Malware and Virus RemovalProblems removing malware/viruses? Get help from our Malware removal experts.
Mission Statement
WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.
Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.
I received a popup with an alert " System Infected" and a scan began immediately. I stopped the scan, thinking this was a sales gimmick as my computer was performing fine. I then ran Malwarebytes which quarantined 1 rogue. followed this up by sanning with Windows One Care which showed nothing. On Thursday, I began having issues with my computer , it began to run very slow and I have a problem accessing websites. I did a thorough cleaning of my system excluding defrag which was done earlier in the week. I saw no improvement. I contacted Dell support and a tech accessed my computer and found no problem. On Friday, I contacted my DSL provider, a speed test was done, no problem there, my line was checked and refreshed , still no improvement. I ran a Kaspersky and found that I may be infected, will include the report as well as the required reports.
I have a Dell Latitude Laptop with XP, service pack 3
DDS (Ver_09-03-16.01) - NTFSx86
Run by dee at 11:41:24.04 on Sat 04/04/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.493 [GMT -4:00]
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/14/2008 6:22:29 PM
System Uptime: 4/4/2009 8:16:46 AM (3 hours ago)
Motherboard: Dell Inc. | | 0PM607
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket M2/S1G1 | 1596/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 113.945 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 2/25/2009 11:54:31 PM - System Checkpoint
RP2: 2/25/2009 11:56:11 PM - disinfecting
RP3: 2/26/2009 11:11:28 PM - Software Distribution Service 3.0
RP4: 2/27/2009 7:47:36 PM - Installed Becharmed
RP5: 2/28/2009 9:17:07 PM - Removed Becharmed
RP6: 3/1/2009 6:01:50 PM - Installed Becharmed
RP7: 3/1/2009 6:06:03 PM - Revo Uninstaller's restore point - Becharmed
RP8: 3/1/2009 7:34:28 PM - Installed Charm Tale 2
RP9: 3/2/2009 4:19:02 AM - Revo Uninstaller's restore point - Magic Farm
RP10: 3/4/2009 5:31:42 PM - Avg8 Update
RP11: 3/6/2009 9:35:18 PM - System Checkpoint
RP12: 3/7/2009 10:52:57 PM - System Checkpoint
RP13: 3/8/2009 5:13:17 AM - Installed Windows Media Player 11
RP14: 3/8/2009 5:14:10 AM - Software Distribution Service 3.0
RP15: 3/8/2009 4:13:04 PM - Software Distribution Service 3.0
RP16: 3/8/2009 4:28:15 PM - Software Distribution Service 3.0
RP17: 3/9/2009 2:00:17 AM - Software Distribution Service 3.0
RP18: 3/11/2009 2:00:16 AM - Software Distribution Service 3.0
RP19: 3/12/2009 4:05:06 AM - System Checkpoint
RP20: 3/13/2009 10:20:20 AM - System Checkpoint
RP21: 3/14/2009 4:13:38 PM - System Checkpoint
RP22: 3/14/2009 11:43:16 PM - Software Distribution Service 3.0
RP23: 3/15/2009 1:47:02 AM - Revo Uninstaller's restore point - Amazing Finds
RP24: 3/15/2009 1:51:12 AM - Revo Uninstaller's restore point - Hidden Relics
RP25: 3/15/2009 1:51:48 AM - Removed Hidden Relics
RP26: 3/16/2009 2:37:19 AM - System Checkpoint
RP27: 3/16/2009 6:41:45 PM - Revo Uninstaller's restore point - Hidden Expedition - Titanic
RP28: 3/16/2009 6:42:00 PM - Removed Hidden Expedition - Titanic
RP29: 3/18/2009 9:47:13 AM - Avg8 Update
RP30: 3/19/2009 2:45:36 PM - System Checkpoint
RP31: 3/20/2009 6:01:40 PM - System Checkpoint
RP32: 3/22/2009 10:46:49 AM - System Checkpoint
RP33: 3/22/2009 8:01:49 PM - Revo Uninstaller's restore point - Hidden Jewel Adventure
RP34: 3/22/2009 8:08:49 PM - Revo Uninstaller's restore point - Tahiti Hidden Pearl
RP35: 3/24/2009 8:49:05 AM - System Checkpoint
RP36: 3/25/2009 10:45:49 AM - Revo Uninstaller's restore point - Anabel 1.00
RP37: 3/26/2009 10:24:20 PM - Software Distribution Service 3.0
RP38: 3/27/2009 3:04:31 AM - Revo Uninstaller's restore point - RadarSync
RP39: 3/27/2009 9:40:49 AM - Avg8 Update
RP40: 3/28/2009 12:55:19 PM - Configured AVG Free 8.5
RP41: 3/28/2009 1:07:42 PM - Avg8 Update
RP42: 3/28/2009 3:46:37 PM - Revo Uninstaller's restore point - Jewels of Sinai
