Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

PC infected, please help...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: PC infected, please help...

Unread postby molly_malone » November 5th, 2009, 5:56 pm

Me again,

Just wanted to add that i have noticed my pc running a lot better. I no longer get the error message from windows informing me that an aspect of my internet security is not switched on. I no longer get 'this program is not responding' and i generally 'feel' that my pc is 'getting better.'

Thank you once again for all your patience and your wonderful knowledge!

(I've just re-read your post and realised i haven't done it in order...!..sorry, i am so busy trying to make sure i get all the info you need)

I've ran the RSIT (it was still present and correct on my desktop! :) )

Here's the report from log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Am at 2009-11-05 18:03:52
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 98 GB (64%) free of 153 GB
Total RAM: 3071 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:11, on 05/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\vVX1000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
D:\itunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Am\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Am.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\itunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Desktop\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Extermin ... iVirus.dll
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/ins ... sVista.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 6135 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{D8BF1B68-5BE8-4A48-850B-39E17F070BA5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"VX1000"=C:\Windows\vVX1000.exe [2009-06-26 757248]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2009-07-24 118640]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-11-03 2028312]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=D:\itunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Desktop\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot]
C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2008-09-17 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueRegistryBooster]
D:\RegistryBooster 2010\launcher.exe delay 20000 []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-11-05 13:16:42 ----DC---- C:\Desktop
2009-11-05 13:04:05 ----SHDC---- C:\Config.Msi
2009-11-04 20:22:21 ----DC---- C:\rsit
2009-11-04 18:55:10 ----DC---- C:\WINSSLog
2009-11-03 20:44:30 ----DC---- C:\Program Files\Windows Portable Devices
2009-11-03 20:43:13 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-03 20:43:12 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-03 20:43:12 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-03 20:42:34 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-03 20:42:34 ----A---- C:\Windows\system32\cdd.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-03 20:42:33 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\FntCache.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-03 20:42:33 ----A---- C:\Windows\system32\DWrite.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\d2d1.dll
2009-11-03 20:42:32 ----A---- C:\Windows\system32\dxgi.dll
2009-11-03 20:42:32 ----A---- C:\Windows\system32\d3d11.dll
2009-11-03 20:42:32 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-03 20:42:32 ----A---- C:\Windows\system32\d3d10.dll
2009-11-03 20:42:03 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-03 20:42:02 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-03 20:42:02 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-03 20:41:46 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\WpdMtpUS.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\WpdMtp.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\WpdConns.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-03 20:40:37 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-11-03 20:40:37 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-03 20:40:37 ----A---- C:\Windows\system32\oleacc.dll
2009-11-03 20:40:16 ----A---- C:\Windows\system32\mshtml.dll
2009-11-02 21:32:37 ----D---- C:\ProgramData\Lavasoft
2009-11-02 18:43:52 ----A---- C:\Windows\ntbtlog.txt
2009-11-02 17:40:52 ----D---- C:\Users\Am\AppData\Roaming\Mozilla
2009-11-02 12:23:04 ----D---- C:\Users\Am\AppData\Roaming\Uniblue
2009-10-30 22:02:26 ----A---- C:\Windows\system32\wups2.dll
2009-10-30 22:02:25 ----A---- C:\Windows\system32\wucltux.dll
2009-10-30 22:02:25 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-30 22:02:25 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-30 22:01:56 ----A---- C:\Windows\system32\wups.dll
2009-10-30 22:01:56 ----A---- C:\Windows\system32\wudriver.dll
2009-10-30 22:01:56 ----A---- C:\Windows\system32\wuapi.dll
2009-10-30 22:01:41 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-30 22:01:41 ----A---- C:\Windows\system32\wuapp.exe
2009-10-29 20:18:35 ----A---- C:\Windows\system32\GEARAspi.dll
2009-10-29 20:17:41 ----DC---- C:\Program Files\iPod
2009-10-29 20:17:26 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-29 20:09:44 ----DC---- C:\Program Files\QuickTime
2009-10-28 21:18:04 ----D---- C:\Users\Am\AppData\Roaming\WinPatrol
2009-10-28 20:51:08 ----D---- C:\Users\Am\AppData\Roaming\InstallShield
2009-10-28 15:54:07 ----A---- C:\Windows\system32\wmp.dll
2009-10-28 15:53:53 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-28 15:53:50 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-26 21:18:41 ----D---- C:\ProgramData\PCPitstop
2009-10-26 21:16:30 ----D---- C:\Users\Am\AppData\Roaming\Registry Mechanic
2009-10-26 21:15:39 ----D---- C:\Users\Am\AppData\Roaming\TrojanHunter
2009-10-26 19:18:22 ----R---- C:\Windows\system32\streamhlp.dll
2009-10-26 19:13:29 ----AD---- C:\ProgramData\TEMP
2009-10-26 19:12:54 ----D---- C:\Program Files\Common Files\PC Tools
2009-10-26 19:10:20 ----HDC---- C:\$AVG8.VAULT$
2009-10-25 22:53:56 ----D---- C:\Users\Am\AppData\Roaming\Yahoo!
2009-10-25 19:41:15 ----DC---- C:\Program Files\Trend Micro
2009-10-24 21:53:01 ----D---- C:\Windows\system32\Adobe
2009-10-24 21:52:20 ----DC---- C:\Program Files\NOS
2009-10-24 20:18:20 ----A---- C:\Windows\system32\avgrsstx.dll
2009-10-24 20:16:04 ----DC---- C:\Program Files\AVG
2009-10-24 20:16:02 ----D---- C:\ProgramData\avg8
2009-10-23 20:27:50 ----A---- C:\Windows\system32\javaws.exe
2009-10-23 20:27:50 ----A---- C:\Windows\system32\javaw.exe
2009-10-23 20:27:50 ----A---- C:\Windows\system32\java.exe
2009-10-23 20:27:24 ----A---- C:\Windows\system32\jscript.dll
2009-10-23 20:27:10 ----A---- C:\Windows\system32\netiohlp.dll
2009-10-23 20:27:08 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-10-23 20:27:08 ----A---- C:\Windows\system32\ROUTE.EXE
2009-10-23 20:27:08 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-10-23 20:27:08 ----A---- C:\Windows\system32\MRINFO.EXE
2009-10-23 20:27:08 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-10-23 20:27:08 ----A---- C:\Windows\system32\finger.exe
2009-10-23 20:27:08 ----A---- C:\Windows\system32\ARP.EXE
2009-10-23 20:27:07 ----A---- C:\Windows\system32\netevent.dll
2009-10-23 20:26:22 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-10-23 20:26:20 ----A---- C:\Windows\system32\mf.dll
2009-10-23 20:26:10 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-23 20:26:10 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-23 20:25:44 ----A---- C:\Windows\system32\wlansec.dll
2009-10-23 20:25:44 ----A---- C:\Windows\system32\wlanmsm.dll
2009-10-23 20:25:44 ----A---- C:\Windows\system32\L2SecHC.dll
2009-10-23 20:25:43 ----A---- C:\Windows\system32\wlanapi.dll
2009-10-23 20:25:42 ----A---- C:\Windows\system32\wlansvc.dll
2009-10-23 20:25:33 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-23 20:25:19 ----A---- C:\Windows\system32\ieframe.dll
2009-10-23 20:25:17 ----A---- C:\Windows\system32\wininet.dll
2009-10-23 20:25:17 ----A---- C:\Windows\system32\urlmon.dll
2009-10-23 20:25:17 ----A---- C:\Windows\system32\iertutil.dll
2009-10-23 20:25:16 ----A---- C:\Windows\system32\occache.dll
2009-10-23 20:25:16 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-23 20:25:16 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\msfeedssync.exe
2009-10-23 20:25:15 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-23 20:25:15 ----A---- C:\Windows\system32\ieui.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\iesysprep.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\iesetup.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\iernonce.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\iepeers.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-23 20:24:54 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-10-23 20:24:53 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-10-23 20:23:50 ----D---- C:\Users\Am\AppData\Roaming\SoftwareDetectionScripts
2009-10-23 20:22:04 ----A---- C:\Windows\system32\msasn1.dll
2009-10-23 20:17:11 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-23 20:13:39 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-22 20:15:44 ----DC---- C:\Program Files\Microsoft Office

