Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Antivirus 7


  • This topic is locked This topic is locked
8 replies to this topic

#1 colputers

colputers

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 09 April 2010 - 08:03 PM

Hello All, I'll try to make this short. This computer was infected with Antivirus 7 and I ran Malwarebytes and it seemed to remove Antivrus 7 but things still wasn't quite right. I also had an infection in Jan 2010 and thought I had cleaned it but then things started coming back. Before I read the the preparation guide I had ran ComboFix and it deleted quite a few things as well, I have attached the logs of both Malwarebytes and ComoboFix if anyone needs to see them. The laptop is running much better but still notice there are some things that just isn't right, for example I see in task manager that EXPLORER.EXE is all in caps as well as a few other processes. Can someone please be kind enough to help me.

Thanks in advanced, James

System Info:

Windows XP Media Center 2005
Intel core 2 1.6 Ghz
2GB Ram

DDS Log:

DDS (Ver_10-03-17.01) - FAT32x86
Run by Ira at 22:23:11.67 on Wed 04/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1436 [GMT -5:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\GtDetectSc.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\Ira\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
E:\Virus Removal & Cleanup\DDS Tool\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\documents and settings\ira\start menu\programs\startup\Adobe Gamma.lnk.disabled
StartupFolder: c:\docume~1\ira\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Audible Download Manager.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Acer Empowering Technology.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Google Updater.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Photosmart Premier Fast Start.lnk.disabled
uPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ira\applic~1\mozilla\firefox\profiles\7kuh3n8q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-8 162640]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2010-2-5 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-8 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]
R2 GtDetectSc;GT Detect;c:\windows\system32\GtDetectSc.exe [2006-9-21 167936]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-6-20 1097728]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2010-2-5 65576]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 GTFFBUS;GT FF BUS;c:\windows\system32\drivers\gtffbus.sys [2006-9-20 16128]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [2006-9-20 113408]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2006-9-20 34560]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2007-5-28 39048]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\ira\locals~1\temp\00000ffd.nmc\nse\bin\ndiskio.sys --> c:\docume~1\ira\locals~1\temp\00000ffd.nmc\nse\bin\ndiskio.sys [?]
S3 nsak;nsak;\??\c:\docume~1\ira\locals~1\temp\00000ffd.nmc\nse\bin\nsak.sys --> c:\docume~1\ira\locals~1\temp\00000ffd.nmc\nse\bin\nsak.sys [?]
UnknownUnknown vkquwexg;vkquwexg; [x]

============== File Associations ===============

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-04-08 02:06:18 0 d-----w- C:\FOUND.000
2010-04-08 01:36:10 0 d-sha-r- C:\cmdcons
2010-04-08 01:33:55 98816 ----a-w- c:\windows\sed.exe
2010-04-08 01:33:55 77312 ----a-w- c:\windows\MBR.exe
2010-04-08 01:33:55 261632 ----a-w- c:\windows\PEV.exe
2010-04-08 01:33:55 161792 ----a-w- c:\windows\SWREG.exe
2010-04-06 22:43:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-06 22:43:18 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-06 22:43:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 22:35:26 0 d-----w- C:\FOUND.021
2010-04-06 12:17:54 0 d-----w- C:\FOUND.020
2010-04-06 03:31:42 0 d-----w- c:\program files\AV7
2010-03-28 03:28:48 0 d-----w- c:\program files\Ask.com
2010-03-20 21:55:50 0 d-----w- C:\FOUND.019
2010-03-10 01:17:46 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

==================== Find3M ====================

2010-02-25 16:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 09:54:26 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-11 01:05:04 39780 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-06 15:55:14 34380 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 22:24:21.70 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:06 PM

Posted 12 April 2010 - 09:04 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-GMER log
-Description of any remaining problems you may still have.


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 colputers

colputers
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 12 April 2010 - 11:21 PM

Hello and thanks for your help! In task manager I'm seeing quite a few processes in all caps I'll list below:

AGRSMMSG.EXE
CSRSS.EXE
EXPLORER.EXE
FIREFOX.EXE
HKCMD.EXE
IGFXTRAY.EXE
IGFXPERS.EXE
JQS.EXE
JUSTSCHED.EXE
LSASS.EXE
LVCOMSX.EXE
NOTEPAD.EXE
RTHDCPL.EXE
SERVICES.EXE
SMSS.EXE
SPOOLSV.EXE
SVCHOST.EXE x 6
TASKMGR.EXE
WINLOGON.EXE

Sometimes LSASS.EXE will use up over 50% of cpu and sometimes the computer will ust freeze up especially when running Defogger and GMER. I can restart and all is well for a little while. Antivirus 7 hasn't poped back up since I ran malwarebytes. Thanks for your help!




DDS (Ver_10-03-17.01) - FAT32x86
Run by Ira at 21:44:46.95 on Mon 04/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1275 [GMT -5:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\GtDetectSc.exe
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\DOCUME~1\Ira\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
E:\Virus Removal & Cleanup\DeFogger\Defogger.exe
E:\Virus Removal & Cleanup\DDS Tool\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
uPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ira\applic~1\mozilla\firefox\profiles\7kuh3n8q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\ira\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\ira\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-8 162640]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2010-2-5 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-8 19024]
R2 GtDetectSc;GT Detect;c:\windows\system32\GtDetectSc.exe [2006-9-21 167936]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-6-20 1097728]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2010-2-5 65576]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]
S3 GTFFBUS;GT FF BUS;c:\windows\system32\drivers\gtffbus.sys [2006-9-20 16128]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [2006-9-20 113408]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2006-9-20 34560]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2007-5-28 39048]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\ira\locals~1\temp\00000ffd.nmc\nse\bin\ndiskio.sys --> c:\docume~1\ira\locals~1\temp\00000ffd.nmc\nse\bin\ndiskio.sys [?]
S3 nsak;nsak;\??\c:\docume~1\ira\locals~1\temp\00000ffd.nmc\nse\bin\nsak.sys --> c:\docume~1\ira\locals~1\temp\00000ffd.nmc\nse\bin\nsak.sys [?]

============== File Associations ===============

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-04-13 00:35:11 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-04-13 00:35:07 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-04-13 00:35:07 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-04-13 00:35:03 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-04-13 00:34:59 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-04-13 00:34:40 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-04-13 00:34:36 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-04-13 00:34:36 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-04-13 00:34:33 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-04-13 00:34:27 221184 ----a-w- c:\windows\system32\dllcache\OLD70F.tmp
2010-04-13 00:34:16 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-04-13 00:34:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-04-13 00:34:05 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2010-04-13 00:34:00 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2010-04-13 00:32:57 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-04-13 00:31:57 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-04-13 00:30:59 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2010-04-13 00:29:58 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2010-04-13 00:28:58 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2010-04-13 00:27:59 30208 ----a-w- c:\windows\system32\dllcache\OLD5C9.tmp
2010-04-13 00:26:58 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2010-04-13 00:25:59 179264 ----a-w- c:\windows\system32\dllcache\s3sav3d.dll
2010-04-13 00:24:57 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-04-13 00:23:58 92416 ----a-w- c:\windows\system32\dllcache\phildec.sys
2010-04-13 00:22:59 20480 ----a-w- c:\windows\system32\dllcache\ovcomc.dll
2010-04-13 00:21:58 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2010-04-13 00:20:58 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2010-04-13 00:19:56 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2010-04-13 00:18:55 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys
2010-04-13 00:17:59 6656 ----a-w- c:\windows\system32\dllcache\OLD3B7.tmp
2010-04-13 00:16:59 10096640 ----a-w- c:\windows\system32\dllcache\OLD383.tmp
2010-04-13 00:15:59 93696 ----a-w- c:\windows\system32\dllcache\hpgt42.dll
2010-04-13 00:14:59 34173 ----a-w- c:\windows\system32\dllcache\forehe.sys
2010-04-13 00:13:59 629952 ----a-w- c:\windows\system32\dllcache\eqn.sys
2010-04-13 00:12:59 614429 ----a-w- c:\windows\system32\dllcache\digiview.exe
2010-04-13 00:11:59 39936 ----a-w- c:\windows\system32\dllcache\cnxt1803.sys
2010-04-13 00:10:59 9216 ----a-w- c:\windows\system32\dllcache\OLDC8.tmp
2010-04-13 00:09:59 7680 ----a-w- c:\windows\system32\dllcache\OLD30.tmp
2010-04-13 00:09:59 19968 ----a-w- c:\windows\system32\dllcache\OLD33.tmp
2010-04-13 00:09:58 5632 ----a-w- c:\windows\system32\dllcache\OLD27.tmp
2010-04-13 00:09:58 169984 ----a-w- c:\windows\system32\dllcache\OLD2C.tmp
2010-04-13 00:09:58 14336 ----a-w- c:\windows\system32\dllcache\OLD24.tmp
2010-04-13 00:09:57 6144 ----a-w- c:\windows\system32\dllcache\OLD1F.tmp
2010-04-13 00:09:52 94720 ----a-w- c:\windows\system32\dllcache\OLD8.tmp
2010-04-12 23:54:57 0 d-----w- c:\program files\AutoIt3
2010-04-12 23:40:47 0 d-----w- c:\windows\system32\wbem\Repository
2010-04-12 22:03:10 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2010-04-12 22:03:03 0 d-----w- c:\program files\Security Task Manager
2010-04-10 20:20:15 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-10 20:20:15 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-10 20:19:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2010-04-10 20:19:13 0 d-----w- c:\program files\Kaspersky Lab
2010-04-10 19:48:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2010-04-10 18:45:40 77312 ----a-w- C:\mbr.exe
2010-04-10 16:46:08 62 ----a-w- c:\windows\wininit.ini
2010-04-10 16:44:06 0 d-----w- c:\program files\RogueRemover FREE
2010-04-09 21:53:49 0 ----a-w- c:\documents and settings\ira\defogger_reenable
2010-04-08 20:31:40 0 d-sh--w- C:\FOUND.001
2010-04-08 15:42:49 0 d-sh--w- C:\Recycled
2010-04-08 02:06:18 0 d-----w- C:\FOUND.000
2010-04-08 01:36:10 0 d-sha-r- C:\cmdcons
2010-04-08 01:33:55 98816 ----a-w- c:\windows\sed.exe
2010-04-08 01:33:55 77312 ----a-w- c:\windows\MBR.exe
2010-04-08 01:33:55 261632 ----a-w- c:\windows\PEV.exe
2010-04-08 01:33:55 161792 ----a-w- c:\windows\SWREG.exe
2010-04-06 22:43:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-06 22:43:18 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-06 22:43:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 22:35:26 0 d-----w- C:\FOUND.021
2010-04-06 12:17:54 0 d-----w- C:\FOUND.020
2010-04-06 03:31:42 0 d-----w- c:\program files\AV7
2010-03-28 03:28:48 0 d-----w- c:\program files\Ask.com
2010-03-20 21:55:50 0 d-----w- C:\FOUND.019

==================== Find3M ====================

2010-02-25 16:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 09:54:26 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-11 01:05:04 39780 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-06 15:55:14 34380 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 21:46:07.23 ===============

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:06 PM

Posted 13 April 2010 - 03:11 PM

Hello.

Those processes with CAPS are fine, processes that are caps doesn't necessarily mean they're bad. Combofix removed most of it, but you shouldn't be running Combofix on your own.

QUOTE
Please DO NOT run Combofix. ComboFix is an extremely powerful tool and you should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

Further, ComboFix logs are not permitted outside the Malware Removal forum forums and then only when requested by a Malware Reponse Team member.


Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 colputers

colputers
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 14 April 2010 - 06:21 PM

Kaspersky Online Scanner did not find anything, any more suggestions?

Thanks, James

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:06 PM

Posted 16 April 2010 - 02:51 PM

Hello again.

Sorry for the delay. I had some things I needed to do and could not respond. Back now, so let's get back to work.

---
Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left. Any problems still?

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 colputers

colputers
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 16 April 2010 - 09:07 PM

Hello,

I really haven't been using the laptop much awaiting for your reply but it seems to be OK just running firefox.



DDS (Ver_10-03-17.01) - FAT32x86
Run by Ira at 19:21:40.85 on Fri 04/16/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1236 [GMT -5:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\GtDetectSc.exe
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\DOCUME~1\Ira\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Bleeping Computer\DDS Tool\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
uPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ira\applic~1\mozilla\firefox\profiles\7kuh3n8q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\documents and settings\ira\application data\mozilla\firefox\profiles\7kuh3n8q.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\documents and settings\ira\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\ira\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-8 162640]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2010-2-5 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-8 19024]
R2 GtDetectSc;GT Detect;c:\windows\system32\GtDetectSc.exe [2006-9-21 167936]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-6-20 1097728]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2010-2-5 65576]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]
S3 GTFFBUS;GT FF BUS;c:\windows\system32\drivers\gtffbus.sys [2006-9-20 16128]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [2006-9-20 113408]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2006-9-20 34560]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2007-5-28 39048]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\ira\locals~1\temp\00000ffd.nmc\nse\bin\ndiskio.sys --> c:\docume~1\ira\locals~1\temp\00000ffd.nmc\nse\bin\ndiskio.sys [?]
S3 nsak;nsak;\??\c:\docume~1\ira\locals~1\temp\00000ffd.nmc\nse\bin\nsak.sys --> c:\docume~1\ira\locals~1\temp\00000ffd.nmc\nse\bin\nsak.sys [?]

============== File Associations ===============

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-04-13 00:35:11 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-04-13 00:35:07 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-04-13 00:35:07 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-04-13 00:35:03 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-04-13 00:34:59 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-04-13 00:34:40 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-04-13 00:34:36 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-04-13 00:34:36 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-04-13 00:34:33 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-04-13 00:34:16 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-04-13 00:34:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-04-13 00:34:05 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2010-04-13 00:34:00 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2010-04-13 00:32:57 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-04-13 00:31:57 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-04-13 00:30:59 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2010-04-13 00:29:58 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2010-04-13 00:28:58 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2010-04-13 00:27:55 63547 ----a-w- c:\windows\system32\dllcache\sla30nd5.sys
2010-04-13 00:26:58 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2010-04-13 00:25:59 179264 ----a-w- c:\windows\system32\dllcache\s3sav3d.dll
2010-04-13 00:24:57 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-04-13 00:23:58 92416 ----a-w- c:\windows\system32\dllcache\phildec.sys
2010-04-13 00:22:59 20480 ----a-w- c:\windows\system32\dllcache\ovcomc.dll
2010-04-13 00:21:58 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2010-04-13 00:20:58 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2010-04-13 00:20:55 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys
2010-04-13 00:20:52 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-04-13 00:20:47 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2010-04-13 00:20:42 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-04-13 00:20:34 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-04-13 00:20:34 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2010-04-13 00:20:26 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2010-04-13 00:20:23 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2010-04-13 00:20:22 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2010-04-13 00:20:09 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2010-04-13 00:20:05 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-04-13 00:18:55 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys
2010-04-13 00:17:49 372824 ----a-w- c:\windows\system32\dllcache\iconf32.dll
2010-04-13 00:16:51 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys
2010-04-13 00:15:59 93696 ----a-w- c:\windows\system32\dllcache\hpgt42.dll
2010-04-13 00:14:59 34173 ----a-w- c:\windows\system32\dllcache\forehe.sys
2010-04-13 00:13:59 629952 ----a-w- c:\windows\system32\dllcache\eqn.sys
2010-04-13 00:12:59 614429 ----a-w- c:\windows\system32\dllcache\digiview.exe
2010-04-13 00:11:59 39936 ----a-w- c:\windows\system32\dllcache\cnxt1803.sys
2010-04-13 00:10:58 26624 ----a-w- c:\windows\system32\dllcache\ativxbar.sys
2010-04-12 23:54:57 0 d-----w- c:\program files\AutoIt3
2010-04-12 23:40:47 0 d-----w- c:\windows\system32\wbem\Repository
2010-04-12 22:03:10 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2010-04-12 22:03:03 0 d-----w- c:\program files\Security Task Manager
2010-04-10 20:20:15 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-10 20:20:15 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-10 20:19:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2010-04-10 20:19:13 0 d-----w- c:\program files\Kaspersky Lab
2010-04-10 19:48:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2010-04-10 18:45:40 77312 ----a-w- C:\mbr.exe
2010-04-10 16:46:08 62 ----a-w- c:\windows\wininit.ini
2010-04-08 20:31:40 0 d-sh--w- C:\FOUND.001
2010-04-08 15:42:49 0 d-sh--w- C:\Recycled
2010-04-08 02:06:18 0 d-----w- C:\FOUND.000
2010-04-08 01:36:10 0 d-sha-r- C:\cmdcons
2010-04-08 01:33:55 98816 ----a-w- c:\windows\sed.exe
2010-04-08 01:33:55 77312 ----a-w- c:\windows\MBR.exe
2010-04-08 01:33:55 261632 ----a-w- c:\windows\PEV.exe
2010-04-08 01:33:55 161792 ----a-w- c:\windows\SWREG.exe
2010-04-06 22:43:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-06 22:43:18 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-06 22:43:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 22:35:26 0 d-----w- C:\FOUND.021
2010-04-06 12:17:54 0 d-----w- C:\FOUND.020
2010-04-06 03:31:42 0 d-----w- c:\program files\AV7
2010-03-28 03:28:48 0 d-----w- c:\program files\Ask.com
2010-03-20 21:55:50 0 d-----w- C:\FOUND.019

==================== Find3M ====================

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 16:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 13:11:08 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 13:11:08 455680 ----a-w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:26 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 14:10:28 2189952 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:50 2146304 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 14:08:50 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:12 100864 ----a-w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-12 04:33:12 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02:16 226880 ----a-w- c:\windows\system32\dllcache\tcpip6.sys
2010-02-11 01:05:04 39780 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-06 15:55:14 34380 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 19:22:53.35 ===============


#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:06 PM

Posted 17 April 2010 - 02:27 PM

Hello.

Logs look clean. smile.gif

Let's update your Java and wrap up.

Update Java to Version 6 Update 19

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 19 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u19-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please follow/read the steps below to remove the tools we used, purge a system restore and for some more information. smile.gif

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Create a New System Restore Point<- Very Important

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

System A bit Slow? Try StartupLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.


Congratulations! You now appear clean! specool.gif

Now that you are clean, please follow and read some of the prevention tips below.

Preventing Infections in the Future


Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:

Some of the main things you should consider to perform/read are:
  • Disabling Autorun/Play on Flash-Drive/Removable Drives
  • Avoid gaming sites, underground web pages, pirated software sites, and Peer to Peer Programs
  • Keep Windows Updated through going to Windows Updates
  • Updating Non-Microsoft Programs
  • Keeping Security softwares updated

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck thumbup2.gif


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks smile.gif

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:06 PM

Posted 08 May 2010 - 11:48 AM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users