Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Trojan keeps coming back!!!

This is a discussion on Trojan keeps coming back!!! within the Resolved HJT Threads forums, part of the Tech Support Forum category. I have had this trojan virus for weeks now, i have done everything possible to get rid of it. i


 
 
Thread Tools Search this Thread
Old 05-20-2009, 12:12 AM   #1
Registered Member
 
Join Date: May 2009
Posts: 73
OS: Windows 8



I have had this trojan virus for weeks now, i have done everything possible to get rid of it. i have googled like crazy, ran avg, avast, kaspersky, spybot, spydoctor, and many more. done in safe mode as well as normal.
i am so close to reformatting, but i really don't want to. can someone please help.

most of them seem to be system32 files, and weird .dll files.

symptoms include: lagging of computer. random IE pages will load, when i do not use IE i use firefox mozilla. and randomly avg free will pop up and say trojan found. and the trojan will automatically turn off my avg free or firewall and i am forced to turn them back on myself.


if more information is needed, let me know.


here is my DDS log.



DDS (Ver_09-05-14.01) - FAT32x86
Run by Cody Crulz at 15:57:28.18 on Wed 20/05/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.235 [GMT 10:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spy Emergency *enabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {FDFE477F-8FE7-4B17-A05C-9D1F9EB603CB}

============== Running Processes ===============

C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
c:\WINDOWS\system32\IFXSPMGT.exe
c:\WINDOWS\system32\IFXTCS.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
c:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Cody Crulz\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.asus.com
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {dc63c642-c5ef-48fb-9024-8de232e3bcbc} - c:\windows\system32\dedovewu.dll
BHO: ASUS Security Protect Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\asus security center\asus security protect manager\bin\ItIEAddIn.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [PowerForPhone] c:\program files\asus\powerforphone\PowerForPhone.exe
mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\asusse~1\asusse~1\bin\ASTSVCC.dll,RegisterModule
mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe
mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ABLKSR] c:\windows\ablksr\ABLKSR.exe
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [FIREPOD] c:\program files\presonus\1394audiodriver_firepod\FIREPOD.EXE
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver3\LVCOMS.EXE
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IKIC SOFT Live Update] c:\program files\minicapture\Update.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_11\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\multif~1.lnk - c:\program files\asus\asus multiframe\MultiFrame.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: IfxWlxEN - IfxWlxEN.dll
Notify: OneCard - c:\program files\asus security center\asus security protect manager\bin\ASWLNPkg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli ASWLNPkg c:\windows\system32\huwifibe.dll c:\windows\system32\senegese.dll c:\windows\system32\hetuvigu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\codycr~1\applic~1\mozilla\firefox\profiles\8o8lnd6q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-5 64160]
R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2009-1-5 17264]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-12 325896]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-13 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-12 108552]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\itsdisk.sys [2006-5-16 17840]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-11-29 36768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-20 14336]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-13 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-13 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-4 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-7-20 36352]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [2007-7-20 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2007-7-20 7808]
S2 .norton2009Reset;Norton2009 Reset; [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-10 953168]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; [x]
S2 SeekappSrch Service;SeekappSrch Service;"c:\documents and settings\all users\application data\seekappsrch\seekapp139.exe" "c:\program files\seekappsrch\seekapp.dll" service --> c:\documents and settings\all users\application data\seekappsrch\seekapp139.exe [?]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2007-7-20 34944]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-7 34064]
S3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [2007-9-25 97152]
S3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [2007-9-25 24576]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]

=============== Created Last 30 ================

2009-05-19 12:21 49,265 a------- c:\windows\system32\jpicpl32.cpl
2009-05-19 12:11 <DIR> --dsh--- c:\documents and settings\cody crulz\IECompatCache
2009-05-19 12:10 <DIR> --dsh--- c:\documents and settings\cody crulz\PrivacIE
2009-05-19 12:08 <DIR> --dsh--- c:\documents and settings\cody crulz\IETldCache
2009-05-19 12:05 <DIR> --d----- c:\windows\ie8updates
2009-05-19 12:03 <DIR> --d-h--- c:\windows\ie8
2009-05-19 12:00 102,400 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-19 11:28 <DIR> --d----- c:\docume~1\codycr~1\applic~1\Uniblue
2009-05-13 22:49 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-13 22:49 <DIR> --d----- c:\program files\AVG
2009-05-12 23:01 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-12 23:01 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-12 23:01 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-12 17:55 <DIR> --d----- c:\docume~1\codycr~1\applic~1\GlarySoft
2009-05-12 17:06 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-12 16:17 <DIR> --d----- c:\docume~1\codycr~1\applic~1\Grisoft
2009-05-12 16:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft
2009-05-08 16:56 <DIR> --d----- c:\program files\CDisplayEx
2009-05-07 22:16 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-07 20:27 <DIR> --d----- c:\program files\VS Revo Group
2009-05-06 17:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-05-05 20:38 <DIR> --d----- c:\program files\BitLord
2009-05-05 19:34 389,120 a------- c:\windows\system32\CF15495.exe
2009-05-05 19:34 <DIR> --d----- C:\ComboFix
2009-05-05 19:01 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-05 17:28 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-05 17:21 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-05 10:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-05 10:52 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-05 10:52 <DIR> --d----- c:\docume~1\codycr~1\applic~1\SUPERAntiSpyware.com
2009-05-05 10:52 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-04 17:12 <DIR> a-dshr-- C:\cmdcons
2009-05-04 17:10 286,720 a------- c:\windows\SWREG.exe
2009-05-04 17:10 98,816 a------- c:\windows\sed.exe
2009-05-04 16:22 <DIR> --d----- c:\docume~1\codycr~1\applic~1\Malwarebytes
2009-05-04 16:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-02 18:52 <DIR> --d----- c:\windows\pss
2009-05-02 13:13 <DIR> --d----- c:\program files\Enigma Software Group
2009-04-29 19:26 <DIR> --d----- c:\program files\SeekappSrch
2009-04-29 19:23 <DIR> --d----- c:\windows\Icons
2009-04-27 17:25 5,632 a------- c:\windows\system32\ptpusb.dll
2009-04-27 17:25 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-27 17:25 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2009-04-27 17:25 159,232 a------- c:\windows\system32\ptpusd.dll
2009-04-22 15:06 421,888 a------- c:\windows\system32\RealMediaSplitter.ax
2009-04-22 12:55 <DIR> --d----- c:\program files\MiniCapture
2009-04-21 22:20 <DIR> --d----- C:\flvrecorder

==================== Find3M ====================

2009-05-02 11:50 90,112 a------- c:\windows\DUMP9c4f.tmp
2009-04-18 13:26 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-03-22 00:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 14:09 638,816 -------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 -------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 -------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 -------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 18,944 -------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 -------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 -------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 -------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 72,704 -------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 -------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 -------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 -------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 -------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 -------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 -------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-07 00:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-07 00:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-02-20 20:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-09-15 21:43 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080916\index.dat

============= FINISH: 15:57:45.96 ===============
Attached Files
File Type: zip Attach.zip (3.5 KB, 15 views)
stittle is offline  
Sponsored Links
Advertisement
 
Old 05-22-2009, 10:21 AM   #2
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

https://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

AVG 8.5
Please open the AVG 8.5 Control Center, by right clicking on the AVG icon on task bar.
  • Click on Open AVG Interface.
  • Double click on Resident Shield
  • Deselect the option to "Enable Resident Shield."
  • Save changes, and exit the application.
  • To re-enable AVG 8.5 after ComboFix has completed it's tasks and created it's log, please select "Enable Resident Shield" again.

If you need assistance in disabling your protection applications, you can get help here


Please include the C:\ComboFix.txt in your next reply for further review.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 05-22-2009, 09:03 PM   #3
Registered Member
 
Join Date: May 2009
Posts: 73
OS: Windows 8



Here Is My ComboFix Log.

ComboFix 09-05-22.05 - Cody Crulz 23/05/2009 12:47.4 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.459 [GMT 10:00]
Running from: c:\documents and settings\Cody Crulz\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {FDFE477F-8FE7-4B17-A05C-9D1F9EB603CB}
.

((((((((((((((((((((((((( Files Created from 2009-04-23 to 2009-05-23 )))))))))))))))))))))))))))))))
.

2009-05-22 12:16 . 2009-03-04 17:31 4202496 ----a-w c:\windows\system32\drivers\NETw5x32.sys
2009-05-22 12:16 . 2008-06-20 17:33 2756608 ----a-w c:\windows\system32\NETw5r32.dll
2009-05-22 12:16 . 2008-06-20 17:32 663552 ----a-w c:\windows\system32\NETw5c32.dll
2009-05-21 23:51 . 2009-05-06 18:06 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D9FB6B7B-F1E2-4B94-87BA-E8199AD68E92}\mpengine.dll
2009-05-20 05:36 . 2009-05-13 12:49 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-20 05:36 . 2009-05-13 12:49 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-20 05:36 . 2009-05-13 12:49 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-20 05:36 . 2009-05-13 12:49 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-20 05:36 . 2009-05-13 12:49 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-20 05:36 . 2009-05-13 12:49 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-20 05:34 . 2009-05-13 12:49 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-20 05:34 . 2009-05-13 12:49 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-19 13:40 . 2009-05-19 13:40 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-05-19 13:40 . 2009-05-19 13:40 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-05-19 12:05 . 2009-05-19 12:05 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-19 02:20 . 2009-05-19 02:20 -------- d-----w c:\program files\Java
2009-05-19 02:20 . 2009-05-19 02:20 -------- d-----w c:\program files\Common Files\Java
2009-05-19 02:20 . 2009-05-19 02:20 -------- d-----w c:\documents and settings\Cody Crulz\Local Settings\Application Data\Sun
2009-05-19 02:11 . 2009-05-19 02:11 -------- d-sh--w c:\documents and settings\Cody Crulz\IECompatCache
2009-05-19 02:10 . 2009-05-19 02:10 -------- d-sh--w c:\documents and settings\Cody Crulz\PrivacIE
2009-05-19 02:08 . 2009-05-19 02:08 -------- d-sh--w c:\documents and settings\Cody Crulz\IETldCache
2009-05-19 02:05 . 2009-05-19 02:05 -------- d-----w c:\windows\ie8updates
2009-05-19 02:03 . 2009-05-19 02:03 -------- d--h--w c:\windows\ie8
2009-05-19 02:00 . 2009-04-25 05:30 102400 ------w c:\windows\system32\dllcache\iecompat.dll
2009-05-19 01:28 . 2009-05-19 01:28 -------- d-----w c:\documents and settings\Cody Crulz\Application Data\Uniblue
2009-05-13 12:49 . 2009-05-13 12:49 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-13 12:49 . 2009-05-13 12:49 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-13 12:49 . 2009-05-13 12:49 -------- d-----w c:\program files\AVG
2009-05-12 13:01 . 2009-05-13 12:49 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-12 13:01 . 2009-05-13 12:49 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-12 13:01 . 2009-05-12 13:01 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-12 07:55 . 2009-05-12 07:55 -------- d-----w c:\documents and settings\Cody Crulz\Application Data\GlarySoft
2009-05-12 07:06 . 2009-05-12 07:06 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-12 06:17 . 2009-05-12 06:17 -------- d-----w c:\documents and settings\Cody Crulz\Application Data\Grisoft
2009-05-12 06:16 . 2009-05-12 06:16 -------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-05-08 06:56 . 2009-05-08 06:56 -------- d-----w c:\program files\CDisplayEx
2009-05-07 22:26 . 2009-05-07 22:26 57344 ----a-w c:\documents and settings\Cody Crulz\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-341a4728-n\Decora-SSE.dll
2009-05-07 22:26 . 2009-05-07 22:26 24064 ----a-w c:\documents and settings\Cody Crulz\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-2dbdb769-n\Decora-D3D.dll
2009-05-07 22:26 . 2009-05-07 22:26 315392 ----a-w c:\documents and settings\Cody Crulz\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2ac81076-n\jogl.dll
2009-05-07 22:26 . 2009-05-07 22:26 20480 ----a-w c:\documents and settings\Cody Crulz\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2ac81076-n\jogl_awt.dll
2009-05-07 22:26 . 2009-05-07 22:26 114688 ----a-w c:\documents and settings\Cody Crulz\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2ac81076-n\jogl_cg.dll
2009-05-07 22:26 . 2009-05-07 22:26 20480 ----a-w c:\documents and settings\Cody Crulz\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-510ad504-n\gluegen-rt.dll
2009-05-07 22:26 . 2009-05-07 22:26 499712 ----a-w c:\documents and settings\Cody Crulz\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-10f9abd4-n\msvcp71.dll
2009-05-07 22:26 . 2009-05-07 22:26 499712 ----a-w c:\documents and settings\Cody Crulz\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-10f9abd4-n\jmc.dll
2009-05-07 22:26 . 2009-05-07 22:26 348160 ----a-w c:\documents and settings\Cody Crulz\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-10f9abd4-n\msvcr71.dll
2009-05-07 12:16 . 2009-03-24 06:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-07 11:55 . 2009-04-13 07:39 4656976 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-07 11:51 . 2009-05-07 11:51 -------- d-----w c:\program files\Windows Defender
2009-05-07 10:27 . 2009-05-07 10:27 -------- d-----w c:\program files\VS Revo Group
2009-05-06 07:25 . 2009-05-06 07:25 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-05 10:38 . 2009-05-05 10:38 -------- d-----w c:\program files\BitLord
