Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Visited infected site, computer locking up

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Visited infected site, computer locking up

Unread postby raina » October 16th, 2010, 12:29 am

Greetings. I was told to start a new thread since my last one went three days without a response. Here was the old one: viewtopic.php?f=12&t=53867

And my new HijackThis log is below.

Thanks!

-----------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:26:00 PM, on 10/15/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\dawn\Desktop\HijackThis\HijackThis.exe
C:\Windows\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6466 bytes
raina
Regular Member
 
Posts: 23
Joined: October 27th, 2009, 1:38 am
Advertisement
Register to Remove

Re: Visited infected site, computer locking up

Unread postby MWR 3 day Mod » October 20th, 2010, 2:46 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Visited infected site, computer locking up

Unread postby askey127 » October 20th, 2010, 3:10 pm

raina,
Sorry things got messed up durng your last post.
If you still need help, let's see if we can straighten things out.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:
Ad-Aware
URL Assistant
Java(TM) SE Runtime Environment 6

Take extra care in answering questions posed by any Uninstaller.
------------------------------------------------------------
Please download the GMER Rootkit Scanner from Here.
  • VISTA/Win7: Right click the .exe file and chose Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than the System drive (which is typically C:\)
    • Show All (don't miss this one)
      See image below
      Image
  • Then click the Scan button & wait for it to finish
    **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
Note: Do not run any other programs while Gmer is running.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Visited infected site, computer locking up

Unread postby raina » October 21st, 2010, 1:08 am

Thanks!

I uninstalled all three things you told me to uninstall. Unfortunately now I keep getting messages popping up wanting me to reinstall the Java thing I just uninstalled - the Java program I still have installed has an auto-update feature and now that I've uninstalled the one thing, wants to download it as an update, I guess. But no real problems.

I also downloaded Rootkit, and tried literally 10 or more times to run it, following the directions you gave VERY carefully and not running any other programs while it was going. But every time it would either just stall until I gave up and rebooted my computer, or twice I got an error message saying blahblah.exe had stopped running and it was closing the program. I can get it to start scanning, but not to finish. I -have- had trouble with my computer locking up periodically, which is what led me to be concerned in the first place, but nothing like this. Any suggestions?

Thanks so much for your help so far!

-Dawn
raina
Regular Member
 
Posts: 23
Joined: October 27th, 2009, 1:38 am

Re: Visited infected site, computer locking up

Unread postby askey127 » October 21st, 2010, 7:53 am

raina,
Gmer often has difficulty running.

Many times , "locking up" has to do with an impending failure of some piece of hardware in the PC box.
We will attempt to clean the machine to correct any "locking up" caused by viruses, spyware, etc.
Later we will do a couple hardware checks.
Right now let's try to get rid of that Java message.
They are waiting for you to do the following:
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 22 (JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
Select the Platform Windows and check the box to agree to the license.
Choose the Windows Offline installation version and click on the link.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, (or, in your case, right click and choose "Run as administrator") and it will install the newest version of Java for you to use.
While it's installing, Uncheck the box for the Yahoo toolbar, and let it finish.
You can then remove the Installer from your desktop.

Now let's look for malware:
------------------------------------------------
Download and Run Rkill
Please download Rkill from one of the following links and save to your Desktop:
One, Two,Three or Four
  • Double click on Rkill. (In your case, Right-click and "Run as administrator" in Vista).
  • A black command window will open, then disappear upon completion, this is normal operation that indicates success.
  • Please leave Rkill on the Desktop until otherwise advised.
Note: If your security software warns about Rkill, please ignore and allow the download to continue. If you cannot get one of the downloads to work for you, try one of the other links.
If you cannot get one of the Rkill versions to run without being stopped, don't proceed further, and post back to tell me about it.
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • DISABLE AVIRA ANTIVIR
    Please navigate to the system tray on the bottom right hand corner and look for an open umbrella on red background (looks like this:Image )
    • Right click it and untick any of the options AntiVir Guard enable, Antivir Webguard enable, and Antivir Mailguard enable, that are present.
    • You should now see a closed umbrella on a red background (looks like this: Image )
    The AntiVir Guards are now disabled.
  • Now start ComboFix (zzz.exe). Right click and choose "Run as administrator".
  • OK any disclaimers and start the Scan.
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply, and then Right click on your little red/white umbrella and click once on "Antivir Guard enable".
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Visited infected site, computer locking up

Unread postby raina » October 22nd, 2010, 12:16 am

Thanks!

Downloaded the Java update as you said, and ran Rkill, which worked fine.

ComboFix also ran fine. Peculiar side-effect - none of my Internet Explorer icons work now - trying to open it from my desktop or my Start Menu or whatever now does nothing. The program still runs - I just have to run iexplorer.exe from the Programs folder itself. Curious, but I will fiddle with things later to get them working, and in the meantime it hurts nothing.

Here's my combofix log:

ComboFix 10-10-20.04 - dawn 10/21/2010 17:30:40.1.1 - x86
Running from: c:\users\dawn\Desktop\zzz.exe
.

((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 )))))))))))))))))))))))))))))))
.

2010-10-21 22:39 . 2010-10-21 22:40 -------- d-----w- c:\users\dawn\AppData\Local\temp
2010-10-21 22:39 . 2010-10-21 22:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-19 13:49 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F30A8FA-1AE6-4EC6-B563-72C20D8BEFF7}\mpengine.dll
2010-10-15 22:40 . 2010-10-15 22:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-15 14:50 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-10-14 22:32 . 2010-09-10 16:35 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 22:32 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 22:32 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 22:32 . 2010-09-06 14:13 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 22:32 . 2010-09-06 14:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 22:32 . 2010-09-06 14:12 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 22:32 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 22:31 . 2010-08-10 15:02 274432 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 22:31 . 2010-06-28 16:15 1315840 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 22:31 . 2010-06-28 14:31 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-14 22:31 . 2010-08-26 16:07 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-12 17:19 . 2010-10-12 17:19 -------- d-----w- c:\users\dawn\AppData\Roaming\Avira
2010-10-12 17:03 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-12 17:03 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-12 17:03 . 2009-05-11 17:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-10-12 17:03 . 2009-05-11 17:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-10-12 17:03 . 2010-10-12 17:03 -------- d-----w- c:\programdata\Avira
2010-10-12 17:03 . 2010-10-12 17:03 -------- d-----w- c:\program files\Avira
2010-09-29 16:12 . 2010-06-22 12:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 16:11 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-28 21:52 . 2010-09-28 21:52 -------- d-----w- c:\program files\MSN Toolbar
2010-09-28 21:49 . 2010-09-28 21:52 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-09-22 23:10 . 2010-09-22 23:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-15 4390912]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-08-03 08:26 1862144 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 15:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 15:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-03 05:16 13535776 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-03 05:16 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2008-05-03 05:16 526880 ----a-w- c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 21:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-15 13:32 4390912 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2007-11-29 01:51 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\dawn\AppData\Roaming\Mozilla\Firefox\Profiles\7jbhv2ne.default\
FF - prefs.js: browser.startup.homepage - hxxp://home.jzip.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-21 17:44:43
ComboFix-quarantined-files.txt 2010-10-21 22:44

Pre-Run: 96,299,261,952 bytes free
Post-Run: 96,428,953,600 bytes free

- - End Of File - - F89A1137D6EE80E99CB0DB9284063557
raina
Regular Member
 
Posts: 23
Joined: October 27th, 2009, 1:38 am

Re: Visited infected site, computer locking up

Unread postby askey127 » October 22nd, 2010, 6:58 am

raina,
You can delete the present non-working desktop icon(s); then right click the IE entry under Programs, and choose "Send to", "Desktop (create shortcut)".
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:
Ad-Aware
Take extra care in answering questions posed by any Uninstaller.
-------------------------------------------------------------
  • Open a new Notepad window (Start>All programs>accessories>notepad). Choose File, New.
  • Highlight the contents of the codebox below and press Ctrl+C to copy it to the clipboard. Do Not copy the word "Code".
    Code: Select all
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000000
    
  • Paste the contents of the clipboard into the Notepad window by pressing Ctrl+V or Edit, Paste
  • Save it to your desktop as CFScript.txt

    Image
  • Now drag and drop the CFScript.txt icon onto combofix.exe (zzz.exe) as in the picture above, and follow the prompts.
  • It will make a new log at C:\ComboFix.txt, but we don't need to see it.
-----------------------------------------------
Run the RSIT Scanner
Please download the scanner from here and save it to your desktop. The icon will be named RSIT.exe
Right click on RSIT.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
When the scan is complete, two text files will open
log.txt <- this one will be maximized
info.txt <- this one will be minimized
( Default location for both files is C:\rsit\ )
Copy/Paste the contents of both log.txt and info.txt into your next post please. Use two posts if you prefer.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Visited infected site, computer locking up

Unread postby raina » October 22nd, 2010, 2:12 pm

I'd already uninstalled Ad-Aware, and everything else seemed to go well. Since the first time I ran ComboFix my computer has been running really awfully, very slowly, but after running it again this time as you told me to and rebooting, it's back to its usual speed, thank goodness!

Here is the log.txt from RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by dawn at 2010-10-22 13:02:02
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 109 GB (77%) free of 142 GB
Total RAM: 958 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:02:36 PM, on 10/22/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Users\dawn\Desktop\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\dawn\Desktop\HijackThis\dawn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5702 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar BHO - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll [2010-02-12 506720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-21 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll [2010-02-12 506720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-15 4390912]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"MSN Toolbar"=C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe [2010-02-12 240992]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-03 1862144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2008-05-03 13535776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2008-05-03 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2008-05-03 526880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-03-15 4390912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2010-07-12 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2006-11-03 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office10\OSA.EXE -b -l []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-10-22 13:02:02 ----D---- C:\rsit
2010-10-22 12:51:04 ----D---- C:\Windows\temp
2010-10-22 12:51:02 ----A---- C:\ComboFix.txt
2010-10-22 12:50:26 ----SHD---- C:\$RECYCLE.BIN
2010-10-22 12:31:17 ----A---- C:\Windows\SWXCACLS.exe
2010-10-22 12:31:13 ----D---- C:\32788R22FWJFW
2010-10-21 22:21:08 ----D---- C:\Windows\system32\eu-ES
2010-10-21 22:21:08 ----D---- C:\Windows\system32\ca-ES
2010-10-21 22:20:59 ----D---- C:\Windows\system32\vi-VN
2010-10-21 17:54:49 ----D---- C:\Windows\system32\EventProviders
2010-10-21 17:27:07 ----A---- C:\Windows\zip.exe
2010-10-21 17:27:07 ----A---- C:\Windows\SWSC.exe
2010-10-21 17:27:07 ----A---- C:\Windows\SWREG.exe
2010-10-21 17:27:07 ----A---- C:\Windows\sed.exe
2010-10-21 17:27:07 ----A---- C:\Windows\PEV.exe
2010-10-21 17:27:07 ----A---- C:\Windows\NIRCMD.exe
2010-10-21 17:27:07 ----A---- C:\Windows\MBR.exe
2010-10-21 17:27:07 ----A---- C:\Windows\grep.exe
2010-10-21 17:26:02 ----D---- C:\Qoobox
2010-10-21 09:16:12 ----A---- C:\Windows\system32\javaws.exe
2010-10-21 09:16:12 ----A---- C:\Windows\system32\javaw.exe
2010-10-21 09:16:12 ----A---- C:\Windows\system32\java.exe
2010-10-15 17:40:39 ----D---- C:\Program Files\Common Files\Adobe
2010-10-14 17:32:54 ----A---- C:\Windows\system32\wmp.dll
2010-10-14 17:32:52 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-14 17:32:15 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-14 17:32:14 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-14 17:32:14 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-14 17:32:14 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-14 17:32:11 ----A---- C:\Windows\system32\netevent.dll
2010-10-14 17:31:12 ----A---- C:\Windows\system32\schannel.dll
2010-10-14 17:31:07 ----A---- C:\Windows\system32\ole32.dll
2010-10-14 17:31:02 ----A---- C:\Windows\system32\t2embed.dll
2010-10-14 17:30:54 ----A---- C:\Windows\system32\mshtml.dll
2010-10-14 17:30:52 ----A---- C:\Windows\system32\ieframe.dll
2010-10-14 17:30:51 ----A---- C:\Windows\system32\urlmon.dll
2010-10-14 17:30:51 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-14 17:30:51 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-14 17:30:50 ----A---- C:\Windows\system32\wininet.dll
2010-10-14 17:30:50 ----A---- C:\Windows\system32\mstime.dll
2010-10-14 17:30:50 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-14 17:30:50 ----A---- C:\Windows\system32\iertutil.dll
2010-10-14 17:30:49 ----A---- C:\Windows\system32\occache.dll
2010-10-14 17:30:49 ----A---- C:\Windows\system32\ieUnatt.exe
2010-10-14 17:30:49 ----A---- C:\Windows\system32\ieui.dll
2010-10-14 17:30:49 ----A---- C:\Windows\system32\iesysprep.dll
2010-10-14 17:30:49 ----A---- C:\Windows\system32\iepeers.dll
2010-10-14 17:30:49 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-14 17:30:48 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-14 17:30:48 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-14 17:30:48 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-14 17:30:48 ----A---- C:\Windows\system32\iesetup.dll
2010-10-14 17:30:48 ----A---- C:\Windows\system32\iernonce.dll
2010-10-14 17:30:48 ----A---- C:\Windows\system32\ie4uinit.exe
2010-10-14 17:30:41 ----A---- C:\Windows\system32\mfc40.dll
2010-10-14 17:30:40 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-14 17:30:34 ----A---- C:\Windows\system32\win32k.sys
2010-10-14 17:30:24 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-14 17:30:18 ----A---- C:\Windows\system32\comctl32.dll
2010-10-12 12:19:48 ----D---- C:\Users\dawn\AppData\Roaming\Avira
2010-10-12 12:03:51 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2010-10-12 12:03:47 ----A---- C:\Windows\system32\drivers\avipbb.sys
2010-10-12 12:03:47 ----A---- C:\Windows\system32\drivers\avgntmgr.sys
2010-10-12 12:03:47 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2010-10-12 12:03:47 ----A---- C:\Windows\system32\drivers\avgntdd.sys
2010-10-12 12:03:20 ----D---- C:\ProgramData\Avira
2010-10-12 12:03:20 ----D---- C:\Program Files\Avira
2010-10-05 17:54:39 ----D---- C:\Windows\Minidump
2010-09-29 11:12:42 ----A---- C:\Windows\system32\tzres.dll
2010-09-28 16:52:13 ----D---- C:\Program Files\MSN Toolbar
2010-09-28 16:49:39 ----D---- C:\Program Files\MSN Toolbar Installer

======List of files/folders modified in the last 1 months======

2010-10-22 13:01:08 ----D---- C:\Windows\System32
2010-10-22 13:01:08 ----D---- C:\Windows\inf
2010-10-22 13:01:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-22 12:57:34 ----D---- C:\Windows\Prefetch
2010-10-22 12:51:04 ----D---- C:\Windows
2010-10-22 12:46:16 ----A---- C:\Windows\system.ini
2010-10-22 12:42:41 ----D---- C:\Windows\system32\drivers
2010-10-22 12:42:41 ----D---- C:\Windows\AppPatch
2010-10-22 12:42:39 ----D---- C:\Program Files\Common Files
2010-10-22 09:37:56 ----SHD---- C:\System Volume Information
2010-10-22 09:37:04 ----D---- C:\Windows\system32\catroot
2010-10-22 09:36:59 ----D---- C:\Windows\winsxs
2010-10-22 09:35:22 ----D---- C:\Windows\system32\catroot2
2010-10-21 23:03:41 ----D---- C:\Program Files\Mozilla Firefox
2010-10-21 22:51:02 ----D---- C:\Windows\rescache
2010-10-21 22:49:24 ----D---- C:\Windows\Microsoft.NET
2010-10-21 22:48:53 ----RSD---- C:\Windows\assembly
2010-10-21 22:38:38 ----D---- C:\Boot
2010-10-21 22:26:29 ----D---- C:\Program Files\Windows Mail
2010-10-21 22:26:29 ----D---- C:\Program Files\Windows Calendar
2010-10-21 22:26:29 ----D---- C:\Program Files\Movie Maker
2010-10-21 22:26:25 ----D---- C:\Program Files\Windows Sidebar
2010-10-21 22:26:25 ----D---- C:\Program Files\Internet Explorer
2010-10-21 22:26:24 ----D---- C:\Program Files\Windows Media Player
2010-10-21 22:26:23 ----D---- C:\Program Files\Windows Collaboration
2010-10-21 22:26:18 ----D---- C:\Program Files\Windows Photo Gallery
2010-10-21 22:26:18 ----D---- C:\Program Files\Common Files\System
2010-10-21 22:26:03 ----D---- C:\Windows\servicing
2010-10-21 22:26:03 ----D---- C:\Program Files\Windows Defender
2010-10-21 22:25:27 ----D---- C:\Windows\IME
2010-10-21 22:25:25 ----D---- C:\Windows\system32\XPSViewer
2010-10-21 22:25:25 ----D---- C:\Windows\system32\sk-SK
2010-10-21 22:25:25 ----D---- C:\Windows\system32\lv-LV
2010-10-21 22:25:25 ----D---- C:\Windows\system32\hr-HR
2010-10-21 22:25:25 ----D---- C:\Windows\system32\et-EE
2010-10-21 22:25:25 ----D---- C:\Windows\system32\da-DK
2010-10-21 22:25:24 ----D---- C:\Windows\system32\ko-KR
2010-10-21 22:25:15 ----D---- C:\Windows\system32\en-US
2010-10-21 22:25:06 ----D---- C:\Windows\system32\de-DE
2010-10-21 22:25:05 ----D---- C:\Windows\system32\oobe
2010-10-21 22:25:05 ----D---- C:\Windows\system32\it-IT
2010-10-21 22:25:05 ----D---- C:\Windows\system32\el-GR
2010-10-21 22:25:03 ----D---- C:\Windows\system32\migration
2010-10-21 22:24:49 ----D---- C:\Windows\system32\ru-RU
2010-10-21 22:24:49 ----D---- C:\Windows\system32\AdvancedInstallers
2010-10-21 22:24:48 ----D---- C:\Windows\system32\sv-SE
2010-10-21 22:24:48 ----D---- C:\Windows\system32\setup
2010-10-21 22:24:48 ----D---- C:\Windows\system32\he-IL
2010-10-21 22:24:48 ----D---- C:\Windows\system32\fr-FR
2010-10-21 22:24:47 ----D---- C:\Windows\system32\pt-PT
2010-10-21 22:24:47 ----D---- C:\Windows\system32\hu-HU
2010-10-21 22:24:47 ----D---- C:\Windows\system32\fi-FI
2010-10-21 22:24:47 ----D---- C:\Windows\system32\cs-CZ
2010-10-21 22:24:46 ----D---- C:\Windows\system32\SLUI
2010-10-21 22:24:41 ----D---- C:\Windows\system32\zh-CN
2010-10-21 22:24:40 ----D---- C:\Windows\system32\sr-Latn-CS
2010-10-21 22:24:40 ----D---- C:\Windows\system32\manifeststore
2010-10-21 22:24:40 ----D---- C:\Windows\system32\es-ES
2010-10-21 22:24:40 ----D---- C:\Windows\system32\en
2010-10-21 22:24:39 ----D---- C:\Windows\system32\zh-TW
2010-10-21 22:24:39 ----D---- C:\Windows\system32\uk-UA
2010-10-21 22:24:39 ----D---- C:\Windows\system32\sl-SI
2010-10-21 22:24:39 ----D---- C:\Windows\system32\pl-PL
2010-10-21 22:24:39 ----D---- C:\Windows\system32\ja-JP
2010-10-21 22:24:38 ----D---- C:\Windows\system32\ro-RO
2010-10-21 22:24:38 ----D---- C:\Windows\system32\bg-BG
2010-10-21 22:24:34 ----D---- C:\Windows\system32\th-TH
2010-10-21 22:24:34 ----D---- C:\Windows\system32\drivers\en-US
2010-10-21 22:24:29 ----D---- C:\Windows\system32\tr-TR
2010-10-21 22:24:26 ----D---- C:\Windows\system32\wbem
2010-10-21 22:24:21 ----D---- C:\Windows\system32\nl-NL
2010-10-21 22:24:21 ----D---- C:\Windows\system32\nb-NO
2010-10-21 22:24:21 ----D---- C:\Windows\system32\lt-LT
2010-10-21 22:24:21 ----D---- C:\Windows\system32\ar-SA
2010-10-21 22:24:18 ----D---- C:\Windows\system32\pt-BR
2010-10-21 22:24:18 ----D---- C:\Windows\system32\migwiz
2010-10-21 22:21:37 ----RSD---- C:\Windows\Fonts
2010-10-21 22:20:58 ----D---- C:\Windows\system32\Boot
2010-10-21 22:19:23 ----D---- C:\Windows\system32\drivers\UMDF
2010-10-21 22:19:04 ----D---- C:\Windows\system32\RTCOM
2010-10-21 21:39:27 ----A---- C:\Windows\fonts\GlobalUserInterface.CompositeFont
2010-10-21 17:43:13 ----D---- C:\Windows\ERDNT
2010-10-21 09:17:05 ----SHD---- C:\Windows\Installer
2010-10-21 09:15:42 ----A---- C:\Windows\system32\deployJava1.dll
2010-10-21 09:15:37 ----D---- C:\Program Files\Java
2010-10-20 22:08:41 ----D---- C:\Program Files\Common Files\Java
2010-10-20 22:06:46 ----RD---- C:\Program Files
2010-10-19 11:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-15 23:12:48 ----SD---- C:\Users\dawn\AppData\Roaming\Microsoft
2010-10-15 17:40:48 ----D---- C:\ProgramData\Adobe
2010-10-15 15:48:33 ----D---- C:\Windows\system32\WDI
2010-10-15 12:35:26 ----A---- C:\Windows\system32\mrt.exe
2010-10-12 12:03:20 ----D---- C:\ProgramData
2010-10-12 11:58:17 ----D---- C:\Program Files\Common Files\microsoft shared
2010-10-09 19:07:06 ----D---- C:\Program Files\Trend Micro
2010-10-09 18:33:09 ----D---- C:\Program Files\Microsoft Office
2010-10-09 18:30:38 ----D---- C:\ProgramData\YAHOO
2010-10-09 18:29:53 ----D---- C:\Program Files\Common Files\SureThing Shared
2010-10-06 23:29:07 ----D---- C:\MGADiagToolOutput
2010-10-06 14:55:50 ----D---- C:\Program Files\MUSHclient
2010-09-28 16:52:28 ----SD---- C:\ProgramData\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\drivers\nvstor32.sys [2007-03-23 101160]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-03-07 43528]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 dsunidrv;DellSupport UniDriver; C:\Windows\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-10-18 258048]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-15 1744928]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-15 1059112]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-14 9557216]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
S3 catchme;catchme; \??\C:\Users\dawn\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [2006-10-05 4736]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-03-23 129832]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-03 118784]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-03 1862144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------


And here is the info.txt from RSIT:

info.txt logfile of random's system information tool 1.08 2010-10-22 13:02:43

======Uninstall list======

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.4.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Canon MP Navigator 2.0-->"C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP500-->"C:\Windows\system32\CanonIJ Uninstaller Information\{BA4DF4C3-196E-4128-969A-00996B5A46F8}\DelDrv.exe" /U:{BA4DF4C3-196E-4128-969A-00996B5A46F8} /L0x0009
Conexant D850 PCI V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -IDel200fz.inf
Dell DataSafe Online-->MsiExec.exe /I{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}
Dell Support Center-->MsiExec.exe /I{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}
Dell System Customization Wizard-->MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
EarthLink Setup Files-->MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Games, Music, & Photos Launcher-->MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Heroes of Might and Magic® III Complete-->C:\Windows\IsUninst.exe -f"C:\Program Files\3DO\Heroes 3 Complete\Heroes of Might and Magic® III.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Internet Service Offers Launcher-->MsiExec.exe /I{CCFF1E13-77A2-4032-8B12-7566982A27DF}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
jZip-->C:\PROGRA~1\jZip\UNWISE.EXE /U C:\PROGRA~1\jZip\INSTALL.LOG
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Default Manager-->MsiExec.exe /X{61BEA823-ECAF-49F1-8378-A59B3B8AD247}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{06E6E30D-B498-442F-A943-07DE41D7F785}
Microsoft UI Engine-->MsiExec.exe /I{2656D0AB-9EA4-4C58-A117-635F3CED8B93}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (3.6.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar Platform-->MsiExec.exe /I{66468F4D-BC4E-470C-9093-B3B6A1BB378C}
MSN Toolbar-->C:\Program Files\MSN Toolbar Installer\InstallManager.exe /UNINSTALL
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MUSHclient (remove only)-->C:\Program Files\MUSHclient\Laterversion\uninstall.exe
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIANetworkDiagnostic-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EFAD4066-CAF3-4B27-9669-12EED352C376}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: dawn-PC
Event Code: 4374
Message: Windows Servicing identified that package KB980248(Update) is not applicable for this system
Record Number: 240868
Source Name: Microsoft-Windows-Servicing
Time Written: 20100427204107.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: dawn-PC
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 240773
Source Name: Service Control Manager
Time Written: 20100427153050.000000-000
Event Type: Error
User:

Computer Name: dawn-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 240739
Source Name: Microsoft-Windows-Time-Service
Time Written: 20100427152951.000000-000
Event Type: Warning
User:

Computer Name: dawn-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 240738
Source Name: Microsoft-Windows-Time-Service
Time Written: 20100427152939.000000-000
Event Type: Warning
User:

Computer Name: dawn-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 240737
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20100427152917.114531-000
Event Type: Error
User:

=====Application event log=====

Computer Name: dawn-PC
Event Code: 5007
Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Record Number: 50125
Source Name: WerSvc
Time Written: 20081010135820.000000-000
Event Type: Error
User:

Computer Name: dawn-PC
Event Code: 1
Message: The application (Acrobat Reader 7.*, from vendor Adobe) has the following problem: Acrobat Reader 7.* has a known compatibility issue with this version of Windows. For an update that is compatible with this version of Windows, contact Adobe.
Record Number: 50068
Source Name: Microsoft-Windows-ApplicationExperienceInfrastructure
Time Written: 20081010050751.204600-000
Event Type: Warning
User: dawn-PC\dawn

Computer Name: dawn-PC
Event Code: 507
Message: msnmsgr (2740) \\.\C:\Users\dawn\AppData\Local\Microsoft\Messenger\dawneschenauer@hotmail.com\SharingMetadata\Working\database_2FC_7930_FC79_1EDB\dfsr.db: A request to read from the file "\\.\C:\Users\dawn\AppData\Local\Microsoft\Messenger\dawneschenauer@hotmail.com\SharingMetadata\Working\database_2FC_7930_FC79_1EDB\dfsr.db" at offset 319488 (0x000000000004e000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (921 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Record Number: 50053
Source Name: ESENT
Time Written: 20081010021755.000000-000
Event Type: Warning
User:

Computer Name: dawn-PC
Event Code: 5007
Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Record Number: 49995
Source Name: WerSvc
Time Written: 20081009155512.000000-000
Event Type: Error
User:

Computer Name: dawn-PC
Event Code: 5007
Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Record Number: 49879
Source Name: WerSvc
Time Written: 20081008154040.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: dawn-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: DAWN-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x24c
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 46643
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090708152307.677303-000
Event Type: Audit Success
User:

Computer Name: dawn-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 46642
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090708152307.568103-000
Event Type: Audit Success
User:

Computer Name: dawn-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: DAWN-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x24c
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 46641
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090708152307.568103-000
Event Type: Audit Success
User:

Computer Name: dawn-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: DAWN-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x24c
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 46640
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090708152307.568103-000
Event Type: Audit Success
User:

Computer Name: dawn-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-20
Account Name: NETWORK SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e4

Privileges: SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege
Record Number: 46639
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090708152307.474502-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\jZip
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4f02
"NUMBER_OF_PROCESSORS"=1
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

-----------------EOF-----------------
raina
Regular Member
 
Posts: 23
Joined: October 27th, 2009, 1:38 am

Re: Visited infected site, computer locking up

Unread postby askey127 » October 22nd, 2010, 2:31 pm

raina,
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

LiveUpdate 3.2
LiveUpdate Notice

Take extra care in answering questions posed by any Uninstaller.
---------------------------------------------
Symantec did not remove everything as it should. This is a common problem.
To completely remove Norton Antivirus, Download and Run the Norton Removal Tool for your version of Windows.
http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US
Perform the DownLoad for your version of Windows (download to your desktop as it says).
On your desktop, click on Norton Removal Tool and follow the instructions.
-----------------------------------------
Check Hard Drive for Errors
Open Notepad... then copy and paste the following line into Notepad:
(Notepad is in Start, Programs, Accessories)
Code: Select all
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"

Now Save the NotePad file like this:
  • Click on File from the top menu bar.
  • Select Save As, use Filename: testhd.bat. and Save As Type: All Files.
  • Choose Desktop as the location
  • Click Save.
Right click on testhd.bat on your desktop and select Run As Administrator to run it.
A Command Prompt box will pop up, then close after a couple minutes.
Please post the contents of the checkhd.txt file from your desktop.
If the file is very long, just copy and paste the LAST 20 or 30 lines into your reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Visited infected site, computer locking up

Unread postby raina » October 22nd, 2010, 3:29 pm

All those instructions followed without a hitch. Here is the checkhd.txt log:

The type of the file system is NTFS.
Volume label is OS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
1828 large file records processed.

0 bad file records processed.

0 EA records processed.

43 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
22457 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

145713151 KB total disk space.
35037956 KB in 107823 files.
70236 KB in 22458 indexes.
0 KB in bad sectors.
254427 KB in use by the system.
65536 KB occupied by the log file.
110350532 KB available on disk.

4096 bytes in each allocation unit.
36428287 total allocation units on disk.
27587633 allocation units available on disk.
raina
Regular Member
 
Posts: 23
Joined: October 27th, 2009, 1:38 am

Re: Visited infected site, computer locking up

Unread postby askey127 » October 23rd, 2010, 7:17 am

raina,
I don't see anything else that would cause malware-related issues. Let's do some cleanup.
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
Double click to run it. (Right click and Run as Administrator in Vista)
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
-------------------------------------------
Reset System Restore Points
  • Go to Start, Control Panel, System Maintenance. Then click the System icon
  • (If you use Classic View, the System icon will be directly in the Control Panel).
  • In the left pane click on System Protection. OK the confirmation to continue.
  • When the Dialog comes up, click on the System protection tab.
  • See that the drive letter where Windows is located (usually C:) has the box checked.
    (This indicates System restore is turned ON for the Windows drive).
  • Click the Create Button to create a new restore point. In the Name dialog, type a descriptive name and click Create.
  • You will get a message that the Restore Point was created successfully. Click Close.
  • Click OK and close the Control Panel.
--------------------------------------
  • Go to Start, All programs, Accessories, System Tools, Disk Cleanup.
  • Choose "Files from all users on this computer", and OK the confirmation.
  • Choose the drive letter where Windows is located (usually C:), and click OK.
  • After it scans, choose the More Options tab
  • Under "System Restore and Shadow Copies", click Clean up
  • It will ask if you are sure you want to delete all but the most recent restore point. Click Delete.
  • Click OK and verify that you want to delete the files.
The Utility will clean up the Restore points.

Reboot your machine to record the changes you have made.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware or changes in the Restore settings.

Make sure the red Antivir icon in the lower right system tray shows the umbrella open.
Let me know how it's running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Visited infected site, computer locking up

Unread postby raina » October 23rd, 2010, 10:21 pm

Okay, did all those things and I've been using the computer all day and it hasn't locked up, no other issues either. Not sure what was wrong to begin with but it does indeed seem fine now.

Thank you so very very much for all the help. It's a big weight off my mind to have it working right again. I wish I could send you some cookies. :)
raina
Regular Member
 
Posts: 23
Joined: October 27th, 2009, 1:38 am

Re: Visited infected site, computer locking up

Unread postby askey127 » October 24th, 2010, 7:33 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 329 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware