|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
08-15-2009, 09:20 AM
|
#1 (permalink) |
|
Registered User
Join Date: Aug 2009
Posts: 13
OS: XP
|
Search Redirection and ntoskrnl-hook problem. (Please Help!!)
So a couple days ago I started having a problem where when I clicked on a link in a search engine it would send me to spam website that had nothing to do with what I clicked, I recently download Mcafee and it found a ntoskrnl-hook file, something is also prevent me from running a scan on McAfee, and no matter what I do I can't get rid of them, it's becoming agonizing. =[
DDS and attached files provided. DDS (Ver_09-07-30.01) - NTFSx86 Run by Compaq_Administrator at 11:02:19.60 on Sat 08/15/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.104 [GMT -4:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\McAfee.com\Agent\mcagent.exe svchost.exe C:\WINDOWS\arservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\Compaq_Administrator.AUGUST\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll Trusted Zone: trymedia.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\compaq~1.aug\applic~1\mozilla\firefox\profiles\1haxaevr.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - Myspace.com|Youtube.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\program files\byond\bin\npbyond.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npssn.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\mozilla firefox\plugins\npvirtools.dll FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 214024] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-8-15 203280] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-8-15 359952] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-8-15 144704] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-8-15 606736] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-8-15 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-8-15 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-8-15 40552] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-8-15 34248] =============== Created Last 30 ================ 2009-08-15 08:22 3,501 a------- c:\windows\system32\Config.MPF 2009-08-15 08:17 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys 2009-08-15 08:17 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys 2009-08-15 08:17 35,272 a------- c:\windows\system32\drivers\mfebopk.sys 2009-08-15 08:17 120,136 a------- c:\windows\system32\drivers\Mpfp.sys 2009-08-15 08:15 <DIR> --d----- c:\program files\common files\McAfee 2009-08-15 08:15 <DIR> --d----- c:\program files\McAfee.com 2009-08-15 07:43 <DIR> --d----- c:\program files\McAfee 2009-08-15 07:36 34,248 a------- c:\windows\system32\drivers\mferkdk.sys 2009-08-14 10:01 1,970,176 a------- c:\windows\system32\d3dx9.dll 2009-08-14 10:01 679,936 a------- c:\windows\system32\D3DX81ab.dll 2009-08-12 04:54 <DIR> --d----- c:\docume~1\compaq~1.aug\applic~1\HPQ 2009-08-11 00:25 <DIR> --d----- c:\docume~1\compaq~1.aug\applic~1\AVG8 2009-08-10 23:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton 2009-08-10 23:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller 2009-08-10 20:30 <DIR> --d----- c:\windows\system32\Adobe 2009-08-10 13:30 216,064 a------- c:\windows\PEV.exe 2009-08-10 13:30 161,792 a------- c:\windows\SWREG.exe 2009-08-10 13:30 98,816 a------- c:\windows\sed.exe 2009-08-10 13:30 388,608 a------- c:\windows\system32\CF17157.exe 2009-08-10 08:46 <DIR> --d----- c:\windows\system32\LogFiles 2009-08-10 08:43 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll 2009-08-10 08:43 268,288 -------- c:\windows\system32\dllcache\iertutil.dll 2009-08-10 08:43 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll 2009-08-10 08:43 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-08-10 08:43 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll 2009-08-10 08:43 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat 2009-08-10 08:43 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui 2009-08-10 08:43 380,928 -------- c:\windows\system32\dllcache\ieapfltr.dll 2009-08-10 08:43 63,488 -------- c:\windows\system32\dllcache\icardie.dll 2009-08-10 07:23 <DIR> --d----- c:\docume~1\compaq~1.aug\applic~1\Malwarebytes 2009-08-10 07:06 129,784 -------- c:\windows\system32\pxafs.dll 2009-08-10 07:04 <DIR> --d----- c:\program files\common files\DivX Shared 2009-08-10 07:02 252 a------- c:\docume~1\compaq~1.aug\applic~1\wklnhst.dat 2009-08-09 21:41 <DIR> --dsh--- c:\documents and settings\compaq_administrator.august\UserData 2009-08-09 13:55 <DIR> --d----- c:\program files\KingsIsle Entertainment 2009-08-09 09:24 <DIR> --d----- c:\windows\system32\CatRoot_bak 2009-08-09 09:16 272,128 -------- c:\windows\system32\drivers\bthport.sys 2009-08-09 09:16 272,128 -------- c:\windows\system32\dllcache\bthport.sys 2009-08-09 09:08 2,180,480 -------- c:\windows\system32\dllcache\ntoskrnl.exe 2009-08-09 09:08 2,057,728 -------- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-08-09 09:08 2,015,744 -------- c:\windows\system32\dllcache\ntkrpamp.exe 2009-08-09 09:08 2,136,064 -------- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-08-09 09:07 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys 2009-08-09 09:00 208,744 a------- c:\windows\system32\muweb.dll 2009-08-09 09:00 268,648 a------- c:\windows\system32\mucltui.dll 2009-08-09 09:00 27,496 a------- c:\windows\system32\mucltui.dll.mui 2009-08-09 03:06 <DIR> --d----- c:\windows\system32\PreInstall 2009-08-08 12:49 <DIR> --d----- c:\windows\system32\SoftwareDistribution 2009-08-08 12:46 12,160 a------- c:\windows\system32\drivers\mouhid.sys 2009-08-08 12:46 9,600 a------- c:\windows\system32\drivers\hidusb.sys 2009-08-08 12:08 <DIR> --dshr-- c:\windows\system32\dllcache 2009-08-08 10:48 <DIR> --d----- c:\windows\system32\appmgmt 2009-08-08 10:20 <DIR> --d----- c:\documents and settings\compaq_administrator.august\Tracing 2009-08-08 10:12 <DIR> --d----- c:\docume~1\compaq~1.aug\applic~1\Flock 2009-08-08 10:03 <DIR> --dshr-- C:\cmdcons 2009-08-08 10:03 <DIR> --d----- c:\windows\setupupd 2009-08-08 10:01 1,691 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_RE468AA-ABA SR2013WM