Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need some help I think


  • This topic is locked This topic is locked
11 replies to this topic

#1 Korlax

Korlax

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 10 July 2010 - 10:59 PM


Got a nasty virus and think i have removed it all, but really want a more experienced person to view the logs
any help would be appreciated I normally use FF still having some weird issue with it too. I get a firefox.exe application error,
it says ...The instruction at "string of numbers/letters"referenced memory at "same string of numbers/letters". The memory could
not be "read".

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:49:14 PM, on 7/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tide-guild.eu/forums/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [{2059973A-B3C0-DAD7-2E15-976212B934BE}] "C:\Documents and Settings\David Lyons\Application Data\Ruef\hogi.exe"
O4 - HKCU\..\Run: [Gcaxeb] rundll32.exe "C:\WINDOWS\MSC712.dll",Startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://staff.hisplacechurch.com/tsweb/msrdp.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: dlbx_device - - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 15206 bytes


BC AdBot (Login to Remove)

 


#2 Korlax

Korlax
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 12 July 2010 - 12:45 AM

Yep I have it all.

First of all thanks for taking the time to help me out. I had the SV suite malware thing. I snooped around and thought i removed it. But now I'm not sure
I also have browser redirects, and google pop ups. And probably more stuff then I need. I am not computer techy so hang with me if I say.. HUH? smile.gif

here are the logs required by me smile.gif

thanks again


DDS (Ver_10-03-17.01) - NTFSx86
Run by David Lyons at 21:54:51.32 on Sun 07/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2335 [GMT -7:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\David Lyons\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.tide-guild.eu/forums/index.php
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Performance Center] c:\program files\ascentive\performance center\APCMain.exe -m
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [{2059973A-B3C0-DAD7-2E15-976212B934BE}] "c:\documents and settings\david lyons\application data\ruef\hogi.exe"
uRun: [Gcaxeb] rundll32.exe "c:\windows\MSC712.dll",Startup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [Dell AIO Printer A940] "c:\program files\dell aio printer a940\dlbabmgr.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DLBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBXtime.dll,_RunDLLEntry@16
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: <NO NAME> =
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - hxxps://signup.msn.com/pages/MsnInstC.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/luxr/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxp://staff.hisplacechurch.com/tsweb/msrdp.cab
DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxps://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/shpo/default/shapo.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab53852.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab31267.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\davidl~1\applic~1\mozilla\firefox\profiles\43h5walo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tide-guild.eu/forums/index.php
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5577
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-3-30 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-3-30 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-11 40384]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-9-14 1247600]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-11 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-11 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-13 135664]
S3 merger;merger;c:\program files\microsoft application compatibility toolkit\application analyzer\merger.exe [2005-9-27 49152]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

=============== Created Last 30 ================

2010-07-12 04:30:57 0 ----a-w- c:\windows\ayexexivu.dll
2010-07-12 04:09:26 0 ----a-w- c:\windows\olaquwezanon.dll
2010-07-12 02:07:31 0 ----a-w- c:\windows\enonexilah.dll
2010-07-12 00:05:26 0 ----a-w- c:\windows\ejeyomebufebosuy.dll
2010-07-11 22:03:26 0 ----a-w- c:\windows\ogaturetoz.dll
2010-07-11 20:01:26 0 ----a-w- c:\windows\itidulig.dll
2010-07-11 17:59:25 0 ----a-w- c:\windows\uhuxuzayahe.dll
2010-07-11 15:57:26 0 ----a-w- c:\windows\emopozek.dll
2010-07-11 13:55:27 0 ----a-w- c:\windows\ofoculenela.dll
2010-07-11 11:53:26 0 ----a-w- c:\windows\uyufafahin.dll
2010-07-11 09:51:26 0 ----a-w- c:\windows\oqirifej.dll
2010-07-11 07:49:26 0 ----a-w- c:\windows\oqidowur.dll
2010-07-11 05:47:26 0 ----a-w- c:\windows\esijufux.dll
2010-07-11 03:46:43 0 ----a-w- c:\windows\ayufilelufi.dll
2010-07-11 03:25:45 0 d-----w- c:\docume~1\davidl~1\applic~1\Malwarebytes
2010-07-11 03:25:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-11 03:25:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-11 03:25:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-11 03:25:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-11 03:13:33 0 d-----w- c:\program files\Trend Micro
2010-07-11 02:40:55 0 ----a-w- c:\windows\iniboxavow.dll
2010-07-11 01:31:25 0 ----a-w- c:\windows\ojusegefimif.dll
2010-07-10 23:29:25 0 ----a-w- c:\windows\ojovugiy.dll
2010-07-10 21:27:25 0 ----a-w- c:\windows\akesabamo.dll
2010-07-10 19:25:25 0 ----a-w- c:\windows\aratamew.dll
2010-07-10 17:23:25 0 ----a-w- c:\windows\ubivamebopevu.dll
2010-07-10 17:15:36 0 ----a-w- c:\windows\enuregadagakusa.dll
2010-07-10 15:14:26 0 ----a-w- c:\windows\examofiv.dll
2010-07-10 13:12:14 0 ----a-w- c:\windows\avimamaj.dll
2010-07-10 11:11:55 0 ----a-w- c:\windows\atiyovoxan.dll
2010-07-10 10:37:38 0 ----a-w- c:\windows\ewemeyuda.dll
2010-07-10 10:25:39 0 ----a-w- c:\windows\avemukimu.dll
2010-07-10 07:04:18 0 ----a-w- c:\windows\ugonulurupohofus.dll
2010-07-10 03:14:47 2716 ----a-w- c:\windows\usejebuq.dll
2010-07-10 01:12:47 2716 ----a-w- c:\windows\epumofivuta.dll
2010-07-09 23:10:48 0 ----a-w- c:\windows\icogowel.dll
2010-07-09 09:39:04 38848 ----a-w- c:\windows\avastSS.scr
2010-07-08 21:15:56 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-07-08 21:15:56 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-07-08 21:15:51 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-07-08 21:15:49 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-07-08 21:15:20 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-07-08 21:15:09 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-07-08 21:15:07 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-07-08 21:15:05 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-07-08 21:15:03 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-07-08 21:15:03 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-07-08 21:14:59 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-07-08 21:14:57 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-07-08 21:14:46 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-07-08 21:14:32 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-07-08 21:14:30 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-07-08 21:14:14 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-07-08 21:14:13 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-07-08 21:14:10 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-07-08 21:14:09 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-07-08 21:14:05 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-07-08 21:14:05 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-07-08 21:14:02 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-07-08 21:12:53 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-07-08 21:12:51 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2010-07-08 21:12:39 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2010-07-08 21:12:36 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-07-08 21:12:36 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-07-08 21:12:25 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-07-08 21:12:16 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-07-08 21:12:11 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2010-07-08 21:12:11 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-07-08 21:12:08 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-07-08 21:12:04 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-07-08 21:12:02 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-07-08 21:12:02 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2010-07-08 21:06:10 0 d-----w- c:\windows\Logs
2010-07-08 20:11:43 0 d-----w- c:\docume~1\davidl~1\applic~1\TS3Client
2010-07-08 20:09:41 0 d-----w- c:\program files\TeamSpeak 3 Client
2010-06-21 23:54:55 0 d-----w- c:\program files\iPod
2010-06-21 23:54:37 0 d-----w- c:\program files\iTunes
2010-06-21 23:48:23 0 d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-07-11 10:27:34 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-09 21:50:03 604178 ----a-w- C:\SmitfraudFix.zip
2010-05-18 23:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2005-10-28 18:07:28 17022976 -c--a-w- c:\program files\Microsoft Application Compatibility Toolkit.msi
2005-10-28 17:48:42 24455072 -c--a-w- c:\program files\act30pkg.exe
2005-10-28 17:38:02 6945768 -c--a-w- c:\program files\act26.exe
2004-07-23 12:10:21 12297384 -c--a-w- c:\program files\QuickTimeFullInstaller.exe
2004-07-23 11:46:11 20630968 -c--a-w- c:\program files\iTunesSetup.exe
2008-08-10 15:15:26 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081020080811\index.dat

============= FINISH: 21:58:32.15 ===============

Attached File  Attach.txt   14.68KB   0 downloads

Edited by Orange Blossom, 12 July 2010 - 02:32 PM.
Merged topics. ~ OB


#3 Korlax

Korlax
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 12 July 2010 - 12:58 AM

trying to run the gmer.exe thing but keep bluescreening while it runs.. will keep trying smile.gif

i get this technical error on blue screen o'death
stop: 0x000000f4 (0x00000003, 0x8AAEA920, 0x805FB146)

Edited by Korlax, 12 July 2010 - 01:26 AM.


#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:54 AM

Posted 14 July 2010 - 07:25 AM

Hello Korlax,



Sorry about the delay. sad.gif

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.


If you have trouble running it the first time, then rename ComboFix.exe to Korlax.exe and try again.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Korlax

Korlax
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 14 July 2010 - 05:39 PM

Hi and thanks for your help. Here is the log you asked for. I also have noticed svchost.exe is locking up my computer lately.

Thanks again.

ComboFix 10-07-14.01 - David Lyons 07/14/2010 15:14:19.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2637 [GMT -7:00]
Running from: c:\documents and settings\David Lyons\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\David Lyons\Application Data\Ruef
c:\documents and settings\David Lyons\Application Data\Ruef\hogi.exe
c:\documents and settings\David Lyons\GoToAssistDownloadHelper.exe
c:\documents and settings\David Lyons\Local Settings\Application Data\cxvrhowcj
c:\documents and settings\David Lyons\Local Settings\Application Data\cxvrhowcj\ubupwyltssd.exe
c:\windows\ahuxobedite.dll
c:\windows\akesabamo.dll
c:\windows\aratamew.dll
c:\windows\atayapar.dll
c:\windows\atiyovoxan.dll
c:\windows\avemukimu.dll
c:\windows\avimamaj.dll
c:\windows\axagivajiy.dll
c:\windows\axecuvuhoxuquxoj.dll
c:\windows\axururulipizul.dll
c:\windows\ayexexivu.dll
c:\windows\ayufilelufi.dll
c:\windows\azopikeb.dll
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\edoxazexowal.dll
c:\windows\efeyudafawi.dll
c:\windows\ejeyomebufebosuy.dll
c:\windows\eluxatabivepas.dll
c:\windows\emitexaqakoyup.dll
c:\windows\emopozek.dll
c:\windows\enonexilah.dll
c:\windows\enuregadagakusa.dll
c:\windows\epumofivuta.dll
c:\windows\erokatikun.dll
c:\windows\esijufux.dll
c:\windows\ewemeyuda.dll
c:\windows\exagodinireyi.dll
c:\windows\examofiv.dll
c:\windows\exehukuhox.dll
c:\windows\eyexexivuxeru.dll
c:\windows\icogowel.dll
c:\windows\ijalajun.dll
c:\windows\ikizivanomozo.dll
c:\windows\iniboxavow.dll
c:\windows\ipijadux.dll
c:\windows\itidulig.dll
c:\windows\jestertb.dll
c:\windows\ofoculenela.dll
c:\windows\ogaturetoz.dll
c:\windows\ohakejub.dll
c:\windows\ojovugiy.dll
c:\windows\ojusegefimif.dll
c:\windows\olaquwezanon.dll
c:\windows\opudomip.dll
c:\windows\oqahudafugaho.dll
c:\windows\oqidowur.dll
c:\windows\oqirifej.dll
c:\windows\oqugekajomowap.dll
c:\windows\oribidukemuguxav.dll
c:\windows\ozirifejelap.dll
c:\windows\system32\bszip.dll
c:\windows\system32\comrepl.exe
c:\windows\system32\Data
c:\windows\system32\instsrv.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\ubivamebopevu.dll
c:\windows\ubusehihev.dll
c:\windows\ucuderotegixiv.dll
c:\windows\ugonulurupohofus.dll
c:\windows\uherixatabivepas.dll
c:\windows\uhuxuzayahe.dll
c:\windows\ulizoxuje.dll
c:\windows\umaxaxetetedapes.dll
c:\windows\umehopir.dll
c:\windows\unofoxosivolup.dll
c:\windows\usejebuq.dll
c:\windows\utaqovaruyuqi.dll
c:\windows\utebovis.dll
c:\windows\uwovuhoxuquxojap.dll
c:\windows\uyufafahin.dll
c:\windows\uzaworucatofoke.dll
c:\windows\xpsp1hfm.log

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-06-14 to 2010-07-14 )))))))))))))))))))))))))))))))
.

2010-07-11 03:25 . 2010-07-11 03:25 -------- d-----w- c:\documents and settings\David Lyons\Application Data\Malwarebytes
2010-07-11 03:25 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-11 03:25 . 2010-07-11 03:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-11 03:25 . 2010-07-11 03:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-11 03:25 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-11 03:13 . 2010-07-11 03:13 388096 ----a-r- c:\documents and settings\David Lyons\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-11 03:13 . 2010-07-11 03:13 -------- d-----w- c:\program files\Trend Micro
2010-07-10 05:55 . 2010-07-10 05:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-09 09:39 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-08 21:15 . 2010-06-02 11:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-07-08 21:15 . 2010-06-02 11:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-07-08 21:15 . 2010-06-02 11:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-07-08 21:15 . 2010-05-26 18:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-07-08 21:15 . 2010-05-26 18:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-07-08 21:15 . 2010-05-26 18:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-07-08 21:15 . 2010-05-26 18:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-07-08 21:15 . 2010-05-26 18:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-07-08 21:15 . 2010-02-04 17:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-07-08 21:15 . 2010-02-04 17:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-07-08 21:14 . 2010-02-04 17:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-07-08 21:14 . 2010-02-04 17:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-07-08 21:14 . 2009-09-05 00:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-07-08 21:14 . 2009-09-05 00:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-07-08 21:14 . 2009-09-05 00:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-07-08 21:14 . 2009-09-05 00:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-07-08 21:14 . 2009-09-05 00:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-07-08 21:14 . 2009-09-05 00:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-07-08 21:14 . 2009-09-05 00:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-07-08 21:14 . 2009-03-09 22:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-07-08 21:14 . 2009-03-09 22:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-07-08 21:14 . 2009-03-09 22:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-07-08 21:12 . 2008-03-05 23:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-07-08 21:12 . 2008-03-05 23:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2010-07-08 21:12 . 2008-03-05 23:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2010-07-08 21:12 . 2008-03-05 22:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-07-08 21:12 . 2008-02-06 06:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-07-08 21:12 . 2008-03-05 22:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-07-08 21:12 . 2007-10-22 10:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-07-08 21:12 . 2007-10-12 22:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-07-08 21:12 . 2007-10-02 16:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2010-07-08 21:12 . 2007-10-12 22:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-07-08 21:12 . 2007-07-20 07:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-07-08 21:12 . 2007-07-20 01:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-07-08 21:12 . 2007-07-20 01:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2010-07-08 21:06 . 2010-07-08 21:06 -------- d-----w- c:\windows\Logs
2010-07-08 20:52 . 2010-07-08 20:52 11734 ----a-r- c:\documents and settings\David Lyons\Application Data\Microsoft\Installer\{46E76602-AA6C-463B-91C1-5A715E2AE3B0}\_F3DFBD6183552129A8FAD8.exe
2010-07-08 20:52 . 2010-07-08 20:52 10134 ----a-r- c:\documents and settings\David Lyons\Application Data\Microsoft\Installer\{46E76602-AA6C-463B-91C1-5A715E2AE3B0}\_13F7AF4DC2B387A3F81A4E.exe
2010-07-08 20:11 . 2010-07-08 21:17 -------- d-----w- c:\documents and settings\David Lyons\Application Data\TS3Client
2010-07-08 20:09 . 2010-07-08 20:09 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-06-21 23:54 . 2010-06-21 23:54 -------- d-----w- c:\program files\iPod
2010-06-21 23:54 . 2010-06-21 23:57 -------- d-----w- c:\program files\iTunes
2010-06-21 23:48 . 2010-06-21 23:48 -------- d-----w- c:\program files\Bonjour
2010-06-21 23:44 . 2010-06-21 23:44 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 18:13 . 2009-02-26 17:18 -------- d-----w- c:\documents and settings\David Lyons\Application Data\Nixyke
2010-07-11 10:27 . 2005-07-27 05:52 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-11 10:27 . 2005-07-27 05:51 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-09 21:50 . 2006-11-05 22:24 604178 ----a-w- C:\SmitfraudFix.zip
2010-07-08 22:42 . 2006-06-15 07:39 -------- d-----w- c:\program files\WinEQ2
2010-07-08 20:04 . 2006-01-15 19:13 -------- d-----w- c:\documents and settings\David Lyons\Application Data\teamspeak2
2010-07-08 19:08 . 2004-06-16 02:47 -------- d-----w- c:\program files\EverQuest
2010-06-28 20:57 . 2007-09-20 03:40 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2007-09-20 03:40 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-03-31 03:52 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2007-09-20 03:40 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2007-09-20 03:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2007-09-20 03:40 94544 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-03-31 03:52 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2007-09-20 03:40 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-21 23:54 . 2007-09-05 23:08 -------- d-----w- c:\program files\Common Files\Apple
2010-06-18 10:22 . 2010-06-18 10:22 1984 ----a-w- c:\documents and settings\Jordan Lyons\Local Settings\Application Data\d3d9caps.tmp
2010-06-15 07:32 . 2008-01-13 23:42 -------- d-----w- c:\program files\dl_Cats
2010-06-13 04:28 . 2010-06-13 04:28 503808 ----a-w- c:\documents and settings\Jordan Lyons\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-75bb6d93-n\msvcp71.dll
2010-06-13 04:28 . 2010-06-13 04:28 499712 ----a-w- c:\documents and settings\Jordan Lyons\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-75bb6d93-n\jmc.dll
2010-06-13 04:28 . 2010-06-13 04:28 61440 ----a-w- c:\documents and settings\Jordan Lyons\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7c03b338-n\decora-sse.dll
2010-06-13 04:28 . 2010-06-13 04:28 348160 ----a-w- c:\documents and settings\Jordan Lyons\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-75bb6d93-n\msvcr71.dll
2010-06-13 04:28 . 2010-06-13 04:28 12800 ----a-w- c:\documents and settings\Jordan Lyons\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7c03b338-n\decora-d3d.dll
2010-06-12 02:46 . 2010-06-12 02:46 -------- d-----w- c:\documents and settings\Jordan Lyons\Application Data\Apple Computer
2010-06-10 10:32 . 2009-10-03 00:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-01 01:16 . 2004-07-02 21:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-23 03:31 . 2010-05-23 03:31 503808 ----a-w- c:\documents and settings\David Lyons\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-66d51f91-n\msvcp71.dll
2010-05-23 03:31 . 2010-05-23 03:31 499712 ----a-w- c:\documents and settings\David Lyons\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-66d51f91-n\jmc.dll
2010-05-23 03:31 . 2010-05-23 03:31 348160 ----a-w- c:\documents and settings\David Lyons\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-66d51f91-n\msvcr71.dll
2010-05-23 03:31 . 2010-05-23 03:31 61440 ----a-w- c:\documents and settings\David Lyons\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6086d42d-n\decora-sse.dll
2010-05-23 03:31 . 2010-05-23 03:31 12800 ----a-w- c:\documents and settings\David Lyons\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6086d42d-n\decora-d3d.dll
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2003-07-15 21:01 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2002-08-29 10:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2005-10-28 18:07 . 2005-10-28 18:07 17022976 -c--a-w- c:\program files\Microsoft Application Compatibility Toolkit.msi
2005-10-28 17:48 . 2005-10-28 17:48 24455072 -c--a-w- c:\program files\act30pkg.exe
2005-10-28 17:38 . 2005-10-28 17:37 6945768 -c--a-w- c:\program files\act26.exe
2004-07-23 12:10 . 2004-07-23 12:10 12297384 -c--a-w- c:\program files\QuickTimeFullInstaller.exe
2004-07-23 11:46 . 2004-07-23 11:46 20630968 -c--a-w- c:\program files\iTunesSetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-03 389120]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-14 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-02 7618560]
"nwiz"="nwiz.exe" [2006-06-02 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-02 86016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"DLBXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2007-02-22 73728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-6-10 972320]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:6b38aa859

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\MSN Gaming Zone\\Windows\\BCKGZM.EXE"=
"c:\\Program Files\\MSN Gaming Zone\\Windows\\SHVLZM.EXE"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\WINDOWS\\SYSTEM32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks Pro\\QBDBMgrN.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\WINDOWS\\SYSTEM32\\dlbxcoms.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Sony Pictures Games\\Q-bert 2005\\Q-bert 2005.exe"=
"c:\\Program Files\\EverQuest\\eqgame.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\EverQuest\\EQVoiceService.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1583:TCP"= 1583:TCP:Pervasive DBEngine
"3351:TCP"= 3351:TCP:Pervasive DBEngine
"57342:TCP"= 57342:TCP:Pando Media Booster
"57342:UDP"= 57342:UDP:Pando Media Booster

R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [3/30/2008 8:52 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [3/30/2008 8:52 PM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/13/2010 7:17 AM 135664]
S3 merger;merger;c:\program files\Microsoft Application Compatibility Toolkit\Application Analyzer\merger.exe [9/27/2005 10:33 AM 49152]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [11/6/2007 1:22 PM 34064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 14:16]

2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 14:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tide-guild.eu/forums/index.php
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\David Lyons\Application Data\Mozilla\Firefox\Profiles\43h5walo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tide-guild.eu/forums/index.php
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5577
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKCU-Run-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe
HKCU-Run-{2059973A-B3C0-DAD7-2E15-976212B934BE} - c:\documents and settings\David Lyons\Application Data\Ruef\hogi.exe
HKCU-Run-Gcaxeb - c:\windows\MSC712.dll
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
AddRemove-Monopoly - c:\program files\Hasbro Interactive\Monopoly\Uninst.isu
AddRemove-TaxACT 2003 Preparer's - 1040 Edition - c:\progra~1\2NDSTO~1\TAXACT~2\Unta03.exe
AddRemove-TaxACT 2004 - c:\progra~1\2NDSTO~1\TAXACT~1\Unta04.exe
AddRemove-TaxACT 2004 Preparer's - 1040 Edition - c:\progra~1\2NDSTO~1\TAXACT~3\Unta04.exe
AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files\Pando Networks\Media Booster\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 15:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-14 15:31:33
ComboFix-quarantined-files.txt 2010-07-14 22:31

Pre-Run: 5,877,616,640 bytes free
Post-Run: 7,372,996,608 bytes free

- - End Of File - - FB94D8ECE499042375F4F685E822C43A


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:54 AM

Posted 14 July 2010 - 05:54 PM

Hello,

You're welcome. smile.gif

QUOTE
I also have noticed svchost.exe is locking up my computer lately.
Is it still doing this after running ComboFix and after a reboot?

Also, I see you have MBAM (Malwarebytes). Please be sure it's updated and have a run with it. If there is anything to report, please post it. How is it running now please?

Thanks,
tea

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Korlax

Korlax
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 14 July 2010 - 06:48 PM

all good so far ty.. will let you know if i need more help.. give it 24 hours or so to see smile.gif thanks again


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4314

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/14/2010 4:46:27 PM
mbam-log-2010-07-14 (16-46-27).txt

Scan type: Quick scan
Objects scanned: 177135
Time elapsed: 10 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:54 AM

Posted 14 July 2010 - 07:02 PM

Excellent, and you're most welcome. thumbup2.gif

Go ahead and delete ComboFix and its folder C:\Qoobox. Let me know how it goes. smile.gif

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 Korlax

Korlax
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 14 July 2010 - 07:18 PM

Attached File  screenshotavast.JPG   178.15KB   2 downloads

ok ran avast antivirus and got this log.. what should i do?.. the malwarebytes one said i had no infections.. this one says otherwise

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:54 AM

Posted 14 July 2010 - 07:25 PM

Hi,

Those are all in System Restore and no threat. We can clean that out. thumbup2.gif

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it ( something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Next go to Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Scans should now come up quiet. thumbup2.gif Let me know for sure.

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 Korlax

Korlax
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 17 July 2010 - 10:11 PM

I want to thank you very much for the help you gave me. I have had 0 problems since the last update/fix.

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:54 AM

Posted 20 July 2010 - 01:45 AM

That's great to know, and you're most welcome. smile.gif

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users