Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Please help for some reason I cant get on the internet!


Recommended Posts

I try getting on the internet and it says internet connection cant be found but prior to that my computer said I had a virus and to protect my computer it would not allow me access to the internet..... so i did a system recovery and the got rid of the virus alert but I still cant get on the internet, PLEASE help heres the log file:

 

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 13:17:58, on 2010-8-31

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\AOL\1157162157\ee\AOLSoftware.exe

C:\Program Files\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe

C:\Program Files\iolo\System Mechanic\Scheduled_Maintenance.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

c:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\explorer.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

c:\program files\aol\aol toolbar 5.0\AolTbServer.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [HostManager] C:\Program Files\Common Files\AOL\1157162157\ee\AOLSoftware.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [American Airlines DealFinder] null

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: - CmdMapping -

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} -

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F}MsnInst.InstallerBehaviorFactory.1 - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C}Aol.NewportUploaderCtrl.1 - http://o.aolcdn.com/pictures/ap/Resources/2.0.4.69/cab/aolpPlugins.10.4.0.4.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}SoftwareDistribution.MicrosoftUpdateWebControl.1 - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258001832046

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_21 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}Java Plug-in 1.6.0_21 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_21 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown - C:\Program Files\COMMON~1\AOL\AOLSPY~1\\aolserv.exe

O23 - Service: Ati HotKey Poller (Ati HotKey Poller) - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Security Toolbar Service (AVG Security Toolbar Service) - Unknown - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - Unknown - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 (Pml Driver HPZ12) - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Speed Disk service (Speed Disk service) - Unknown - C:\Program Files\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC (Symantec Core LC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown - C:\WINDOWS\wanmpsvc.exe

Link to comment
Share on other sites

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

****************************************

Please download Malwarebytes Anti-Malware from here.

 

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Link to comment
Share on other sites

thank you for your reply I did everything you said and it didnt find anything significant. I downloaded Google chrome it worked right after download and intial launch but now I cant even open it does nothing when I click on it, and explorer opens but says can't find connection. I can access the internet through my virus scan if i click on this forum link but thats the only way I cant access directly by clicking on my browser icon. Thanks for your time

Link to comment
Share on other sites

Malwarebytes' Anti-Malware 1.46

http://www.malwarebytes.org

 

Database version: 4525

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

9/2/2010 1:21:56 PM

mbam-log-2010-09-02 (13-21-56).txt

 

Scan type: Full scan (C:\|D:\|)

Objects scanned: 255586

Time elapsed: 1 hour(s), 1 minute(s), 0 second(s)

 

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 5

Files Infected: 129

 

Memory Processes Infected:

C:\Program Files\Evidence Eliminator\Ee.exe (Rogue.EvidenceEliminator) -> Unloaded process successfully.

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Quick Mode (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Safe Restart (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Safe Shutdown (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Eeshellx.ShellExt (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\Evidence Eliminator (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Evidence Eliminator (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

C:\Program Files\Evidence Eliminator (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Help (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Evidence Eliminator (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

 

Files Infected:

C:\Program Files\Evidence Eliminator\Ee.exe (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\License.txt (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\ReadMe.txt (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\UNWISE.EXE (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\UNWISE.INI (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Config.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Drives.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Files.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\FilesContents.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Folders.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\FolderScans.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\IECookiesKeep.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\IEDownloadedKeep.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\NSN4CookiesKeep.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\OE5ChoiceList.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\PlugInSelections.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\ScanMasks.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\TBChoiceList.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\AbsoluteFTP.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\ACDSEE Photo Viewer v3.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adaptec Easy CD Creator v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v3.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v3.1.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v5.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v5.1.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v6.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v7.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat v6.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.0 LE.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v6.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v7.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v8.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v9.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\ASPack.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Avant Browser.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Cabinet Manager.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Copernic 2000 Pro.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Copernic 2000.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Copernic Agent.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Cute FTP v3.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Cute FTP v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Delphi v3.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Delphi v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Delphi v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\DiskKeeper v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\DivXPlayer.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Download Accelerator.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Eudora Mail.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\EventLog.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\FTP Explorer.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\GetRight ExplorerBar.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\GetRight v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\GoogleBar.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\GoZilla.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Helios TextPad v3.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Helios TextPad v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\HelpWriter.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Icon Extractor.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\ICQ 2000a.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\InstallShield Express.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v6.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v7.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v8.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Jet PhotoShell v1.2.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Kazaa.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Limewire v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Macromedia Flash v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\MasterSplitter v2.1.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\McAfee Virus Scan v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microangelo 98.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Micrografx Picture Publisher v7.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Micrografx Picture Publisher v8.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft FrontPage Express.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft FrontPage.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft Help Workshop.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft HTML Help.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft Office.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft Publisher 2000.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft Send-To Extensions.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft Windows Paint.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft Windows WordPad.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\My Network Places.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Napster Music Community.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\NEATO Labels.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\NeoPlanet v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Norton AntiVirus 2000 (v6).eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Norton Antivirus 2003.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Norton File Manager.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Norton Internet Security 2004.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Norton Personal Firewall.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Norton Utilities 2000.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\NoteTab Pro.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Opera Browser.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\PackageForTheWeb.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Personal Ancestral File.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Real Audio Player v6 v7 v8.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Real Download v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\RealOne Player.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Roxio Easy CD Creator v6.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\SureThing CD Labeler.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Telnet.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Ulead Gif Animator v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Ulead Photo Explorer v4.2.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Ulead Photo Viewer v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact v10.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact Viewer v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\UltraEdit v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\UltraEdit v7.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Web Ferret v3.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\WinOnCD.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\WinRar v2.6.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\WinRar v2.70.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\WinRar v3.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\WinZip v7.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\WinZip v8.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Wise Installer.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Yahoo Player.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\ZipMagic 2000.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Zone Alarm.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Program Files\Evidence Eliminator\Help\ee.chm (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Help.lnk (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator License Agreement.lnk (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Read Me.lnk (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

 

 

Thanks for your help.... Nothing showed up an the other program thats why I didnt post it.

Link to comment
Share on other sites

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

***********************************

Download ComboFix by sUBs from one of the below links.

 

Important! You MUST save ComboFix to your desktop

 

link # 1

Link # 2

 

Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

Double click on ComboFix.exe & follow the prompts.

 

Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

When the scan completes it will open a text window.

 

Post the contents of that log in your next reply.

 

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.

Link to comment
Share on other sites

Re: Please help for some reason I cant get on the internet!

 

Results of screen317's Security Check version 0.99.5

Windows XP Service Pack 3

Internet Explorer 8

Error creating install.txt after 3 tries! Trying alternate method...

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG Free 9.0

iolo technologies' System Mechanic

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 21

Adobe Flash Player 10.1.53.64

Adobe Reader 7.0.9

Adobe Reader 7.1.0

Adobe Reader 8.1.0

Out of date Adobe Reader installed!

Mozilla Firefox (3.6.8)

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

iolo System Mechanic Scheduled_Maintenance.exe

````````````````````````````````

DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

 

``````````End of Log````````````

 

As far as combofix it did the scan and restarted the computer and it said wait well combofix prepares a log file and dont open any programs well it does this..... that stayed on there for four hours and it never made a log file so I just shutdown my computer and attempted it again but the same thing happened and it did not produce a log file..... same thing cant get on the web unless i log on to this site through my security center.

Link to comment
Share on other sites

Re: Please help for some reason I cant get on the internet!

 

I think i got combo fix to work and this is what it gave me

 

ComboFix 10-09-03.01 - HP_Owner 09/03/2010 15:32:10.3.2 - x86

Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll

c:\documents and settings\HP_Owner\Local Settings\Temp\IadHide5.dll

 

.

((((((((((((((((((((((((( Files Created from 2010-08-03 to 2010-09-03 )))))))))))))))))))))))))))))))

.