RP43: 3/28/2009 3:50:45 PM - Revo Uninstaller's restore point - iTunes
RP44: 3/28/2009 3:52:50 PM - Removed iTunes
RP45: 3/29/2009 7:49:49 AM - Restore Operation
RP46: 3/29/2009 7:58:00 AM - Restore Operation
RP47: 3/29/2009 8:05:41 AM - Revo Uninstaller's restore point - Jewels of Sinai
RP48: 3/29/2009 8:07:13 AM - Revo Uninstaller's restore point - Mozilla Firefox (3.0.8)
RP49: 3/30/2009 2:50:29 PM - System Checkpoint
RP50: 3/30/2009 6:57:38 PM - Revo Uninstaller's restore point - AVG Free 8.0
RP51: 3/30/2009 7:07:11 PM - Revo Uninstaller's restore point - AVG Free 8.0
RP52: 3/31/2009 8:26:23 AM - Restore Operation
RP53: 3/31/2009 9:00:42 AM - Revo Uninstaller's restore point - AVG Free 8.0
RP54: 3/31/2009 10:45:36 AM - Installed Notebook System Software
RP55: 3/31/2009 11:04:29 AM - Cleaned registry with Windows Live OneCare safety scanner
RP56: 3/31/2009 12:06:52 PM - Restore Operation
RP57: 3/31/2009 12:48:03 PM - Revo Uninstaller's restore point - Mozilla Firefox (3.0.8)
RP58: 3/31/2009 12:58:02 PM - Revo Uninstaller's restore point - Mozilla Firefox (3.0.8)
RP59: 4/1/2009 2:47:23 PM - Cleaned registry with Windows Live OneCare safety scanner
RP60: 4/2/2009 9:06:37 PM - Revo Uninstaller's restore point - Treasures Of The Ancient Cavern
RP61: 4/3/2009 10:22:54 AM - Installed DirectX for Managed Code Update (Summer 2004)
RP62: 4/3/2009 9:36:18 PM - Revo Uninstaller's restore point - AVG 8.5
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
4 Elements 1.0
ABBYY FineReader 5.0 Sprint Plus
Abundante!
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11
Adventure Chronicles
AI RoboForm (All Users)
Amazing Adventures Around the World(TM)
AMD Processor Driver
Ancient Wonderland (remove only)
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
Apiary Quest
Apple Mobile Device Support
Apple Software Update
Around the World in 80 Days
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Big City Adventure-Sydney Australia
Bonjour
Broadcom 440x 10/100 Integrated Controller
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCleaner (remove only)
Charm Tale 2
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Cuties (remove only)
Dell Resource CD
Dell Support Center (Support Software)
Dell Wireless WLAN Card
Diamond Detective
DirectX for Managed Code Update (Summer 2004)
Dragon Stone
Enigma 7
Forgotten Riddles
GameHouse
GdTwain ActiveX
Golden Path
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Great Secrets: Da Vinci
Hawaiian Explorer Lost Island
Hidden Expedition - Everest
Hidden Expedition Titanic (remove only)
Hidden World Of Art 1.00
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Insider Tales The Stolen Venus 1.00
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 7
Jetsetter v1.0
Jewel Match 2
Jewel Quest
Jewel Quest (remove only)
Jewel Quest Mysteries
Kaspersky Online Scanner
Lexmark X6100 Series
Lexmark Z600 Series
Little Shop - City Lights
Little Shop of Treasures
LiveUpdate 3.2 (Symantec Corporation)
LogMeIn
Magic Jigsaw
Magic Runes
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
MostFun - Big City Adventure: San Francisco
MostFun.com Games - Great Secrets: Da Vinci (remove only)
MostFun.com Games - Jewel Quest (remove only)
MostFun.com Games - National Geographic Games Herod's Lost Tomb (remove only)
MostFun.com Games - Treasure Masters (remove only)
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Mystery Case Files Huntsville
National Geographic Games Herod's Lost Tomb
Nick Chase - A Detective Story
Norton Ghost
oceanix
PC Fixer
Pharaoh Puzzle
Pirateville
Print to Fax
QuickTime
Rainforest Adventure
RealArcade
Revo Uninstaller 1.80
Rhombis
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scrapbook Paige
Sea Journey
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
SigmaTel Audio
Skins
Sonic Update Manager
Sparkle
Spirit of Wandering - The Legend
SpywareBlaster 4.1
Super Collapse Puzzle Gallery 4
Super Collapse! 3
Super Jigsaw Adorable Animals 2
Super Jigsaw Beach Holiday 2
Super Jigsaw Lighthouses
Synaptics Pointing Device Driver
The Amazon Adventure (remove only)
The Hidden Prophecies of Nostradamus 1.00
The Legend of El Dorado
The Legend of Tirnanog
The Serpent of Isis ™
Three Days Beta 1.00
Tibet Quest 1.00
Time Quest
Treasure Masters
Tropix(TM) 2 - The Quest For the Golden Banana
Try Corel Snapfire muvee autoProducer add on
Unicorn Castle 1.0
Uninstall AOL Emergency Connect Utility 1.0
Update for Office 2007 (KB946691)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Val Gor
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Web Games Player Plugin
WebFldrs XP
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office X3
Zuma Deluxe
==== Event Viewer Messages From Past Week ========
3/31/2009 7:12:46 AM, error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: The service has returned a service-specific error code.
3/31/2009 7:12:46 AM, error: Service Control Manager [7024] - The AVG Free8 WatchDog service terminated with service-specific error 3758161981 (0xE001003D).
3/29/2009 7:30:07 AM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
3/31/2009 9:13:21 AM, error: Service Control Manager [7000] - The AVG Free8 WatchDog service failed to start due to the following error: The system cannot find the file specified.
3/31/2009 9:13:21 AM, error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: The system cannot find the file specified.
3/31/2009 9:27:33 AM, error: Service Control Manager [7000] - The AVG Free8 WatchDog service failed to start due to the following error: The system cannot find the path specified.
3/31/2009 9:27:33 AM, error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: The system cannot find the path specified.
3/31/2009 9:28:49 AM, error: Service Control Manager [7022] - The dvpapi service hung on starting.
3/31/2009 11:20:37 AM, error: Service Control Manager [7001] - The Print Spooler service depends on the LexBce Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/2/2009 11:07:07 AM, error: Dhcp [1002] - The IP address lease 192.168.0.6 for the Network Card with network address 00197DAFA1D7 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
4/3/2009 7:53:09 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atiide
4/3/2009 11:18:48 AM, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 00197DAFA1D7 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
4/3/2009 2:49:33 PM, error: Dhcp [1002] - The IP address lease 192.168.1.96 for the Network Card with network address 00197DAFA1D7 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
4/3/2009 2:49:35 PM, error: Dhcp [1002] - The IP address lease 0.0.0.0 for the Network Card with network address 00197DAFA1D7 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
4/3/2009 9:46:28 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{5A46B5F6-5A3D-4471-8C32-C06CF781F938} because another computer on the network has the same name. The server could not start.
4/3/2009 10:11:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/3/2009 10:13:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 AvgLdx86 AvgMfx86 Fips
4/4/2009 3:17:43 AM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00197DAFA1D7 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, April 4, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, April 04, 2009 10:15:08
Records in database: 2008976
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 158745
Threat name 1
Infected objects 8
Suspicious objects 0
Duration of the scan 02:59:21
File name Threat name Threats count
C:\Documents and Settings\dee\Desktop\Kids_Flash_Games_75in1__AIO__ferrocan.rar Infected: Trojan-Dropper.Win32.VB.lhn 8
The selected area was scanned.
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, April 4, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, April 04, 2009 10:15:08
Records in database: 2008976
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 158745
Threat name 1
Infected objects 8
Suspicious objects 0
Duration of the scan 02:59:21
File name Threat name Threats count
C:\Documents and Settings\dee\Desktop\Kids_Flash_Games_75in1__AIO__ferrocan.rar Infected: Trojan-Dropper.Win32.VB.lhn 8
The selected area was scanned.