2009-05-05 09:01 . 2009-05-05 07:27 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-05 07:28 . 2009-05-05 07:26 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-05 07:27 . 2009-05-05 07:27 299352 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-05-05 07:27 . 2009-05-05 07:27 25440 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-05-05 07:27 . 2009-05-05 07:27 165728 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-05-05 07:27 . 2009-05-05 07:27 15688 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-05 07:27 . 2009-05-05 07:27 343888 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-05-05 07:27 . 2009-05-05 07:27 289632 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-05-05 07:27 . 2009-05-05 07:27 82784 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-05-05 07:27 . 2009-05-05 07:27 1629024 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-05-05 07:26 . 2009-05-05 07:26 212848 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-05-05 07:26 . 2009-05-05 07:26 40288 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-05-05 07:26 . 2009-05-05 07:26 64160 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-05 07:26 . 2009-05-05 07:26 632680 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-05-05 07:26 . 2009-05-05 07:26 539512 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-05-05 07:26 . 2009-05-05 07:26 552808 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-05-05 07:25 . 2009-05-05 07:25 2324808 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-05-05 07:25 . 2009-05-05 07:25 626000 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-05-05 07:25 . 2009-05-05 07:25 516440 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-05-05 07:25 . 2009-05-05 07:25 953168 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-05 07:21 . 2009-05-05 07:21 -------- d--h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-05 07:21 . 2009-03-12 08:17 2902048 ----a-w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-05-05 07:21 . 2009-05-05 07:21 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-05 00:53 . 2009-05-19 06:46 117760 ----a-w c:\documents and settings\Cody Crulz\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-05 00:52 . 2009-05-05 00:52 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-05 00:52 . 2009-05-05 00:52 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-05 00:52 . 2009-05-05 00:52 -------- d-----w c:\documents and settings\Cody Crulz\Application Data\SUPERAntiSpyware.com
2009-05-05 00:52 . 2009-05-05 00:52 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-04 09:38 . 2009-05-04 09:38 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-04 06:22 . 2009-05-04 06:22 -------- d-----w c:\documents and settings\Cody Crulz\Application Data\Malwarebytes
2009-05-04 06:22 . 2009-05-04 06:22 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-02 10:55 . 2009-05-02 10:55 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-05-02 10:49 . 2009-05-02 10:49 -------- d-----w c:\documents and settings\Administrator\Application Data\Spy Emergency
2009-05-02 09:11 . 2009-05-02 09:11 -------- d-----w c:\program files\Alwil Software
2009-05-02 03:13 . 2009-05-02 03:13 -------- d-----w c:\program files\Enigma Software Group
2009-05-02 02:37 . 2009-05-02 02:38 305664 ----a-w c:\documents and settings\Cody Crulz\Application Data\Thinstall\SpyHunter\4000008000002i\Splash Screen.exe
2009-05-02 02:37 . 2009-05-02 02:38 -------- d-----w c:\documents and settings\Cody Crulz\Local Settings\Application Data\Thinstall
2009-04-29 09:23 . 2009-04-29 09:23 -------- d-----w c:\windows\Icons
2009-04-27 07:25 . 2001-08-17 12:36 5632 ----a-w c:\windows\system32\ptpusb.dll
2009-04-27 07:25 . 2008-04-13 18:45 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-27 07:25 . 2008-04-13 18:45 15104 ----a-w c:\windows\system32\dllcache\usbscan.sys
2009-04-27 07:25 . 2008-04-14 00:12 159232 ----a-w c:\windows\system32\ptpusd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 11:56 . 2007-08-27 11:32 356352 ----a-w c:\windows\system32\AegisI5Installer.exe
2009-05-07 11:01 . 2007-07-20 02:52 19856 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-02 01:50 . 2007-08-17 07:24 90112 ----a-w c:\windows\DUMP9c4f.tmp
2009-04-22 02:55 . 2009-04-22 02:55 -------- d-----w c:\program files\MiniCapture
2009-04-19 04:08 . 2009-04-19 04:08 -------- d-----w c:\program files\PC Washer
2009-04-18 03:31 . 2009-04-18 03:31 -------- d-----w c:\program files\Trend Micro
2009-04-18 03:26 . 2009-04-17 14:01 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-04-17 14:00 . 2009-04-17 14:00 -------- d-----w c:\program files\Zone Labs
2009-04-16 04:45 . 2009-04-16 04:45 -------- d-----w c:\program files\iPod
2009-04-16 04:45 . 2009-04-16 04:45 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-16 04:33 . 2009-04-16 04:33 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-07 06:36 . 2009-04-07 06:36 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-04-07 06:19 . 2009-04-07 06:19 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-05 11:07 . 2009-04-05 11:07 -------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-04-04 16:31 . 2009-04-04 16:31 -------- d-----w c:\program files\Registry Easy
2009-04-01 11:02 . 2009-04-01 11:02 152576 ----a-w c:\documents and settings\Cody Crulz\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-31 12:42 . 2009-03-31 12:42 -------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2009-03-31 12:42 . 2009-03-31 12:42 -------- d-----w c:\documents and settings\Cody Crulz\Application Data\Azureus
2009-03-31 12:09 . 2009-03-31 12:09 -------- d-----w c:\documents and settings\Cody Crulz\Application Data\Media Player Classic
2009-03-31 02:26 . 2009-03-31 02:26 -------- d-----w c:\documents and settings\Cody Crulz\Application Data\Skype
2009-03-31 02:25 . 2009-03-31 02:25 -------- d-----r c:\program files\Skype
2009-03-31 02:25 . 2009-03-31 02:25 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-29 22:52 . 2009-03-29 22:52 -------- d-----w c:\program files\Common Files\xing shared
2009-03-19 06:32 . 2009-03-19 06:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 06:32 . 2009-01-18 09:49 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 19:19 . 2009-02-04 12:18 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-07 18:34 . 2004-08-20 05:18 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-07 18:34 . 2004-08-20 05:18 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-07 18:33 . 2004-08-20 05:17 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-07 18:33 . 2004-08-20 05:18 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-07 18:32 . 2004-08-20 05:17 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-07 18:32 . 2004-08-20 05:18 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-07 18:31 . 2004-08-20 05:18 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-07 18:31 . 2004-08-20 05:18 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-07 18:31 . 2004-08-20 05:18 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-07 18:22 . 2004-08-20 05:18 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-20 05:18 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-05 13:59 . 2009-03-14 14:03 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-05 13:59 . 2008-04-08 02:03 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-27 15:24 . 2008-12-02 05:05 664 ----a-w c:\windows\system32\d3d9caps.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dc63c642-c5ef-48fb-9024-8de232e3bcbc}]
c:\windows\system32\dedovewu.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@="{666C7836-A9B6-4AB4-94ED-DC238C81E925}"
[HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-04-02 10:08 381952 ----a-r c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-16 110592]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-06 573440]
"PowerForPhone"="c:\program files\ASUS\PowerForPhone\PowerForPhone.exe" [2006-06-29 774144]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-24 786521]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-11 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"FIREPOD"="c:\program files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE" [2004-07-21 946176]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-29 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"IKIC SOFT Live Update"="c:\program files\MiniCapture\Update.exe" [2009-04-22 172032]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-05 516440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-13 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-14 75520]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-20 16261632]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-15 2879488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
MultiFrame.lnk - c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe [2007-7-20 491520]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-5-16 1777664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-8-21 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 02:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-05-02 15:23 40448 ----a-r c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-13 12:49 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-09 16:20 434176 ----a-w c:\windows\system32\IfxWlxEN.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Cody Crulz\\Desktop\\PROGRAMS\\MySpaceMp3Gopher.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/05/2009 5:28 PM 64160]
R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [5/01/2009 9:46 PM 17264]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/05/2009 11:01 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/05/2009 11:01 PM 108552]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\itsdisk.sys [16/05/2006 2:14 PM 17840]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29/11/2005 5:50 AM 36768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/04/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/04/2009 11:33 AM 72944]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [20/08/2004 3:18 PM 14336]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [13/05/2009 10:49 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13/05/2009 10:49 PM 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/01/2009 7:53 PM 24652]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [20/07/2007 1:22 PM 36352]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [20/07/2007 1:13 PM 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [20/07/2007 1:13 PM 7808]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10/03/2009 5:06 AM 953168]
S2 SeekappSrch Service;SeekappSrch Service;"c:\documents and settings\All Users\Application Data\SeekappSrch\seekapp139.exe" "c:\program files\SeekappSrch\seekapp.dll" Service --> c:\documents and settings\All Users\Application Data\SeekappSrch\seekapp139.exe [?]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [20/07/2007 12:58 PM 34944]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/11/2007 6:22 AM 34064]
S3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [25/09/2007 4:40 PM 97152]
S3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [25/09/2007 4:40 PM 24576]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/04/2009 11:33 AM 7408]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 7:19 PM 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 02:34]