 

2010-09-03 04:34 . 2010-09-03 04:35 -------- d-----w- C:\62ee7f55cea9832021ed12

2010-09-02 23:53 . 2010-09-02 23:53 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2010-09-02 23:52 . 2010-09-02 23:52 -------- d-----w- c:\program files\MSBuild

2010-09-02 23:52 . 2010-09-03 04:35 -------- d-----w- c:\windows\system32\XPSViewer

2010-09-02 23:52 . 2010-09-02 23:52 -------- d-----w- c:\program files\Reference Assemblies

2010-09-02 23:52 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-09-02 23:51 . 2006-06-29 18:07 14048 ------w- c:\windows\system32\spmsg2.dll

2010-09-01 21:10 . 2010-09-01 21:10 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes

2010-09-01 21:10 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-01 21:10 . 2010-09-01 21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-01 21:10 . 2010-09-01 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-09-01 21:10 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-01 20:24 . 2010-09-01 20:24 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Temp

2010-09-01 18:24 . 2010-09-01 18:24 63488 ----a-w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-09-01 18:23 . 2010-09-01 18:23 52224 ----a-w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-09-01 18:23 . 2010-09-01 18:23 117760 ----a-w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-09-01 18:23 . 2010-09-01 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-09-01 18:23 . 2010-09-01 18:23 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com

2010-09-01 18:22 . 2010-09-01 18:23 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-08-29 04:39 . 2010-08-31 04:22 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\enlxubwwv

2010-08-26 09:05 . 2010-06-30 05:13 52224 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\0gqgjzcs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

2010-08-26 09:05 . 2010-06-30 05:13 101376 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\0gqgjzcs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

2010-08-05 22:30 . 2010-08-05 22:35 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Yahoo

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-03 19:25 . 2010-07-13 00:30 0 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\prvlcl.dat

2010-09-03 19:21 . 2006-06-20 15:32 72136 -c--a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-01 20:23 . 2006-04-26 19:48 -------- d-----w- c:\program files\Google

2010-08-26 18:59 . 2010-07-12 22:49 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\IObit

2010-08-26 18:57 . 2006-04-26 18:56 -------- d-----w- c:\program files\Common Files\Java

2010-08-26 18:55 . 2006-04-26 18:56 -------- d-----w- c:\program files\Java

2010-08-07 02:41 . 2006-06-20 16:42 10602 -c--a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat

2010-08-05 22:35 . 2006-06-29 03:21 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Yahoo!

2010-08-05 22:29 . 2006-06-29 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!

2010-08-03 02:27 . 2010-08-03 02:27 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-201d27b5-n\decora-sse.dll

2010-08-03 02:27 . 2010-08-03 02:27 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-227cd77e-n\msvcp71.dll

2010-08-03 02:27 . 2010-08-03 02:27 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-227cd77e-n\jmc.dll

2010-08-03 02:27 . 2010-08-03 02:27 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-227cd77e-n\msvcr71.dll

2010-08-03 02:27 . 2010-08-03 02:27 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-201d27b5-n\decora-d3d.dll

2010-07-31 18:16 . 2010-07-31 09:58 -------- d-----w- c:\program files\DoylesRoom

2010-07-31 09:56 . 2010-07-31 09:47 -------- d-----w- c:\program files\Full Tilt Poker

2010-07-29 09:13 . 2010-07-26 20:35 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Mozilla-Cache

2010-07-17 10:00 . 2010-06-25 20:34 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-13 00:03 . 2010-07-13 00:03 -------- d-----w- c:\program files\Trend Micro

2010-07-12 23:49 . 2010-07-12 22:49 -------- d-----w- c:\program files\IObit

2010-07-12 23:36 . 2010-07-12 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2010-07-12 23:09 . 2006-11-29 01:25 -------- d-----w- c:\program files\AOL Pictures

2010-07-12 22:34 . 2010-07-12 22:34 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Uniblue

2010-07-09 03:12 . 2008-09-24 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-07-08 23:46 . 2010-07-08 23:45 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

2010-07-08 23:34 . 2010-06-30 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-06-30 19:09 . 2010-06-30 19:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-06-30 19:09 . 2010-06-30 19:09 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-30 19:09 . 2010-06-30 19:09 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-30 19:09 . 2010-06-30 19:09 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-06-30 12:31 . 2004-08-04 04:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-25 20:34 . 2010-06-25 20:34 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1e5b282e-n\msvcp71.dll

2010-06-25 20:34 . 2010-06-25 20:34 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1e5b282e-n\jmc.dll

2010-06-25 20:34 . 2010-06-25 20:34 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1e5b282e-n\msvcr71.dll

2010-06-25 20:34 . 2010-06-25 20:34 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6c17d0c8-n\decora-sse.dll

2010-06-25 20:34 . 2010-06-25 20:34 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6c17d0c8-n\decora-d3d.dll

2010-06-24 12:22 . 2004-08-04 04:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2004-08-04 04:00 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-08-04 04:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-04 04:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2004-08-04 04:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2004-08-04 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2007-05-07 22:04 . 2006-06-28 21:31 2568 -csha-w- c:\windows\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-04-19 15:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-01-23 15969280]

"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]

"Share-to-Web Namespace Daemon"="c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-04-26 180269]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-30 2065760]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-01 136176]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-4-26 36903]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1157162157\\ee\\aolsoftware.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=

"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\America Online 9.0a\\waol.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\program files\American Airlines DealFinder\American_Airlines_DealFinder.exe"= c:\program files\American Airlines DealFinder\American_Airlines_DealFinder.exe

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

 

R3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\ADSFilter.sys [x]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]

R3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys [x]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-03 30192]

S0 VOBID;VOBID;c:\windows\system32\DRIVERS\vobid.sys [2003-08-01 29239]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-06-30 216400]

S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-06-30 243024]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S1 vobiw;vobiw; [x]

S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-30 308136]

S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]

S3 cdrdrv;cdrdrv;c:\windows\system32\Drivers\Cdrdrv.sys [2004-06-01 64000]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

 

2010-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job

- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 20:23]

 

2010-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job

- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 20:23]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:6522

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

- - - - ORPHANS REMOVED - - - -

 

AddRemove-AOLAntivirus - c:\program files\mcafee.com\antivirus\uninst.exe

AddRemove-Mozilla Firefox (3.6.8) - c:\program files\Mozilla Firefox\uninstall\helper.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-03 15:38

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,46,61,d5,83,dc,1d,42,85,96,38,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,46,61,d5,83,dc,1d,42,85,96,38,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(740)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(3644)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-09-03 15:43:08

ComboFix-quarantined-files.txt 2010-09-03 20:43

 

Pre-Run: 50,444,992,512 bytes free

Post-Run: 50,429,321,216 bytes free

 

- - End Of File - - AF4EA079B3188C2FA42C0713983C085E

Link to comment
Share on other sites

Re: Please help for some reason I cant get on the internet!

 

Please download the newest version of Adobe Acrobat Reader from Adobe.com

 

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.

Go to the Control Panel and enter Add or Remove Programs.

Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

 

Once old versions are gone, please install the newest version.

***************************************

Re-running ComboFix to remove infections:

 

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::
     
    DirLook::
    C:\62ee7f55cea9832021ed12
     
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
     
  • Save this as CFScript.txt, in the same location as ComboFix.exe
     
    http://img19.imageshack.us/img19/5660/cfscriptb4.gif
     
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

*********************************

 

* Download the following tool: RootRepeal - Rootkit Detector

* Direct download link is here: RootRepeal.zip

 

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.

* Click this link to see a list of such programs and how to disable them.

 

* Extract the program file to a new folder such as C:\RootRepeal

* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.

* Select ALL of the checkboxes and then click OK and it will start scanning your system.

* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.

* When done, click on Save Report

* Save it to the same location where you ran it from, such as C:RootRepeal

* Save it as rootrepeal.txt

* Then open that log and select all and copy/paste it back on your next reply please.

* Close RootRepeal.

Link to comment
Share on other sites

Re: Please help for some reason I cant get on the internet!

 

ComboFix 10-09-03.02 - HP_Owner 09/04/2010 15:23:24.7.2 - x86

Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll

c:\documents and settings\HP_Owner\Local Settings\Temp\IadHide5.dll

 

.

((((((((((((((((((((((((( Files Created from 2010-08-04 to 2010-09-04 )))))))))))))))))))))))))))))))

.