NA680_YC_0Pres_QCNH638_E64NAemREA4_48_INAOS_SASUSTek Computer INC._V1.05_B3.00_T060630_WXP2_L409_M447_J160_7AMD_8Athlon 64_92.4_#061224_N_Z14F12F20_G10DE0241.MRK 2009-08-08 09:56 <DIR> --d----- c:\docume~1\compaq~1.aug\applic~1\Intuit 2009-08-08 09:56 <DIR> --d----- c:\documents and settings\compaq_administrator.august\WINDOWS 2009-08-08 09:56 <DIR> --d----- c:\documents and settings\Compaq_Administrator.AUGUST 2009-08-07 21:18 <DIR> --dsh--- C:\found.001 2009-08-06 14:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FunGames 2009-08-05 04:21 <DIR> --dsh--- C:\found.000 2009-07-31 08:46 <DIR> --d----- c:\program files\DoremiSoft 2009-07-31 08:41 <DIR> --d----- c:\program files\Xilisoft 2009-07-28 08:58 31,232 a------- c:\windows\system\vdremote.dll 2009-07-28 08:58 25,088 a------- c:\windows\system\vdsvrlnk.dll 2009-07-28 08:53 <DIR> --d----- c:\program files\aviproxy 2009-07-28 08:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU 2009-07-28 08:06 <DIR> --d----- c:\program files\AVS4YOU 2009-07-26 12:00 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{4BCD2EB0-58F4-470D-BEA0-31428674FEBD} 2009-07-26 03:46 <DIR> --d----- c:\windows\Applian FLV Player 2009-07-23 00:27 <DIR> --d----- c:\program files\AskBarDis 2009-07-23 00:23 <DIR> --d----- c:\program files\Sony Online Entertainment 2009-07-23 00:22 <DIR> --d----- c:\program files\Cheat Engine 2009-07-23 00:22 <DIR> --d----- c:\program files\common files\Software Update Utility 2009-07-23 00:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AIM Toolbar 2009-07-23 00:21 <DIR> --d----- c:\program files\Brother 2009-07-23 00:20 <DIR> --d----- c:\program files\CCleaner 2009-07-23 00:20 <DIR> --d----- c:\program files\Nick Arcade 2009-07-23 00:20 <DIR> --d----- c:\program files\John Deere American Builder Deluxe 2009-07-23 00:20 <DIR> --d----- c:\program files\YummyGames 2009-07-22 21:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AIM Toolbar(2) 2009-07-21 23:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus 2009-07-19 20:00 <DIR> --d----- c:\program files\autobracket_as3_air ==================== Find3M ==================== 2009-07-19 19:03 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll 2009-07-18 12:00 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll 2009-07-08 13:44 214,024 a------- c:\windows\system32\drivers\mfehidk.sys 2009-06-29 07:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-06-29 04:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe 2009-06-29 04:33 161,792 -------- c:\windows\system32\dllcache\ieakui.dll 2009-06-26 11:59 474,112 -------- c:\windows\system32\dllcache\shlwapi.dll 2009-06-26 11:59 1,054,208 -------- c:\windows\system32\dllcache\danim.dll 2009-06-26 11:59 1,024,000 -------- c:\windows\system32\dllcache\browseui.dll 2009-06-26 11:59 151,040 -------- c:\windows\system32\dllcache\cdfview.dll 2009-06-16 20:25 119,808 -------- c:\windows\system32\t2embed.dll 2009-06-16 20:25 119,808 -------- c:\windows\system32\dllcache\t2embed.dll 2009-06-16 10:55 82,432 -------- c:\windows\system32\fontsub.dll 2009-06-16 10:55 82,432 -------- c:\windows\system32\dllcache\fontsub.dll 2009-06-03 15:24 1,291,264 a------- c:\windows\system32\quartz.dll 2009-06-03 15:24 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll 2009-05-28 18:46 137,447 a------- c:\windows\HPHins15.dat 2008-11-06 07:00 17,043 a------- c:\program files\common files\rebobox.dll 2008-11-06 07:00 16,170 a------- c:\docume~1\alluse~1\applic~1\ucyhi.reg 2008-11-06 07:00 14,850 a------- c:\docume~1\alluse~1\applic~1\ecovilew.vbs 2008-11-06 07:00 12,980 a------- c:\docume~1\alluse~1\applic~1\jeveraj.dll 2008-11-05 08:00 18,468 a------- c:\docume~1\alluse~1\applic~1\ihyh.reg 2008-11-05 08:00 15,141 a------- c:\docume~1\alluse~1\applic~1\tudomode.pif 2008-11-05 08:00 15,118 a------- c:\docume~1\alluse~1\applic~1\eqaki.dat 2008-11-05 08:00 10,444 a------- c:\program files\common files\howiqas.dl 2008-11-05 08:00 17,461 a------- c:\program files\common files\wajij.ban ============= FINISH: 11:04:46.73 =============== |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
08-15-2009, 02:55 PM
|
#2 (permalink) |
|
Analyst, Security Team
Join Date: Jan 2009
Posts: 554
OS: N/A
|
Re: Search Redirection and ntoskrnl-hook problem. (Please Help!!)
Hello.
One of the infection is a rootkit/backdoor. There are other infections in the log as well. Although it may not be active, you should still know about this infection and how it works, so you can act accordingly. Let me know what you decide to do. Unfortunatly One or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information and download and execute files. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? When Should I Format, How Should I Reinstall We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. With Regards, Extremeboy |
|
|
|
|
08-19-2009, 07:55 AM
|
#3 (permalink) |
|
Registered User
Join Date: Aug 2009
Posts: 13
OS: XP
|
Re: Search Redirection and ntoskrnl-hook problem. (Please Help!!)
I'd like to get help cleaning the machine.
I no longer have the CD's to reformat, and my computer is used merely as a way to socialize with others online, no important records or documents are kept in the system. |
|
|
|
|
08-19-2009, 11:12 AM
|
#4 (permalink) |
|
Analyst, Security Team
Join Date: Jan 2009
Posts: 554
OS: N/A
|
Re: Search Redirection and ntoskrnl-hook problem. (Please Help!!)
Hello.
Thanks for letting me know. We are going to start with Combofix. Download and Run ComboFix Note to readers of this post other than the starter of this thread: ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert. Download Combofix from any of the links below, and save it to your desktop. Link 1 Link 2 Please refer to this page for full instructions on how to run ComboFix.
ComboFix will restart your computer if malware is found; allow it to do so. Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall. Any problems please let me know. With Regards, Extremeboy |
|
|
|
|
08-19-2009, 02:30 PM
|
#5 (permalink) |
|
Registered User
Join Date: Aug 2009
Posts: 13
OS: XP
|
Re: Search Redirection and ntoskrnl-hook problem. (Please Help!!)
Ok, here is the log:
ComboFix 09-08-18.04 - Compaq_Administrator 08/19/2009 15:58.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.146 [GMT -4:00] Running from: c:\documents and settings\Compaq_Administrator.AUGUST\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\documents and settings\All Users\Application Data\SeekappSrch\seekapp139.exe c:\program files\AskSearch\bin\DefaultSearch.dll c:\program files\SeekappSrch\readme.html c:\program files\SeekappSrch\seekapp.dll c:\program files\SeekappSrch\seekapp.exe c:\program files\SeekappSrch\uninstall.exe c:\windows\Fonts\a.zip c:\windows\Installer\1049b5.msi c:\windows\Installer\105167e.msi c:\windows\Installer\1051684.msi c:\windows\Installer\105eb88.msi c:\windows\Installer\11ede40.msi c:\windows\Installer\1219f06.msi c:\windows\Installer\12468b5.msi c:\windows\Installer\1302280.msi c:\windows\Installer\1390aede.msi c:\windows\Installer\13dc1753.msi c:\windows\Installer\13dc19b5.msi c:\windows\Installer\13fb05ef.msi c:\windows\Installer\15bdf3.msi c:\windows\Installer\15bdf8.msi c:\windows\Installer\160878.msi c:\windows\Installer\163cb9e.msi c:\windows\Installer\16765a0.msi c:\windows\Installer\16c48fb.msp c:\windows\Installer\181c6893.msi c:\windows\Installer\181c694d.msi c:\windows\Installer\181c694e.msp c:\windows\Installer\181c694f.msp c:\windows\Installer\181c6950.msp c:\windows\Installer\181c6951.msp c:\windows\Installer\181c6952.msp c:\windows\Installer\181c6953.msp c:\windows\Installer\181c6954.msp c:\windows\Installer\181c6955.msp c:\windows\Installer\181c6956.msp c:\windows\Installer\182359e0.msi c:\windows\Installer\182359e1.msp c:\windows\Installer\182359e2.msp c:\windows\Installer\182359e3.msp c:\windows\Installer\182359e4.msp c:\windows\Installer\182359e5.msp c:\windows\Installer\182359e6.msp c:\windows\Installer\182359e7.msp c:\windows\Installer\182359e8.msp c:\windows\Installer\182359e9.msp c:\windows\Installer\182359ea.msp c:\windows\Installer\1824b3c9.msi c:\windows\Installer\1948e6d.msi c:\windows\Installer\194dd124.msi c:\windows\Installer\194dd13d.msi c:\windows\Installer\19c339.msi c:\windows\Installer\1a054.msi c:\windows\Installer\1a05f.msi c:\windows\Installer\1a066.msi c:\windows\Installer\1aba265.msi c:\windows\Installer\1aba266.msp c:\windows\Installer\1aba267.msp c:\windows\Installer\1aba268.msp c:\windows\Installer\1aba269.msp c:\windows\Installer\1aba26a.msp c:\windows\Installer\1aba26b.msp c:\windows\Installer\1aba26c.msp c:\windows\Installer\1aba26d.msp c:\windows\Installer\1aba26e.msp c:\windows\Installer\1b3894b.msi c:\windows\Installer\1b3894c.msp c:\windows\Installer\1b3894d.msp c:\windows\Installer\1b3894e.msp c:\windows\Installer\1b3894f.msp c:\windows\Installer\1b38950.msp c:\windows\Installer\1b38951.msp c:\windows\Installer\1b38952.msp c:\windows\Installer\1b38953.msp c:\windows\Installer\1b38954.msp c:\windows\Installer\1b38955.msp c:\windows\Installer\1b4e3e9.msi c:\windows\Installer\1b5995b.msi c:\windows\Installer\1b59bbd.msi c:\windows\Installer\1cdfa33.msi c:\windows\Installer\1da8ff1.msp c:\windows\Installer\1fc5cb8.msi c:\windows\Installer\200a403e.msi c:\windows\Installer\200a4068.msi c:\windows\Installer\200a42f0.msi c:\windows\Installer\200a42f7.msi c:\windows\Installer\200a42fd.msi c:\windows\Installer\2137472.msi c:\windows\Installer\2227070.msp c:\windows\Installer\223f9a6.msi c:\windows\Installer\239cb0b1.msi c:\windows\Installer\23d983d.msi c:\windows\Installer\2465ba4.msi c:\windows\Installer\2465bbc.msp c:\windows\Installer\2469ec.msi c:\windows\Installer\257f409.msi c:\windows\Installer\25eb0da7.msi c:\windows\Installer\2644397.msp c:\windows\Installer\264439d.msi c:\windows\Installer\27302f7.msi c:\windows\Installer\28d4a90.msi c:\windows\Installer\28d4a96.msi c:\windows\Installer\28d4a9c.msi c:\windows\Installer\28d4aa2.msi c:\windows\Installer\28d4aa8.msi c:\windows\Installer\28d4aae.msi c:\windows\Installer\28d4ab4.msi c:\windows\Installer\28d4aba.msi c:\windows\Installer\28d4aca.msi c:\windows\Installer\2a400c.msi c:\windows\Installer\2ad41fb.msi c:\windows\Installer\2c65ebf.msi c:\windows\Installer\2c6c34.msi c:\windows\Installer\309108e4.msi c:\windows\Installer\309108ec.msp c:\windows\Installer\319800.msi c:\windows\Installer\3347140.msi c:\windows\Installer\334714f.msi c:\windows\Installer\3347156.msi c:\windows\Installer\334715d.msi c:\windows\Installer\3347163.msi c:\windows\Installer\334718d.msi c:\windows\Installer\334719e.msi c:\windows\Installer\33471ae.msi c:\windows\Installer\33471b4.msi c:\windows\Installer\33471bb.msi c:\windows\Installer\33471c1.msi c:\windows\Installer\33471d4.msi c:\windows\Installer\33471ee.msi c:\windows\Installer\3347212.msi c:\windows\Installer\3347224.msi c:\windows\Installer\334722e.msi c:\windows\Installer\3347236.msi c:\windows\Installer\3347242.msi c:\windows\Installer\3347253.msi c:\windows\Installer\334725c.msi c:\windows\Installer\3347265.msi c:\windows\Installer\3347278.msi c:\windows\Installer\3347283.msi c:\windows\Installer\334728a.msi c:\windows\Installer\39c6c1.msi c:\windows\Installer\39c6d0.msi c:\windows\Installer\39c6d7.msi c:\windows\Installer\39c6de.msi c:\windows\Installer\39c6e4.msi c:\windows\Installer\39c70e.msi c:\windows\Installer\39c71f.msi c:\windows\Installer\39c72f.msi c:\windows\Installer\39c735.msi c:\windows\Installer\39c73c.msi c:\windows\Installer\39c742.msi c:\windows\Installer\39c759.msi c:\windows\Installer\39c773.msi c:\windows\Installer\39c798.msi c:\windows\Installer\39c7aa.msi c:\windows\Installer\39c7b4.msi c:\windows\Installer\39c7bc.msi c:\windows\Installer\39c7c8.msi c:\windows\Installer\39c7d9.msi c:\windows\Installer\39c7e1.msi c:\windows\Installer\39c7ea.msi c:\windows\Installer\3a7258f.msi c:\windows\Installer\3a7259b.msi c:\windows\Installer\3b15c83.msi c:\windows\Installer\3b1e8a.msi c:\windows\Installer\3ca757a.msi c:\windows\Installer\3ca757e.msi c:\windows\Installer\3e0d65.msi c:\windows\Installer\3e0d6c.msi c:\windows\Installer\3e0d73.msi c:\windows\Installer\3e0d79.msi c:\windows\Installer\3e0d7f.msi c:\windows\Installer\3e0d85.msi c:\windows\Installer\3e0d8b.msi c:\windows\Installer\3e0d91.msi c:\windows\Installer\3e0d97.msi c:\windows\Installer\3e0d9d.msi c:\windows\Installer\3e0da3.msi c:\windows\Installer\3e0da9.msi c:\windows\Installer\3e0daf.msi c:\windows\Installer\3e0db5.msi c:\windows\Installer\3e0dbc.msi c:\windows\Installer\3e0dc3.msi c:\windows\Installer\3e0dd9.msi c:\windows\Installer\3e0ddf.msi c:\windows\Installer\3e0de5.msi c:\windows\Installer\3e0deb.msi c:\windows\Installer\3e0df1.msi c:\windows\Installer\3e0df7.msi c:\windows\Installer\3e0dfd.msi c:\windows\Installer\3e0e03.msi c:\windows\Installer\3e0e09.msi c:\windows\Installer\3e0e0f.msi c:\windows\Installer\3e0e15.msi c:\windows\Installer\3e0e1b.msi c:\windows\Installer\3e0e22.msi c:\windows\Installer\3e0e29.msi c:\windows\Installer\3f621e7.msi c:\windows\Installer\3f621f8.msi c:\windows\Installer\3f6220b.msi c:\windows\Installer\3f62214.msi c:\windows\Installer\3f6223a.msi c:\windows\Installer\3f7994d.msi c:\windows\Installer\41fd44.msi c:\windows\Installer\41fd4b.msp c:\windows\Installer\440710e.msi c:\windows\Installer\446f079.msi c:\windows\Installer\461b31b.msi c:\windows\Installer\462deda.msi c:\windows\Installer\472012f.msp c:\windows\Installer\48f14.msi c:\windows\Installer\48f2d.msp c:\windows\Installer\4bce425.msi c:\windows\Installer\502304.msi c:\windows\Installer\502312.msi c:\windows\Installer\502320.msi c:\windows\Installer\50232b.msi c:\windows\Installer\502339.msi c:\windows\Installer\502344.msi c:\windows\Installer\50234d.msi c:\windows\Installer\50238b.msi c:\windows\Installer\510e88b.msi c:\windows\Installer\51ec26.msi c:\windows\Installer\51ec2c.msi c:\windows\Installer\51ec38.msi c:\windows\Installer\51ec4a.msi c:\windows\Installer\52d3243.msi c:\windows\Installer\532403c.msi c:\windows\Installer\532404b.msi c:\windows\Installer\5324052.msi c:\windows\Installer\5324059.msi c:\windows\Installer\532405f.msi c:\windows\Installer\5324089.msi c:\windows\Installer\532409a.msi c:\windows\Installer\53240aa.msi c:\windows\Installer\53240b0.msi c:\windows\Installer\53240b7.msi c:\windows\Installer\53240bd.msi c:\windows\Installer\53240d0.msi c:\windows\Installer\53240ea.msi c:\windows\Installer\53240f0.msi c:\windows\Installer\53240fa.msi c:\windows\Installer\5324102.msi c:\windows\Installer\532410e.msi c:\windows\Installer\532411f.msi c:\windows\Installer\5324127.msi c:\windows\Installer\5324130.msi c:\windows\Installer\5324143.msi c:\windows\Installer\532414e.msi c:\windows\Installer\5324155.msi c:\windows\Installer\5434926.msi c:\windows\Installer\58de2.msi c:\windows\Installer\59adfa8.msi c:\windows\Installer\5b8cb.msi c:\windows\Installer\5b9e04.msi c:\windows\Installer\5dab0.msi c:\windows\Installer\5dab8.msi c:\windows\Installer\5dabf.msi c:\windows\Installer\5dac6.msi c:\windows\Installer\5dacc.msi c:\windows\Installer\5daee.msi c:\windows\Installer\5daff.msi c:\windows\Installer\5db08.msi c:\windows\Installer\5db0e.msi c:\windows\Installer\5db16.msi c:\windows\Installer\5db1c.msi c:\windows\Installer\5db3b.msi c:\windows\Installer\5db52.msi c:\windows\Installer\5db7a.msi c:\windows\Installer\5db89.msi c:\windows\Installer\5db93.msi c:\windows\Installer\5db9a.msi c:\windows\Installer\5dba1.msi c:\windows\Installer\5dbad.msi c:\windows\Installer\5dbb3.msi c:\windows\Installer\5dbb9.msi c:\windows\Installer\5dbbf.msi c:\windows\Installer\5dbc5.msi c:\windows\Installer\5dbcc.msi c:\windows\Installer\601c043.msi c:\windows\Installer\6821d4.msi c:\windows\Installer\6ac0e2.msi c:\windows\Installer\6c76d5.msi c:\windows\Installer\6c7717.msi c:\windows\Installer\6d7ff0.msi c:\windows\Installer\6e3eb83.msi c:\windows\Installer\7086a1d.msi c:\windows\Installer\717a36c.msi c:\windows\Installer\717a372.msi c:\windows\Installer\7bb3fe3.msi c:\windows\Installer\7bdd06e.msi c:\windows\Installer\7c9f62f.msi c:\windows\Installer\7d654d9.msi c:\windows\Installer\7d689cd.msi c:\windows\Installer\7d689d5.msi c:\windows\Installer\7d689e3.msi c:\windows\Installer\7d689ec.msi c:\windows\Installer\7d68b14.msi c:\windows\Installer\82835ed.msi c:\windows\Installer\8c32eb.msi c:\windows\Installer\94f503.msi c:\windows\Installer\94f509.msi c:\windows\Installer\94f50f.msi c:\windows\Installer\94f516.msi c:\windows\Installer\94f51c.msi c:\windows\Installer\94f522.msi c:\windows\Installer\94f528.msi c:\windows\Installer\94f52e.msi c:\windows\Installer\94f539.msi c:\windows\Installer\94f53f.msi c:\windows\Installer\94f545.msi c:\windows\Installer\94f54b.msi c:\windows\Installer\94f551.msi c:\windows\Installer\94f557.msi c:\windows\Installer\94f55d.msi c:\windows\Installer\94f563.msi c:\windows\Installer\94f569.msi c:\windows\Installer\94f56f.msi c:\windows\Installer\94f576.msi c:\windows\Installer\94f57d.msi c:\windows\Installer\94f584.msi c:\windows\Installer\94f58a.msi c:\windows\Installer\94f590.msi c:\windows\Installer\94f596.msi c:\windows\Installer\94f59c.msi c:\windows\Installer\94f5a2.msi c:\windows\Installer\94f5a9.msi c:\windows\Installer\94f5b0.msi c:\windows\Installer\94f5b7.msi c:\windows\Installer\94f5bd.msi c:\windows\Installer\94f5c4.msi c:\windows\Installer\94f5ca.msi c:\windows\Installer\9c767.msi c:\windows\Installer\9c768.msp c:\windows\Installer\9c769.msp c:\windows\Installer\9c76a.msp c:\windows\Installer\9c76b.msp c:\windows\Installer\9c76c.msp c:\windows\Installer\9c76d.msp c:\windows\Installer\9c76e.msp c:\windows\Installer\9c76f.msp c:\windows\Installer\9c770.msp c:\windows\Installer\9fda43.msi c:\windows\Installer\a1ba8e.msp c:\windows\Installer\a4135e.msi c:\windows\Installer\ad5aa3.msi c:\windows\Installer\b520467.msi c:\windows\Installer\b58ed.msi c:\windows\Installer\c03a19.msi c:\windows\Installer\c170a6.msi c:\windows\Installer\c170af.msp c:\windows\Installer\c91d836.msi c:\windows\Installer\c91d83f.msi c:\windows\Installer\c91d8b3.msi c:\windows\Installer\c91d8ba.msi c:\windows\Installer\c91d8c4.msi c:\windows\Installer\cc19d6.msi c:\windows\Installer\ce88849.msi c:\windows\Installer\d190737.msi c:\windows\Installer\d2287e.msi c:\windows\Installer\d22886.msp c:\windows\Installer\d2288c.msi c:\windows\Installer\dc76c.msi c:\windows\Installer\dc773.msi c:\windows\Installer\dc78d.msi c:\windows\Installer\dc793.msi c:\windows\Installer\dc799.msi c:\windows\Installer\dc79f.msi c:\windows\Installer\dc7a5.msi c:\windows\Installer\e0b88.msi c:\windows\Installer\e0f72c0.msi c:\windows\Installer\e2b6d1.msi c:\windows\Installer\e2b6d8.msi c:\windows\Installer\e3283bf.msi c:\windows\Installer\e9e7aab.msi c:\windows\Installer\e9e7aba.msi c:\windows\Installer\e9e7ac0.msi c:\windows\Installer\f1bdef.msi c:\windows\Installer\f7dd8bf.msi c:\windows\kb913800.exe c:\windows\run.log c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro.lnk c:\windows\system32\drivers\SKYNETwgupjftj.sys c:\windows\system32\SKYNETlhiqptsn.dll c:\windows\system32\SKYNETrbetekbu.dll c:\windows\system32\SKYNETrniltitu.dat c:\windows\system32\SKYNETwkrykomx.dat D:\Autorun.inf Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected Restored copy from - c:\windows\system32\dllcache\mspmsnsv.dll Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected Restored copy from - c:\windows\system32\dllcache\mspmsnsv.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SKYNETidqgrrns -------\Legacy_SKYNETidqgrrns ((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 ))))))))))))))))))))))))))))))) . 2009-08-17 08:56 . 2009-08-17 08:56 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2009-08-15 12:53 . 2009-08-15 12:53 -------- d-----w- c:\documents and settings\Compaq_Administrator.AUGUST\Application Data\acccore 2009-08-15 12:53 . 2009-08-15 12:53 -------- d-----w- c:\documents and settings\Compaq_Administrator.AUGUST\Local Settings\Application Data\AOL OCP 2009-08-15 12:44 . 2009-08-15 16:33 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-08-15 12:21 . 2009-08-15 12:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-08-15 12:17 . 2009-07-08 17:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-08-15 12:17 . 2009-07-08 17:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-08-15 12:17 . 2009-07-08 17:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-08-15 12:17 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-08-15 12:15 . 2009-08-15 12:17 -------- d-----w- c:\program files\Common Files\McAfee 2009-08-15 12:15 . 2009-08-15 12:16 -------- d-----w- c:\program files\McAfee.com 2009-08-15 11:43 . 2009-08-15 12:20 -------- d-----w- c:\program files\McAfee 2009-08-15 11:36 . 2009-07-08 17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-08-15 11:00 . 2009-08-15 11:00 152576 ----a-w- c:\documents and settings\Compaq_Administrator.AUGUST\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-15 10:51 . 2009-08-15 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-08-14 19:12 . 2009-08-14 19:11 38208 ----a-w- c:\documents and settings\Compaq_Administrator.AUGUST\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe 2009-08-14 14:01 . 2007-12-26 21:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll 2009-08-14 14:01 . 2007-12-26 21:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll 2009-08-12 08:54 . 2009-08-12 08:54 -------- d-----w- c:\documents and settings\Compaq_Administrator.AUGUST\Application Data\HPQ 2009-08-11 23:31 . 2009-08-11 23:31 -------- d-----w- c:\documents and settings\Compaq_Administrator.AUGUST\Local Settings\Application Data\Identities 2009-08-11 05:37 . 2009-08-11 05:37 -------- d-----w- c:\documents and settings\Compaq_Administrator.AUGUST\Application Data\DivX 2009-08-11 04:25 . 2009-08-11 04:25 -------- d-----w- c:\documents and settings\Compaq_Administrator.AUGUST\Application Data\AVG8 2009-08-11 03:31 . 2009-08-11 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-08-11 03:31 . 2009-08-11 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-08-11 00:30 . 2009-08-11 00:30 -------- d-----w- c:\windows\system32\Adobe 2009-08-10 14:09 . 2009-08-10 14:09 -------- d-----w- c:\documents and settings\Compaq_Administrator.AUGUST\Local Settings\Application Data\Mozilla 2009-08-10 14:06 . 2009-08-10 14:06 -------- d-----w- c:\documents and settings\Compaq_Administrator.AUGUST\Application Data\Netscape 2009-08-10 12:46 . 2009-08-10 12:47 -------- d-----w- c:\windows\system32\drivers\UMDF 2009-08-10 12:46 . 2009-08-10 12:46 -------- d-----w- c:\windows\system32\LogFiles 2009-08-10 12:43 . 2009-06-29 16:12 52224 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-08-10 12:43 . 2009-06-29 16:12 459264 ------w- c:\windows\system32\dllcache\msfeeds.dll 2009-08-10 12:43 . 2009-06-29 16:12 268288 ------w- c:\windows\system32\dllcache\iertutil.dll 2009-08-10 12:43 . 2009-06-29 11:07 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe 2009-08-10 12:43 . 2009-07-19 13:32 6067200 ------w- c:\windows\system32\dllcache\ieframe.dll 2009-08-10 12:43 . 2009-06-29 16:12 63488 ------w- c:\windows\system32\dllcache\icardie.dll 2009-08-10 12:43 . 2009-06-29 16:12 380928 ------w- c:\windows\system32\dllcache\ieapfltr.dll 2009-08-10 12:43 . 2009-06-29 08:33 2452872 ------w- c:\windows\system32\dllcache\ieapfltr.dat 2009-08-10 11:23 . 2009-08-10 11:23 -------- d-----w- c:\documents and settings\Compaq_Administrator.AUGUST\Application Data\Malwarebytes 2009-08-10 11:06 . 2009-05-01 21:03 129784 ------w- c:\windows\system32\pxafs.dll 2009-08-10 11:04 . 2009-08-10 11:04 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-08-10 11:02 . 2009-08-10 11:02 -------- d-----w- c:\documents and settings\Compaq_Administrator.AUGUST\Application Data\Template 2009-08-10 01:41 . 2009-08-10 01:41 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.AUGUST\UserData 2009-08-09 17:55 . 2009-08-09 17:55 -------- d-----w- c:\program files\KingsIsle Entertainment 2009-08-09 13:24 . 2009-08-09 13:53 -------- d-----w- c:\windows\system32\CatRoot_bak 2009-08-09 13:16 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys 2009-08-09 13:16 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys 2009-08-09 13:08 . 2009-02-06 17:24 2180480 ------w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-08-09 13:08 . 2009-02-06 16:49 2057728 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-08-09 13:08 . 2009-02-06 16:49 2015744 ------w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-08-09 13:08 . 2009-02-06 17:22 2136064 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-08-09 13:07 . 2008-10-24 11:10 453632 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2009-08-09 13:00 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll 2009-08-09 13:00 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-08-09 01:11 . 2009-08-09 01:13 -------- d-----w- c:\documents and settings\Compaq_Administrator.AUGUST\Local Settings\Application Data\Roblox 2009-08-09 01:11 . 2009-08-09 01:11 -------- d-----w- c:\documents and settings\Compaq_Administrator.AUGUST\Local Settings\Application Data\RobloxDownloads 2009-08-09 01:11 . 2009-08-09 01:11 -------- d-----w- c:\documents and settings\Compaq_Administrator.AUGUST\Local Settings\Application Data\RobloxVersions 2009-08-08 17:48 . 2009-08-10 16:19 -------- d-----w- c:\documents and settings\Compaq_Administrator.AUGUST\Local Settings\Application Data\Adobe 2009-08-08 16:46 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-08-08 16:46 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-08-08 16:08 . 2009-08-10 14:34 -------- d-sh--r- c:\windows\system32\dllcache 2009-08-08 14:51 . 2009-08-08 14:51 -------- d-----w- c:\documents and settings\Compaq_Administrator.AUGUST\Local Settings\Application Data\Apple 2009-08-08 14:50 . 2009-08-08 14:50 -------- d-----w- c:\documents and settings\Compaq_Administrator.AUGUST\Local Settings\Application Data\Apple Computer 2009-08-08 14:30 . 2009-08-08 14:30 -------- d-----w- c:\documents and settings\Compaq_Administrator.AUGUST\Application Data\Yahoo! 2009-08-08 14:20 . 2009-08-19 19:44 -------- d-----w- c:\documents and settings\Compaq_Administrator.AUGUST\Tracing 2009-08-08 14:12 . 