2009-05-06 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 17:20]

2009-05-23 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 17:20]

2009-05-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 07:26]

2009-05-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 09:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.asus.com
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\Cody Crulz\Application Data\Mozilla\Firefox\Profiles\8o8lnd6q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-05-23 12:49
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|"|w*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1296)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
c:\windows\system32\IfxWlxEN.dll
c:\windows\system32\IfxSpMps.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll

- - - - - - - > 'lsass.exe'(1352)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll

- - - - - - - > 'explorer.exe'(5876)
c:\windows\system32\APSHook.dll
c:\program files\ASUS\Asus MultiFrame\HookTitle.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-23 12:51
ComboFix-quarantined-files.txt 2009-05-23 02:51
ComboFix2.txt 2009-05-23 02:04
ComboFix3.txt 2009-05-05 09:30
ComboFix4.txt 2009-05-04 07:23

Pre-Run: 55,575,379,968 bytes free
Post-Run: 55,564,566,528 bytes free

336 --- E O F --- 2009-05-21 23:51
stittle is offline  
Sponsored Links
Advertisement
 
Old 05-22-2009, 09:10 PM   #4
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



It seems as though you've run ComboFix more than once. Did you encounter any problems?

Please go to Start > Run and copy/paste the following, then press Enter:

C:\QooBox\ComboFix2.txt

A text file should open. Please post the contents of that file in your next reply.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 05-22-2009, 09:23 PM   #5
Registered Member
 
Join Date: May 2009
Posts: 73
OS: Windows 8



Sorry yeah, for some reason it said i had a spyware program running, which i had uninstalled a long time ago, so i re installed then un installed, and ran the test again. but. i uninstalled combofix after i posted that log thinking i would not need it anymore. so pasting 'C:\QooBox\ComboFix2.txt' does nothing.
sorry about that.

what would you like me to do, i will be sure to follow your exact intructions from now on. haha. sorry again.
stittle is offline  
Old 05-22-2009, 09:38 PM   #6
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



haha?

What part of this

Quote:
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
And this

Quote:
Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.
don't you understand?

What do you mean, you uninstalled ComboFix?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 05-22-2009, 09:49 PM   #7
Registered Member
 
Join Date: May 2009
Posts: 73
OS: Windows 8



Haha yeah ok, we have established that. i f##ked up.

after running it, saving the log and posting it.

in run i typed. combofix /u

which uninstalls it.

anyway, that aside.
what would you like me to do now.
ill follow every step properly
stittle is offline  
Old 05-25-2009, 04:01 AM   #8
Registered Member
 
Join Date: May 2009
Posts: 73
OS: Windows 8



bump !!
stittle is offline  
Old 05-29-2009, 11:39 AM   #9
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



If you still require assistance...


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) -JRE 6 Update 14 -"
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------


Please perform this online scan to help look for remnants

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on Settings. Uncheck Mail databases.
  • Next, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

---------------------------------------------------------------------------------------------

Post a new set of logs from DDS, and let me know how the machine is behaving.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:35 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts