Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cannot reactivate security center


  • Please log in to reply
7 replies to this topic

#1 shadowhunther66

shadowhunther66

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 18 November 2009 - 09:17 PM

I have run malwarebytes and it comes up clean, but my AVG keeps bringing up infected files in the local/temp dir. i'm at a loss, i can normally take care of stuff like this but it seams i have been hit hard this time. my computer is not doing anything strange accept for the random avg pop-ups and the security center won't start so i can't turn on my firewall.
Also Root tool won't run on my 64 bit OS. Thank you for any help.


DDS (Ver_09-10-26.01) - NTFSX64
Run by Ecstasy at 20:10:00.21 on Wed 11/18/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4093.2460 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Windows\SysWOW64\bgsvcgen.exe
C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\AVG\AVG8\avgemc.exe
C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\msdtc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\rundll32.exe
C:\Users\Ecstasy\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\FFF\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.starbarsearch.com/?useie5=1&q=
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mLocal Page = c:\windows\syswow64\blank.htm
mSearch Bar = hxxp://www.starbarsearch.com/?useie5=1&q=
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ClickCatcher MSIE handler: {16664845-0e00-11d2-8059-000000000000} - c:\program files (x86)\common files\reget shared\Catcher.dll
BHO: Star: {274aa099-b630-4a52-bb0f-7a114ab96f32} - c:\windows\syswow64\5778.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg8\avgssie.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: ReGet Bar: {17939a30-18e2-471e-9d3a-56dd725f1215} - c:\program files (x86)\regetdx\iebar.dll
TB: Star: {274aa098-b630-4a52-bb0f-7a114ab96f32} - c:\windows\syswow64\5778.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Google Update] "c:\users\ecstasy\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ttool] c:\windows\srcdll.exe
mRun: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [AVG8_TRAY] c:\progra~2\avg\avg8\avgtray.exe
mRun: [HornetMonitor] "c:\program files (x86)\common files\hornet\MntrHrnt.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Norton Ghost 14.0] "c:\program files (x86)\norton ghost\agent\VProTray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Do&wnload by ReGet Deluxe - c:\program files (x86)\common files\reget shared\CC_Link.htm
IE: Download A&ll by ReGet Deluxe - c:\program files (x86)\common files\reget shared\CC_All.htm
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~2\java\jre16~2.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
Trusted Zone: thebigm.com\www
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - c:\program files (x86)\common files\g7ps\shared files\g7psdll\G7PS.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg8\avgpp.dll
SEH: {9CF03D17-71FE-4781-ABD8-247CBA1BB6EF} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB-X64: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB-X64: {274AA098-B630-4A52-BB0F-7A114AB96F32} - No File
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\ecstasy\appdata\roaming\mozilla\firefox\profiles\1elqyf0m.default\
FF - component: c:\program files (x86)\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\users\ecstasy\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AvgRkx64;AvgRkx64;c:\windows\system32\drivers\avgrkx64.sys [2009-4-22 14856]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2008-8-11 427016]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2008-8-11 33416]
R1 AvgTdiA;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdia.sys [2009-2-1 133640]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files (x86)\hp\quickplay\000.fcl [2008-3-13 32240]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~2\avg\avg8\avgemc.exe [2009-7-30 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~2\avg\avg8\avgwdsvc.exe [2009-7-30 297752]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2008-8-18 11576]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 2297216]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2008-11-17 4751360]
S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2006-11-2 8704]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-2-25 93184]
S3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw4v64.sys [2007-10-31 3197440]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 SymSnapService;SymSnapService;"c:\program files (x86)\norton ghost\shared\drivers\symsnapservicex64.exe" --> c:\program files (x86)\norton ghost\shared\drivers\SymSnapServicex64.exe [?]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2009-11-15 17:02:04 0 d-----w- c:\program files (x86)\Symantec
2009-11-15 17:01:26 20528 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys
2009-11-15 17:01:26 18224 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-11-15 17:01:26 151656 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2009-11-15 17:01:26 124208 ----a-w- c:\windows\system32\GEARAspi64.dll
2009-11-15 17:01:26 109360 ----a-w- c:\windows\syswow64\GEARAspi.dll
2009-11-15 17:01:25 45104 ----a-w- c:\windows\system32\drivers\v2imount.sys
2009-11-15 17:01:24 165424 ----a-w- c:\windows\system32\drivers\symsnap.sys
2009-11-15 17:00:30 0 d-----w- c:\program files (x86)\Norton Ghost
2009-11-15 16:07:05 74 ----a-w- c:\windows\MPLAYER.INI
2009-11-12 22:59:40 5939712 ----a-w- c:\windows\syswow64\mshtml.dll
2009-11-12 22:59:38 1638912 ----a-w- c:\windows\syswow64\mshtml.tlb
2009-11-12 22:59:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-12 22:53:11 2621440 ----a-w- c:\windows\system32\wucltux.dll
2009-11-12 22:52:54 98816 ----a-w- c:\windows\system32\wudriver.dll
2009-11-12 22:52:54 87552 ----a-w- c:\windows\syswow64\wudriver.dll
2009-11-12 22:52:54 575704 ----a-w- c:\windows\syswow64\wuapi.dll
2009-11-12 22:52:54 35552 ----a-w- c:\windows\syswow64\wups.dll
2009-11-12 22:52:44 36864 ----a-w- c:\windows\system32\wuapp.exe
2009-11-12 22:52:44 33792 ----a-w- c:\windows\syswow64\wuapp.exe
2009-11-12 22:52:44 185416 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-12 22:52:44 171608 ----a-w- c:\windows\syswow64\wuwebv.dll
2009-11-12 01:43:28 0 d-----w- c:\users\ecstasy\appdata\roaming\Auslogics
2009-11-12 01:43:20 0 d-----w- c:\program files (x86)\Auslogics
2009-11-11 00:59:30 2749952 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 00:59:28 437248 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-11 00:59:28 351232 ----a-w- c:\windows\syswow64\WSDApi.dll
2009-11-04 02:22:51 74703 ----a-w- c:\windows\syswow64\mfc45.dll
2009-11-04 02:22:43 0 d-----w- c:\users\ecstasy\appdata\roaming\iolo
2009-11-04 02:22:43 0 d-----w- c:\programdata\iolo
2009-10-31 14:34:58 372736 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-31 14:34:58 310784 ----a-w- c:\windows\syswow64\unregmp2.exe
2009-10-31 14:34:57 10624000 ----a-w- c:\windows\syswow64\wmp.dll
2009-10-31 14:34:55 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-31 14:34:55 8147456 ----a-w- c:\windows\syswow64\wmploc.DLL
2009-10-29 00:42:28 0 d-----w- c:\programdata\89d5f56
2009-10-27 17:21:55 226688 ------w- c:\windows\system32\MpSigStub.exe
2009-10-22 01:25:58 0 d-----w- c:\program files (x86)\RAR Password Recovery Magic

==================== Find3M ====================

2009-11-19 00:05:53 93037 ----a-w- c:\programdata\nvModes.dat
2009-11-15 17:08:32 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-15 17:08:32 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-12 23:00:39 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-23 22:06:44 495004512 ----a-w- c:\windows\DUMP452a.tmp
2009-09-10 17:53:48 268800 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 17:30:12 213504 ----a-w- c:\windows\syswow64\msv1_0.dll
2009-09-04 12:52:46 82944 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 12:24:34 61440 ----a-w- c:\windows\syswow64\msasn1.dll
2009-08-28 12:51:05 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 12:39:07 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2009-08-28 10:39:32 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 10:15:30 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2009-08-27 05:52:18 1147904 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:47:24 132096 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:47:23 77312 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\syswow64\wininet.dll
2009-08-27 05:22:15 1208832 ----a-w- c:\windows\syswow64\urlmon.dll
2009-08-27 05:20:52 206848 ----a-w- c:\windows\syswow64\occache.dll
2009-08-27 05:18:37 594432 ----a-w- c:\windows\syswow64\msfeeds.dll
2009-08-27 05:18:37 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-08-27 05:18:00 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2009-08-27 05:17:43 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2009-08-27 05:17:43 164352 ----a-w- c:\windows\syswow64\ieui.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2009-08-27 05:17:42 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2009-08-27 05:17:42 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2009-08-27 05:17:41 11069440 ----a-w- c:\windows\syswow64\ieframe.dll
2009-08-27 05:17:35 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-08-27 04:10:33 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 03:42:29 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2009-08-27 03:42:23 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2009-08-27 03:41:45 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2008-08-11 21:25:42 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-14 00:37:19 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2009-06-14 00:37:19 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\iecompatcache\index.dat
2009-06-14 00:37:19 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\privacie\index.dat

============= FINISH: 20:11:24.94 ===============

Thank you again for taking a look at this.

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:48 PM

Posted 27 November 2009 - 08:45 AM

Hello shadowhunther66

Welcome to BleepingComputer :(
==========================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
ALso can you post the Mbam log with those detections in it?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 shadowhunther66

shadowhunther66
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 29 November 2009 - 12:27 PM

Thank you for your reply here are the post you requested. Also i want to let you know that some time last week my Security Center turned itself back on and the firewall
started up. I did what the form said and did not make any changes, but the warning that my Security center was off stop comming up and when i looked everything was
normal ( Security center active , firewall active, UAC off (that is my doing)). I did not allow any updates to run except for Windows Defender updates. Thank you for checking
this out and i hope I'm not crying wolf.

Malwarebytes' Anti-Malware 1.41
Database version: 3195
Windows 6.0.6001 Service Pack 1

11/18/2009 10:50:40 PM
mbam-log-2009-11-18 (22-50-40).txt

Scan type: Full Scan (C:\|)
Objects scanned: 316005
Time elapsed: 1 hour(s), 38 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files



#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:48 PM

Posted 29 November 2009 - 05:16 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Star) - {274AA099-B630-4A52-BB0F-7A114AB96F32} - C:\Windows\SysWow64\5778.dll File not found
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O4 - HKCU..\Run: [ttool] C:\Windows\srcdll.exe File not found
    O28 - HKLM ShellExecuteHooks: {9CF03D17-71FE-4781-ABD8-247CBA1BB6EF} - Reg Error: Key error. File not found
    O33 - MountPoints2\{118f052b-67e5-11dd-90a1-001e682a7051}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{4907eb08-3b55-11de-8a62-001e682a7051}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
    O33 - MountPoints2\{4907eb1b-3b55-11de-8a62-001e682a7051}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found
    O33 - MountPoints2\{7a13e40d-6a04-11dd-b800-001e682a7051}\Shell\AutoRun\command - "" = F:\StormF1.exe -- File not found
    O33 - MountPoints2\{902d84e1-8530-11de-a85e-001e682a7051}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{a3db154a-32ca-11de-a629-001e682a7051}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
    O33 - MountPoints2\{c13ba07f-7dac-11dd-9c00-001e682a7051}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{c3c86a73-67ed-11dd-a9f8-001e682a7051}\Shell\AutoRun\command - "" = F:\StormF1.exe -- File not found
    O33 - MountPoints2\{d71667aa-ea7d-11dd-873b-001e682a7051}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
    [2009/04/24 16:56:02 | 00,000,000 | -HSD | M] -- C:\Users\Ecstasy\AppData\Roaming\.#
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
============
As a final check - Please perform the following online scan:

* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 shadowhunther66

shadowhunther66
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 03 December 2009 - 10:26 PM

Here are the logs from the latest requests. there are two OLT because it did not reboot my computer the first time and no log came upm so i did it
again and it rebooted then the log came i hope showes you the correct info.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=915ae2182eeae94bbd66e1b6086bc625
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-03 04:14:16
# local_time=2009-12-02 11:14:16 (-0500, Eastern Standard Time)
# country="United States"
# lang=9
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 21357516 21357516 0 0
# compatibility_mode=1024 16777215 100 0 41232240 41232240 0 0
# compatibility_mode=5892 16776573 100 100 0 96405473 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=213036
# found=0
# cleaned=0
# scan_time=6888

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{274AA099-B630-4A52-BB0F-7A114AB96F32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{274AA099-B630-4A52-BB0F-7A114AB96F32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ttool deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{9CF03D17-71FE-4781-ABD8-247CBA1BB6EF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CF03D17-71FE-4781-ABD8-247CBA1BB6EF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{118f052b-67e5-11dd-90a1-001e682a7051}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118f052b-67e5-11dd-90a1-001e682a7051}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4907eb08-3b55-11de-8a62-001e682a7051}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4907eb08-3b55-11de-8a62-001e682a7051}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4907eb1b-3b55-11de-8a62-001e682a7051}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4907eb1b-3b55-11de-8a62-001e682a7051}\ not found.
File H:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a13e40d-6a04-11dd-b800-001e682a7051}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a13e40d-6a04-11dd-b800-001e682a7051}\ not found.
File F:\StormF1.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{902d84e1-8530-11de-a85e-001e682a7051}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{902d84e1-8530-11de-a85e-001e682a7051}\ not found.
File H:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3db154a-32ca-11de-a629-001e682a7051}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3db154a-32ca-11de-a629-001e682a7051}\ not found.
File G:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c13ba07f-7dac-11dd-9c00-001e682a7051}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c13ba07f-7dac-11dd-9c00-001e682a7051}\ not found.
File I:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3c86a73-67ed-11dd-a9f8-001e682a7051}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3c86a73-67ed-11dd-a9f8-001e682a7051}\ not found.
File F:\StormF1.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d71667aa-ea7d-11dd-873b-001e682a7051}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d71667aa-ea7d-11dd-873b-001e682a7051}\ not found.
File F:\WDSetup.exe not found.
C:\Users\Ecstasy\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========
Error: Unable to interpret <[emptytemp> in the current context!

OTL by OldTimer - Version 3.1.11.2 log created on 11302009_190730



All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{274AA099-B630-4A52-BB0F-7A114AB96F32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{274AA099-B630-4A52-BB0F-7A114AB96F32}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ttool not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{9CF03D17-71FE-4781-ABD8-247CBA1BB6EF} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CF03D17-71FE-4781-ABD8-247CBA1BB6EF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{118f052b-67e5-11dd-90a1-001e682a7051}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118f052b-67e5-11dd-90a1-001e682a7051}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4907eb08-3b55-11de-8a62-001e682a7051}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4907eb08-3b55-11de-8a62-001e682a7051}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4907eb1b-3b55-11de-8a62-001e682a7051}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4907eb1b-3b55-11de-8a62-001e682a7051}\ not found.
File H:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a13e40d-6a04-11dd-b800-001e682a7051}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a13e40d-6a04-11dd-b800-001e682a7051}\ not found.
File F:\StormF1.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{902d84e1-8530-11de-a85e-001e682a7051}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{902d84e1-8530-11de-a85e-001e682a7051}\ not found.
File H:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3db154a-32ca-11de-a629-001e682a7051}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3db154a-32ca-11de-a629-001e682a7051}\ not found.
File G:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c13ba07f-7dac-11dd-9c00-001e682a7051}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c13ba07f-7dac-11dd-9c00-001e682a7051}\ not found.
File I:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3c86a73-67ed-11dd-a9f8-001e682a7051}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3c86a73-67ed-11dd-a9f8-001e682a7051}\ not found.
File F:\StormF1.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d71667aa-ea7d-11dd-873b-001e682a7051}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d71667aa-ea7d-11dd-873b-001e682a7051}\ not found.
File F:\WDSetup.exe not found.
Folder C:\Users\Ecstasy\AppData\Roaming\.#\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ecstasy
->Temp folder emptied: -1276161442 bytes
->Temporary Internet Files folder emptied: 58329143 bytes
->Java cache emptied: 896876 bytes
->FireFox cache emptied: 75801016 bytes
->Google Chrome cache emptied: 11831268 bytes

User: Public

User: World of Warcraft

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 495004512 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
Windows Temp folder emptied: 26927344 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 34096 bytes
RecycleBin emptied: 635638187 bytes

Total Files Cleaned = 26.99 mb


OTL by OldTimer - Version 3.1.11.2 log created on 12022009_205700

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZU053PL\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH7I7T56\Communications[1].asmx scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH7I7T56\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHN2AETR\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SE8QV7T\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SE8QV7T\update[1].asmx scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:48 PM

Posted 04 December 2009 - 07:59 AM

How are things running now?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 shadowhunther66

shadowhunther66
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 06 December 2009 - 06:56 PM

thank you for all your help it seems to be back to normal like i said before everything seem to have fixed itself,
the security center turned itself back on and i have not gotten any more warnings from AVG.

i think your programs exposed the hidden files and AVG took them out or it was your fix either way thank you
for your help

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:48 PM

Posted 07 December 2009 - 07:03 AM

======Cleanup======
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 17...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================Clear out infected System Restore points======================


Then we need to reset your System Restore points.
The link below shows how to do this.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================
After that your all set. :(


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users