2009-08-10 14:09 -------- d-----w- c:\documents and settings\Compaq_Administrator.AUGUST\Application Data\Flock 2009-08-08 14:12 . 2009-08-10 14:09 -------- d-----w- c:\documents and settings\Compaq_Administrator.AUGUST\Local Settings\Application Data\Flock 2009-08-08 13:53 . 2006-09-12 02:02 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec 2009-08-08 13:53 . 2006-09-12 01:34 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit 2009-08-08 13:53 . 2006-09-12 01:33 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS 2009-08-08 01:18 . 2009-08-08 01:18 -------- d-sh--w- C:\found.001 2009-08-06 18:02 . 2009-08-06 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\FunGames 2009-08-05 08:21 . 2009-08-05 08:21 -------- d-sh--w- C:\found.000 2009-07-31 12:46 . 2009-07-31 12:52 -------- d-----w- c:\program files\DoremiSoft 2009-07-31 12:41 . 2009-07-31 12:41 -------- d-----w- c:\program files\Xilisoft 2009-07-28 12:58 . 2009-01-04 16:35 31232 ----a-w- c:\windows\system\vdremote.dll 2009-07-28 12:58 . 2009-01-04 16:35 25088 ----a-w- c:\windows\system\vdsvrlnk.dll 2009-07-28 12:53 . 2009-07-28 12:53 -------- d-----w- c:\program files\aviproxy 2009-07-28 12:10 . 2009-07-28 12:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2009-07-28 12:06 . 2009-07-28 13:42 -------- d-----w- c:\program files\AVS4YOU 2009-07-26 16:03 . 2009-07-26 16:03 592947 -c--a-w- c:\documents and settings\All Users\Application Data\{4BCD2EB0-58F4-470D-BEA0-31428674FEBD}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe 2009-07-26 16:02 . 2009-07-26 16:02 595765 -c--a-w- c:\documents and settings\All Users\Application Data\{4BCD2EB0-58F4-470D-BEA0-31428674FEBD}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe 2009-07-26 16:01 . 2009-07-20 09:13 3006113 -c--a-w- c:\documents and settings\All Users\Application Data\{4BCD2EB0-58F4-470D-BEA0-31428674FEBD}\Setup.exe 2009-07-26 07:46 . 2009-07-26 07:46 -------- d-----w- c:\windows\Applian FLV Player 2009-07-26 07:46 . 2009-07-26 07:46 -------- d-----w- c:\program files\FLV Player 2009-07-23 04:27 . 2009-07-23 04:27 -------- d-----w- c:\program files\AskBarDis 2009-07-23 04:23 . 2009-07-23 04:23 -------- d-----w- c:\program files\Sony Online Entertainment 2009-07-23 04:22 . 2009-08-14 14:02 -------- d-----w- c:\program files\Cheat Engine 2009-07-23 04:22 . 2009-07-23 04:22 -------- d-----w- c:\program files\Common Files\Software Update Utility 2009-07-23 04:21 . 2009-07-23 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM Toolbar 2009-07-23 04:21 . 2009-07-23 04:21 -------- d-----w- c:\program files\Brother 2009-07-23 04:20 . 2009-07-23 04:20 -------- d-----w- c:\program files\CCleaner 2009-07-23 04:20 . 2009-07-23 04:20 -------- d-----w- c:\program files\NOS 2009-07-23 04:20 . 2009-07-23 04:20 -------- d-----w- c:\program files\Nick Arcade 2009-07-23 04:20 . 2009-07-23 04:20 -------- d-----w- c:\program files\John Deere American Builder Deluxe 2009-07-23 04:20 . 2009-07-23 04:20 -------- d-----w- c:\program files\YummyGames 2009-07-23 01:13 . 2009-07-23 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM Toolbar(2) 2009-07-22 03:21 . 2009-07-22 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-17 19:40 . 2009-02-13 23:04 -------- d-----w- c:\program files\Yugioh Virtual Dueling 2009-08-15 11:31 . 2006-09-12 01:55 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-08-15 11:31 . 2006-09-12 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-08-14 10:26 . 2009-08-08 13:56 44264 ----a-w- c:\documents and settings\Compaq_Administrator.AUGUST\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-12 20:35 . 2007-12-09 07:05 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-12 11:42 . 2007-11-03 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-12 11:42 . 2008-11-07 01:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-11 08:17 . 2007-08-20 17:03 -------- d-----w- c:\program files\DivX 2009-08-11 04:35 . 2008-04-09 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg7 2009-08-10 14:23 . 2009-01-12 23:16 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy 2009-08-10 11:02 . 2009-08-10 11:02 252 ----a-w- c:\documents and settings\Compaq_Administrator.AUGUST\Application Data\wklnhst.dat 2009-08-09 17:55 . 2006-09-12 01:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-08 14:30 . 2006-09-12 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-08-08 14:01 . 2009-08-08 14:01 1691 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_RE468AA-ABA SR2013WM NA680_YC_0Pres_QCNH638_E64NAemREA4_48_INAOS_SASUSTek Computer INC._V1.05_B3.00_T060630_WXP2_L409_M447_J160_7AMD_8Athlon 64_92.4_#061224_N_Z14F12F20_G10DE0241.MRK 2009-08-06 21:07 . 2009-07-01 22:15 -------- d-----w- c:\program files\BYOND 2009-08-01 00:37 . 2008-08-30 18:23 -------- d-----w- c:\program files\FrostWire 2009-07-31 15:08 . 2008-06-26 18:03 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-31 13:04 . 2009-01-21 20:44 -------- d-----w- c:\program files\Windows Live Safety Center 2009-07-28 13:42 . 2008-08-24 00:28 -------- d-----w- c:\program files\Common Files\AVSMedia 2009-07-28 13:02 . 2008-01-08 03:17 -------- d-----w- c:\program files\ffdshow 2009-07-28 12:46 . 2008-06-01 18:42 -------- d-----w- c:\program files\QuickTime 2009-07-26 18:38 . 2007-12-09 07:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-26 16:02 . 2009-07-26 16:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{4BCD2EB0-58F4-470D-BEA0-31428674FEBD} 2009-07-23 22:55 . 2007-08-10 03:13 -------- d-----w- c:\program files\AIM6 2009-07-23 22:55 . 2006-12-25 11:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-07-23 04:17 . 2009-06-08 22:06 -------- d-----w- c:\program files\Common Files\stardock 2009-07-23 04:16 . 2006-12-25 11:20 -------- d-----w- c:\program files\Viewpoint 2009-07-20 09:13 . 2009-07-26 16:00 262424 -c--a-w- c:\documents and settings\All Users\Application Data\{4BCD2EB0-58F4-470D-BEA0-31428674FEBD}\OFFLINE\D5797E3B\3E688669\stbYahoo9.dll 2009-07-20 09:13 . 2009-07-26 16:00 254232 -c--a-w- c:\documents and settings\All Users\Application Data\{4BCD2EB0-58F4-470D-BEA0-31428674FEBD}\OFFLINE\6216A4BD\3E688669\stbYahoo8.dll 2009-07-20 09:13 . 2009-07-26 16:00 872728 -c--a-w- c:\documents and settings\All Users\Application Data\{4BCD2EB0-58F4-470D-BEA0-31428674FEBD}\OFFLINE\B75FA91E\3E688669\stbsvc.exe 2009-07-20 09:13 . 2009-07-26 16:00 205080 -c--a-w- c:\documents and settings\All Users\Application Data\{4BCD2EB0-58F4-470D-BEA0-31428674FEBD}\OFFLINE\mFileBagIDE.dll\bag\stbsh.dll 2009-07-20 09:13 . 2009-07-26 16:00 479512 -c--a-w- c:\documents and settings\All Users\Application Data\{4BCD2EB0-58F4-470D-BEA0-31428674FEBD}\OFFLINE\mFileBagIDE.dll\bag\stbpx.exe 2009-07-20 09:13 . 2009-07-26 16:00 229656 -c--a-w- c:\documents and settings\All Users\Application Data\{4BCD2EB0-58F4-470D-BEA0-31428674FEBD}\OFFLINE\628759C1\3E688669\stbOLEX.dll 2009-07-20 09:13 . 2009-07-26 16:00 205080 -c--a-w- c:\documents and settings\All Users\Application Data\{4BCD2EB0-58F4-470D-BEA0-31428674FEBD}\OFFLINE\A26F7F7\3E688669\stbOL.dll 2009-07-20 09:13 . 2009-07-26 16:00 323864 -c--a-w- c:\documents and settings\All Users\Application Data\{4BCD2EB0-58F4-470D-BEA0-31428674FEBD}\OFFLINE\B3AC8875\3E688669\stbMsn.dll 2009-07-20 09:13 . 2009-07-26 16:00 229656 -c--a-w- c:\documents and settings\All Users\Application Data\{4BCD2EB0-58F4-470D-BEA0-31428674FEBD}\OFFLINE\C3C6C2CD\3E688669\stbIE.dll 2009-07-20 00:00 . 2009-07-20 00:00 -------- d-----w- c:\program files\autobracket_as3_air 2009-07-08 17:44 . 2009-07-08 17:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-06-29 16:12 . 2004-08-10 04:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-10 04:00 78336 ------w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2004-08-10 04:00 17408 ------w- c:\windows\system32\corpol.dll 2009-06-25 22:59 . 2007-03-26 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads 2009-06-17 00:25 . 2004-08-10 04:00 119808 ------w- c:\windows\system32\t2embed.dll 2009-06-16 14:55 . 2004-08-10 04:00 82432 ------w- c:\windows\system32\fontsub.dll 2009-06-03 19:24 . 2004-08-10 04:00 1291264 ----a-w- c:\windows\system32\quartz.dll 2009-05-28 22:46 . 2008-05-20 22:14 137447 ----a-w- c:\windows\HPHins15.dat 2008-11-06 11:00 . 2008-11-06 11:00 17043 ----a-w- c:\program files\Common Files\rebobox.dll 2008-11-05 12:00 . 2008-11-05 12:00 10444 ----a-w- c:\program files\Common Files\howiqas.dl 2008-11-05 12:00 . 2008-11-05 12:00 17461 ----a-w- c:\program files\Common Files\wajij.ban 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2005-09-27 169984] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "navapsvc"=2 (0x2) "ccSetMgr"=2 (0x2) "ccProxy"=2 (0x2) "ccISPwdSvc"=3 (0x3) "ccEvtMgr"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\BYOND\\bin\\byond.exe"= "c:\\Program Files\\Yugioh Virtual Dueling\\Yugioh Virtual Desktop 9.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/15/2009 8:21 AM 210216] . Contents of the 'Scheduled Tasks' folder 2009-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-08-19 c:\windows\Tasks\At1.job - c:\documents and settings\All Users\Application Data\uPlayMe\upm_updater.exe [2008-09-08 17:42] 2009-08-08 c:\windows\Tasks\Easy Internet Sign-up.job - c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 02:23] 2009-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-09-20 01:23] 2009-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-09-20 01:23] 2009-08-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-15 01:26] 2009-08-15 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-15 01:26] . - - - - ORPHANS REMOVED - - - - SafeBoot-mfehidk SafeBoot-mferkdk SafeBoot-mfetdik SafeBoot-mfetdik.sys . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop Trusted Zone: trymedia.com FF - ProfilePath - c:\documents and settings\Compaq_Administrator.AUGUST\Application Data\Mozilla\Firefox\Profiles\1haxaevr.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - Myspace.com|Youtube.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\BYOND\bin\npbyond.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npssn.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-19 16:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2609350149-2405104856-2504768378-1007\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1032) c:\windows\system32\WININET.dll c:\program files\McAfee\SiteAdvisor\saHook.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\arservice.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\windows\system32\nvsvc32.exe c:\windows\ehome\mcrdsvc.exe c:\program files\McAfee.com\Agent\mcagent.exe c:\windows\system32\dllhost.exe . ************************************************************************** . Completion time: 2009-08-19 16:27 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-19 20:27 Pre-Run: 112,986,329,088 bytes free Post-Run: 112,865,538,048 bytes free 754 --- E O F --- 2009-08-10 14:35 |
|
|
|
|
08-19-2009, 08:17 PM
|
#6 (permalink) |
|
Analyst, Security Team
Join Date: Jan 2009
Posts: 554
OS: N/A
|
Re: Search Redirection and ntoskrnl-hook problem. (Please Help!!)
Hello.
Please run a scan with Malwarebytes. Update and Scan with MalwareBytes Anti-Malware
How is your computer running now? Is it better? Any updates or problems/symptoms you still have? With Regards, Extremeboy |
|
|
|
|
08-20-2009, 03:02 PM
|
#7 (permalink) |
|
Registered User
Join Date: Aug 2009
Posts: 13
OS: XP
|
Re: Search Redirection and ntoskrnl-hook problem. (Please Help!!)
I've noticed the Google Redirection has significantly reduced to where it rarely happens anymore. The boot up is remarkably slow even though I only have 3 programs open up when I restart, though that could be McAfee starting open. Everythings pretty good now, thanks for all the help you've provided me with thus far. :)
Here's the log Malwarebytes' Anti-Malware 1.40 Database version: 2667 Windows 5.1.2600 Service Pack 2 8/20/2009 4:48:17 PM mbam-log-2009-08-20 (16-48-17).txt Scan type: Quick Scan Objects scanned: 102200 Time elapsed: 27 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Application Data\58390739 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\58390739\Languages (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\All Users\Application Data\58390739\config.udb (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\58390739\init.udb (Rogue.Multiple) -> Quarantined and deleted successfully. |
|
|
|
|
08-20-2009, 08:41 PM
|
#8 (permalink) |
|
Analyst, Security Team
Join Date: Jan 2009
Posts: 554
OS: N/A
|
Re: Search Redirection and ntoskrnl-hook problem. (Please Help!!)
Hi again.
Let's update Java and run an online scan. Update Java to Version 6 Update 16 Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it. -- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually. Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer. Run Scan with Kaspersky Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.) If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Take a new DDS run afterwards and post back with the DDS and Attach logs. Thanks. With Regards, Extremeboy |
|
|
|
|
08-20-2009, 10:11 PM
|
#9 (permalink) |
|
Registered User
Join Date: Aug 2009
Posts: 13
OS: XP
|
Re: Search Redirection and ntoskrnl-hook problem. (Please Help!!)
Hello, I appear to be having some trouble with Kaspersky Online Scanner.
Here is a provided Screenshot.  Upon further searching: http://forum.kaspersky.com/index.php...ic=127400&st=0 It appears that this is a problem on Kaspersky's side. Is there anything you recommend doing differently? |
|
|
|
|
08-21-2009, 07:17 AM
|
#10 (permalink) |
|
Analyst, Security Team
Join Date: Jan 2009
Posts: 554
OS: N/A
|
Re: Search Redirection and ntoskrnl-hook problem. (Please Help!!)
Hello.
Yes, it was fixed however, let's run an alternative scanner here: Run ESET Online Scan
~Extremeboy |
|
|
|
|
08-21-2009, 10:05 AM
|
#11 (permalink) |
|
Registered User
Join Date: Aug 2009
Posts: 13
OS: XP
|
Re: Search Redirection and ntoskrnl-hook problem. (Please Help!!)
Ok, I had to do the scan 3 times, the first time I messed up and forgot to check "Scan for potentially unsafe applications", when I realized this and closed it, there were 18 infected files, the 2nd time it froze up on a file so I had to close it, and restart the scan, the 3rd time it finished without a problem with 4 infected items.
Here's the log. C:\hp\bin\wbug\CompaqPresario_Spring06.exe a variant of Win32/AdInstaller application deleted - quarantined C:\Program Files\Adobe\NoPE\adobe.photoshop.cs4.x32-nope.exe probably a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined C:\Program Files\Adobe\NoPE\adobe.photoshop.cs4.x64-ENGiNE.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined C:\Program Files\Cheat Engine\dbk32.sys probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined The DDS/Attachment files that you asked for are in an Attachment. Last edited by EleJuan; 08-21-2009 at 10:06 AM. |
|
|
|
|
08-22-2009, 10:24 AM
|
#12 (permalink) | |
|
Analyst, Security Team
Join Date: Jan 2009
Posts: 554
OS: N/A
|
Re: Search Redirection and ntoskrnl-hook problem. (Please Help!!)
Hello.
Re-enable your McAfee security center. There are a few things I would like to be checked to make sure. Please do the following: Create and Run batch script
 for XP machines and  for Vista machines.Double click on Upload.bat to run it. If you are using Windows Vista, please right-click and Run As Administrator... A Black DOS window shall appear and then disappear. This is normal please do not panic. A zipped compressed file called Upload_Files.zip will be created on your desktop. Submit file
ESET deleted those infected files it found. Let me know how your computer is running now. Any more problems or symptoms left? With Regards, Extremeboy |
|
|
|
|
|
08-23-2009, 11:20 AM
|
#14 (permalink) |
|
Analyst, Security Team
Join Date: Jan 2009
Posts: 554
OS: N/A
|
Re: Search Redirection and ntoskrnl-hook problem. (Please Help!!)
Hello.
We can remove those files. Download and Run OTM
Then, take a new DDS run afterwards and post back with both the DDS.txt and Attach.txt log for my final review. If all is good, we can wrap up next post! :) With Regards, Extremeboy |
|
|
|
|
08-23-2009, 01:54 PM
|
#15 (permalink) |
|
Registered User
Join Date: Aug 2009
Posts: 13
OS: XP
|
Re: Search Redirection and ntoskrnl-hook problem. (Please Help!!)
Awesome!
Here's the log. DDS/Attach in the attachments c:\docume~1\alluse~1\applic~1\jeveraj.dll moved successfully. c:\docume~1\alluse~1\applic~1\ihyh.reg moved successfully. c:\docume~1\alluse~1\applic~1\tudomode.pif moved successfully. c:\docume~1\alluse~1\applic~1\eqaki.dat moved successfully. c:\program files\common files\howiqas.dl moved successfully. c:\program files\common files\wajij.ban moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Compaq_Administrator.AUGUST ->Temp folder emptied: 246671795 bytes ->Temporary Internet Files folder emptied: 190407305 bytes ->Java cache emptied: 18131151 bytes ->FireFox cache emptied: 53102605 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Jessica File delete failed. C:\Documents and Settings\Jessica\Local Settings\Temp\hsperfdata_Jessica\1904 scheduled to be deleted on reboot. ->Temp folder emptied: 219275 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 108608054 bytes User: LocalService File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. ->Temp folder emptied: 65748 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 483263 bytes %systemdrive% .tmp files removed: 0 bytes C:\WINDOWS\msdownld.tmp folder deleted successfully. %systemroot% .tmp files removed: 297638 bytes %systemroot%\System32 .tmp files removed: 2577 bytes File delete failed. C:\WINDOWS\temp\mcmsc_QxgfFYTuNSDiagw scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_sM3qoL5sfkwMbCQ scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_UitUyFLmcpHUNxv scheduled to be deleted on reboot. Windows Temp folder emptied: 21275252 bytes RecycleBin emptied: 2907397316 bytes Total Files Cleaned = -713.58 mb OTM by OldTimer - Version 3.0.0.6 log created on 08232009_152030 Files moved on Reboot... File move failed. C:\Documents and Settings\Jessica\Local Settings\Temp\hsperfdata_Jessica\1904 scheduled to be moved on reboot. File C:\WINDOWS\temp\mcmsc_QxgfFYTuNSDiagw not found! File C:\WINDOWS\temp\mcmsc_sM3qoL5sfkwMbCQ not found! File C:\WINDOWS\temp\mcmsc_UitUyFLmcpHUNxv not found! Registry entries deleted on Reboot... |
|
|
|
|
08-23-2009, 01:58 PM
|
#16 (permalink) |
|
Analyst, Security Team
Join Date: Jan 2009
Posts: 554
OS: N/A
|
Re: Search Redirection and ntoskrnl-hook problem. (Please Help!!)
Hello.
Log looks good now. We can cleanup now. :) Let's cleanup our mess and remove the tools we have used. Please follow/read the steps below to remove the tools we used and for some more information. :) Uninstall ComboFix Remove Combofix now that we're done with it.
Download and Run OTC We will now remove the tools we used during this fix using OTC.
System A bit Slow? Try StartupLight You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If that does not work, you can try the steps mentioned in this thread (PC running slow...?) Congratulations! You now appear clean!  Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Preventing Infections in the Future Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
Vist the WindowsUpdate Site Regularly I recommend you regularly visit the Windows Update Site!
Update Non-Microsoft Programs It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates. Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there: Glad I was able to help and thank you for choosing TechSupportForum as you malware removal source. Don't forget to tell your friends about us and Good luck  If you have no more questions, comments or problems please tell us, so we can close off the topic. Thanks :) With Regards, Extremeboy |
|
|
|
|
08-23-2009, 02:16 PM
|
#18 (permalink) |
|
Analyst, Security Team
Join Date: Jan 2009
Posts: 554
OS: N/A
|
Re: Search Redirection and ntoskrnl-hook problem. (Please Help!!)
You're welcome. :)
Happy surfing again and good luck in the future! Take care. -- Since this issue appears resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic if needed. This applies only to the original topic starter only. Everyone else please begin a New Topic in the Virus/Trojan/Spyware Help by following the steps outlined over here Good luck! With Regards, Extremeboy |
|
|
|
| Thread Tools | |
|
|
button on the main page.
button.
...button.
button, if you made any changes.
button.
to download the ESET Smart Installer. Save it to your desktop.
icon on your desktop.
button.
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
button.
icon on your desktop If you are running on Vista, right click on the file and choose Run As Administrator.
[/acronym] area. Do not include the word "Code".
[/acronym] button.
[/acronym] line here in your next reply.
icon to start the program. If you are using Vista, please right-click and choose run as administrator
button.