Didn't find the information you thought to find? Check out these Similar Threads
Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.
Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
If the machine reboots, the Results log can be found here:
c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Quote:
AVG 8
Please open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar.
Click on Tools.
Select Advanced.
In the left hand pane, scroll down to "Resident Shield".
In the main pane, deselect the option to "Enable Resident Shield." To re-enable AVG 8, please select "Enable Resident Shield" again.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on worksnow & follow the prompts.
Note:worksnow will run without the Recovery Console installed.
As part of it's process, combofix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
"copy/paste" a new HijackThis log file into this thread as well.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Give it atleast 20-30 minutes to finish if needed.
In your next reply please post: OTMoveIt log
ComboFix.txt
You may need several replies to post the requested logs, otherwise they might get cut off.
Last edited by Juliet; 8th April 2009 at 14:37.
Reason: added info
Thanks Juliet for responding. I have 2 issues, one is impeding my progress. I called Dell about the Recovery Console on my Latittude and was told this model wasn't built for a Recovery Console. When I attempt to run Combofix through worksnow, I keep getting error messages. I went to Combofix and it downloaded and attempted to run but kept warning me AVG was active, cannot find AVG on my computer. I uninstalled Avg several days ago and just realized I never installed another antivirus. Any advice?
Thanks Juliet for responding. I have 2 issues, one is impeding my progress. I called Dell about the Recovery Console on my Latittude and was told this model wasn't built for a Recovery Console. When I attempt to run Combofix through worksnow, I keep getting error messages. I went to Combofix and it downloaded and attempted to run but kept warning me AVG was active, cannot find AVG on my computer. I uninstalled Avg several days ago and just realized I never installed another antivirus. Any advice?
Dee
Don't worry over what Dell told you, has nothing to do with what I need you to install on the machine.
Can you make ComboFix run anyway?
Can you boot into safemode and try to run it from there?
Combofix will not run in Safe Mode. I have looked everywhere I know to look for AVG and can not find it. It does not look like Combofix is going to run until I get the AVG issue reaolved.
Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
If the machine reboots, the Results log can be found here:
c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run.
NEXT**
Download SDFix or from Here and save it to your Desktop
Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following
:
Restart your computer
After hearing your computer beep once during startup, but before the Windows
icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load
your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the
forum).
Finally paste the contents of the SDFix Report.txt back on the forum with a new HijackThis log
In your next reply post: OTMoveIt log
SDFix report.txt
Hope I have done everything correctly and post everything you requested.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:53 PM, on 4/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {399d96ca-6f9a-4fff-95fe-284e45ebb935} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {399d96ca-6f9a-4fff-95fe-284e45ebb935} - (no file)
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1213497838\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00 (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus...an_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Book of Legends\Images\stg_drm.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5483.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Masters of Mystery - Crime of Fashion\Images\armhelper.ocx
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9b2e1ff071fd4) (gupdate1c9b2e1ff071fd4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 13312 bytes
Error: Unable to interpret <Processes> in the current context!
Error: Unable to interpret <explorer.exe> in the current context!
========== FILES ==========
C:\Program Files\AVG\AVG8 moved successfully.
C:\Program Files\AVG moved successfully.
File/Folder C:\Program Files\AVG\AVG8 not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\dee\LOCALS~1\Temp\Perflib_Perfdata_d80.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_70.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_b80.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_d0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04082009_183726
Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
If the machine reboots, the Results log can be found here:
c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run.
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver avg8emc deleted successfully.
Service\Driver avg8wd deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\dee\LOCALS~1\Temp\etilqs_oN7BBLB9MIhdRbpbvFJj scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\dee\LOCALS~1\Temp\Perflib_Perfdata_dd4.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\W8ZMNBMU\load_v6[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\W8ZMNBMU\m93199773[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\W8ZMNBMU\tpp[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\QDKXO3Y9\anatp[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\QDKXO3Y9\ke_blank[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\QDKXO3Y9\optn=64[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\QDKXO3Y9\pass[1].html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\OJ2LGZUV\index[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\OJ2LGZUV\tcode3[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\OJ2LGZUV\tcodewads_at[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\OJ2LGZUV\tcodewads_at[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\F8L2Y655\adpage[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\F8L2Y655\anatp[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\F8L2Y655\minilistings_setup[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\F8L2Y655\tcode3[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\F8L2Y655\tcode3[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\F8L2Y655\tcodewads_at[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\F8L2Y655\tpp[1].html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4f8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7ac.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_884.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\dee\Local Settings\Application Data\Mozilla\Firefox\Profiles\1fpt3l0j.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Application Data\Mozilla\Firefox\Profiles\1fpt3l0j.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Application Data\Mozilla\Firefox\Profiles\1fpt3l0j.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Application Data\Mozilla\Firefox\Profiles\1fpt3l0j.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Application Data\Mozilla\Firefox\Profiles\1fpt3l0j.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\dee\Local Settings\Application Data\Mozilla\Firefox\Profiles\1fpt3l0j.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04082009_201006
Files moved on Reboot...
File C:\DOCUME~1\dee\LOCALS~1\Temp\etilqs_oN7BBLB9MIhdRbpbvFJj not found!
File C:\DOCUME~1\dee\LOCALS~1\Temp\Perflib_Perfdata_dd4.dat not found!
File C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\W8ZMNBMU\load_v6[1].htm not found!
File C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\W8ZMNBMU\m93199773[1].htm not found!
File C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\W8ZMNBMU\tpp[1].htm not found!
File C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\QDKXO3Y9\anatp[1].htm not found!
File C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\QDKXO3Y9\ke_blank[1].htm not found!
File C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\QDKXO3Y9\optn=64[1] not found!
File C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\QDKXO3Y9\pass[1].html not found!
File C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\OJ2LGZUV\index[1].htm not found!
File C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\OJ2LGZUV\tcode3[1].htm not found!
File C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\OJ2LGZUV\tcodewads_at[1].htm not found!
File C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\OJ2LGZUV\tcodewads_at[2].htm not found!
File C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\F8L2Y655\adpage[1].htm not found!
File C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\F8L2Y655\anatp[1].htm not found!
File C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\F8L2Y655\minilistings_setup[1].htm not found!
File C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\F8L2Y655\tcode3[1].htm not found!
File C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\F8L2Y655\tcode3[2].htm not found!
File C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\F8L2Y655\tcodewads_at[1].htm not found!
File C:\Documents and Settings\dee\Local Settings\Temporary Internet Files\Content.IE5\F8L2Y655\tpp[1].html not found!
File C:\WINDOWS\temp\Perflib_Perfdata_4f8.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_7ac.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_884.dat moved successfully.
C:\Documents and Settings\dee\Local Settings\Application Data\Mozilla\Firefox\Profiles\1fpt3l0j.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\dee\Local Settings\Application Data\Mozilla\Firefox\Profiles\1fpt3l0j.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\dee\Local Settings\Application Data\Mozilla\Firefox\Profiles\1fpt3l0j.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\dee\Local Settings\Application Data\Mozilla\Firefox\Profiles\1fpt3l0j.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\dee\Local Settings\Application Data\Mozilla\Firefox\Profiles\1fpt3l0j.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\dee\Local Settings\Application Data\Mozilla\Firefox\Profiles\1fpt3l0j.default\XUL.mfl moved successfully.
ComboFix 09-04-04.01 - dee 2009-04-09 9:07:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.296 [GMT -4:00]
Running from: c:\documents and settings\dee\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
URLSearchHooks-{399d96ca-6f9a-4fff-95fe-284e45ebb935} - (no file)
Toolbar-{399d96ca-6f9a-4fff-95fe-284e45ebb935} - (no file)
WebBrowser-{399D96CA-6F9A-4FFF-95FE-284E45EBB935} - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
Notify-avgrsstarter - avgrsstx.dll
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
312 --- E O F --- 2009-03-15 03:46:43
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:30 AM, on 4/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00 (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00 (file missing)
The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.
O4 - HKLM\..\Run: [ISUSScheduler] \"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe\" -start
(Description: InstallShield updater - not needed at startup. Removing this may free up system resources.)
O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
~~~~~~~~~~~~~~~~`
Now reboot the computer to set the registry.
NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Click on the Accept button and install any components it needs.
The program will install and then begin downloading the latest definition
files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run. (At times it may appear to stall)
* Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
* Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
* Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Once the scan is complete, click on View scan report To obtain the report:
Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.
(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin https://addons.mozilla.org/en-US/firefox/addon/1419
In your next reply post:
Kaspersky log
New HJT log taken after the above scans have run
You may need several replies to post the requested logs, otherwise they might get cut off.
