Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I've got something but I don't know what - HELP!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: I've got something but I don't know what - HELP!

Unread postby Cypher » April 14th, 2010, 5:22 am

Hi jkgolden.
twice today wife got google search re-directs

Ok I need you to run the GMER scan again but slightly different this time. The last time you unchecked Sections, this time I'd like you to leave it checked. (Ignore the part of the image below that shows Sections unchecked).


Gmer

  • Double click the .exe file (ygdt8ih9.exe). If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
    Image
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • Sections <--leave this checked please
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
    • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.



Logs/Information to Post in your Next Reply

  • Gmer.txt log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Re: I've got something but I don't know what - HELP!

Unread postby jkgolden » April 15th, 2010, 6:30 am

Update: occasional pop-up/redirect (from google search).
Strange entrys in web history.
wapmail.myhelio.com
wd.sharethis.com
still not connecting to windows update.

Q. At this point , am I better off just to reformat?

GMER log: - NOTE - message at end of scan saying rootkit activity found.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-15 06:22:40
Windows 5.1.2600 Service Pack 2
Running: ygdt8ih9.exe; Driver: C:\DOCUME~1\John\LOCALS~1\Temp\uxlcrpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xED7EC36E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xED7ECA86]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xED7ED60C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xED7EDB40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xED7ECD78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xED7EB460]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xED7EDA18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xED7EAD0A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xED7ED8D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xED7EC102]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xED7EDC72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xED7EF40E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xED7EC886]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xED7ED976]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xED7EBA20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xED7EBCF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xED7ED21C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xED7EF980]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xED7EBE3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xED7EBEE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xED7ED016]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xED7EEEA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xED7EB43C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xED7EB44E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xED7EC030]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xED7EDBE2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xED7ECB08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xED7EB604]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xED7EDAB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xED7EC56E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xED7EF438]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xED7EDD14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xED7EC492]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xED7EBF8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xED7EBBB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xED7EB8BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xED7EF128]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xED7EBB34]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xED7EB0C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xED7EE09E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xED7EDF64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xED7EEC30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xED7EB224]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xED7EF860]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xED7EAEC4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xED7ED312]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xED7EC984]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xED7EE5F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xED7EEFA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xED7EF4C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xED7EB744]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xED7EF5A6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xED7EF6D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xED7EEDD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xED7EC6EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xED7EC63C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xED7EC7C8]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 114 804E2770 16 Bytes [02, C1, 7E, ED, 72, DC, 7E, ...] {ADD AL, CL; JLE 0xfffffffffffffff1; JB 0xffffffffffffffe2; JLE 0xfffffffffffffff5; PUSH CS; HLT ; JLE 0xfffffffffffffff9; XCHG AL, CL; JLE 0xfffffffffffffffd}
.text ntoskrnl.exe!_abnormal_termination + 150 804E27AC 5 Bytes [F8, BC, 7E, ED, 1C]
.text ntoskrnl.exe!_abnormal_termination + 156 804E27B2 2 Bytes [7E, ED] {JLE 0xffffffffffffffef}
.text ntoskrnl.exe!_abnormal_termination + 1D9 804E2835 3 Bytes [B4, 7E, ED] {MOV AH, 0x7e; IN EAX, DX}
.text ntoskrnl.exe!_abnormal_termination + 34C 804E29A8 16 Bytes [34, BB, 7E, ED, C2, B0, 7E, ...] {XOR AL, 0xbb; JLE 0xfffffffffffffff1; RET 0x7eb0; IN EAX, DX; SAHF ; LOOPNZ 0x89; IN EAX, DX; FISTP QWORD FS:[ESI-0x13]}
.text ...
.text ntoskrnl.exe!IoIsOperationSynchronous 804E8752 5 Bytes JMP ED7E17DE \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80503C29 5 Bytes JMP ED7E1424 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[480] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[480] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[480] USER32.dll!VRipOutput + FFFA4DE7 7E412A78 4 Bytes [70, 11, 32, 6D]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2056] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 01244832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2056] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 01169315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2056] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 0135E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2056] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 0135DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2056] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 0135DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2056] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 0135DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2056] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 0135DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2056] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 0135E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2056] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 0135DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3208] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3208] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3208] USER32.dll!VRipOutput + FFFA4DE7 7E412A78 4 Bytes [70, 11, 32, 6D]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4992] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 011A1CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4992] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 0123DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4992] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 01244832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4992] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 01169315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4992] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 0123DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4992] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 0135E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4992] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 0135DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4992] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 0135DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4992] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 0135DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4992] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 0135DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4992] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 0135E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4992] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 0135DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4992] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 0124488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5576] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 011A1CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5576] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 0123DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5576] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 01244832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5576] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 01169315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5576] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 0123DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5576] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 0135E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5576] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 0135DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5576] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 0135DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5576] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 0135DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5576] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 0135DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5576] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 0135E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5576] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 0135DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5576] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 0124488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Ahead Software AG)
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Ahead Software AG)
AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)
---- Processes - GMER 1.0.15 ----

Library C:\Documents (*** hidden *** ) @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [480] 0x02590000
Library C:\Documents (*** hidden *** ) @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [480] 0x08830000

---- EOF - GMER 1.0.15 ----
jkgolden
Regular Member
 
Posts: 24
Joined: March 28th, 2010, 10:05 pm

Re: I've got something but I don't know what - HELP!

Unread postby Cypher » April 15th, 2010, 11:57 am

Hi jkgolden.
At this point , am I better off just to reformat?

If at any time you would prefer to reformat you're PC just let me know, i will understand you're decision :)
Malware is changing all the time and it's proving difficulty at the minute to track down what's causing these redirects.
Ok lets try this.

FileLister

Please download FileLister from Here and save it to you're Desktop.
  • Right Click ->> Extract all ->> and extract it to your Desktop
    Additional help on extracting zip files can be found Here
  • Open the File Lister Folder.
  • Double Click FileLister.VBS
  • As the program runs, it will appear that nothing is happening.
  • When the program is finished it will produce a log for you C:\Files.txt
  • Copy and paste the contents of that log in your reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: I've got something but I don't know what - HELP!

Unread postby jkgolden » April 16th, 2010, 12:37 am

program also made UNI.txt and Hidden.txt

Files.txt:

+++++++++++++++++++++++++++
+ File Lister Version 1.1.4 +
+ +
+ By bamajim / SpywareHammer.com +
+++++++++++++++++++++++++++

Report ran on --->>> 4/16/2010 12:30:50 AM

====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

====== BHO's ======
BHO: (NO NAME) - -

====== System Keys (some whitelisted items will not be shown)======

Winlogon\Userinit = C:\WINDOWS\system32\userinit.exe,
Winlogon\Shell = Explorer.exe

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[IgfxTray] = C:\WINDOWS\system32\igfxtray.exe
[HotKeysCmds] = C:\WINDOWS\system32\hkcmd.exe
[SoundMan] = SOUNDMAN.EXE
[LTMSG] = LTMSG.exe 7
[Norton PasswordManager] = C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {D1AFB197-5F24-49f4-9571-2F28A9798936}
[NeroFilterCheck] = C:\WINDOWS\system32\NeroCheck.exe
[InCD] = C:\Program Files\Ahead\InCD\InCD.exe
[HP Software Update] = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[PWRISOVM.EXE] = C:\Program Files\PowerISO\PWRISOVM.EXE
[AVP] = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
[GrooveMonitor] = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[AcctMgr] = C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
[Kernel and Hardware Abstraction Layer] = KHALMNPR.EXE
[QuickTime Task] = "C:\Program Files\QuickTime\qttask.exe" -atboottime
[iTunesHelper] = "C:\Program Files\iTunes\iTunesHelper.exe"

====== HKCU\~\Run Keys ======

[ctfmon.exe] = C:\WINDOWS\system32\ctfmon.exe

====== DNS Info (List may be empty) ======


NV Hostname = golden-home
DataBasePath = %SystemRoot%\System32\drivers\etc
ForwardBroadcasts = 0
IPEnableRouter = 0
Hostname = golden-home
UseDomainNameDevolution = 1
DeadGWDetectDefault = 1
DontAddDefaultGatewayDefault = 0
DhcpNameServer = 192.168.1.1