======List of files/folders modified in the last 1 months======

2009-11-05 18:04:11 ----D---- C:\Windows\Temp
2009-11-05 18:04:07 ----D---- C:\Windows\Prefetch
2009-11-05 15:24:54 ----SHD---- C:\System Volume Information
2009-11-05 13:16:44 ----D---- C:\Windows\system32\drivers
2009-11-05 13:10:12 ----D---- C:\Windows\registration
2009-11-05 13:07:20 ----HD---- C:\ProgramData
2009-11-05 13:07:19 ----D---- C:\Windows\System32
2009-11-05 13:07:19 ----D---- C:\Windows\inf
2009-11-05 13:07:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-05 13:07:03 ----D---- C:\Program Files\Virgin Broadband
2009-11-05 13:06:38 ----SHD---- C:\Windows\Installer
2009-11-05 13:06:36 ----D---- C:\Windows\winsxs
2009-11-05 13:04:40 ----DC---- C:\Windows\system32\DRVSTORE
2009-11-05 13:04:13 ----D---- C:\Program Files\Common Files
2009-11-05 13:04:06 ----RDC---- C:\Program Files
2009-11-05 13:03:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-05 13:03:55 ----D---- C:\Users\Am\AppData\Roaming\Virgin Broadband
2009-11-05 13:03:55 ----D---- C:\ProgramData\Virgin Broadband
2009-11-05 13:03:37 ----D---- C:\Windows
2009-11-04 20:00:25 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-11-04 19:44:31 ----D---- C:\Windows\system32\Tasks
2009-11-04 18:56:36 ----SD---- C:\Windows\Downloaded Program Files
2009-11-04 18:56:36 ----SD---- C:\ProgramData\Microsoft
2009-11-04 18:56:05 ----D---- C:\Windows\system32\catroot
2009-11-04 18:48:43 ----D---- C:\Windows\rescache
2009-11-03 20:44:34 ----D---- C:\Windows\system32\en-US
2009-11-03 20:44:30 ----D---- C:\Windows\system32\wbem
2009-11-03 20:44:25 ----D---- C:\Windows\system32\pt-PT
2009-11-03 20:44:25 ----D---- C:\Windows\system32\pt-BR
2009-11-03 20:44:25 ----D---- C:\Windows\system32\pl-PL
2009-11-03 20:44:25 ----D---- C:\Windows\system32\it-IT
2009-11-03 20:44:25 ----D---- C:\Windows\system32\he-IL
2009-11-03 20:44:25 ----D---- C:\Windows\system32\bg-BG
2009-11-03 20:44:24 ----D---- C:\Windows\system32\zh-HK
2009-11-03 20:44:24 ----D---- C:\Windows\system32\uk-UA
2009-11-03 20:44:24 ----D---- C:\Windows\system32\sl-SI
2009-11-03 20:44:24 ----D---- C:\Windows\system32\nl-NL
2009-11-03 20:44:24 ----D---- C:\Windows\system32\ko-KR
2009-11-03 20:44:24 ----D---- C:\Windows\system32\hu-HU
2009-11-03 20:44:24 ----D---- C:\Windows\system32\hr-HR
2009-11-03 20:44:24 ----D---- C:\Windows\system32\fr-FR
2009-11-03 20:44:24 ----D---- C:\Windows\system32\el-GR
2009-11-03 20:44:23 ----D---- C:\Windows\system32\zh-TW
2009-11-03 20:44:23 ----D---- C:\Windows\system32\zh-CN
2009-11-03 20:44:23 ----D---- C:\Windows\system32\tr-TR
2009-11-03 20:44:23 ----D---- C:\Windows\system32\th-TH
2009-11-03 20:44:23 ----D---- C:\Windows\system32\sv-SE
2009-11-03 20:44:23 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-03 20:44:23 ----D---- C:\Windows\system32\sk-SK
2009-11-03 20:44:23 ----D---- C:\Windows\system32\ru-RU
2009-11-03 20:44:23 ----D---- C:\Windows\system32\ro-RO
2009-11-03 20:44:23 ----D---- C:\Windows\system32\lv-LV
2009-11-03 20:44:23 ----D---- C:\Windows\system32\lt-LT
2009-11-03 20:44:23 ----D---- C:\Windows\system32\ja-JP
2009-11-03 20:44:23 ----D---- C:\Windows\system32\fi-FI
2009-11-03 20:44:23 ----D---- C:\Windows\system32\et-EE
2009-11-03 20:44:23 ----D---- C:\Windows\system32\es-ES
2009-11-03 20:44:23 ----D---- C:\Windows\system32\de-DE
2009-11-03 20:44:23 ----D---- C:\Windows\system32\cs-CZ
2009-11-03 20:44:23 ----D---- C:\Windows\system32\ar-SA
2009-11-03 20:44:22 ----D---- C:\Windows\system32\nb-NO
2009-11-03 20:44:22 ----D---- C:\Windows\system32\da-DK
2009-11-03 20:42:24 ----D---- C:\Windows\system32\catroot2
2009-11-02 21:54:45 ----D---- C:\Program Files\Windows Live Safety Center
2009-11-02 18:44:53 ----A---- C:\Windows\NeroDigital.ini
2009-11-02 18:44:14 ----D---- C:\Windows\Debug
2009-11-02 12:42:49 ----D---- C:\Windows\system32\LogFiles
2009-11-02 12:31:06 ----D---- C:\Program Files\CCleaner
2009-10-29 20:34:42 ----D---- C:\Users\Am\AppData\Roaming\Apple Computer
2009-10-29 20:17:39 ----D---- C:\Program Files\Common Files\Apple
2009-10-29 19:47:09 ----D---- C:\Program Files\Internet Explorer
2009-10-29 19:47:08 ----D---- C:\Program Files\Windows Media Player
2009-10-24 20:15:31 ----D---- C:\Program Files\Common Files\microsoft shared
2009-10-24 20:14:36 ----SD---- C:\Users\Am\AppData\Roaming\Microsoft
2009-10-23 21:49:57 ----D---- C:\Windows\ehome
2009-10-23 21:49:57 ----D---- C:\Program Files\Windows Mail
2009-10-23 21:49:56 ----D---- C:\Windows\system32\migration
2009-10-23 21:49:54 ----D---- C:\Windows\AppPatch
2009-10-23 20:27:42 ----D---- C:\Program Files\Java
2009-10-23 20:09:58 ----D---- C:\Program Files\Microsoft Silverlight
2009-10-23 20:00:18 ----RSD---- C:\Windows\Fonts
2009-10-23 19:58:43 ----D---- C:\Windows\system32\config
2009-10-23 19:56:17 ----D---- C:\Windows\Tasks
2009-10-23 19:56:17 ----D---- C:\Windows\system32\spool
2009-10-23 19:56:17 ----D---- C:\Windows\system32\restore
2009-10-23 19:56:16 ----D---- C:\Windows\system32\Msdtc
2009-10-23 19:56:15 ----D---- C:\Windows\system32\CodeIntegrity
2009-10-23 19:56:07 ----RSD---- C:\Windows\assembly
2009-10-23 19:56:07 ----RD---- C:\Users
2009-10-23 19:56:01 ----DC---- C:\Program Files\Movie Maker 2.6
2009-10-23 19:56:01 ----D---- C:\ProgramData\HP Product Assistant
2009-10-23 19:56:00 ----DC---- C:\Program Files\Microsoft LifeCam
2009-10-23 19:55:59 ----DC---- C:\Program Files\Apple Software Update
2009-10-23 19:55:59 ----D---- C:\Program Files\Common Files\LightScribe
2009-10-23 19:55:59 ----D---- C:\Program Files\Bonjour
2009-10-23 19:54:07 ----D---- C:\Windows\Help
2009-10-23 19:54:07 ----D---- C:\Windows\Boot
2009-10-23 19:54:06 ----D---- C:\Program Files\Foxit Software
2009-10-23 19:54:06 ----D---- C:\Program Files\Common Files\Ahead
2009-10-23 19:54:05 ----DC---- C:\Program Files\LightScribe
2009-10-23 19:54:05 ----D---- C:\Windows\servicing
2009-10-23 19:54:05 ----D---- C:\ProgramData\Apple
2009-10-23 19:54:05 ----D---- C:\Program Files\Common Files\HP
2009-10-23 19:54:04 ----D---- C:\Windows\WindowsMobile
2009-10-23 19:54:04 ----D---- C:\Windows\Web
2009-10-23 19:54:04 ----D---- C:\Windows\system32\XPSViewer
2009-10-23 19:54:04 ----D---- C:\Windows\system32\winrm
2009-10-23 19:54:04 ----D---- C:\Windows\system32\WCN
2009-10-23 19:54:04 ----D---- C:\Windows\system32\sysprep
2009-10-23 19:54:04 ----D---- C:\Windows\system32\Speech
2009-10-23 19:54:04 ----D---- C:\Windows\system32\SMI
2009-10-23 19:54:04 ----D---- C:\Windows\system32\slmgr
2009-10-23 19:54:04 ----D---- C:\Windows\system32\RemInst
2009-10-23 19:54:04 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2009-10-23 19:54:04 ----D---- C:\Windows\system32\oobe
2009-10-23 19:54:04 ----D---- C:\Windows\system32\MUI
2009-10-23 19:54:04 ----D---- C:\Windows\system32\migwiz
2009-10-23 19:54:04 ----D---- C:\Windows\system32\licensing
2009-10-23 19:54:04 ----D---- C:\Windows\system32\IME
2009-10-23 19:54:03 ----D---- C:\Windows\system32\DriverStore
2009-10-23 19:54:03 ----D---- C:\Windows\system32\com
2009-10-23 19:54:03 ----D---- C:\Windows\system32\Boot
2009-10-23 19:54:03 ----D---- C:\Windows\Speech
2009-10-23 19:54:03 ----D---- C:\Windows\schemas
2009-10-23 19:54:03 ----D---- C:\Windows\Resources
2009-10-23 19:54:03 ----D---- C:\Windows\Provisioning
2009-10-23 19:54:03 ----D---- C:\Windows\PolicyDefinitions
2009-10-23 19:54:03 ----D---- C:\Windows\PLA
2009-10-23 19:54:03 ----D---- C:\Windows\Performance
2009-10-23 19:54:03 ----D---- C:\Windows\MSAgent
2009-10-23 19:54:02 ----D---- C:\Windows\IME
2009-10-23 19:54:02 ----D---- C:\Windows\DigitalLocker
2009-10-23 19:54:02 ----D---- C:\Windows\Branding
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Sidebar
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Photo Gallery
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows NT
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Journal
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Defender
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Collaboration
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Calendar
2009-10-23 19:54:02 ----D---- C:\Program Files\Reference Assemblies
2009-10-23 19:54:01 ----D---- C:\Program Files\Movie Maker
2009-10-23 19:54:01 ----D---- C:\Program Files\Microsoft Games
2009-10-23 19:54:01 ----D---- C:\Program Files\Common Files\System
2009-10-23 19:54:01 ----D---- C:\Program Files\Common Files\SpeechEngines

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-10-24 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-10-24 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-10-24 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-10-24 108552]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 7379872]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 SaiH8000;SaiH8000; C:\Windows\system32\DRIVERS\SaiH8000.sys [2008-04-04 136832]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S1 SASKUTIL;SASKUTIL; \??\F:\Software\SASKUTIL.sys []
S2 RPSKT;Security Services Driver (x86); C:\Windows\system32\DRIVERS\rp_skt32.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-06-19 79664]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-06-19 81200]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-06-19 16432]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 dvd43llh;dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [2009-08-09 18816]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Profos;Profos; \??\F:\Software\BullGuard\antirootkit\profos.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 Trufos;Trufos; \??\F:\Software\BullGuard\antirootkit\trufos.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 VX1000;VX-1000; C:\Windows\system32\DRIVERS\VX1000.sys [2009-06-26 1956096]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-10-24 297752]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-10-24 1370488]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-04-13 73728]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2009-07-24 139120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S2 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]

-----------------EOF-----------------


Thanks Molly
molly_malone
Regular Member
 
Posts: 21
Joined: October 28th, 2009, 12:37 pm
Location: England
Advertisement
Register to Remove

Re: PC infected, please help...

Unread postby Dakeyras » November 5th, 2009, 7:19 pm

Hi. :)

Hope your well. :D

First things first, i've just re-set my router and password, hopefully stopping those 'Smurfs'

I dl'd the RPSS Removal tool and all went well. Re-booted upon request without any problems.
I am fine thank you.

Glad to learn your computer is performing that much better and appears to be more stable.

Thank you once again for all your patience and your wonderful knowledge!
You are very welcome though many may actually disagree regarding my so called knowledge. Especially my good lady wife! :lol:

Levity aside, thank you non the less for the compliment, it is highly appreciated and such a statement is pleasing to read and reaffirms for myself the time I spend as a volunteer helper is not wasted. :D

(I've just re-read your post and realised i haven't done it in order...!..sorry, i am so busy trying to make sure i get all the info you need)
You are doing absolutely fine lass I assure you!

Are you still having intermittent connection problems at all? If so and your ISP is Virgin Media I do know for a fact they had some problems yesterday(intermittent today also).

MSConfig Advice:

Personally I do not think it wise to use the System Configuration Utility unless you know exactly what your are doing as otherwise serious problems may arise.

I advise you consider this application to use instead, StartupLite.

It is very simple to use(right click on and run in Admin' mode) and quite effective and will advise about any unnecessary system startups that can be safely removed.

Next:

OK take your time with the below, it may appear daunting(it isn't actually and I try my best not to make anything too technical within reason) but I have every confidence non will pose a problem.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Next:

Please download OTM to your Desktop.

  • Right-click OTM and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Code: Select all
:Processes

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
"LinksFolderName"="Links"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=-
[-HKEY_CLASSES_ROOT\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[-HKEY_CLASSES_ROOT\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
[-HKEY_CLASSES_ROOT\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
[-HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}]
[-HKEY_CLASSES_ROOT\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD}]
[-HKEY_CLASSES_ROOT\CLSID\{6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueRegistryBooster]

:Files
C:\Users\Am\AppData\Roaming\Uniblue
C:\Users\Am\AppData\Roaming\WinPatrol
C:\Users\Am\AppData\Roaming\Registry Mechanic
C:\Users\Am\AppData\Roaming\TrojanHunter
C:\Program Files\Common Files\PC Tools
C:\ProgramData\Spybot - Search & Destroy
C:\Program Files\Windows Live Safety Center

:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following:

  • How is you computer performing now? Any problems encountered and or any further symptoms?
  • ISP connection problems still with the Router(wireless) connected hardware?
  • OTM Log.
  • ESET Log.
  • A new HijackThis Log.

Note: I do not need to see a new RSIT log at this time. Do however right click on HijackThis.exe and select Run as Administrator.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: PC infected, please help...

Unread postby molly_malone » November 6th, 2009, 3:55 pm

Helloooo,

You are very welcome though many may actually disagree regarding my so called knowledge. Especially my good lady wife!


Laughed out loud at that,what!....does she not appreciate your computer wizardry!? ;)

[quote][/Are you still having intermittent connection problems at all? If so and your ISP is Virgin Media I do know for a fact they had some problems yesterday(intermittent today also).
quote]

Yeah, lost connection again earlier today whilst i was trying to run the reports/scans etc. you requested. It doesn't last very long, just a few minutes, if that. Haven't noticed any loss of connection this evening, although the night is still young! :) (no, ...im not a pesamist! )

I appreciate your advice regarding MS config, i've taken it onboard and won't be dabbling in that area again. :oops: (thanks btw for the startuplite link)

[quote]Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so./quote]

All done without any problems.
molly_malone
Regular Member
 
Posts: 21
Joined: October 28th, 2009, 12:37 pm
Location: England

Re: PC infected, please help...

Unread postby molly_malone » November 6th, 2009, 3:58 pm

Right, time for the log reports:

I ran the OTM program as you advised, here are the results:

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\\"LinksFolderName"|"Links" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD}\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueRegistryBooster\ deleted successfully.
========== FILES ==========
C:\Users\Am\AppData\Roaming\Uniblue\RegistryBooster 2010\_temp moved successfully.
C:\Users\Am\AppData\Roaming\Uniblue\RegistryBooster 2010\history moved successfully.
C:\Users\Am\AppData\Roaming\Uniblue\RegistryBooster 2010\backup moved successfully.
C:\Users\Am\AppData\Roaming\Uniblue\RegistryBooster 2010 moved successfully.
C:\Users\Am\AppData\Roaming\Uniblue moved successfully.
C:\Users\Am\AppData\Roaming\WinPatrol\vault moved successfully.
C:\Users\Am\AppData\Roaming\WinPatrol moved successfully.
C:\Users\Am\AppData\Roaming\Registry Mechanic moved successfully.
C:\Users\Am\AppData\Roaming\TrojanHunter moved successfully.
C:\Program Files\Common Files\PC Tools\sMonitor moved successfully.
C:\Program Files\Common Files\PC Tools moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs moved successfully.
C:\ProgramData\Spybot - Search & Destroy moved successfully.
C:\Program Files\Windows Live Safety Center\History\Results\System moved successfully.
C:\Program Files\Windows Live Safety Center\History\Results moved successfully.
C:\Program Files\Windows Live Safety Center\History moved successfully.
C:\Program Files\Windows Live Safety Center moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Am
->Temp folder emptied: 5556964 bytes
->Temporary Internet Files folder emptied: 10263943 bytes
->Java cache emptied: 3970 bytes
->FireFox cache emptied: 13780521 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 15863 bytes
RecycleBin emptied: 2376004 bytes

Total Files Cleaned = 30.51 mb


OTM by OldTimer - Version 3.0.0.6 log created on 11062009_124528

Files moved on Reboot...

Registry entries deleted on Reboot...
molly_malone
Regular Member
 
Posts: 21
Joined: October 28th, 2009, 12:37 pm
Location: England

Re: PC infected, please help...

Unread postby molly_malone » November 6th, 2009, 4:16 pm

:roll: Im really annoyed with myself right now, i've ran the Eset scan and closed the program thinking it would save the scan report.....well it hasn't, so im re-running the scan now. Although, i did notice it didn't pick up anything.

I'll post the log as soon as its finished, sorry about this
molly_malone
Regular Member
 
Posts: 21
Joined: October 28th, 2009, 12:37 pm
Location: England

Re: PC infected, please help...

Unread postby Dakeyras » November 6th, 2009, 4:25 pm

Hi. :)

Im really annoyed with myself right now, i've ran the Eset scan and closed the program thinking it would save the scan report.....well it hasn't, so im re-running the scan now. Although, i did notice it didn't pick up anything.
I'll post the log as soon as its finished, sorry about this
Not a problem.

Check here first before re-running the scan:-

C:\ >> Program Files >> ESET >> EsetOnlineScanner >> log.txt

For future reference the below is the Virgin Media service status:-

http://status-cable.virginmedia.com/vmstatus/summary.do

I would take it with a pinch of salt however as they can be liberal with the facts/truth at times, especially the so called help desk!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: PC infected, please help...

Unread postby molly_malone » November 6th, 2009, 4:55 pm

:D what would i do with out your help! your a star! ...i found the log.txt

Here it is:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=091bddc66d504c49ba39aa799da2ca0a
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-06 01:12:21
# local_time=2009-11-06 01:12:21 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 1016783 1016783 0 0
# compatibility_mode=1024 16777215 100 0 1097494 1097494 0 0
# compatibility_mode=5892 16776573 100 100 235776 95045586 0 0
# compatibility_mode=8192 67108863 100 0 3697 3697 0 0
# scanned=5227
# found=0
# cleaned=0
# scan_time=283
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=091bddc66d504c49ba39aa799da2ca0a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-06 07:24:44
# local_time=2009-11-06 07:24:44 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 1032800 1032800 0 0
# compatibility_mode=1024 16777215 100 0 1113511 1113511 0 0
# compatibility_mode=5892 16776573 100 100 251793 95061603 0 0
# compatibility_mode=8192 67108863 100 0 19714 19714 0 0
# scanned=148301
# found=0
# cleaned=0
# scan_time=6610
esets_scanner_update returned -1 esets_gle=53251
molly_malone
Regular Member
 
Posts: 21
Joined: October 28th, 2009, 12:37 pm
Location: England

Re: PC infected, please help...

Unread postby molly_malone » November 6th, 2009, 5:08 pm

How are things looking Dakeyras ?? Is/Was the malware bad, bad bad or really BAD???

I have a major interest in computers and would love to have your knowledge, (im currently learning about html etc, im loving it!)

You guys on here should be paid for what you do, i certainly would have paid for your help, the amount of time and effort that you have put in is just fantastic.
I know i've said this in my previous posts, but you really have given me the most fab help and support and I thank you once again.

I must say i have noticed a massive difference with the general runnings of my pc. It boots up quicker, shuts down quicker, apps don't hang, no probs with the security side of things (no error messages)

Thanks for the link for virgin media, i know exactly where your coming from regarding the "take it with a pinch of salt" i've contacted them a few times in the past and...well lets just say I wasn't impressed.

Thanks
Moll

P.S i hope you don't mind me asking, but are you Scottish?? (as im typing this, i've just lost internet connection again.)
molly_malone
Regular Member
 
Posts: 21
Joined: October 28th, 2009, 12:37 pm
Location: England

Re: PC infected, please help...

Unread postby Dakeyras » November 6th, 2009, 7:39 pm

Hi. :)

Is/Was the malware bad, bad bad or really BAD???
Actually as far as I can tell you never actually had a malware problem persay but rather a lot of system conflicts which we have rectified.

I have a major interest in computers and would love to have your knowledge, (im currently learning about html etc, im loving it!)
By all means if interested in this side of IT consider the training, with regard to Anti-Malware there just is not enough trained helpers to cope with the amount of assistance requested here and the other forums that provide such:-

Those with an interest in malware removal - why not join our university to learn how to help others.
Malware Removal University - Click here to read about it.

There will probably be a wait whist your application is processed if you do apply.

You guys on here should be paid for what you do, i certainly would have paid for your help, the amount of time and effort that you have put in is just fantastic.
I know i've said this in my previous posts, but you really have given me the most fab help and support and I thank you once again.
I do this because I enjoy assisting others afflicted by malware.........which is I will add basically criminal activity and or merely propagated by lowlife's with nothing better to do rather than seek some form of perverse pleasure from destroying unwitting genuine peoples computers.

I must say i have noticed a massive difference with the general runnings of my pc. It boots up quicker, shuts down quicker, apps don't hang, no probs with the security side of things (no error messages)
Good to know.

P.S i hope you don't mind me asking, but are you Scottish?? (as im typing this, i've just lost internet connection again.)
No I am not a Albannach, though I am indeed a Celt by birth and my first language is Gaeilge. ;)

Any other issues apart from the ISP problems? Before I advise how to clean up the tools we have used and provide some online safety advice?
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: PC infected, please help...

Unread postby molly_malone » November 8th, 2009, 5:08 pm

Hi :)

I was really shocked to hear that i didn't actually have a malware problem (in a good way you understand) I was also suprised that i wasn't told to go elsewhere as the site is about removing malware. It just shows really what a good site this really is, and the fact that you guys are willing to help even if malware isn't the problem. :thumbleft:

I am seriously thinking about joining the malware removal university, it fascinates me how you guys manage to read all those reports and know exactly how to deal with them.
The only thing that i think may stop me (temporarily may i add) is my two year old son. He is the hardest of hard work and takes up a hell of a lot of my time. Maybe i'll wait until he's a wee bit older and then look into it. It would be great to be able to understand what those HJT logs really mean, how to solve them etc.
I'd love to be able to help people remove the nasties on there pc, it must be a good feeling ey? :D along with the feeling of beating those lowlifes.

Had a few probs with the pc earlier. When i booted up the firewall on AVG wouldn't switch on, after a few attempts it did finally turn on, but i wonder why this is happening when my pc has been running so well. Internet explorer hung on me a couple of times and as a result i've had to re-write my reply to you a few times which isn't really a problem, just time consuming (I'm not complaining btw, i am so grateful for your time and help)

P.S i hope you don't mind me asking, but are you Scottish?? (as im typing this, i've just lost internet connection again.)
No I am not a Albannach, though I am indeed a Celt by birth and my first language is Gaeilge.

I had a feeling there was a Celt/Scottish link when you mentioned the word 'lass' in your last post. I was curious at your location being 'The tundra'. (Scouser here :) )

I shall look forward to hearing from you.

Regards
Moll
molly_malone
Regular Member
 
Posts: 21
Joined: October 28th, 2009, 12:37 pm
Location: England

Re: PC infected, please help...

Unread postby Dakeyras » November 8th, 2009, 7:25 pm

Hi. :)

I was really shocked to hear that i didn't actually have a malware problem (in a good way you understand) I was also suprised that i wasn't told to go elsewhere as the site is about removing malware. It just shows really what a good site this really is, and the fact that you guys are willing to help even if malware isn't the problem.
Well it is good news indeed eh,overall the initial problems arose due to several system conflicts from numerous security based applications being active and or partially so. Plus with your concerns about what the Nat Feature of your Router blocked you took the correct course of action seeking assistance.

I am seriously thinking about joining the malware removal university, it fascinates me how you guys manage to read all those reports and know exactly how to deal with them.
The only thing that i think may stop me (temporarily may i add) is my two year old son. He is the hardest of hard work and takes up a hell of a lot of my time. Maybe i'll wait until he's a wee bit older and then look into it. It would be great to be able to understand what those HJT logs really mean, how to solve them etc.
I understand completely having a very young son myself.

Had a few probs with the pc earlier. When i booted up the firewall on AVG wouldn't switch on, after a few attempts it did finally turn on, but i wonder why this is happening when my pc has been running so well. Internet explorer hung on me a couple of times and as a result i've had to re-write my reply to you a few times which isn't really a problem, just time consuming (I'm not complaining btw, i am so grateful for your time and help)
OK I think it may be possible that the AVG installation may have become corrupted due to the aforementioned system conflicts.

Lets try and see if a repair of the installation will be of help as follows:-

Now please go to Start >> Control Panel >> Programs and Features and locate AVG 8.5.

Click once on AVG 8.5 to highlight .........if the Repair option is visible select it and or click on Uninstall/Change then there should be a Repair option.

Let myself know the outcome please.

Next:

It might be prudent to reset IE8 as sometimes it may also become unstable as follows:-

Reset IE8:

  • Please download this Microsoft FixIt and save it to the desktop.
  • Right click on MicrosoftFixit50195.exe and select Run as Administrator >> I Agree and click on Next.
  • Follow the on-screen prompts.
  • You may delete MicrosoftFixit50195.exe when finished and or keep it if any problems in the future with IE8.
  • Next time IE8 is launched you will be prompted to reapply settings again, this is normal.

Note: Any add-ons will require to be reapplied after the above reset.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: PC infected, please help...

Unread postby molly_malone » November 10th, 2009, 8:55 am

Hya :wave:

Click once on AVG 8.5 to highlight .........if the Repair option is visible select it and or click on Uninstall/Change then there should be a Repair option


The only option that it gave me was 'uninstall' option - no repair option visible?

I've ran the MicrosoftFixit tool without any problem. Haven't noticed a difference as yet as, but i haven't really used it much (on my dinner hour at the moment)

Look forward to hearing from you.

Regards
Molly
molly_malone
Regular Member
 
Posts: 21
Joined: October 28th, 2009, 12:37 pm
Location: England

Re: PC infected, please help...

Unread postby Dakeyras » November 10th, 2009, 12:28 pm

Hi. :)

OK lets see how it goes for a few days. I did locate this pertaining to the AVG Firewall if it happens again.

Note: click on Firewall is inactive or not working to expand the information.

Going over the logs again it appears the Vista firewall is enabled, this may be the cause/conflict. So best to disable the Vista in-built firewall so no system conflicts arise with the AVG Firewall:- Turn Windows Firewall on or off

Next:

Congratulations your computer now appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

OTC:

Please download OTC and save it to desktop. This tool will remove all the tools(and logs created)
we used to clean your pc.

  • Right-click OTC.exe and select Run as Administrator..
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCl attempting to contact the internet, please allow it to do so.

The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Reset the System Restore points:

Create a new, clean System Restore point:-

  • Right click on Computer and select Properties > System protection. > Create.
  • Give this restore point a descriptive name and click Create.
  • When done, click Apply > OK.

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush old System Restore points:-

  • Right click on Computer and select Properties > System protection.
  • (untick) Vista C system box an click Turn off system restore then Apply > OK.
  • Restart your computer.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed combination security application, AVG8 Security Suite automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Keep your system updated:

  • Click on Start(Vista Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.

Be careful when opening attachments and downloading files:

  • Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  • Never open emails from unknown senders.
  • Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  • Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:


Only use one of the above!

Finally a educational source:

To learn more about how to protect yourself while on the internet read this article by Tony Klein:

So how did I get infected in the first place?

Some consider this article outdated, personally I still think it bares relevance and the author is well respected in the Anti-Malware community and by myself also!

Any questions? Feel free to ask, if not stay safe!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: PC infected, please help...

Unread postby NonSuch » November 12th, 2009, 5:44 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 15 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware