Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Generic host process / NT Authority System / Google Redirect viruses


  • This topic is locked This topic is locked
28 replies to this topic

#1 nunyagirl

nunyagirl

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 22 January 2010 - 05:30 AM

I have multiple problems:
1) I get a box that says "Data Execution Prevention Generic Host Process for Win32 Services". I click OK and it gives me the option of whether or not to send a message to Microsoft. No matter which one I pick, the box pops up again and it will just keep doing it over and over

2) After working on the computer for awhile, a box will pop up that says "NT Authority System DCOM server process launch service terminated unexpectedly" and computer shuts down in 60 secs

3) Google search: when I click on entries from my google search I'm redirected to some other website

I've run Malwarebytes and Bit Defender and neither find anything.

Thank you

DDS (Ver_09-12-01.01) - NTFSx86
Run by Vikki Fields at 5:09:41.17 on Fri 01/22/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.520 [GMT -5:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
svchost.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Vikki Fields\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [bikini] bikini.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRunOnce: [!CleanupNetMeetingDispDriver] "c:\windows\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_08\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01118A01-3E00-11D2-8470-0060089874ED} - hxxps://password.bellsouth.net/sdccommon/download/tgctlsr.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - hxxps://www.windowsonecare.com/install/cli/1.0.0971.36/WinSSWebAgent.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
DPF: {4FF0ADF7-4C00-4A2F-A00A-8F0EFD85D80E} - hxxps://imail.tema.toyota.com/images/whlcache.cab?egap=internal
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152327748140
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://imail.tema.toyota.com/dwa7W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli c:\windows\system32\hubewapo.dll c:\windows\system32\gezokije.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 94.232.248.66 antivirsystem.microsoft.com
Hosts: 94.232.248.66 antivirsystempro.com
Hosts: 94.232.248.66 www.antivirsystempro.com

============= SERVICES / DRIVERS ===============

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-5 24652]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-12-7 152456]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]

=============== Created Last 30 ================

2010-01-18 19:04:33 0 dc-h--w- c:\windows\ie8
2010-01-18 19:02:24 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-18 19:02:24 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-18 18:28:26 0 d-----w- c:\docume~1\vikkif~1\applic~1\Windows Desktop Search
2010-01-18 18:27:17 0 d-----w- c:\windows\system32\GroupPolicy
2010-01-18 18:27:17 0 d-----w- c:\program files\Windows Desktop Search
2010-01-18 18:25:13 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2010-01-18 18:25:13 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2010-01-18 18:25:12 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2010-01-16 11:42:44 385 ----a-w- c:\windows\system32\user_gensett.xml
2010-01-16 08:24:52 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-01-16 08:24:52 16 ----a-w- c:\windows\system32\asdict.dat
2010-01-16 08:24:52 0 ----a-w- c:\windows\system32\ab_bl.sig
2010-01-16 08:24:52 0 ----a-w- C:\pcwords2.dat
2010-01-16 08:24:52 0 ----a-w- C:\pcwords.dat
2010-01-16 08:24:52 0 ----a-w- C:\pcconf.ini
2010-01-16 08:24:52 0 ----a-w- C:\pc_sign.slf
2010-01-16 08:11:45 0 d-----w- c:\program files\BitDefender
2010-01-16 08:11:45 0 d-----w- c:\docume~1\vikkif~1\applic~1\BitDefender
2010-01-14 03:09:57 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-06 07:32:22 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-01-06 07:10:55 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender
2010-01-05 19:53:42 0 d-----w- c:\program files\common files\BitDefender
2010-01-05 14:50:58 0 ----a-w- c:\windows\system32\4827.exe
2010-01-05 14:30:57 0 ----a-w- c:\windows\system32\11942.exe
2010-01-05 14:10:56 0 ----a-w- c:\windows\system32\2995.exe
2010-01-05 13:50:56 0 ----a-w- c:\windows\system32\491.exe
2010-01-05 12:30:52 0 ----a-w- c:\windows\system32\28145.exe
2010-01-05 12:10:51 0 ----a-w- c:\windows\system32\5705.exe
2010-01-05 11:50:50 0 ----a-w- c:\windows\system32\24464.exe
2010-01-05 11:30:49 0 ----a-w- c:\windows\system32\26962.exe
2010-01-05 11:10:48 0 ----a-w- c:\windows\system32\29358.exe
2010-01-05 10:50:47 0 ----a-w- c:\windows\system32\11478.exe
2010-01-05 09:50:41 0 ----a-w- c:\windows\system32\26500.exe
2010-01-05 09:30:40 0 ----a-w- c:\windows\system32\6334.exe
2010-01-05 09:10:36 0 ----a-w- c:\windows\system32\18467.exe
2010-01-02 16:28:33 0 ----a-w- c:\windows\system32\27644.exe
2010-01-02 16:08:33 0 ----a-w- c:\windows\system32\25547.exe
2010-01-02 15:48:32 0 ----a-w- c:\windows\system32\6868.exe
2010-01-02 15:28:31 0 ----a-w- c:\windows\system32\28253.exe
2010-01-02 15:08:30 0 ----a-w- c:\windows\system32\7711.exe
2010-01-02 14:48:30 0 ----a-w- c:\windows\system32\15141.exe
2010-01-02 14:28:29 0 ----a-w- c:\windows\system32\4664.exe
2010-01-02 14:08:29 0 ----a-w- c:\windows\system32\17673.exe
2010-01-02 13:48:28 0 ----a-w- c:\windows\system32\30333.exe
2010-01-02 13:28:27 0 ----a-w- c:\windows\system32\31322.exe
2010-01-02 13:08:26 0 ----a-w- c:\windows\system32\23811.exe
2010-01-02 12:48:26 0 ----a-w- c:\windows\system32\28703.exe
2010-01-02 12:28:25 0 ----a-w- c:\windows\system32\9894.exe
2010-01-02 12:08:24 0 ----a-w- c:\windows\system32\17035.exe
2010-01-02 11:48:23 0 ----a-w- c:\windows\system32\26299.exe
2010-01-02 11:28:23 0 ----a-w- c:\windows\system32\25667.exe
2010-01-02 11:08:22 0 ----a-w- c:\windows\system32\19912.exe
2010-01-02 10:48:22 0 ----a-w- c:\windows\system32\1869.exe
2010-01-02 10:28:21 0 ----a-w- c:\windows\system32\11538.exe
2010-01-02 10:08:20 0 ----a-w- c:\windows\system32\14771.exe
2010-01-02 09:48:19 0 ----a-w- c:\windows\system32\21726.exe
2010-01-02 09:28:18 0 ----a-w- c:\windows\system32\5447.exe
2010-01-02 09:08:17 0 ----a-w- c:\windows\system32\19895.exe
2010-01-02 08:48:16 0 ----a-w- c:\windows\system32\19718.exe
2010-01-02 08:28:16 0 ----a-w- c:\windows\system32\18716.exe
2010-01-02 08:08:15 0 ----a-w- c:\windows\system32\17421.exe
2010-01-02 07:48:15 0 ----a-w- c:\windows\system32\12382.exe
2010-01-02 07:28:14 0 ----a-w- c:\windows\system32\292.exe
2010-01-02 07:08:14 0 ----a-w- c:\windows\system32\153.exe
2010-01-02 06:48:13 0 ----a-w- c:\windows\system32\3902.exe
2010-01-02 06:28:12 0 ----a-w- c:\windows\system32\14604.exe
2010-01-02 06:08:12 0 ----a-w- c:\windows\system32\32391.exe
2010-01-02 05:48:01 0 ----a-w- c:\windows\system32\5436.exe
2010-01-02 04:05:57 0 ----a-w- c:\windows\system32\9961.exe
2010-01-02 03:45:56 0 ----a-w- c:\windows\system32\16827.exe
2010-01-02 03:25:55 0 ----a-w- c:\windows\system32\23281.exe
2010-01-02 01:02:38 0 ----a-w- c:\windows\system32\15724.exe
2010-01-02 00:42:27 0 ----a-w- c:\windows\system32\19169.exe
2009-12-25 18:05:06 1 ----a-w- C:\s
2009-12-24 19:08:01 557 ----a-w- c:\documents and settings\vikki fields\Shortcut to Shared.lnk

==================== Find3M ====================

2010-01-20 10:56:28 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-20 10:56:28 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-12-21 19:14:05 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-12-21 19:14:04 5942784 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-12-21 19:14:04 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-12-21 19:14:03 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-21 19:14:03 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-21 19:14:03 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-12-21 19:14:03 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-21 19:14:03 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-12-21 19:14:02 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-21 19:14:01 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-17 19:23:38 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-07 23:49:08 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-12-07 23:46:28 152456 ----a-w- c:\windows\system32\drivers\bdfm.sys
2008-10-30 19:32:15 88 --sh--r- c:\windows\system32\2755C85BAB.sys
2008-05-08 07:22:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050820080509\index.dat

============= FINISH: 5:12:22.54 ===============

Attached Files


Edited by nunyagirl, 22 January 2010 - 03:37 PM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:56 PM

Posted 27 January 2010 - 02:20 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 nunyagirl

nunyagirl
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 28 January 2010 - 02:10 AM


DDS (Ver_09-12-01.01) - NTFSx86
Run by Vikki Fields at 2:01:50.95 on Thu 01/28/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.503 [GMT -5:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Vikki Fields\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [bikini] bikini.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_08\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01118A01-3E00-11D2-8470-0060089874ED} - hxxps://password.bellsouth.net/sdccommon/download/tgctlsr.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - hxxps://www.windowsonecare.com/install/cli/1.0.0971.36/WinSSWebAgent.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
DPF: {4FF0ADF7-4C00-4A2F-A00A-8F0EFD85D80E} - hxxps://imail.tema.toyota.com/images/whlcache.cab?egap=internal
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152327748140
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://imail.tema.toyota.com/dwa7W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli c:\windows\system32\hubewapo.dll c:\windows\system32\gezokije.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 94.232.248.66 antivirsystem.microsoft.com
Hosts: 94.232.248.66 antivirsystempro.com
Hosts: 94.232.248.66 www.antivirsystempro.com

============= SERVICES / DRIVERS ===============

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-5 24652]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-12-7 152456]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]

=============== Created Last 30 ================

2010-01-27 05:41:26 385 ----a-w- c:\documents and settings\vikki fields\Application Datauser_gensett.xml
2010-01-18 19:04:33 0 dc-h--w- c:\windows\ie8
2010-01-18 19:02:24 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-18 19:02:24 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-18 18:28:26 0 d-----w- c:\docume~1\vikkif~1\applic~1\Windows Desktop Search
2010-01-18 18:27:17 0 d-----w- c:\windows\system32\GroupPolicy
2010-01-18 18:27:17 0 d-----w- c:\program files\Windows Desktop Search
2010-01-18 18:25:13 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2010-01-18 18:25:13 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2010-01-18 18:25:12 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2010-01-16 11:42:44 385 ----a-w- c:\windows\system32\user_gensett.xml
2010-01-16 08:24:52 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-01-16 08:24:52 16 ----a-w- c:\windows\system32\asdict.dat
2010-01-16 08:24:52 0 ----a-w- c:\windows\system32\ab_bl.sig
2010-01-16 08:24:52 0 ----a-w- C:\pcwords2.dat
2010-01-16 08:24:52 0 ----a-w- C:\pcwords.dat
2010-01-16 08:24:52 0 ----a-w- C:\pcconf.ini
2010-01-16 08:24:52 0 ----a-w- C:\pc_sign.slf
2010-01-16 08:11:45 0 d-----w- c:\program files\BitDefender
2010-01-16 08:11:45 0 d-----w- c:\docume~1\vikkif~1\applic~1\BitDefender
2010-01-14 03:09:57 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-06 07:32:22 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-01-06 07:10:55 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender
2010-01-05 19:53:42 0 d-----w- c:\program files\common files\BitDefender
2010-01-05 14:50:58 0 ----a-w- c:\windows\system32\4827.exe
2010-01-05 14:30:57 0 ----a-w- c:\windows\system32\11942.exe
2010-01-05 14:10:56 0 ----a-w- c:\windows\system32\2995.exe
2010-01-05 13:50:56 0 ----a-w- c:\windows\system32\491.exe
2010-01-05 12:30:52 0 ----a-w- c:\windows\system32\28145.exe
2010-01-05 12:10:51 0 ----a-w- c:\windows\system32\5705.exe
2010-01-05 11:50:50 0 ----a-w- c:\windows\system32\24464.exe
2010-01-05 11:30:49 0 ----a-w- c:\windows\system32\26962.exe
2010-01-05 11:10:48 0 ----a-w- c:\windows\system32\29358.exe
2010-01-05 10:50:47 0 ----a-w- c:\windows\system32\11478.exe
2010-01-05 09:50:41 0 ----a-w- c:\windows\system32\26500.exe
2010-01-05 09:30:40 0 ----a-w- c:\windows\system32\6334.exe
2010-01-05 09:10:36 0 ----a-w- c:\windows\system32\18467.exe
2010-01-02 16:28:33 0 ----a-w- c:\windows\system32\27644.exe
2010-01-02 16:08:33 0 ----a-w- c:\windows\system32\25547.exe
2010-01-02 15:48:32 0 ----a-w- c:\windows\system32\6868.exe
2010-01-02 15:28:31 0 ----a-w- c:\windows\system32\28253.exe
2010-01-02 15:08:30 0 ----a-w- c:\windows\system32\7711.exe
2010-01-02 14:48:30 0 ----a-w- c:\windows\system32\15141.exe
2010-01-02 14:28:29 0 ----a-w- c:\windows\system32\4664.exe
2010-01-02 14:08:29 0 ----a-w- c:\windows\system32\17673.exe
2010-01-02 13:48:28 0 ----a-w- c:\windows\system32\30333.exe
2010-01-02 13:28:27 0 ----a-w- c:\windows\system32\31322.exe
2010-01-02 13:08:26 0 ----a-w- c:\windows\system32\23811.exe
2010-01-02 12:48:26 0 ----a-w- c:\windows\system32\28703.exe
2010-01-02 12:28:25 0 ----a-w- c:\windows\system32\9894.exe
2010-01-02 12:08:24 0 ----a-w- c:\windows\system32\17035.exe
2010-01-02 11:48:23 0 ----a-w- c:\windows\system32\26299.exe
2010-01-02 11:28:23 0 ----a-w- c:\windows\system32\25667.exe
2010-01-02 11:08:22 0 ----a-w- c:\windows\system32\19912.exe
2010-01-02 10:48:22 0 ----a-w- c:\windows\system32\1869.exe
2010-01-02 10:28:21 0 ----a-w- c:\windows\system32\11538.exe
2010-01-02 10:08:20 0 ----a-w- c:\windows\system32\14771.exe
2010-01-02 09:48:19 0 ----a-w- c:\windows\system32\21726.exe
2010-01-02 09:28:18 0 ----a-w- c:\windows\system32\5447.exe
2010-01-02 09:08:17 0 ----a-w- c:\windows\system32\19895.exe
2010-01-02 08:48:16 0 ----a-w- c:\windows\system32\19718.exe
2010-01-02 08:28:16 0 ----a-w- c:\windows\system32\18716.exe
2010-01-02 08:08:15 0 ----a-w- c:\windows\system32\17421.exe
2010-01-02 07:48:15 0 ----a-w- c:\windows\system32\12382.exe
2010-01-02 07:28:14 0 ----a-w- c:\windows\system32\292.exe
2010-01-02 07:08:14 0 ----a-w- c:\windows\system32\153.exe
2010-01-02 06:48:13 0 ----a-w- c:\windows\system32\3902.exe
2010-01-02 06:28:12 0 ----a-w- c:\windows\system32\14604.exe
2010-01-02 06:08:12 0 ----a-w- c:\windows\system32\32391.exe
2010-01-02 05:48:01 0 ----a-w- c:\windows\system32\5436.exe
2010-01-02 04:05:57 0 ----a-w- c:\windows\system32\9961.exe
2010-01-02 03:45:56 0 ----a-w- c:\windows\system32\16827.exe
2010-01-02 03:25:55 0 ----a-w- c:\windows\system32\23281.exe
2010-01-02 01:02:38 0 ----a-w- c:\windows\system32\15724.exe
2010-01-02 00:42:27 0 ----a-w- c:\windows\system32\19169.exe

==================== Find3M ====================

2010-01-25 16:26:29 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-25 16:26:29 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-12-21 19:14:05 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-12-21 19:14:04 5942784 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-12-21 19:14:04 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-12-21 19:14:03 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-21 19:14:03 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-21 19:14:03 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-12-21 19:14:03 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-21 19:14:03 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-12-21 19:14:02 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-21 19:14:01 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-17 19:23:38 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-07 23:49:08 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-12-07 23:46:28 152456 ----a-w- c:\windows\system32\drivers\bdfm.sys
2008-10-30 19:32:15 88 --sh--r- c:\windows\system32\2755C85BAB.sys
2008-05-08 07:22:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050820080509\index.dat

============= FINISH: 2:04:38.95 ===============

Attached Files



#4 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:56 PM

Posted 28 January 2010 - 07:51 AM

Hello nunyagirl ! welcome.gif

I am Blind Faith or Elle(it's easier to remember,I think) and I will help you with your malware related problems.
As you can see I am still a trainee and that means my work is revised by a coach.
Therefore, it will take a bit longer for me to reply.
So don't be impatient because I won't leave your case suspended in the air,waiting forever.

NOTE: Do not make any type of changes to your system during the cleaning process.The steps you are following are based on strict information from your system.So changes which I did not give instructions for are not recommended.

I will need some time to research the files on your system so please click the Options button at the top bar of this topic and Track this Topic, where you should choose email notifications to know when I replied.



During the cleaning process many files may be hidden so please unhide them by following the instructions listed here: How to show hidden files and folders.
And also do not make any other changes to your system.
This will not help any of us because fixes are based on strict information I find in your logs so changing it will only complicate the situation. smile.gif

Remember to check your topic for new replies.

Probably, it will take a couple of days until the next reply but after that everything will go faster.

Also please let me know if you still need help after you have read this.



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#5 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:56 PM

Posted 30 January 2010 - 07:25 PM

Hi nunyagirl,


Be aware that in 2 more days of inactivity, this topic will be closed.
Are you still here?
Have you resolved the problem.
If so, please let me know.


Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#6 nunyagirl

nunyagirl
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 01 February 2010 - 02:21 PM

I am still having all the same problems. In fact, the issue where it shuts down after showing the box NT Authority is even worse. It does it about every 10 minutes now.

Are you waiting on me to post something else? If so, I'm sorry. I didn't see that.

Thanks.

#7 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:56 PM

Posted 01 February 2010 - 02:39 PM

Hi nunyagirl,

Yes, I was waiting for your response to know when to post my instructions. smile.gif


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#8 nunyagirl

nunyagirl
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 02 February 2010 - 03:07 AM

I just want you to know that I am trying and trying and trying to run this gmer. I can't get it completed. Either my computer gets that NT Authority shutdown thing or the computer goes to a blue screen that says it's shutting down due to something bad it's detected.

I tried clicking off the devices. I tried to run in safe mode, but my computer gives me that blue screen whenever I try to do that. I'm trying to at least copy and paste some of what it shows but I haven't even been able to do that yet.

I'm struggling. Sorry.

#9 nunyagirl

nunyagirl
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 02 February 2010 - 03:37 AM

This is about all I can get...sorry

Attached Files



#10 nunyagirl

nunyagirl
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 02 February 2010 - 03:17 PM

Here is a little more....

Attached Files

  • Attached File  gmer.log   186.45KB   4 downloads


#11 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:56 PM

Posted 02 February 2010 - 05:39 PM

Hi nunyagirl,



No need to be sorry, it's not your fault tools have problems when running. smile.gif
Thank you for providing the log after all.



One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.



If you wish to continue the process then 1. please Download ComboFix
Here is a Tutorial on using ComboFix: A guide and tutorial on using ComboFix
  • Save it to your Desktop
  • Do NOT run ComboFix yet
  • Here is an alternative link to download ComboFix, if the above one is not working for you:

2. Disable Your AntiVirus and AntiSpyware Programs
  • You should be able to Right-Click on the program's icon in the System Tray and get an option to shut-down/disable each program.
  • These programs may interfere with our fix. We will re-enable them when we are done.

3. Double click on ComboFix.exe that you just saved to your Desktop
  • Follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. The Recovery Console will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • It is strongly recommended to have the Recovery Console installed on your machine before doing any malware removal.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


NOTE: If the Microsoft Windows Recovery Console is already installed, you will not receive a prompt from ComboFix regarding the Recovery Console.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

4. Re-enable Your AntiVirus and AntiSpyware Programs That You Disabled in Step 2.

5. What I need in Your Next Reply:
  • ComboFix.txt



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#12 nunyagirl

nunyagirl
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 03 February 2010 - 02:58 AM

I think I did the combo fix fully...

Attached Files

  • Attached File  log.txt   14.34KB   9 downloads


#13 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:56 PM

Posted 03 February 2010 - 03:40 PM

Hi nunyagirl,


Tell me how your PC is doing now.
Please re-run DDS and posts the new logs.


Also, click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#14 nunyagirl

nunyagirl
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 04 February 2010 - 02:10 AM

So far, so good. I couldn't yet get the Kaspersky thing to run. It kept saying I needed an uninterrupted java. Don't know what that means. I'll keep trying.

Thanks.



DDS (Ver_09-12-01.01) - NTFSx86
Run by Vikki Fields at 1:54:05.86 on Thu 02/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.362 [GMT -5:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\DOWNLO~1\WhlCache.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Vikki Fields\Desktop\dds.scr
C:\WINDOWS\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_08\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01118A01-3E00-11D2-8470-0060089874ED} - hxxps://password.bellsouth.net/sdccommon/download/tgctlsr.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - hxxps://www.windowsonecare.com/install/cli/1.0.0971.36/WinSSWebAgent.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
DPF: {4FF0ADF7-4C00-4A2F-A00A-8F0EFD85D80E} - hxxps://imail.tema.toyota.com/images/whlcache.cab?egap=internal
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152327748140
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://imail.tema.toyota.com/dwa7W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-5 24652]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-12-7 152456]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]

=============== Created Last 30 ================

2010-02-03 07:25:29 50176 ----a-w- c:\windows\system32\proquota.exe
2010-02-03 07:25:29 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2010-02-03 07:12:40 0 d-sha-r- C:\cmdcons
2010-02-03 07:10:09 98816 ----a-w- c:\windows\sed.exe
2010-02-03 07:10:09 77312 ----a-w- c:\windows\MBR.exe
2010-02-03 07:10:09 261632 ----a-w- c:\windows\PEV.exe
2010-02-03 07:10:09 161792 ----a-w- c:\windows\SWREG.exe
2010-02-02 07:32:59 0 d-----w- c:\docume~1\vikkif~1\applic~1\Windows Search
2010-01-28 20:27:40 52 ----a-w- c:\windows\system32\ashttpstats.csv
2010-01-27 05:41:26 385 ----a-w- c:\documents and settings\vikki fields\Application Datauser_gensett.xml
2010-01-18 19:04:33 0 dc-h--w- c:\windows\ie8
2010-01-18 19:02:24 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-18 19:02:24 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-18 18:28:26 0 d-----w- c:\docume~1\vikkif~1\applic~1\Windows Desktop Search
2010-01-18 18:27:17 0 d-----w- c:\windows\system32\GroupPolicy
2010-01-18 18:27:17 0 d-----w- c:\program files\Windows Desktop Search
2010-01-18 18:25:13 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2010-01-18 18:25:13 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2010-01-18 18:25:12 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2010-01-16 11:42:44 385 ----a-w- c:\windows\system32\user_gensett.xml
2010-01-16 08:24:52 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-01-16 08:24:52 16 ----a-w- c:\windows\system32\asdict.dat
2010-01-16 08:24:52 0 ----a-w- c:\windows\system32\ab_bl.sig
2010-01-16 08:24:52 0 ----a-w- C:\pcwords2.dat
2010-01-16 08:24:52 0 ----a-w- C:\pcwords.dat
2010-01-16 08:24:52 0 ----a-w- C:\pcconf.ini
2010-01-16 08:24:52 0 ----a-w- C:\pc_sign.slf
2010-01-16 08:11:45 0 d-----w- c:\program files\BitDefender
2010-01-16 08:11:45 0 d-----w- c:\docume~1\vikkif~1\applic~1\BitDefender
2010-01-14 03:09:57 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-06 07:32:22 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-01-06 07:10:55 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender
2010-01-05 19:53:42 0 d-----w- c:\program files\common files\BitDefender

==================== Find3M ====================

2010-01-28 20:25:54 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2010-01-28 20:25:54 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-01-28 19:47:57 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-12-21 19:14:05 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-12-21 19:14:04 5942784 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-12-21 19:14:04 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-12-21 19:14:03 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-21 19:14:03 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-21 19:14:03 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-12-21 19:14:03 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-21 19:14:03 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-12-21 19:14:02 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-21 19:14:01 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-07 23:49:08 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-12-07 23:46:28 152456 ----a-w- c:\windows\system32\drivers\bdfm.sys
2008-10-30 19:32:15 88 --sh--r- c:\windows\system32\2755C85BAB.sys
2008-05-08 07:22:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050820080509\index.dat

============= FINISH: 1:55:32.72 ===============

Attached Files



#15 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:56 PM

Posted 05 February 2010 - 02:45 AM

Hi again smile.gif ,


Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 18.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Then please try running the Kaspersky OnlineScan again and post the results here.



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users