====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

4/4/2010 4:47:45 PM 8123194 C:\cmdcons
4/4/2010 4:47:49 PM 860672 C:\cmdcons\SYSTEM32
4/4/2010 4:44:04 PM 3104617 C:\Qoobox
4/4/2010 4:44:50 PM 13783 C:\Qoobox\BackEnv
4/4/2010 4:44:04 PM 1478709 C:\Qoobox\Quarantine
4/4/2010 4:49:28 PM 1470287 C:\Qoobox\Quarantine\C
4/4/2010 5:04:49 PM 13951 C:\Qoobox\Quarantine\C\Documents and Settings
4/4/2010 5:04:49 PM 13951 C:\Qoobox\Quarantine\C\Documents and Settings\All Users
4/4/2010 5:04:49 PM 13053 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Documents
4/4/2010 5:04:53 PM 898 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu
4/4/2010 5:04:57 PM 1456336 C:\Qoobox\Quarantine\C\WINDOWS
4/4/2010 5:04:57 PM 39424 C:\Qoobox\Quarantine\C\WINDOWS\AppPatch
4/4/2010 5:05:12 PM 1367976 C:\Qoobox\Quarantine\C\WINDOWS\system32
4/4/2010 5:05:16 PM 1355264 C:\Qoobox\Quarantine\C\WINDOWS\system32\System
4/4/2010 4:44:04 PM 8218 C:\Qoobox\Quarantine\Registry_backups
4/8/2010 12:33:09 AM 170 C:\RECYCLER
4/8/2010 12:33:09 AM 85 C:\RECYCLER\S-1-5-21-1801674531-2052111302-839522115-1003
4/9/2010 10:26:34 AM 85 C:\RECYCLER\S-1-5-21-1801674531-2052111302-839522115-1005
4/2/2010 6:42:16 AM 76048 C:\rsit
3/28/2010 3:07:35 PM 200601 C:\SDFix
3/28/2010 3:07:35 PM 200264 C:\SDFix\apps
3/28/2010 3:07:42 PM 7280 C:\SDFix\apps\Replace
3/28/2010 3:07:42 PM 3015 C:\SDFix\apps\Replace\w2k
3/28/2010 3:07:43 PM 4265 C:\SDFix\apps\Replace\xp
4/12/2010 10:10:50 PM 303118 C:\_OTL
4/12/2010 10:10:50 PM 303118 C:\_OTL\MovedFiles
4/12/2010 10:10:50 PM 294804 C:\_OTL\MovedFiles\04122010_221050
4/12/2010 10:22:36 PM 294804 C:\_OTL\MovedFiles\04122010_221050\C_Documents and Settings
4/12/2010 10:22:36 PM 294804 C:\_OTL\MovedFiles\04122010_221050\C_Documents and Settings\John
4/12/2010 10:22:36 PM 294804 C:\_OTL\MovedFiles\04122010_221050\C_Documents and Settings\John\Local Settings
4/12/2010 10:22:36 PM 294804 C:\_OTL\MovedFiles\04122010_221050\C_Documents and Settings\John\Local Settings\Temporary Internet Files
4/12/2010 10:22:36 PM 294804 C:\_OTL\MovedFiles\04122010_221050\C_Documents and Settings\John\Local Settings\Temporary Internet Files\AntiPhishing
4/2/2010 5:59:45 PM 9886021 C:\_OTM
4/2/2010 5:59:45 PM 9886021 C:\_OTM\MovedFiles
4/2/2010 5:59:45 PM 9508971 C:\_OTM\MovedFiles\04022010_175945
4/2/2010 6:00:01 PM 5859748 C:\_OTM\MovedFiles\04022010_175945\C_Documents and Settings
4/2/2010 6:00:01 PM 5859748 C:\_OTM\MovedFiles\04022010_175945\C_Documents and Settings\John
4/2/2010 6:00:01 PM 5859748 C:\_OTM\MovedFiles\04022010_175945\C_Documents and Settings\John\Application Data
4/2/2010 6:00:02 PM 3648751 C:\_OTM\MovedFiles\04022010_175945\C_Program Files
4/2/2010 6:00:02 PM 422720 C:\_OTM\MovedFiles\04022010_175945\C_Program Files\DNA
4/2/2010 6:00:01 PM 472 C:\_OTM\MovedFiles\04022010_175945\C_WINDOWS
4/2/2010 6:00:01 PM 472 C:\_OTM\MovedFiles\04022010_175945\C_WINDOWS\tasks
4/6/2010 9:37:13 PM 362800 C:\_OTM\MovedFiles\04062010_213713
4/6/2010 10:00:51 PM 362066 C:\_OTM\MovedFiles\04062010_213713\C_Documents and Settings
4/6/2010 10:00:51 PM 362066 C:\_OTM\MovedFiles\04062010_213713\C_Documents and Settings\John
4/6/2010 10:00:51 PM 362066 C:\_OTM\MovedFiles\04062010_213713\C_Documents and Settings\John\Local Settings
4/6/2010 10:00:51 PM 32768 C:\_OTM\MovedFiles\04062010_213713\C_Documents and Settings\John\Local Settings\Temp
4/6/2010 10:00:51 PM 329298 C:\_OTM\MovedFiles\04062010_213713\C_Documents and Settings\John\Local Settings\Temporary Internet Files
4/6/2010 10:00:51 PM 294804 C:\_OTM\MovedFiles\04062010_213713\C_Documents and Settings\John\Local Settings\Temporary Internet Files\AntiPhishing
4/6/2010 10:00:51 PM 34494 C:\_OTM\MovedFiles\04062010_213713\C_Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5
4/6/2010 10:00:51 PM 34494 C:\_OTM\MovedFiles\04062010_213713\C_Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\R33AKH3R
4/6/2010 9:37:22 PM 734 C:\_OTM\MovedFiles\04062010_213713\C_WINDOWS
4/6/2010 9:37:22 PM 734 C:\_OTM\MovedFiles\04062010_213713\C_WINDOWS\system32
4/6/2010 9:37:22 PM 734 C:\_OTM\MovedFiles\04062010_213713\C_WINDOWS\system32\drivers
4/6/2010 9:37:22 PM 734 C:\_OTM\MovedFiles\04062010_213713\C_WINDOWS\system32\drivers\etc
4/4/2010 4:47:56 PM 211 32 C:\Boot.bak
4/4/2010 4:47:50 PM 260272 32 C:\cmldr
4/8/2010 12:31:43 AM 21916 32 C:\ComboFix.txt
4/2/2010 6:21:31 PM 367 32 C:\rkill.log
4/2/2010 5:59:25 PM 257569637 C:\WINDOWS\ERDNT
4/12/2010 10:10:05 PM 58268520 C:\WINDOWS\ERDNT\4-12-2010
4/12/2010 10:10:08 PM 8396800 C:\WINDOWS\ERDNT\4-12-2010\Users
4/12/2010 10:10:08 PM 8220672 C:\WINDOWS\ERDNT\4-12-2010\Users\00000001
4/12/2010 10:10:08 PM 176128 C:\WINDOWS\ERDNT\4-12-2010\Users\00000002
4/2/2010 5:59:25 PM 58190694 C:\WINDOWS\ERDNT\4-2-2010
4/2/2010 5:59:28 PM 8351744 C:\WINDOWS\ERDNT\4-2-2010\Users
4/2/2010 5:59:28 PM 8175616 C:\WINDOWS\ERDNT\4-2-2010\Users\00000001
4/2/2010 5:59:29 PM 176128 C:\WINDOWS\ERDNT\4-2-2010\Users\00000002
4/4/2010 4:40:24 PM 58252134 C:\WINDOWS\ERDNT\4-4-2010
4/4/2010 4:40:27 PM 8380416 C:\WINDOWS\ERDNT\4-4-2010\Users
4/4/2010 4:40:27 PM 8204288 C:\WINDOWS\ERDNT\4-4-2010\Users\00000001
4/4/2010 4:40:28 PM 176128 C:\WINDOWS\ERDNT\4-4-2010\Users\00000002
4/4/2010 5:21:47 PM 24110064 C:\WINDOWS\ERDNT\cache
4/4/2010 4:44:50 PM 58748225 C:\WINDOWS\ERDNT\Hiv-backup
4/8/2010 12:12:39 AM 8876032 C:\WINDOWS\ERDNT\Hiv-backup\Users
4/8/2010 12:12:39 AM 233472 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001
4/8/2010 12:12:39 AM 8192 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002
4/8/2010 12:12:39 AM 229376 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003
4/8/2010 12:12:39 AM 8192 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004
4/8/2010 12:12:39 AM 8220672 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005
4/8/2010 12:12:39 AM 176128 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006
3/25/2010 11:14:52 PM 29309421 C:\WINDOWS\ie8
3/25/2010 11:14:52 PM 1116728 C:\WINDOWS\ie8\spuninst
4/14/2010 10:35:53 AM 0 32 C:\WINDOWS\0.log
4/4/2010 4:45:11 PM 80412 32 C:\WINDOWS\grep.exe
3/28/2010 4:28:45 PM 131 32 C:\WINDOWS\IDB.zip
4/4/2010 4:45:11 PM 77312 32 C:\WINDOWS\MBR.exe
4/8/2010 12:12:07 AM 31232 32 C:\WINDOWS\NIRCMD.exe
4/4/2010 4:45:11 PM 261632 32 C:\WINDOWS\PEV.exe
3/28/2010 4:28:45 PM 879 32 C:\WINDOWS\RegISSImport.xml
3/28/2010 4:28:45 PM 882 32 C:\WINDOWS\RegSDImport.xml
4/4/2010 4:45:11 PM 98816 32 C:\WINDOWS\sed.exe
4/4/2010 4:45:11 PM 161792 32 C:\WINDOWS\SWREG.exe
4/4/2010 4:45:11 PM 136704 32 C:\WINDOWS\SWSC.exe
4/4/2010 4:45:11 PM 212480 32 C:\WINDOWS\SWXCACLS.exe
3/28/2010 4:28:45 PM 1152444 32 C:\WINDOWS\UDB.zip
3/28/2010 7:36:10 AM 2088496 32 C:\WINDOWS\WindowsUpdate.log
4/4/2010 4:45:11 PM 68096 32 C:\WINDOWS\zip.exe
3/31/2010 9:22:05 PM 49152 C:\WINDOWS\system32\ar-SA
4/13/2010 7:38:29 PM 12746937 C:\WINDOWS\system32\CatRoot2
4/13/2010 7:38:29 PM 1056776 C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}
4/13/2010 7:38:31 PM 6299656 C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
3/31/2010 9:22:05 PM 49152 C:\WINDOWS\system32\da-DK
3/31/2010 9:22:05 PM 53248 C:\WINDOWS\system32\de-DE
3/31/2010 9:22:06 PM 53248 C:\WINDOWS\system32\el-GR
3/31/2010 9:22:06 PM 53248 C:\WINDOWS\system32\es-ES
3/31/2010 9:22:06 PM 49152 C:\WINDOWS\system32\fi-FI
3/31/2010 9:22:06 PM 53248 C:\WINDOWS\system32\fr-FR
3/31/2010 9:22:06 PM 49152 C:\WINDOWS\system32\he-IL
3/31/2010 9:22:06 PM 53248 C:\WINDOWS\system32\it-IT
3/31/2010 9:22:06 PM 49152 C:\WINDOWS\system32\ko-KR
3/31/2010 9:22:06 PM 49152 C:\WINDOWS\system32\nb-NO
3/31/2010 9:22:06 PM 53248 C:\WINDOWS\system32\nl-NL
3/31/2010 9:22:06 PM 53248 C:\WINDOWS\system32\pt-BR
3/31/2010 9:22:06 PM 49152 C:\WINDOWS\system32\sv-SE
3/31/2010 9:22:06 PM 53248 C:\WINDOWS\system32\tr-TR
3/31/2010 9:22:06 PM 49152 C:\WINDOWS\system32\zh-HK
3/31/2010 9:22:06 PM 49152 C:\WINDOWS\system32\zh-TW
3/11/2010 10:33:12 PM 145184 32 C:\WINDOWS\system32\java.exe
3/11/2010 10:33:12 PM 145184 32 C:\WINDOWS\system32\javaw.exe
3/11/2010 10:33:12 PM 153376 32 C:\WINDOWS\system32\javaws.exe
3/11/2010 10:32:42 PM 4002 32 C:\WINDOWS\system32\jupdate-1.6.0_18-b07.log
4/10/2010 9:48:43 PM 160217 32 C:\WINDOWS\system32\PowerToysLicense.rtf
4/10/2010 9:48:43 PM 266360 32 C:\WINDOWS\system32\TweakUI.exe
3/4/2010 10:46:58 PM 2065696 32 C:\WINDOWS\system32\usbaaplrc.dll

====== "\Administrator & All Users\Startup" Last 60 Days======




====== "\Program Files" Last 60 Days======

3/4/2010 11:01:02 PM 2221118 C:\Program Files\Apple Software Update
3/4/2010 11:08:01 PM 390387 C:\Program Files\Bonjour
4/2/2010 5:58:49 PM 669139 C:\Program Files\ERUNT
3/29/2010 3:31:18 PM 16883056 C:\Program Files\IE8
3/4/2010 11:14:13 PM 1582195 C:\Program Files\iPod
3/29/2010 3:31:06 PM 0 C:\Program Files\Lavasoft
4/5/2010 9:40:03 PM 3947828 C:\Program Files\Malwarebytes' Anti-Malware
3/28/2010 4:24:40 PM 33353887 C:\Program Files\Spyware Doctor
3/24/2010 6:50:56 PM 949213 C:\Program Files\Trend Micro

======"Drivers" Modified Last 60 Days======

4/5/2010 9:40:03 PM 20824 32 C:\WINDOWS\system32\drivers\mbam.sys
4/5/2010 9:40:22 PM 38224 32 C:\WINDOWS\system32\drivers\mbamswissarmy.sys

====== Files Deleted under "%Temp%" ======

5 Files deleted

======"All Users\Application Data" Last 60 Days======

3/28/2010 4:07:10 PM 7163 C:\Documents and Settings\All Users\Application Data\Norton
4/1/2010 12:33:35 PM 1260 C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
4/1/2010 12:33:35 PM 1260 C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage\data
3/11/2010 10:34:30 PM 119 C:\Documents and Settings\All Users\Application Data\Sun
3/11/2010 10:34:30 PM 119 C:\Documents and Settings\All Users\Application Data\Sun\Java
3/11/2010 10:34:30 PM 119 C:\Documents and Settings\All Users\Application Data\Sun\Java\Java Update
3/28/2010 4:22:57 PM 142 C:\Documents and Settings\All Users\Application Data\TEMP
3/4/2010 11:14:01 PM 542947 C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
3/4/2010 11:15:50 PM 542947 C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86
3/4/2010 11:15:50 PM 133968 C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86

====== HKLM\~\ShellServiceObjectDelayLoad======

PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll

CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll

SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %systemroot%\system32\stobject.dll

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll


====== HKLM\~\SharedTaskScheduler======

Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\System32\browseui.dll

Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\System32\browseui.dll

======HKLM\~\msconfig\startupreg======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\

====== Services ( Services that are Whitelisted are not shown) ======

E100B (Intel(R) PRO Adapter Driver)- C:\WINDOWS\system32\DRIVERS\e100b325.sys - Manual/Running
GMSIPCI (GMSIPCI)- \??\E:\INSTALL\GMSIPCI.SYS - Manual/Stopped
klbg (Kaspersky Lab Boot Guard Driver)- C:\WINDOWS\system32\drivers\klbg.sys - Boot/Running
klim5 (Kaspersky Anti-Virus NDIS Filter)- C:\WINDOWS\system32\DRIVERS\klim5.sys - Manual/Running
klmouflt (Kaspersky Lab KLMOUFLT)- C:\WINDOWS\system32\DRIVERS\klmouflt.sys - Manual/Running
LBeepKE (LBeepKE)- C:\WINDOWS\system32\Drivers\LBeepKE.sys - Auto/Stopped
LHidFilt (Logitech SetPoint KMDF HID Filter Driver)- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys - Manual/Running
LMouFilt (Logitech SetPoint KMDF Mouse Filter Driver)- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys - Manual/Running
ltmodem5 (Agere Modem Driver)- C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys - Manual/Running
ms_mpu401 (Microsoft MPU-401 MIDI UART Driver)- C:\WINDOWS\system32\drivers\msmpu401.sys - Manual/Running
NTACCESS (NTACCESS)- \??\E:\NTACCESS.sys - Manual/Stopped
SCDEmu (SCDEmu)- C:\WINDOWS\system32\drivers\SCDEmu.sys - System/Running
SetupNTGLM7X (SetupNTGLM7X)- \??\E:\NTGLM7X.sys - Manual/Stopped
si3112 (SiI-3112 SATALink Controller)- C:\WINDOWS\system32\drivers\si3112.sys - Boot/Running
SiFilter (SATALink driver accelerator)- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys - Boot/Running
SiRemFil (SATALink External Device Filter)- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys - Boot/Running
USBAAPL (Apple Mobile USB Driver)- C:\WINDOWS\system32\Drivers\usbaapl.sys - Manual/Stopped
usbser (Motorola USB Modem Driver)- C:\WINDOWS\system32\DRIVERS\usbser.sys - Manual/Stopped
Wdf01000 (Wdf01000)- C:\WINDOWS\system32\DRIVERS\Wdf01000.sys - Manual/Running
WpdUsb (WpdUsb)- C:\WINDOWS\system32\DRIVERS\wpdusb.sys - Manual/Stopped

====== Uninstall List ======

A file named 'UNI.txt' was created and saved to
FileListers default location. Post the results if requested.

