-
Click.Giftload
I have used spybot S&D, TDSS Killer, Malwarebytes anti-malware, and symantec's backdoor.tidserv removal tool (because in Norton the malware showed up as backdoor.tidserv) to try and take out this malware. One of those must have worked because I have run spybot and Malwarebytes Anti-Malware scans and it is saying no infection detected. However I do still get the occasional redirect to a website I wasn't intending to go to, especially on google. Here is the DDS logs and the link to the previous thread I started:http://forums.spybot.info/showthread.php?t=62700
Edit
http://forums.spybot.info/showthread.php?t=62810
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Valued Customer at 10:05:41.10 on Mon 05/16/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2043.1211 [GMT -6:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Program DJ\Dualview Server\dualviewsvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Program DJ\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Program DJ\Wireless Switch\WLSS.exe
C:\Program Files\Program DJ\Program DJ\PdjAssistant.exe
C:\Program Files\Program DJ\Green Charger\GCTray.exe
C:\Program Files\Program DJ\Wow Video&Audio\WVAMain.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\WSZ.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WSZ.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\WheresJames\StartupMgr\StartupMgr.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alarm Clock\alarmclock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Valued Customer\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WheresJames Startup Manager] c:\program files\wheresjames\startupmgr\StartupMgr.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10m_Plugin.exe -update plugin
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [WLSS] c:\program files\program dj\wireless switch\WLSS.exe
mRun: [PdjAssistant] c:\program files\program dj\program dj\PdjAssistant.exe
mRun: [GCTray] c:\program files\program dj\green charger\GCTray.exe
mRun: [Wow Video&Audio] c:\program files\program dj\wow video&audio\WVAMain.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
mRun: [ScreenPrint32] c:\program files\screenprint32 v3\ScreenPrint32.exe -startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Protector Suite QL] c:\program files\protector suite ql\psqltray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\valued~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\documents and settings\valued customer\start menu\programs\startup\WSZ.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{28e0f0a8-e555-4077-a6e1-63dbf2b29d32}\Icon6560581611.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\WSZ.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\PGPlsp.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: {498B6563-F313-4B03-8323-E79AD21537D3} = 208.67.220.220,208.67.222.222
Filter: text/html - {26111323-9a71-4861-b8a8-f7a2130e31ac} -
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: PGPmapih.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli psqlpwd PGPpwflt
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\valued~1\applic~1\mozilla\firefox\profiles\a3uaen4i.default\
FF - prefs.js: network.proxy.ftp - 217.194.213.31
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 217.194.213.31
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 217.194.213.31
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 217.194.213.31
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 217.194.213.31
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\valued customer\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\valued customer\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {7BB8177F-BE0A-4B14-9C1A-809BD54B73C4} - c:\documents and settings\valued customer\local settings\application data\{7BB8177F-BE0A-4B14-9C1A-809BD54B73C4}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Save Session: - %profile%\extensions\savesession@noasobi.net
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Firebug: - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Zotero: - %profile%\extensions\zotero@chnm.gmu.edu
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-4-23 9856]
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2009-12-17 136312]
R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [2009-12-17 13432]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 DualView Server;DualView Server Service;c:\program files\program dj\dualview server\dualviewsvc.exe [2008-5-23 126976]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 Smart Watchdog;Smart Watchdog Service;c:\program files\program dj\smart watchdog\SWDsvc.exe [2008-4-14 208896]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 DualViewFilter;DualViewFilter;c:\windows\system32\drivers\DualviewFilter.sys [2008-5-6 20352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-10 105592]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-13 81296]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110516.002\NAVENG.SYS [2011-5-16 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110516.002\NAVEX15.SYS [2011-5-16 1393144]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-6-19 38304]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-5-2 1251720]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
S2 fwzzghwlx;fwzzghwlx;\??\c:\windows\system32\drivers\xbjhzsxoztwvuot.sys --> c:\windows\system32\drivers\xbjhzsxoztwvuot.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2009-11-21 23096]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 ISD200;USB Storage Adapter V2;c:\windows\system32\drivers\ISD200.SYS [2011-3-10 26930]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-12-31 42112]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-11-21 23096]
S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2009-11-21 3768]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2009-11-21 200704]
S3 STSService;STSService;"c:\program files\soundtaxi media suite\stsservice.exe" --> c:\program files\soundtaxi media suite\STSService.exe [?]
.
=============== Created Last 30 ================
.
2011-05-13 07:44:51 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{18241f7f-a6ff-4296-a8d0-beed1c13fee2}\mpengine.dll
2011-05-11 04:39:28 164345 ----a-w- c:\windows\Gulfstream V Uninstaller.exe
2011-05-06 03:32:08 -------- d-----w- C:\TDSSKiller_Quarantine
2011-05-05 00:22:17 0 ----a-w- c:\windows\Npodowohonevo.bin
2011-05-05 00:22:15 -------- d-----w- c:\docume~1\valued~1\locals~1\applic~1\{7BB8177F-BE0A-4B14-9C1A-809BD54B73C4}
2011-05-02 23:47:50 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-05-02 23:47:02 -------- d-----w- c:\program files\common files\xing shared
2011-05-02 23:46:35 150712 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-05-02 23:46:03 105472 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
.
==================== Find3M ====================
.
2011-05-02 23:45:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-02 23:45:46 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-10 01:03:37 816 ----a-w- c:\windows\system32\ker.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 19:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00:28 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00:27 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44:16 389120 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 10:08:01.39 ===============
I have used spybot S&D, TDSS Killer, Malwarebytes anti-malware, and symantec's backdoor.tidserv removal tool (because in Norton the malware showed up as backdoor.tidserv) to try and take out this malware. One of those must have worked because I have run spybot and Malwarebytes Anti-Malware scans and it is saying no infection detected. However I do still get the occasional redirect to a website I wasn't intending to go to, especially on google. Here is the DDS logs:
DDS (Ver_11-03-05.01) - NTFSx86
Run by Valued Customer at 18:39:06.85 on Wed 06/01/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2043.779 [GMT -6:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Program DJ\Dualview Server\dualviewsvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Program DJ\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Program DJ\Wireless Switch\WLSS.exe
C:\Program Files\Program DJ\Program DJ\PdjAssistant.exe
C:\Program Files\Program DJ\Green Charger\GCTray.exe
C:\Program Files\Program DJ\Wow Video&Audio\WVAMain.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\WheresJames\StartupMgr\StartupMgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WSZ.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WSZ.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\Firewall\FWCfg.exe
C:\Documents and Settings\Valued Customer\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WheresJames Startup Manager] c:\program files\wheresjames\startupmgr\StartupMgr.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [WLSS] c:\program files\program dj\wireless switch\WLSS.exe
mRun: [PdjAssistant] c:\program files\program dj\program dj\PdjAssistant.exe
mRun: [GCTray] c:\program files\program dj\green charger\GCTray.exe
mRun: [Wow Video&Audio] c:\program files\program dj\wow video&audio\WVAMain.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
mRun: [ScreenPrint32] c:\program files\screenprint32 v3\ScreenPrint32.exe -startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Protector Suite QL] c:\program files\protector suite ql\psqltray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\valued~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\valued~1\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\valued customer\application data\leadertech\powerregister\Seagate Product Registration.exe
StartupFolder: c:\documents and settings\valued customer\start menu\programs\startup\WSZ.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{28e0f0a8-e555-4077-a6e1-63dbf2b29d32}\Icon6560581611.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\WSZ.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\PGPlsp.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: {498B6563-F313-4B03-8323-E79AD21537D3} = 208.67.220.220,208.67.222.222
Filter: text/html - {26111323-9a71-4861-b8a8-f7a2130e31ac} -
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: PGPmapih.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli psqlpwd PGPpwflt
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\valued~1\applic~1\mozilla\firefox\profiles\a3uaen4i.default\
FF - prefs.js: network.proxy.ftp - 217.194.213.31
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 217.194.213.31
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 217.194.213.31
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 217.194.213.31
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 217.194.213.31
