1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Cleanup Anti Virus Pop-Up

Discussion in 'Malware and Virus Removal Archive' started by Jamie, 2010/03/28.

Page 2 of 2
  1. 2010/03/30
    Jamie

    Jamie Inactive Thread Starter

    Joined:
    2010/03/14
    Messages:
    19
    Likes Received:
    0
    .
    ((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-31 )))))))))))))))))))))))))))))))
    .

    2010-03-29 09:21 . 2010-03-29 09:21 20846064 ----a-w- c:\documents and settings\George\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
    2010-03-28 23:58 . 2010-03-28 23:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2010-03-27 18:17 . 2010-03-28 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-03-27 18:17 . 2010-03-27 18:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-03-27 16:56 . 2010-03-27 16:56 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\Threat Expert
    2010-03-27 10:40 . 2010-03-27 10:40 -------- d-sh--w- c:\documents and settings\All Users\Application Data\CURASA
    2010-03-27 10:40 . 2010-02-22 00:48 443352 ----a-w- c:\documents and settings\All Users\Application Data\8225eac\sqlite3.dll
    2010-03-27 10:40 . 2010-02-22 00:48 710104 ----a-w- c:\documents and settings\All Users\Application Data\8225eac\mozcrt19.dll
    2010-03-27 10:39 . 2010-03-30 08:39 -------- d-sh--w- c:\documents and settings\All Users\Application Data\8225eac
    2010-03-17 19:38 . 2010-03-17 19:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
    2010-03-12 01:00 . 2010-03-12 01:00 1925088 ----a-w- c:\documents and settings\Jamie\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
    2010-03-06 13:05 . 2010-03-06 13:05 8405312 ----a-w- c:\documents and settings\George\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
    2010-03-06 13:05 . 2010-03-06 13:05 149000 ----a-w- c:\documents and settings\George\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
    2010-03-06 13:05 . 2010-03-06 13:05 10309448 ----a-w- c:\documents and settings\George\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
    2010-03-06 13:05 . 2010-03-06 13:05 283280 ----a-w- c:\documents and settings\George\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
    2010-03-06 13:05 . 2010-03-06 13:05 181768 ----a-w- c:\documents and settings\George\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
    2010-03-06 13:05 . 2010-03-06 13:05 79368 ----a-w- c:\documents and settings\George\Application Data\Real\Update\setup3.10\RUP\vista.exe
    2010-03-06 13:04 . 2010-03-06 13:04 64000 ----a-w- c:\documents and settings\George\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
    2010-03-06 13:04 . 2010-03-06 13:04 52288 ----a-w- c:\documents and settings\George\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
    2010-03-06 13:04 . 2010-03-06 13:04 50688 ----a-w- c:\documents and settings\George\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
    2010-03-06 13:04 . 2010-03-06 13:04 49152 ----a-w- c:\documents and settings\George\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
    2010-03-06 13:04 . 2010-03-06 13:04 118784 ----a-w- c:\documents and settings\George\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
    2010-03-06 01:57 . 2010-03-09 03:09 199096 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-03-05 21:44 . 2010-03-15 09:45 439816 ----a-w- c:\documents and settings\George\Application Data\Real\Update\setup3.10\setup.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-31 00:02 . 2009-02-20 11:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-03-31 00:01 . 2008-12-22 23:56 -------- d-----w- c:\program files\Dl_cats
    2010-03-30 10:48 . 2009-09-16 01:28 -------- d-----w- c:\program files\Mozilla Thunderbird
    2010-03-28 23:07 . 2008-12-22 16:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-27 19:29 . 2010-02-13 13:36 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-03-25 02:51 . 2008-12-30 01:29 -------- d-----w- c:\documents and settings\Jamie\Application Data\U3
    2010-03-24 08:40 . 2006-04-04 14:04 -------- d-----w- c:\program files\McAfee
    2010-03-23 01:37 . 2010-02-24 01:18 -------- d-----w- c:\documents and settings\George\Application Data\U3
    2010-03-22 14:17 . 2008-12-23 00:00 98256 -c--a-w- c:\documents and settings\George\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
    2010-02-07 01:17 . 2008-12-25 13:46 98256 -c--a-w- c:\documents and settings\Jamie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-02-06 13:40 . 2010-02-06 13:40 -------- d-----w- c:\documents and settings\Jamie\Application Data\Intuit
    2010-02-06 13:40 . 2010-02-06 13:40 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
    2010-02-06 13:39 . 2010-02-06 13:35 -------- d-----w- c:\program files\Common Files\Intuit
    2010-02-06 13:36 . 2010-02-06 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
    2010-02-06 12:49 . 2010-02-06 12:49 -------- d-----w- c:\program files\TurboTax
    2010-02-06 12:32 . 2010-02-06 12:32 -------- d-----w- c:\program files\MSBuild
    2010-02-06 12:32 . 2010-02-06 12:32 -------- d-----w- c:\program files\Reference Assemblies
    2010-02-05 04:18 . 2010-02-05 03:39 -------- d-----w- c:\program files\Celebrity Toolbar
    2010-02-01 10:28 . 2006-04-04 14:05 -------- d-----w- c:\program files\Google
    2010-01-26 22:01 . 2010-01-26 22:01 1716297 ----a-w- c:\windows\system32\InetClnt.dll
    2010-01-26 22:01 . 2010-01-26 22:01 6 ----a-w- c:\windows\Fonts\wfonts.key
    2010-01-24 22:43 . 2010-01-24 22:43 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
    2010-01-07 20:07 . 2008-12-22 16:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 20:07 . 2008-12-22 16:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-31 16:50 . 2006-04-04 13:30 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-27 15:46 . 2009-02-03 18:44 152 -csh--r- c:\windows\system32\EB6C455FFE.sys
    2009-12-27 15:46 . 2008-12-28 23:18 6686 -csha-w- c:\windows\system32\KGyGaAvL.sys
    .
     
    Jamie,
    #21
  2. 2010/03/30
    Jamie

    Jamie Inactive Thread Starter

    Joined:
    2010/03/14
    Messages:
    19
    Likes Received:
    0
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport "= "c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "RegistryMechanic "= "c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-22 68856]
    "SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]
    "Norton Ghost 10.0 "= "c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 1537696]
    "DLCDCATS "= "c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-14 73728]
    "dlcdmon.exe "= "c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 430080]
    "MemoryCardManager "= "c:\program files\Dell Photo AIO Printer 944\memcard.exe" [2005-09-07 290816]
    "mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
    "McENUI "= "c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-07 198160]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "Monitor "= "c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
    2006-04-04 13:36 61440 -c--a-w- c:\dell\bldbubg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 10:42 15360 ------w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
    2005-09-08 09:20 122940 -c--a-w- c:\windows\system32\DLA\DLACTRLW.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2005-10-05 07:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2005-09-29 18:01 67584 -c--a-w- c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2006-04-04 14:05 169472 -c--a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    2005-10-15 00:46 77824 -c--a-w- c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2005-10-15 00:50 114688 -c--a-w- c:\windows\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2005-10-15 00:49 94208 -c--a-w- c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-06-10 14:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-06-10 14:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
    2005-09-08 23:20 8192 -c--a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    2005-09-08 23:20 110592 -c--a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonDemo]
    2005-08-18 00:10 24576 -c--a-w- c:\dell\Utilities\DSR\demo\DEMO.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2009-10-07 10:15 222728 ----a-w- c:\program files\real\realplayer\realplay.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2003-11-19 21:48 32881 -c--a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-10-07 10:14 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "DSBrokerService "=3 (0x3)
    "NetSvc "=3 (0x3)
    "GEARSecurity "=2 (0x2)
    "AOL ACS "=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
    "c:\\Program Files\\America Online 9.0\\waol.exe "=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\AIM6\\aim6.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/12/2009 5:09 PM 93320]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/22/2008 12:09 PM 24652]
    R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 6:28 AM 135664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder

    2010-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 10:28]

    2010-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 10:28]

    2009-04-15 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-12 16:22]

    2009-04-12 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-12 16:22]

    2010-03-31 c:\windows\Tasks\User_Feed_Synchronization-{9B150530-A758-451F-82CB-73786C862B00}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant =
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    Trusted Zone: musicmatch.com\online
    FF - ProfilePath - c:\documents and settings\George\Application Data\Mozilla\Firefox\Profiles\punw4jt8.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
     
    Jamie,
    #22


  3. to hide this advert.

  4. 2010/03/30
    Jamie

    Jamie Inactive Thread Starter

    Joined:
    2010/03/14
    Messages:
    19
    Likes Received:
    0
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    Completion time: 2010-03-30 20:39:39
    ComboFix-quarantined-files.txt 2010-03-31 00:39

    Pre-Run: 47,182,163,968 bytes free
    Post-Run: 47,484,534,784 bytes free

    - - End Of File - - ED513E49BCA6F67A609B2AC0C9D9A79A
     
    Last edited by a moderator: 2010/03/30
    Jamie,
    #23
  5. 2010/03/30
    Jamie

    Jamie Inactive Thread Starter

    Joined:
    2010/03/14
    Messages:
    19
    Likes Received:
    0
    And the new HJT log...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:01:36 PM, on 3/30/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\dllhost.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
    C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Registry Mechanic\RegMech.exe
    C:\WINDOWS\system32\dlcdcoms.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\George\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getavplusnow.com
    O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
    O1 - Hosts: 74.125.45.100 urs.microsoft.com
    O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
    O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
    O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
    O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
    O1 - Hosts: 67.215.240.115 www.google.com
    O1 - Hosts: 67.215.240.115 google.com
    O1 - Hosts: 67.215.240.115 google.com.au
    O1 - Hosts: 67.215.240.115 www.google.com.au
    O1 - Hosts: 67.215.240.115 google.be
    O1 - Hosts: 67.215.240.115 www.google.be
    O1 - Hosts: 67.215.240.115 google.com.br
    O1 - Hosts: 67.215.240.115 www.google.com.br
    O1 - Hosts: 67.215.240.115 google.ca
    O1 - Hosts: 67.215.240.115 www.google.ca
    O1 - Hosts: 67.215.240.115 google.ch
    O1 - Hosts: 67.215.240.115 www.google.ch
    O1 - Hosts: 67.215.240.115 google.de
    O1 - Hosts: 67.215.240.115 www.google.de
    O1 - Hosts: 67.215.240.115 google.dk
    O1 - Hosts: 67.215.240.115 www.google.dk
    O1 - Hosts: 67.215.240.115 google.fr
    O1 - Hosts: 67.215.240.115 www.google.fr
    O1 - Hosts: 67.215.240.115 google.ie
    O1 - Hosts: 67.215.240.115 www.google.ie
    O1 - Hosts: 67.215.240.115 google.it
    O1 - Hosts: 67.215.240.115 www.google.it
    O1 - Hosts: 67.215.240.115 google.co.jp
    O1 - Hosts: 67.215.240.115 www.google.co.jp
    O1 - Hosts: 67.215.240.115 google.nl
    O1 - Hosts: 67.215.240.115 www.google.nl
    O1 - Hosts: 67.215.240.115 google.no
    O1 - Hosts: 67.215.240.115 www.google.no
    O1 - Hosts: 67.215.240.115 google.co.nz
    O1 - Hosts: 67.215.240.115 www.google.co.nz
    O1 - Hosts: 67.215.240.115 google.pl
    O1 - Hosts: 67.215.240.115 www.google.pl
    O1 - Hosts: 67.215.240.115 google.se
    O1 - Hosts: 67.215.240.115 www.google.se
    O1 - Hosts: 67.215.240.115 google.co.uk
    O1 - Hosts: 67.215.240.115 www.google.co.uk
    O1 - Hosts: 67.215.240.115 google.co.za
    O1 - Hosts: 67.215.240.115 www.google.co.za
    O1 - Hosts: 67.215.240.115 www.google-analytics.com
    O1 - Hosts: 67.215.240.115 www.bing.com
    O1 - Hosts: 67.215.240.115 search.yahoo.com
    O1 - Hosts: 67.215.240.115 www.search.yahoo.com
    O1 - Hosts: 67.215.240.115 uk.search.yahoo.com
    O1 - Hosts: 67.215.240.115 ca.search.yahoo.com
    O1 - Hosts: 67.215.240.115 de.search.yahoo.com
    O1 - Hosts: 67.215.240.115 fr.search.yahoo.com
    O1 - Hosts: 67.215.240.115 au.search.yahoo.com
    O1 - Hosts: 74.125.45.100 4-open-davinci.com
    O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
    O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
    O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe "
    O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe "
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe "
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe "
    O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe "
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-2213250332-3437725284-1607769180-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Jamie')
    O4 - HKUS\S-1-5-21-2213250332-3437725284-1607769180-1006\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Jamie')
    O4 - HKUS\S-1-5-21-2213250332-3437725284-1607769180-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Ryan')
    O4 - HKUS\S-1-5-21-2213250332-3437725284-1607769180-1007\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; InfoPath.1; yie8)" - "http://www.shockwave.com/contentPlay/shockwave.jsp?id=jigsawpuzzles&refCode=&brand=ag" (User 'Ryan')
    O4 - HKUS\S-1-5-21-2213250332-3437725284-1607769180-500\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Administrator')
    O4 - HKUS\S-1-5-21-2213250332-3437725284-1607769180-500\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Administrator')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 16537 bytes
     
    Jamie,
    #24
  6. 2010/03/30
    Jamie

    Jamie Inactive Thread Starter

    Joined:
    2010/03/14
    Messages:
    19
    Likes Received:
    0
    Also...Spybot will not fix the problem it finds.... it says C:\WINDOWS\System 32\drivers\etc\hosts Access Denied

    Google still has the Security Certificate issue...thank you...
     
    Jamie,
    #25
  7. 2010/03/30
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    What is the system time and date on your computer?

    ==================

    Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

    c:\windows\system32\EB6C455FFE.sys

    ===============

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    crunchie,
    #26
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...