 

2010-09-04 19:36 . 2010-09-04 19:36 -------- d-----w- c:\program files\7-Zip

2010-09-04 18:44 . 2010-09-04 18:45 -------- d-----w- c:\program files\Common Files\Adobe

2010-09-03 04:34 . 2010-09-03 04:35 -------- d-----w- C:\62ee7f55cea9832021ed12

2010-09-02 23:53 . 2010-09-02 23:53 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2010-09-02 23:52 . 2010-09-02 23:52 -------- d-----w- c:\program files\MSBuild

2010-09-02 23:52 . 2010-09-03 04:35 -------- d-----w- c:\windows\system32\XPSViewer

2010-09-02 23:52 . 2010-09-02 23:52 -------- d-----w- c:\program files\Reference Assemblies

2010-09-02 23:52 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-09-02 23:51 . 2006-06-29 18:07 14048 ------w- c:\windows\system32\spmsg2.dll

2010-09-01 21:10 . 2010-09-01 21:10 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes

2010-09-01 21:10 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-01 21:10 . 2010-09-01 21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-01 21:10 . 2010-09-01 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-09-01 21:10 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-01 20:24 . 2010-09-03 20:59 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Temp

2010-09-01 18:24 . 2010-09-01 18:24 63488 ----a-w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-09-01 18:23 . 2010-09-01 18:23 52224 ----a-w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-09-01 18:23 . 2010-09-01 18:23 117760 ----a-w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-09-01 18:23 . 2010-09-01 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-09-01 18:23 . 2010-09-01 18:23 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com

2010-09-01 18:22 . 2010-09-01 18:23 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-08-29 04:39 . 2010-08-31 04:22 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\enlxubwwv

2010-08-26 09:05 . 2010-06-30 05:13 52224 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\0gqgjzcs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

2010-08-26 09:05 . 2010-06-30 05:13 101376 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\0gqgjzcs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

2010-08-05 22:30 . 2010-08-05 22:35 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Yahoo

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-04 18:55 . 2010-07-13 00:30 0 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\prvlcl.dat

2010-09-03 19:21 . 2006-06-20 15:32 72136 -c--a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-26 18:59 . 2010-07-12 22:49 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\IObit

2010-08-26 18:57 . 2006-04-26 18:56 -------- d-----w- c:\program files\Common Files\Java

2010-08-26 18:55 . 2006-04-26 18:56 -------- d-----w- c:\program files\Java

2010-08-07 02:41 . 2006-06-20 16:42 10602 -c--a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat

2010-08-05 22:35 . 2006-06-29 03:21 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Yahoo!

2010-08-05 22:29 . 2006-06-29 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!

2010-08-03 02:27 . 2010-08-03 02:27 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-201d27b5-n\decora-sse.dll

2010-08-03 02:27 . 2010-08-03 02:27 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-227cd77e-n\msvcp71.dll

2010-08-03 02:27 . 2010-08-03 02:27 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-227cd77e-n\jmc.dll

2010-08-03 02:27 . 2010-08-03 02:27 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-227cd77e-n\msvcr71.dll

2010-08-03 02:27 . 2010-08-03 02:27 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-201d27b5-n\decora-d3d.dll

2010-07-31 18:16 . 2010-07-31 09:58 -------- d-----w- c:\program files\DoylesRoom

2010-07-31 09:56 . 2010-07-31 09:47 -------- d-----w- c:\program files\Full Tilt Poker

2010-07-29 09:13 . 2010-07-26 20:35 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Mozilla-Cache

2010-07-17 10:00 . 2010-06-25 20:34 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-13 00:03 . 2010-07-13 00:03 -------- d-----w- c:\program files\Trend Micro

2010-07-12 23:49 . 2010-07-12 22:49 -------- d-----w- c:\program files\IObit

2010-07-12 23:36 . 2010-07-12 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2010-07-12 23:09 . 2006-11-29 01:25 -------- d-----w- c:\program files\AOL Pictures

2010-07-12 22:34 . 2010-07-12 22:34 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Uniblue

2010-07-09 03:12 . 2008-09-24 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-07-08 23:46 . 2010-07-08 23:45 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

2010-07-08 23:34 . 2010-06-30 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-06-30 19:09 . 2010-06-30 19:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-06-30 19:09 . 2010-06-30 19:09 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-30 19:09 . 2010-06-30 19:09 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-30 19:09 . 2010-06-30 19:09 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-06-30 12:31 . 2004-08-04 04:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-25 20:34 . 2010-06-25 20:34 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1e5b282e-n\msvcp71.dll

2010-06-25 20:34 . 2010-06-25 20:34 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1e5b282e-n\jmc.dll

2010-06-25 20:34 . 2010-06-25 20:34 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1e5b282e-n\msvcr71.dll

2010-06-25 20:34 . 2010-06-25 20:34 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6c17d0c8-n\decora-sse.dll

2010-06-25 20:34 . 2010-06-25 20:34 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6c17d0c8-n\decora-d3d.dll

2010-06-24 12:22 . 2004-08-04 04:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2004-08-04 04:00 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-08-04 04:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-04 04:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2004-08-04 04:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2004-08-04 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2007-05-07 22:04 . 2006-06-28 21:31 2568 -csha-w- c:\windows\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((( SnapShot@2010-09-03_20.38.42 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-04 20:14 . 2010-09-04 20:14 16384 c:\windows\temp\Perflib_Perfdata_770.dat

+ 2005-12-04 23:55 . 2010-09-04 20:18 71732 c:\windows\system32\perfc009.dat

- 2005-12-04 23:55 . 2010-09-03 20:15 71732 c:\windows\system32\perfc009.dat

+ 2009-12-22 01:09 . 2009-12-22 01:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll

+ 2009-12-22 06:57 . 2009-12-22 06:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe

+ 2009-12-22 01:02 . 2009-12-22 01:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll

+ 2009-12-22 04:21 . 2009-12-22 04:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe

+ 2009-12-11 20:57 . 2009-12-11 20:57 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobeextractfiles.dll

+ 2009-12-22 04:37 . 2009-12-22 04:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe

+ 2009-12-21 23:39 . 2009-12-21 23:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe

+ 2009-12-21 23:27 . 2009-12-21 23:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll

+ 2009-12-21 23:27 . 2009-12-21 23:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll

+ 2010-09-03 20:42 . 2010-09-03 20:42 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll

+ 2010-09-03 20:41 . 2010-09-03 20:41 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll

+ 2010-09-03 20:40 . 2010-09-03 20:40 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll

+ 2006-12-02 03:54 . 2006-12-02 03:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

+ 2006-12-02 03:54 . 2006-12-02 03:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

+ 2006-12-02 03:54 . 2006-12-02 03:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

+ 2005-12-04 23:55 . 2010-09-04 20:18 442466 c:\windows\system32\perfh009.dat

- 2005-12-04 23:55 . 2010-09-03 20:15 442466 c:\windows\system32\perfh009.dat

+ 2009-12-11 20:57 . 2009-12-11 20:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\readerupdater.exe

+ 2009-12-21 23:35 . 2009-12-21 23:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll

+ 2009-12-22 01:05 . 2009-12-22 01:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe

+ 2009-11-10 00:18 . 2009-11-10 00:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll

+ 2009-12-22 01:02 . 2009-12-22 01:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe

+ 2009-12-11 20:57 . 2009-12-11 20:57 948672 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobearm.exe

+ 2009-12-21 23:43 . 2009-12-21 23:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll

+ 2009-12-22 06:57 . 2009-12-22 06:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe

+ 2009-12-21 23:15 . 2009-12-21 23:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll

+ 2009-12-22 00:32 . 2009-12-22 00:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe

+ 2009-12-11 20:57 . 2009-12-11 20:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobatupdater.exe

+ 2009-12-22 00:15 . 2009-12-22 00:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe

+ 2010-09-03 20:42 . 2010-09-03 20:42 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll

+ 2010-09-03 20:41 . 2010-09-03 20:41 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll

+ 2010-09-03 20:41 . 2010-09-03 20:41 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll

+ 2010-09-03 20:41 . 2010-09-03 20:41 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll

+ 2010-09-03 20:41 . 2010-09-03 20:41 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll

+ 2010-09-03 20:41 . 2010-09-03 20:41 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll

+ 2010-09-03 20:41 . 2010-09-03 20:41 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll

+ 2010-09-03 20:41 . 2010-09-03 20:41 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll

+ 2010-09-03 20:41 . 2010-09-03 20:41 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll

+ 2010-09-03 20:40 . 2010-09-03 20:40 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll

+ 2010-09-03 20:40 . 2010-09-03 20:40 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2010-09-03 20:40 . 2010-09-03 20:40 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll

+ 2010-09-03 20:40 . 2010-09-03 20:40 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll

+ 2010-09-03 20:40 . 2010-09-03 20:40 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll

+ 2010-09-03 20:40 . 2010-09-03 20:40 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll

+ 2010-09-03 20:40 . 2010-09-03 20:40 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll

+ 2010-09-03 20:40 . 2010-09-03 20:40 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll

+ 2010-09-03 20:40 . 2010-09-03 20:40 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll

+ 2010-09-03 20:40 . 2010-09-03 20:40 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll

+ 2010-09-03 20:40 . 2010-09-03 20:40 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll

+ 2010-09-03 20:40 . 2010-09-03 20:40 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll

+ 2010-09-03 20:40 . 2010-09-03 20:40 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll

+ 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\5c116.msp

+ 2010-09-04 18:46 . 2010-09-04 18:46 3940352 c:\windows\Installer\5c114.msi

+ 2009-12-21 23:29 . 2009-12-21 23:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll

+ 2009-12-22 00:00 . 2009-12-22 00:00 1298996 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JSByteCodeWin.bin

+ 2009-12-22 04:31 . 2009-12-22 04:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll

+ 2010-09-03 20:42 . 2010-09-03 20:42 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll

+ 2010-09-03 20:42 . 2010-09-03 20:42 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll

+ 2010-09-03 20:42 . 2010-09-03 20:42 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll

+ 2010-09-03 20:42 . 2010-09-03 20:42 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll

+ 2010-09-03 20:42 . 2010-09-03 20:42 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll

+ 2010-09-03 20:41 . 2010-09-03 20:41 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll

+ 2010-09-03 20:41 . 2010-09-03 20:41 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll

+ 2010-09-03 20:41 . 2010-09-03 20:41 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll

+ 2010-09-03 20:40 . 2010-09-03 20:40 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll

+ 2010-09-03 20:40 . 2010-09-03 20:40 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll

+ 2010-09-03 20:40 . 2010-09-03 20:40 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll

+ 2010-09-03 20:40 . 2010-09-03 20:40 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll

+ 2010-09-03 20:39 . 2010-09-03 20:39 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll

+ 2010-09-03 20:40 . 2010-09-03 20:40 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll

+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\5c117.msp

+ 2010-08-13 18:09 . 2010-08-13 18:09 12263936 c:\windows\Installer\5c115.msp

+ 2010-09-03 20:41 . 2010-09-03 20:41 11798016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-04-19 15:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]

"Google Update"="c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-01 136176]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-01-23 15969280]

"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]

"Share-to-Web Namespace Daemon"="c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-04-26 180269]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-30 2065760]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-01 136176]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1157162157\\ee\\aolsoftware.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=

"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\America Online 9.0a\\waol.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\program files\American Airlines DealFinder\American_Airlines_DealFinder.exe"= c:\program files\American Airlines DealFinder\American_Airlines_DealFinder.exe

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

 

R3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\ADSFilter.sys [x]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]

R3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys [x]

S0 VOBID;VOBID;c:\windows\system32\DRIVERS\vobid.sys [2003-08-01 29239]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-06-30 216400]

S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-06-30 243024]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S1 vobiw;vobiw; [x]

S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-30 308136]

S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]

S3 cdrdrv;cdrdrv;c:\windows\system32\Drivers\Cdrdrv.sys [2004-06-01 64000]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

 

2010-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job

- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 20:23]

 

2010-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job

- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 20:23]

 

2010-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3098026712-3503124732-4122110064-1009Core.job

- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 20:23]

 

2010-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3098026712-3503124732-4122110064-1009UA.job

- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 20:23]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-04 15:30

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,46,61,d5,83,dc,1d,42,85,96,38,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,46,61,d5,83,dc,1d,42,85,96,38,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(744)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(3424)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-09-04 15:36:13

ComboFix-quarantined-files.txt 2010-09-04 20:36

ComboFix2.txt 2010-09-03 20:43

 

Pre-Run: 50,096,590,848 bytes free

Post-Run: 50,081,730,560 bytes free

 

- - End Of File - - C635B3E10E8DDB352632F963F9A5BA21

 

 

 

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/09/04 14:37

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

 

Drivers

-------------------

Name: Combo-Fix.sys

Image Path: Combo-Fix.sys

Address: 0xF758C000 Size: 60416 File Visible: No Signed: -

Status: -

 

Name: mbr.sys

Image Path: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\mbr.sys

Address: 0xF790C000 Size: 20864 File Visible: No Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xEE723000 Size: 49152 File Visible: No Signed: -

Status: -

 

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

 

==EOF==

 

 

Internet seems to be working again but if you see something on the reports that you want me to deal with please let me know.... Thank you so much for your time and knkowledge.

 

Thanks alot,

 

Derek:-D

Link to comment
Share on other sites

Re: Please help for some reason I cant get on the internet!

 

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites

Re: Please help for some reason I cant get on the internet!

 

Heres the report from the scan:

 

C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP254\A0136296.exe Win32/Adware.WBug.A application deleted - quarantined

C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP254\A0136297.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP254\A0136298.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP254\A0136299.exe a variant of Win32/Toolbar.MyWebSearch application deleted - quarantined

D:\I386\APPS\APP19575\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application deleted - quarantined

D:\I386\APPS\APP19575\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application deleted - quarantined

D:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP254\A0136300.exe a variant of Win32/Toolbar.MyWebSearch application deleted - quarantined

D:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP254\A0136301.exe a variant of Win32/Toolbar.MyWebSearch application deleted - quarantined

Link to comment
Share on other sites

Re: Please help for some reason I cant get on the internet!

 

That looks good. If there are no other issues, we can do some clean-up. Please run this next scan for administrative purposes then proceed with the cleanup

 

* Open IObit Security 360.

* Click the Update button and download any available updates.

* Choose Quarantine threats when removing them in Scan Parameters of Scan Setting in Options.

* Click Apply and OK buttons.

* Next (on the left) click the Scan button.

* Choose the Full Scan (Scan all hard drives in your computer) option to begin the scan.

* Once the scan has completed click Remove

* Next click Save a Report

* Post the IObit Security 360.log in your next reply.

**************************************

 

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.

* Now type Combofix /uninstall in the runbox

* Make sure there's a space between Combofix and /Uninstall

* Then hit Enter

 

* The above procedure will:

* Delete the following:

* ComboFix and its associated files and folders.

* Reset the clock settings.

* Hide file extensions, if required.

* Hide System/Hidden files, if required.

* Set a new, clean Restore Point.

 

**********************************

 

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

 

*************************************

 

Looking over your log it seems you don't have any evidence of a third party firewall.

 

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

 

Remember only install ONE firewall

 

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)

2) Online Armor

3) Agnitum Outpost

4) PC Tools Firewall Plus

 

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

******************************************

Use the Secunia Software Inspector to check for out of date software.

 

•Click Start Now

 

•Check the box next to Enable thorough system inspection.

 

•Click Start

 

•Allow the scan to finish and scroll down to see if any updates are needed.

•Update anything listed.

.

----------

 

Go to Microsoft Windows Update and get all critical updates.

 

----------

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

 

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Safe Surfing!

Link to comment
Share on other sites

Re: Please help for some reason I cant get on the internet!

 

IObit Security 360

 

OS:Windows XP

Version:1.5.0.13

Define Version:1809

Time Elapsed:00:39:02

Objects Scanned:73420

Threats Found:9

 

|Name|Type|Description|ID|

Tracking Cookies, Cookies, Cookie:hp_owner@www.superpages.com/, 7-2125

Tracking Cookies, Cookies, Cookie:hp_owner@turn.com/, 7-2167

Tracking Cookies, Cookies, Cookie:hp_owner@superpages.com/, 7-2125

Tracking Cookies, Cookies, Cookie:hp_owner@untd.com/, 7-2177

Tracking Cookies, Cookies, Cookie:hp_owner@interclick.com/, 7-1905

Tracking Cookies, Cookies, Cookie:hp_owner@quantserve.com/, 7-2072

Trojan.Downloader, File, C:\Program Files\IrfanView\iv_uninstall.exe, 11-13582

Trojan.Downloader, File, C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP209\A0128485.dll, 11-14647

Trojan.Trace, File, C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP213\A0128841.exe, 8-300

I wouldnt let get the optional updates from microsoft it kept saying update fail

 

Downloaded everything else you said though

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...