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\valued customer\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\valued customer\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: 
- c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {7BB8177F-BE0A-4B14-9C1A-809BD54B73C4} - c:\documents and settings\valued customer\local settings\application data\{7BB8177F-BE0A-4B14-9C1A-809BD54B73C4}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Save Session: 
- %profile%\extensions\savesession@noasobi.net
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Firebug: 
- %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Zotero: 
- %profile%\extensions\zotero@chnm.gmu.edu
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-4-23 9856]
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2009-12-17 136312]
R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [2009-12-17 13432]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 DualView Server;DualView Server Service;c:\program files\program dj\dualview server\dualviewsvc.exe [2008-5-23 126976]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-22 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
R2 Smart Watchdog;Smart Watchdog Service;c:\program files\program dj\smart watchdog\SWDsvc.exe [2008-4-14 208896]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 DualViewFilter;DualViewFilter;c:\windows\system32\drivers\DualviewFilter.sys [2008-5-6 20352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-10 105592]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-13 81296]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110530.020\NAVENG.SYS [2011-5-30 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110530.020\NAVEX15.SYS [2011-5-30 1542392]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-6-19 38304]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2011-5-17 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2009-11-21 3768]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-5-2 1251720]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
S2 fwzzghwlx;fwzzghwlx;\??\c:\windows\system32\drivers\xbjhzsxoztwvuot.sys --> c:\windows\system32\drivers\xbjhzsxoztwvuot.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2009-11-21 23096]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 ISD200;USB Storage Adapter V2;c:\windows\system32\drivers\ISD200.SYS [2011-3-10 26930]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-12-31 42112]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2011-5-17 200704]
S3 STSService;STSService;"c:\program files\soundtaxi media suite\stsservice.exe" --> c:\program files\soundtaxi media suite\STSService.exe [?]
.
=============== Created Last 30 ================
.
2011-05-27 08:08:02 6962000 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{da423d87-723a-46c3-b573-bd4152af2661}\mpengine.dll
2011-05-24 07:10:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\MemeoCommon
2011-05-24 07:07:25 -------- d-----w- c:\docume~1\valued~1\applic~1\Memeo
2011-05-24 07:07:07 -------- d-----w- c:\docume~1\valued~1\applic~1\Seagate
2011-05-24 07:06:13 -------- d-----w- c:\program files\common files\Memeo
2011-05-24 07:06:06 -------- d-----w- c:\program files\Memeo
2011-05-24 07:05:25 -------- d-----w- c:\program files\Seagate
2011-05-17 18:31:07 3768 ----a-w- c:\windows\system32\SndTVideo.sys
2011-05-17 18:31:07 23096 ----a-w- c:\windows\system32\SndTAudio.sys
2011-05-17 18:31:07 23096 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2011-05-17 18:31:07 200704 ----a-w- c:\windows\system32\snmvtsvc.exe
2011-05-17 18:31:07 10936 ----a-w- c:\windows\system32\SndTVideo.dll
2011-05-17 18:31:06 -------- d-----w- c:\program files\SoundTaxi
2011-05-17 17:53:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 04:39:28 164345 ----a-w- c:\windows\Gulfstream V Uninstaller.exe
2011-05-06 03:32:08 -------- d-----w- C:\TDSSKiller_Quarantine
2011-05-05 00:22:17 0 ----a-w- c:\windows\Npodowohonevo.bin
2011-05-05 00:22:15 -------- d-----w- c:\docume~1\valued~1\locals~1\applic~1\{7BB8177F-BE0A-4B14-9C1A-809BD54B73C4}
.
==================== Find3M ====================
.
2011-05-02 23:45:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-02 23:45:46 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-10 01:03:37 816 ----a-w- c:\windows\system32\ker.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 18:46:23.26 ===============
Last edited by tashi; 2011-06-05 at 06:33.
Reason: Merged two topics, added link
-
Hi and Welcome!! 
My name is Jeff. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:- I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for the issues on this machine.
- Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
- It's often worth reading through these instructions and printing them for ease of reference.
- If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
- Please reply to this thread. Do not start a new topic.
Having said that....Let's get going!! :thumbup:
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.
IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Vista and Windows 7 users:
These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
-
Sounds good! Lets do this!
-
Hi RyanV,
I would like to express my apologizes for having you wait all this time. I misunderstood and thought that this thread was going to be closed due to circumstances. 
I must ask...Did you remove the Peer-to-Peer programs that the Senior Analyst that was working with you before advised. As per forum rules, you must remove those programs prior to receiving help. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.
If you have in fact removed those programs and would still like to receive help please do the following:
I see that you already have DDS on your system. Please run that program again and post both of the newly created logs into your next reply.
-
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Valued Customer at 23:56:32.65 on Fri 06/17/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2043.747 [GMT -6:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Program DJ\Dualview Server\dualviewsvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Program DJ\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Program DJ\Wireless Switch\WLSS.exe
C:\Program Files\Program DJ\Program DJ\PdjAssistant.exe
C:\Program Files\Program DJ\Green Charger\GCTray.exe
C:\Program Files\Program DJ\Wow Video&Audio\WVAMain.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\WheresJames\StartupMgr\StartupMgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\WSZ.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WSZ.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Movie Maker\moviemk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Valued Customer\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WheresJames Startup Manager] c:\program files\wheresjames\startupmgr\StartupMgr.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10q_Plugin.exe -update plugin
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [WLSS] c:\program files\program dj\wireless switch\WLSS.exe
mRun: [PdjAssistant] c:\program files\program dj\program dj\PdjAssistant.exe
mRun: [GCTray] c:\program files\program dj\green charger\GCTray.exe
mRun: [Wow Video&Audio] c:\program files\program dj\wow video&audio\WVAMain.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
mRun: [ScreenPrint32] c:\program files\screenprint32 v3\ScreenPrint32.exe -startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Protector Suite QL] c:\program files\protector suite ql\psqltray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\valued~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\valued~1\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\valued customer\application data\leadertech\powerregister\Seagate Product Registration.exe
StartupFolder: c:\documents and settings\valued customer\start menu\programs\startup\WSZ.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{28e0f0a8-e555-4077-a6e1-63dbf2b29d32}\Icon6560581611.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\WSZ.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\PGPlsp.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: {498B6563-F313-4B03-8323-E79AD21537D3} = 208.67.220.220,208.67.222.222
Filter: text/html - {26111323-9a71-4861-b8a8-f7a2130e31ac} -
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: PGPmapih.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli psqlpwd PGPpwflt
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\valued~1\applic~1\mozilla\firefox\profiles\a3uaen4i.default\
FF - prefs.js: network.proxy.ftp - 217.194.213.31
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 217.194.213.31
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 217.194.213.31
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 217.194.213.31
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 217.194.213.31
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\valued customer\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\valued customer\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {7BB8177F-BE0A-4B14-9C1A-809BD54B73C4} - c:\documents and settings\valued customer\local settings\application data\{7BB8177F-BE0A-4B14-9C1A-809BD54B73C4}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Save Session: savesession@noasobi.net - %profile%\extensions\savesession@noasobi.net
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-4-23 9856]
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2009-12-17 136312]
R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [2009-12-17 13432]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 DualView Server;DualView Server Service;c:\program files\program dj\dualview server\dualviewsvc.exe [2008-5-23 126976]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-22 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
R2 Smart Watchdog;Smart Watchdog Service;c:\program files\program dj\smart watchdog\SWDsvc.exe [2008-4-14 208896]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 DualViewFilter;DualViewFilter;c:\windows\system32\drivers\DualviewFilter.sys [2008-5-6 20352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-10 105592]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-13 81296]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110617.020\NAVENG.SYS [2011-6-17 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110617.020\NAVEX15.SYS [2011-6-17 1542392]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-6-19 38304]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2011-5-17 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2009-11-21 3768]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-5-2 1251720]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
S2 fwzzghwlx;fwzzghwlx;\??\c:\windows\system32\drivers\xbjhzsxoztwvuot.sys --> c:\windows\system32\drivers\xbjhzsxoztwvuot.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2009-11-21 23096]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 ISD200;USB Storage Adapter V2;c:\windows\system32\drivers\ISD200.SYS [2011-3-10 26930]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-12-31 42112]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2011-5-17 200704]
S3 STSService;STSService;"c:\program files\soundtaxi media suite\stsservice.exe" --> c:\program files\soundtaxi media suite\STSService.exe [?]
.
=============== Created Last 30 ================
.
2011-06-17 07:42:24 6962000 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{da757859-e9c0-4bcd-8727-8221dd26287f}\mpengine.dll
2011-06-14 20:03:34 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-12 17:30:17 -------- d-----w- c:\docume~1\valued~1\locals~1\applic~1\PackageAware
2011-05-24 07:10:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\MemeoCommon
2011-05-24 07:07:25 -------- d-----w- c:\docume~1\valued~1\applic~1\Memeo
2011-05-24 07:07:07 -------- d-----w- c:\docume~1\valued~1\applic~1\Seagate
2011-05-24 07:06:13 -------- d-----w- c:\program files\common files\Memeo
2011-05-24 07:06:06 -------- d-----w- c:\program files\Memeo
2011-05-24 07:05:25 -------- d-----w- c:\program files\Seagate
.
==================== Find3M ====================
.
2011-05-17 17:53:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 04:39:28 164345 ----a-w- c:\windows\Gulfstream V Uninstaller.exe
2011-05-05 06:52:47 0 ----a-w- c:\windows\Npodowohonevo.bin
2011-05-02 23:45:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-02 23:45:46 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-25 15:51:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51:57 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51:57 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01:21 389120 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 23:58:50.39 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/23/2009 8:53:41 AM
System Uptime: 6/14/2011 4:09:24 PM (79 hours ago)
.
Motherboard: COMPAL | | JHL90
Processor: Intel Pentium III Xeon processor | U2E1 | 2394/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 56.861 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP672: 3/18/2011 2:45:40 AM - System Checkpoint
RP673: 3/18/2011 12:30:32 PM - Software Distribution Service 3.0
RP674: 3/19/2011 9:45:43 PM - System Checkpoint
RP675: 3/20/2011 9:56:40 PM - System Checkpoint
RP676: 3/22/2011 9:09:36 AM - Software Distribution Service 3.0
RP677: 3/22/2011 5:39:23 PM - Installed Microsoft Flight Simulator X
RP678: 3/22/2011 5:44:01 PM - Installed Microsoft Flight Simulator X
RP679: 3/22/2011 6:32:35 PM - Installed Microsoft Flight Simulator X: Acceleration
RP680: 3/23/2011 7:00:22 PM - Software Distribution Service 3.0
RP681: 3/25/2011 1:42:16 AM - Software Distribution Service 3.0
RP682: 3/26/2011 3:32:00 AM - System Checkpoint
RP683: 3/27/2011 8:57:52 AM - System Checkpoint
RP684: 3/27/2011 1:20:29 PM - Installed TuneSync
RP685: 3/28/2011 7:59:46 AM - Removed iTunes Export
RP686: 3/29/2011 1:57:52 AM - Software Distribution Service 3.0
RP687: 4/1/2011 3:02:27 PM - Software Distribution Service 3.0
RP688: 4/5/2011 1:57:59 AM - Software Distribution Service 3.0
RP689: 4/8/2011 1:57:54 AM - Software Distribution Service 3.0
RP690: 4/9/2011 7:26:51 PM - System Checkpoint
RP691: 4/12/2011 12:33:09 AM - Software Distribution Service 3.0
RP692: 4/13/2011 10:53:54 PM - System Checkpoint
RP693: 4/15/2011 1:53:05 AM - Software Distribution Service 3.0
RP694: 4/15/2011 7:00:36 PM - Software Distribution Service 3.0
RP695: 4/15/2011 9:07:47 PM - Software Distribution Service 3.0
RP696: 4/17/2011 1:48:53 AM - System Checkpoint
RP697: 4/18/2011 3:09:53 AM - System Checkpoint
RP698: 4/19/2011 2:02:03 AM - Software Distribution Service 3.0
RP699: 4/20/2011 2:24:27 AM - System Checkpoint
RP700: 4/22/2011 2:02:00 AM - Software Distribution Service 3.0
RP701: 4/24/2011 6:09:03 PM - System Checkpoint
RP702: 4/26/2011 1:54:08 AM - Software Distribution Service 3.0
RP703: 4/27/2011 7:00:23 PM - Software Distribution Service 3.0
RP704: 4/29/2011 12:35:29 AM - System Checkpoint
RP705: 4/29/2011 1:39:56 AM - Software Distribution Service 3.0
RP706: 5/2/2011 2:20:36 AM - System Checkpoint
RP707: 5/3/2011 1:59:21 AM - Software Distribution Service 3.0
RP708: 5/4/2011 2:23:46 AM - System Checkpoint
RP709: 5/6/2011 12:12:40 AM - System Checkpoint
RP710: 5/6/2011 7:35:09 PM - Software Distribution Service 3.0
RP711: 5/8/2011 5:07:31 PM - System Checkpoint
RP712: 5/9/2011 8:30:00 PM - System Checkpoint
RP713: 5/10/2011 2:07:54 AM - Software Distribution Service 3.0
RP714: 5/10/2011 7:00:28 PM - Software Distribution Service 3.0
RP715: 5/12/2011 2:10:47 AM - System Checkpoint
RP716: 5/13/2011 1:44:48 AM - Software Distribution Service 3.0
RP717: 5/14/2011 6:14:59 AM - System Checkpoint
RP718: 5/15/2011 6:38:48 AM - System Checkpoint
RP719: 5/16/2011 7:22:23 AM - System Checkpoint
RP720: 5/17/2011 1:45:02 AM - Software Distribution Service 3.0
RP721: 5/18/2011 2:48:08 AM - System Checkpoint
RP722: 5/19/2011 3:16:16 AM - System Checkpoint
RP723: 5/20/2011 4:07:28 AM - System Checkpoint
RP724: 5/20/2011 9:02:31 AM - Software Distribution Service 3.0
RP725: 5/21/2011 10:02:24 AM - System Checkpoint
RP726: 5/22/2011 6:24:43 PM - System Checkpoint
RP727: 5/23/2011 10:47:22 PM - System Checkpoint
RP728: 5/24/2011 9:58:00 PM - Software Distribution Service 3.0
RP729: 5/27/2011 2:07:56 AM - Software Distribution Service 3.0
RP730: 5/30/2011 11:39:44 PM - System Checkpoint
RP731: 6/1/2011 12:05:30 AM - System Checkpoint
RP732: 6/1/2011 6:42:23 PM - Software Distribution Service 3.0
RP733: 6/3/2011 1:31:54 AM - Software Distribution Service 3.0
RP734: 6/6/2011 2:11:16 AM - System Checkpoint
RP735: 6/7/2011 2:06:59 AM - Software Distribution Service 3.0
RP736: 6/10/2011 2:07:08 AM - Software Distribution Service 3.0
RP737: 6/14/2011 1:17:26 PM - Software Distribution Service 3.0
RP738: 6/14/2011 2:00:08 PM - Software Distribution Service 3.0
RP739: 6/15/2011 2:16:58 PM - System Checkpoint
RP740: 6/17/2011 1:42:18 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
3ivx MPEG-4 5.0.3 (remove only)
7-Zip 4.65
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 6.0
Adobe Reader 8.2.6
Agere Systems HDA Modem
ALPS Touch Pad Driver
Any Video Converter 3.0.7
AoA Audio Extractor 1.0
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ArcSoft Print Creations
Audacity 1.2.6
BitPim 1.0.4
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM)
ccCommon
Component Framework
Content Transfer
Critical Update for Windows Media Player 11 (KB959772)
Crysis(R)
Deus Ex - Invisible War
Dropbox
DualviewServer
DVD Suite
EMSC
EPSON CX7400 User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX7400 Series Scanner Driver Update
EPSON Web-To-Page
ERUNT 1.1j
Facebook Plug-In
Falcon 4.0: Allied Force
Flight Simulator X
Flight Simulator X Service Pack 1
FlipShare
FreeFalcon5.53
Genesys USB Mass Storage Device
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Green Charger
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iTunes
iTunes Alarm Clock 2.0
Java(TM) 6 Update 15
JetFighter IV
JMicron JMB38X Flash Media Controller
LAME v3.98.2 for Audacity
LiveUpdate (Symantec Corporation)
Logitech Gaming Software
Malwarebytes' Anti-Malware
Media Widget 2.1
MediaShow 3.0
Memeo Instant Backup
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Flight Simulator X: Acceleration
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Motorola Driver Installation
Mozilla Firefox (3.6.17)
MSN
MSVC80_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyJAL MediaPAL
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton Protection Center
NVIDIA Drivers
NWZ-S540 WALKMAN Guide
PC Connectivity Solution
PCsync
PGP Desktop
PHOTOfunSTUDIO -viewer-
PhotoNow! 1.0
Power2Go 5.0
PowerBackup 2.5
PowerDVD
PowerProducer
Program DJ
Project64 1.6
Protector Suite QL 5.8
PunkBuster Services
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
SamsungConnectivityCableDriver
Scarface: The World is Yours
ScreenPrint32 v3.5
Seagate Dashboard
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Smart Watchdog
SoulSeek Client 156c
SoundTaxi 3.6.5
SPBBC 32bit
Spybot - Search & Destroy
Ss Data Eraser 2.0
Symantec Real Time Storage Protection Component
SymNet
Tom Clancy's H.A.W.X
TouchCopy 09
TuneSync
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Scarface: The World is Yours
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Storage Adapter V2
USB Storage Driver
Ventrilo Client
Virtual DJ - Atomix Productions
Visual MP3
VLC media player 1.1.7
WClean Professional Demo 10.0
Web Site Zapper
WebFldrs XP
Windows Defender
Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Easy Transfer
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WinSCP 4.2.4 beta
Wireless Switch
Wow Video&Audio utility
.
==== Event Viewer Messages From Past Week ========
.
6/14/2011 4:15:06 PM, error: Service Control Manager [7023] - The DNS Client service terminated with the following error: The specified module could not be found.
6/14/2011 4:15:06 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
6/14/2011 4:06:49 PM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the stisvc service.
6/14/2011 4:05:26 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\D.
6/14/2011 4:05:06 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
.
==== End Of File ===========================
-
-
I have uninstalled soulseek. Here is the log:
aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-18 11:49:09
-----------------------------
11:49:09.109 OS Version: Windows 5.1.2600 Service Pack 3
11:49:09.109 Number of processors: 2 586 0x1706
11:49:09.109 ComputerName: AVA-333244 UserName:
11:49:12.000 Initialize success
11:49:30.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:49:30.406 Disk 0 Vendor: SAMSUNG_HM320JI 2SS00_01 Size: 305245MB BusType: 3
11:49:30.406 Disk 0 MBR read error 0
11:49:30.406 Disk 0 MBR scan
11:49:30.406 Disk 0 unknown MBR code
11:49:30.406 MBR BIOS signature not found 0
11:49:30.406 Disk 0 scanning sectors +625121280
11:49:30.406 Disk 0 scanning C:\WINDOWS\system32\drivers
11:49:40.062 Service scanning
11:49:41.281 Disk 0 trace - called modules:
11:49:41.296 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spcm.sys hal.dll >>UNKNOWN [0x8a57e938]<<
11:49:41.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a52aab8]
11:49:41.296 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a4e2d98]
11:49:41.296 Scan finished successfully
11:49:54.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Valued Customer\Desktop\MBR.dat"
11:49:54.234 The log file has been saved successfully to "C:\Documents and Settings\Valued Customer\Desktop\aswMBR.txt"
-
Great!! I will be back as quick as I can. 
-
Hi RyanV,
Please read through these instructions to familarize yourself with what to expect when this tool runs
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
-
I'll get on it and post those logs!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
