR> --d----- c:\program files\PC-Doctor 5 for Windows
2009-10-03 09:24 917,504 a------- c:\windows\system32\FLASH.OCX
2009-10-03 09:24 <DIR> --dsh--- c:\windows\ftpcache
2009-10-03 09:11 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Error Fix
2009-10-03 09:11 <DIR> --d----- c:\program files\Error Fix
2009-10-03 07:17 28,160 a------- c:\windows\system32\__c00CBD20.dat
2009-10-02 23:55 28,160 a------- c:\windows\system32\__c00949AF.dat
2009-10-02 23:37 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-10-02 21:51 28,160 a------- c:\windows\system32\__c003466C.dat
2009-10-02 21:25 28,160 a------- c:\windows\system32\__c0029594.dat
2009-10-02 21:19 28,160 a------- c:\windows\system32\__c00691DE.dat
2009-10-02 21:10 28,160 a------- c:\windows\system32\__c005EC55.dat
2009-10-02 19:55 28,160 a------- c:\windows\system32\__c0042F8E.dat
2009-10-02 19:23 151 a------- c:\windows\system32\tempie.html
2009-10-02 19:20 4 a------- c:\windows\system32\bincd32.dat
2009-10-02 19:16 8,551 a------- c:\windows\system32\wispex.html
2009-10-02 19:16 <DIR> --d----- c:\windows\system32\images
2009-10-02 19:15 36 a------- c:\windows\system32\skynet.dat
2009-10-02 19:15 58 a------- c:\windows\wf4.dat
2009-10-02 19:15 3 a------- c:\windows\wf3.dat
2009-10-02 19:15 99 a------- c:\windows\system32\wwp.htm
2009-10-02 19:06 <DIR> --d----- c:\program files\Mozilla Firefox(2)
2009-10-02 19:03 28,160 a------- c:\windows\system32\__c00A554F.dat
2009-10-02 01:43 45 a------- c:\documents and settings\hp_administrator\jagex_runescape_preferences2.dat
2009-10-02 01:42 28,160 a------- c:\windows\system32\__c004CC1.dat
2009-10-02 01:35 28,160 a------- c:\windows\system32\__c004CA5A.dat
2009-10-02 01:23 28,160 a------- c:\windows\system32\__c00ECD71.dat
2009-10-01 23:48 28,160 a------- c:\windows\system32\__c009B5CF.dat
2009-10-01 13:33 28,160 a------- c:\windows\system32\__c004AF90.dat
2009-10-01 11:46 28,160 a------- c:\windows\system32\__c00EB41C.dat
2009-10-01 05:14 523,264 a--sh--- c:\windows\system32\3.tmp
2009-09-30 21:02 28,160 a------- c:\windows\system32\__c00B181A.dat
2009-09-30 02:53 28,160 a------- c:\windows\system32\__c001DEA5.dat
2009-09-30 01:31 28,160 a------- c:\windows\system32\__c00A2518.dat
2009-09-29 19:05 523,264 a--sh--- c:\windows\system32\3E.tmp
2009-09-29 14:16 <DIR> --d----- c:\program files\ROYAL1688
2009-09-29 12:55 28,160 a------- c:\windows\system32\__c00442D0.dat
2009-09-28 23:05 523,264 a--sh--- c:\windows\system32\13.tmp
2009-09-28 03:19 28,160 a------- c:\windows\system32\__c005572E.dat
2009-09-27 21:18 28,160 a------- c:\windows\system32\__c0085A69.dat
2009-09-27 14:47 28,160 a------- c:\windows\system32\__c0097FFA.dat
2009-09-27 04:49 0 a------- c:\windows\system32\204.tmp
2009-09-27 04:49 0 a------- c:\windows\system32\203.tmp
2009-09-26 15:42 28,160 a------- c:\windows\system32\__c0058122.dat
2009-09-25 18:46 28,160 a------- c:\windows\system32\__c00862A0.dat
2009-09-25 17:34 28,160 a------- c:\windows\system32\__c0030504.dat
2009-09-25 14:13 28,160 a------- c:\windows\system32\__c002C496.dat
2009-09-25 13:30 28,160 a------- c:\windows\system32\__c00B372.dat
2009-09-24 20:14 28,160 a------- c:\windows\system32\__c008856E.dat
2009-09-24 15:12 28,160 a------- c:\windows\system32\__c0099F12.dat
2009-09-24 07:19 <DIR> --dsh--- c:\windows\system32\LocalService
2009-09-23 23:34 27,648 a------- c:\windows\system32\__c0035B99.dat
2009-09-23 19:39 27,648 a------- c:\windows\system32\__c0023344.dat
2009-09-23 13:56 27,648 a------- c:\windows\system32\__c009F3D0.dat
2009-09-23 11:55 320 a------- C:\xcrashdump.dat
2009-09-22 17:13 27,648 a------- c:\windows\system32\__c009CECB.dat
2009-09-21 14:49 27,648 a------- c:\windows\system32\__c001CC64.dat
2009-09-21 14:45 17,971 a------- c:\windows\GnuHashes.ini
2009-09-21 14:38 1,644 a--sh--- c:\windows\system32\GroupPolicy000.dat
2009-09-21 14:38 523,264 a--sh--- c:\windows\system32\61.tmp
2009-09-21 14:38 119,808 a------- c:\windows\system32\d3dx10_3732.dll
2009-09-21 14:23 <DIR> --d----- c:\program files\Outsim
2009-09-20 16:12 <DIR> --d----- c:\program files\ASIO4ALL v2
2009-09-20 16:10 1,294,336 a------- c:\windows\system32\vorbis.acm
2009-09-20 16:07 <DIR> --d----- c:\program files\Image-Line
2009-09-19 20:30 <DIR> --d----- c:\program files\Siber Systems
2009-09-18 23:46 262,144 a------- C:\ntuser.dat
2009-09-15 18:55 <DIR> --d----- c:\documents and settings\hp_administrator\Tracing
2009-09-15 18:53 <DIR> --d----- c:\program files\Microsoft
2009-09-15 18:53 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-09-15 18:34 <DIR> --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-10-02 18:31 38 a------- c:\documents and settings\hp_administrator\jagex_runescape_preferences.dat
2009-09-11 03:03 124,976 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-11 03:03 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-09-11 03:03 7,456 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-11 03:03 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-09 10:56 26,600 a----r-- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-09 10:56 107,368 a----r-- c:\windows\system32\GEARAspi.dll
2009-08-22 02:13 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-07-28 18:26 3,532 a------- C:\drmHeader.bin
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-22 08:47 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2007-07-01 18:01 43,495 a------- c:\program files\USBModem.zip
2007-07-01 17:11 132,794 a------- c:\program files\P2kCommander-V4.9.8.zip
2007-07-01 16:53 1,207,026 a------- c:\program files\wrar370.exe
2006-09-02 22:05 160 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2006-03-15 14:11 22 a--sh--- c:\windows\sminst\HPCD.sys
2009-02-07 14:27 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020720090208\index.dat

============= FINISH: 19:33:45.70 ===============

Attached Files


Edited by AndReAlly, 04 October 2009 - 01:45 AM.


BC AdBot (Login to Remove)

 


#2 AndReAlly

AndReAlly
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 09 October 2009 - 06:44 AM

No rush. :( I am just letting you know that I haven't dropped this issue. I haven't used the comp since but my brother in law has. but I don't think that he is doing anything to it, or for it. Just using it.

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:27 PM

Posted 22 October 2009 - 03:51 AM

Hello ,
And :( to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We need to check for rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
    Direct Download
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log
  • RootRepeal log


Please give me some time to review your logs and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay
.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:27 PM

Posted 26 October 2009 - 01:16 PM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic re-opened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users