======== Other Info ========

TOTAL PHYSICAL RAM: 1065 MB

Boot Info

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

OS Type: Microsoft Windows XP Professional
Build: 5.1.2600
Service Pack: 2.0

====== Files with Hidden Attributes======

A file named 'Hidden.txt' was created and saved to
FileListers default location. Post the results if requested.

==End of Report==



UNI.txt:

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Acoustica Effects Pack
Acoustica Mixcraft 4.1
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player
Adobe SVG Viewer 3.0
Advanced ZIP Password Recovery
AIM 6
Audio MP3 Editor 1.25
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
AVS Video Converter 6
CCleaner (remove only)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Microsoft Office Enterprise 2007
ERUNT 1.1j
Eufony Free APE MP3 Converter
FLAC 1.2.1b (remove only)
Google Updater
HijackThis 2.0.2
HP Document Viewer 5.3
HP Imaging Device Functions 5.3
HP Image Zone 5.3
HP Solution Center & Imaging Support Tools 5.3
HP Extended Capabilities 5.3
Microsoft Internationalized Domain Names Mitigation APIs
IE7Pro
Windows Internet Explorer 8
Img2gps v2.81
Img2gps v2.81
Kaspersky Internet Security 2010
IrfanView (remove only)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890859
Windows Media Format SDK Hotfix - KB891122
Windows XP Hotfix - KB891781
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Hotfix for Windows XP (KB896344)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Update for Windows XP (KB904942)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Update for Windows XP (KB908531)
Hotfix for Windows XP (KB909394)
Microsoft Base Smart Card Cryptographic Service Provider Package
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Update for Windows XP (KB920342)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Security Update for Windows XP (KB925902)
Hotfix for Windows XP (KB926239)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for CAPICOM (KB931906)
Security Update for Windows XP (KB932168)
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Update for Windows XP (KB932823-v3)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Update for Windows XP (KB938828)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Update for Windows XP (KB942763)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Update for Windows XP (KB943729)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player (KB954155)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Critical Update for Windows Media Player 11 (KB959772)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Hotfix for Windows XP (KB961118)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Security Update for Windows XP (KB968537)
Security Update for Windows Media Player (KB968816)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Hotfix for Windows XP (KB970653-v3)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows Media Player (KB973540)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Hotfix for Windows XP (KB976098-v2)
Kid Pix Studio Deluxe
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Monkey's Audio
Monkey's Audio
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Compression Client Pack 1.0 for Windows XP
Nero Suite
Nero Suite
LEGO Digital Designer
Microsoft National Language Support Downlevel APIs
Microsoft National Language Support Downlevel APIs
NoteTab Light 5 (Remove only)
NoteTab Light 5 (Remove only)
NoteTab Light 5 (Remove only)
PowerISO
Intel(R) PRO Ethernet Adapter and Software
SpongeBob SquarePants Employee of the Month
Norton Password Manager (Symantec Corporation)
The Rosetta Stone
Tweak UI
Unity Web Player
Viewpoint Media Player
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Windows Imaging Component
Winamp
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 2
WinRAR archiver
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Office 2000 Professional
Bonjour
Poker Clock Professional 2.1
CDDRV_Installer
Security Update for CAPICOM (KB931906)
QuickTime
Nanovor
Java(TM) 6 Update 18
KhalInstallWrapper
HP PSC & OfficeJet 5.3.A
Apple Application Support
MSXML 6 Service Pack 2 (KB973686)
PowerDVD
Apple Software Update
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
LiveUpdate BVRP Software
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Camtasia Studio 5
iTunes
Norton Password Manager
MSXML 4.0 SP2 (KB954430)
Microsoft Silverlight
Intel(R) Extreme Graphics Driver
DivX Player
Microsoft Office Access MUI (English) 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Outlook MUI (English) 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Word MUI (English) 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Proof (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proof (French) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office OneNote MUI (English) 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Groove MUI (English) 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Enterprise 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office Excel 2007 (KB973593)
Update for 2007 Microsoft Office System (KB967642)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for 2007 Microsoft Office System (KB973704)
Update for Outlook 2007 Junk Email Filter (kb975960)
Security Update for Microsoft Office system 2007 (KB974234)
Adobe Illustrator CS
Kaspersky Internet Security 2010
Microsoft .NET Framework 3.0 Service Pack 2
erLT
SimCity 4 Deluxe
Google Update Helper
Apple Mobile Device Support
Adobe Acrobat 6.0 Standard
Adobe Reader 6.0
Garmin USB Drivers
DivX Converter
OGA Notifier 2.0.0048.0
Garmin Communicator Plugin
DivX Web Player
Windows Presentation Foundation
MSXML 4.0 SP2 (KB936181)
Microsoft .NET Framework 2.0 Service Pack 2
HP Update
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Garmin POI Loader
Avatar - Legends of The Arena
NPM_DRM_COLLECTION
Big Green Help
mobile PhoneTools
Logitech SetPoint
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
MSXML 4.0 SP2 (KB973688)
MSRedist
Family Tree Maker


Hidden.txt:

C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\NTDETECT.COM
C:\boot.ini
C:\Documents and Settings\All Users\Application Data\desktop.ini
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\BTImages.dat
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\pdmlocal.dat
C:\Documents and Settings\All Users\Application Data\Sonic\license.dat
C:\Documents and Settings\All Users\Documents\desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\desktop.ini
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\desktop.ini
C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini
C:\Documents and Settings\All Users\Start Menu\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Games\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Default User\NTUSER.DAT
C:\Documents and Settings\Default User\Application Data\desktop.ini
C:\Documents and Settings\Default User\Local Settings\desktop.ini
C:\Documents and Settings\Default User\Local Settings\History\desktop.ini
C:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini
C:\Documents and Settings\Default User\SendTo\desktop.ini
C:\Documents and Settings\Default User\Start Menu\desktop.ini
C:\Documents and Settings\Default User\Start Menu\Programs\desktop.ini
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\desktop.ini
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\John\ntuser.ini
C:\Documents and Settings\John\Application Data\desktop.ini
C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\UserData\index.dat
C:\Documents and Settings\John\Application Data\MSN6\msndata.dat
C:\Documents and Settings\John\Cookies\index.dat
C:\Documents and Settings\John\Cookies\desktop.ini
C:\Documents and Settings\John\Desktop\%USERPROFILE%\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\John\Desktop\%USERPROFILE%\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini
C:\Documents and Settings\John\Desktop\%USERPROFILE%\Local Settings\Application Data\Microsoft\Feeds Cache\32IGHT17\desktop.ini
C:\Documents and Settings\John\Desktop\%USERPROFILE%\Local Settings\Application Data\Microsoft\Feeds Cache\6Y33UU0H\desktop.ini
C:\Documents and Settings\John\Desktop\%USERPROFILE%\Local Settings\Application Data\Microsoft\Feeds Cache\F2CUXYAA\desktop.ini
C:\Documents and Settings\John\Desktop\%USERPROFILE%\Local Settings\Application Data\Microsoft\Feeds Cache\N9V60Q7F\desktop.ini
C:\Documents and Settings\John\Desktop\New Briefcase\desktop.ini
C:\Documents and Settings\John\Desktop\WDPassport\autorun.inf
C:\Documents and Settings\John\Desktop\WDPassport\autorun\autorun.inf
C:\Documents and Settings\John\Favorites\Desktop.ini
C:\Documents and Settings\John\IECompatCache\index.dat
C:\Documents and Settings\John\IETldCache\index.dat
C:\Documents and Settings\John\Local Settings\desktop.ini
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Feeds Cache\405HLP2E\desktop.ini
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Feeds Cache\7ZMRVD5F\desktop.ini
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Feeds Cache\GIF7LMNE\desktop.ini
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Feeds Cache\PM1HJT13\desktop.ini
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\John\Local Settings\History\desktop.ini
C:\Documents and Settings\John\Local Settings\History\History.IE5\index.dat
C:\Documents and Settings\John\Local Settings\History\History.IE5\desktop.ini
C:\Documents and Settings\John\Local Settings\History\History.IE5\MSHist012010041520100416\index.dat
C:\Documents and Settings\John\Local Settings\History\History.IE5\MSHist012010041620100417\index.dat
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\desktop.ini
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\HMFXY1BL\desktop.ini
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\MFAJT2WV\desktop.ini
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\V15MH93A\desktop.ini
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\WUKB9AOZ\desktop.ini
C:\Documents and Settings\John\My Documents\desktop.ini
C:\Documents and Settings\John\My Documents\My Music\Desktop.ini
C:\Documents and Settings\John\My Documents\My Pictures\Desktop.ini
C:\Documents and Settings\John\My Documents\My Videos\Desktop.ini
C:\Documents and Settings\John\PrivacIE\index.dat
C:\Documents and Settings\John\Recent\Desktop.ini
C:\Documents and Settings\John\SendTo\desktop.ini
C:\Documents and Settings\John\Start Menu\desktop.ini
C:\Documents and Settings\John\Start Menu\Programs\desktop.ini
C:\Documents and Settings\John\Start Menu\Programs\Accessories\desktop.ini
C:\Documents and Settings\John\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Documents and Settings\John\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Documents and Settings\John\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\LocalService\ntuser.ini
C:\Documents and Settings\LocalService\Cookies\index.dat
C:\Documents and Settings\LocalService\Local Settings\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat
C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\8CZ26012\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\JVAT7N5U\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\LEXT22DN\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\WD34TTMK\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\1YICJSD2\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6UO1JADE\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IVHHVGI7\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JJ1CO2JN\desktop.ini
C:\Documents and Settings\Maddie\ntuser.dat
C:\Documents and Settings\Maddie\ntuser.ini
C:\Documents and Settings\Maddie\Application Data\desktop.ini
C:\Documents and Settings\Maddie\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
C:\Documents and Settings\Maddie\Application Data\Microsoft\Internet Explorer\UserData\index.dat
C:\Documents and Settings\Maddie\Application Data\Microsoft\Office\Recent\index.dat
C:\Documents and Settings\Maddie\Cookies\index.dat
C:\Documents and Settings\Maddie\Cookies\desktop.ini
C:\Documents and Settings\Maddie\Favorites\Desktop.ini
C:\Documents and Settings\Maddie\IECompatCache\index.dat
C:\Documents and Settings\Maddie\IETldCache\index.dat
C:\Documents and Settings\Maddie\Local Settings\desktop.ini
C:\Documents and Settings\Maddie\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Maddie\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini
C:\Documents and Settings\Maddie\Local Settings\Application Data\Microsoft\Feeds Cache\0WVPDRGK\desktop.ini
C:\Documents and Settings\Maddie\Local Settings\Application Data\Microsoft\Feeds Cache\471MXHWL\desktop.ini
C:\Documents and Settings\Maddie\Local Settings\Application Data\Microsoft\Feeds Cache\9I1M00DY\desktop.ini
C:\Documents and Settings\Maddie\Local Settings\Application Data\Microsoft\Feeds Cache\Y0IBUMOO\desktop.ini
C:\Documents and Settings\Maddie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Maddie\Local Settings\History\desktop.ini
C:\Documents and Settings\Maddie\Local Settings\History\History.IE5\desktop.ini
C:\Documents and Settings\Maddie\Local Settings\History\History.IE5\MSHist012010032620100327\index.dat
C:\Documents and Settings\Maddie\Local Settings\History\History.IE5\MSHist012010032720100328\index.dat
C:\Documents and Settings\Maddie\Local Settings\History\History.IE5\MSHist012010041520100416\index.dat
C:\Documents and Settings\Maddie\Local Settings\Temporary Internet Files\desktop.ini
C:\Documents and Settings\Maddie\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\Maddie\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\Maddie\Local Settings\Temporary Internet Files\Content.IE5\06H7FX2B\desktop.ini
C:\Documents and Settings\Maddie\Local Settings\Temporary Internet Files\Content.IE5\PK6S0N6Q\desktop.ini
C:\Documents and Settings\Maddie\Local Settings\Temporary Internet Files\Content.IE5\Q336DA49\desktop.ini
C:\Documents and Settings\Maddie\Local Settings\Temporary Internet Files\Content.IE5\VQM1VW8Z\desktop.ini
C:\Documents and Settings\Maddie\My Documents\desktop.ini
C:\Documents and Settings\Maddie\My Documents\My Music\Desktop.ini
C:\Documents and Settings\Maddie\My Documents\My Pictures\Desktop.ini
C:\Documents and Settings\Maddie\NetHood\My Web Sites on MSN\Desktop.ini
C:\Documents and Settings\Maddie\PrivacIE\index.dat
C:\Documents and Settings\Maddie\Recent\Desktop.ini
C:\Documents and Settings\Maddie\SendTo\desktop.ini
C:\Documents and Settings\Maddie\Start Menu\desktop.ini
C:\Documents and Settings\Maddie\Start Menu\Programs\desktop.ini
C:\Documents and Settings\Maddie\Start Menu\Programs\Accessories\desktop.ini
C:\Documents and Settings\Maddie\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Documents and Settings\Maddie\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Documents and Settings\Maddie\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\NetworkService\ntuser.ini
C:\Documents and Settings\NetworkService\Cookies\index.dat
C:\Documents and Settings\NetworkService\IETldCache\index.dat
C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\61TUFGYR\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8PTN2R16\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AIO9MY00\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HO2RI8SB\desktop.ini
C:\Documents and Settings\Pam\ntuser.dat
C:\Documents and Settings\Pam\ntuser.ini
C:\Documents and Settings\Pam\Application Data\desktop.ini
C:\Documents and Settings\Pam\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
C:\Documents and Settings\Pam\Application Data\Microsoft\Internet Explorer\UserData\index.dat
C:\Documents and Settings\Pam\Application Data\Microsoft\Office\Recent\Desktop.ini
C:\Documents and Settings\Pam\Cookies\index.dat
C:\Documents and Settings\Pam\Cookies\desktop.ini
C:\Documents and Settings\Pam\Favorites\Desktop.ini
C:\Documents and Settings\Pam\IECompatCache\index.dat
C:\Documents and Settings\Pam\IETldCache\index.dat
C:\Documents and Settings\Pam\Local Settings\desktop.ini
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Feeds Cache\57HI3IXM\desktop.ini
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Feeds Cache\ENV019HB\desktop.ini
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Feeds Cache\SMLDMRSZ\desktop.ini
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Feeds Cache\YR95BO0K\desktop.ini
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Pam\Local Settings\History\desktop.ini
C:\Documents and Settings\Pam\Local Settings\History\History.IE5\index.dat
C:\Documents and Settings\Pam\Local Settings\History\History.IE5\desktop.ini
C:\Documents and Settings\Pam\Local Settings\History\History.IE5\MSHist012010041520100416\index.dat
C:\Documents and Settings\Pam\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\Pam\My Documents\desktop.ini
C:\Documents and Settings\Pam\My Documents\My Music\Desktop.ini
C:\Documents and Settings\Pam\My Documents\My Pictures\Desktop.ini
C:\Documents and Settings\Pam\NetHood\My Web Sites on MSN\Desktop.ini
C:\Documents and Settings\Pam\PrivacIE\index.dat
C:\Documents and Settings\Pam\Recent\Desktop.ini
C:\Documents and Settings\Pam\SendTo\desktop.ini
C:\Documents and Settings\Pam\Start Menu\desktop.ini
C:\Documents and Settings\Pam\Start Menu\Programs\desktop.ini
C:\Documents and Settings\Pam\Start Menu\Programs\Accessories\desktop.ini
C:\Documents and Settings\Pam\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Documents and Settings\Pam\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Documents and Settings\Pam\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Pamela\NTUSER.DAT
C:\Documents and Settings\Pamela\Application Data\Microsoft\Internet Explorer\UserData\index.dat
C:\Documents and Settings\Pamela\Cookies\index.dat
C:\Documents and Settings\Pamela\IECompatCache\index.dat
C:\Documents and Settings\Pamela\IETldCache\index.dat
C:\Documents and Settings\Pamela\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Pamela\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
C:\Documents and Settings\Pamela\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Pamela\Local Settings\History\History.IE5\MSHist012010032620100327\index.dat
C:\Documents and Settings\Pamela\PrivacIE\index.dat
C:\Documents and Settings\Sean\ntuser.dat
C:\Documents and Settings\Sean\ntuser.ini
C:\Documents and Settings\Sean\Application Data\desktop.ini
C:\Documents and Settings\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
C:\Documents and Settings\Sean\Application Data\Microsoft\Internet Explorer\UserData\index.dat
C:\Documents and Settings\Sean\Application Data\Microsoft\Office\Recent\index.dat
C:\Documents and Settings\Sean\Cookies\index.dat
C:\Documents and Settings\Sean\Cookies\desktop.ini
C:\Documents and Settings\Sean\Favorites\Desktop.ini
C:\Documents and Settings\Sean\IECompatCache\index.dat
C:\Documents and Settings\Sean\IETldCache\index.dat
C:\Documents and Settings\Sean\Local Settings\desktop.ini
C:\Documents and Settings\Sean\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Sean\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini
C:\Documents and Settings\Sean\Local Settings\Application Data\Microsoft\Feeds Cache\2QENRCVM\desktop.ini
C:\Documents and Settings\Sean\Local Settings\Application Data\Microsoft\Feeds Cache\APYLH38C\desktop.ini
C:\Documents and Settings\Sean\Local Settings\Application Data\Microsoft\Feeds Cache\J7YG9KRB\desktop.ini
C:\Documents and Settings\Sean\Local Settings\Application Data\Microsoft\Feeds Cache\KNJBBSSS\desktop.ini
C:\Documents and Settings\Sean\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
C:\Documents and Settings\Sean\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Sean\Local Settings\History\desktop.ini
C:\Documents and Settings\Sean\Local Settings\History\History.IE5\desktop.ini
C:\Documents and Settings\Sean\Local Settings\History\History.IE5\MSHist012010041220100413\index.dat
C:\Documents and Settings\Sean\Local Settings\History\History.IE5\MSHist012010041320100414\index.dat
C:\Documents and Settings\Sean\Local Settings\History\History.IE5\MSHist012010041420100415\index.dat
C:\Documents and Settings\Sean\Local Settings\Temporary Internet Files\desktop.ini
C:\Documents and Settings\Sean\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\Sean\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\Sean\Local Settings\Temporary Internet Files\Content.IE5\0POIBGCB\desktop.ini
C:\Documents and Settings\Sean\Local Settings\Temporary Internet Files\Content.IE5\7X9VACW8\desktop.ini
C:\Documents and Settings\Sean\Local Settings\Temporary Internet Files\Content.IE5\8L96H065\desktop.ini
C:\Documents and Settings\Sean\Local Settings\Temporary Internet Files\Content.IE5\PBPRPQO7\desktop.ini
C:\Documents and Settings\Sean\My Documents\desktop.ini
C:\Documents and Settings\Sean\My Documents\My Music\Desktop.ini
C:\Documents and Settings\Sean\My Documents\My Pictures\Desktop.ini
C:\Documents and Settings\Sean\PrivacIE\index.dat
C:\Documents and Settings\Sean\SendTo\desktop.ini
C:\Documents and Settings\Sean\Start Menu\desktop.ini
C:\Documents and Settings\Sean\Start Menu\Programs\desktop.ini
C:\Documents and Settings\Sean\Start Menu\Programs\Accessories\desktop.ini
C:\Documents and Settings\Sean\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Documents and Settings\Sean\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Documents and Settings\Sean\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Microsoft Office\Office\Data\OLFPORT.DAT
jkgolden
Regular Member
 
Posts: 24
Joined: March 28th, 2010, 10:05 pm

Re: I've got something but I don't know what - HELP!

Unread postby Cypher » April 16th, 2010, 2:40 pm

Hi jkgolden
There is no sign of an infection in any of you're logs that would explain the symptoms you have described.
It may come to the point where reformatting you're PC is the only option.
Lets try this.


USEC Radix RK Scan:

Please download radix_installer.zip to a conveniant location and extract it to your Desktop.

  • Double click on radixgui.exe to start the application.
  • Then without making any changes click the Check button to start the scan.
  • Once it has completed click the Save Log... button and save that to your Desktop.
  • Close the application.
  • Now the Log saved will be a very large logfile, so zip a copy of it and attach it to your next reply please.
  • How to Zip: Right click on the saved Log and Send To >> Compressed (zipped) Folder.
  • Note: Your installed security applications might warn about Radix requiring internet access, please allow.
!!!Caution: The Radix scanner has numerous settings and options, including many that can cause quick and permanent corruption to your operating system. Avoid the temptation to try any other options, scans or settings when using it.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: I've got something but I don't know what - HELP!

Unread postby jkgolden » April 16th, 2010, 10:22 pm

Update: no pop-ups/redirects today.
still not able to update windows

attached file: UEECRadixlog.txt (zipped)
You do not have the required permissions to view the files attached to this post.
jkgolden
Regular Member
 
Posts: 24
Joined: March 28th, 2010, 10:05 pm

Re: I've got something but I don't know what - HELP!

Unread postby Cypher » April 17th, 2010, 1:29 pm

Hi jkgolden.
Any more redirects or pop ups?
While i go through you're latest log see if you can run this online scan.

First please run CCleaner again.

Next.

Disable Kaspersky Antivirus

    Please navigate to the system tray on the bottom right hand corner and look for a Image sign.
  • right click it-> select Pause Protection.
  • click on -> By User Request
  • a popup will claim that protection is now disabled and a sign like this: Image will now be shown.
  • Note: Don't forget to re-enable it after the below scan.

Next.

ESET online scannner


Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: I've got something but I don't know what - HELP!

Unread postby jkgolden » April 18th, 2010, 10:15 pm

status:
have had some more redirects to "My Computer Online Scan"
I cannot connect to the ESET scan or windows update.
jkgolden
Regular Member
 
Posts: 24
Joined: March 28th, 2010, 10:05 pm

Re: I've got something but I don't know what - HELP!

Unread postby Cypher » April 19th, 2010, 6:37 am

Hi jkgolden.
I think you will agree we have done all we can here.
My best advice is that the quickest and safest course of action is for you to reformat your computer and reinstall windows.
One thing i would like to mention is that you have multiple accounts on you're PC and that possibly contributed to the problem.
Please post back and let me know you're thoughts.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: I've got something but I don't know what - HELP!

Unread postby jkgolden » April 19th, 2010, 8:13 am

Hi,
Unfortuantly, I have to agree with you.
One question I have for you is this, can I reformat a partition or do I have to reformat the entire drive?
I'm pretty sure I already know the answer but if I can only reformat the C: partition, it will save lots of time.
And I do need to keep multiple users because my wife doesn't want to have all the things on her desktop that I do, the kids have accounts that Kaspersky treats as kids and we all want to have our own "My Documents". So......
I guess I'll start making a list of all the programs I need and making sure I have all my files backed up to an external drive, etc....
I'm even thinking this may be a good time to upgrade OS to Windows7.
Thanks for your efforts.
jkgolden
Regular Member
 
Posts: 24
Joined: March 28th, 2010, 10:05 pm

Re: I've got something but I don't know what - HELP!

Unread postby Cypher » April 19th, 2010, 11:35 am

Hi jkgolden.
can I reformat a partition or do I have to reformat the entire drive?

Just to clarify, the entire HD must be reformatted, that would include all partitions. You should only save documents and/or pictures that are stored on these partitions. It is recommended that backups be made to CDs or DVDs. Avoid connecting a USB drive to the host computer as the infection may be transferred to the USB device, which could then be used as a vector for passing on the infection. All data should be scanned with an anti-virus program and an anti-malware program prior to being restored to the host computer.

Please see this guide How to Reformat and Reinstall your Operating System



Some recommendations for when you have reformatted.



Firewall

As the term conveys a firewall is an extra layer of security installed onto computers which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders.

If you are using the built-in Windows XP firewall it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to phone home for more instructions. Simply put Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

I would recommend you install a free firewall for personal use from one of these excellent vendors. Choice is yours:



Antivirus

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors.


Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Here are some free programs I recommend that could help you improve your computer's security.


Install Malwarebytes Anti-malware
These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
You can find information and Download it from HERE

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Read some information HERE On how to prevent Malware

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: I've got something but I don't know what - HELP!

Unread postby Gary R » April 20th, 2010, 4:15 pm

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 54 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware