Search:

OK. I fixed those items. Still seems slow. I'll try and remove some programs and see if that helps.

that would be great. I know there is alot of stuff running but I really don't know what is needed.

No, C is the only hard drive on the laptop.

info.txt logfile of random's system information tool 1.06 2009-08-28 06:37:49

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe...

Logfile of random's system information tool 1.06 (written by random/random)
Run by David at 2009-08-28 06:36:52
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (22%) free...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:04 PM, on 8/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
...

Thanks ken.
She seems to be running fine. Donation has been made.

Ken,
You rock. this computer is running great. Now, how do I keep it this way?
I thank you for all of your help and I always donate for the effort. Anything else we need to do?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:00 AM, on 8/25/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
...

ComboFix 09-08-22.06 - janice @ home 08/25/2009 6:25.5.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.1023.753 [GMT -4:00]
Running from: c:\documents and settings\janice...

----a-w- 13,824 2004-08-04 07:56:57 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wscntfy.exe

Entries: 1 (1)
Directories: 0 ...

----a-w- 129,536 2004-08-04 07:56:46 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xmlprov.dll

Entries: 1 (1)
Directories: 0 ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:52 PM, on 8/24/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
...

ComboFix 09-08-22.06 - janice @ home 08/23/2009 19:21.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.1023.752 [GMT -4:00]
Running from: c:\documents and settings\janice...

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-23 16:44:44
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT ...

I have a slow running laptop and wonder if you guys can take a look at hjt file and let me know if there is a problem. I read the "before you post" thread and also I have another thread going for my...

how long is the scan? been going for about 2 hours now

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 1

8/23/2009 11:03:49 AM
mbam-log-2009-08-23 (11-03-49).txt

Scan type: Quick Scan
Objects scanned: 111925...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:23 AM, on 8/23/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
...

Hello and thank you for your reply
new problems have occured. my desktop has been taken over and the background has a "DANGER!!! your computer is infected....." message .
I will try to run these...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:43 PM, on 8/18/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
...

I will research the internet and see if anyone else has this problem.
Thank you for all of your help and I will donate to the sight.
Thanks again.
Dave

Paul,
I followed the instructions :
"turn off System Restore" Restart the computer and then "turn on System Restore".
I then ran KOS scan again and the same 3 "infected "came up.

C:\System...

Hope this is enough information. I did the reboot with system restore off but these 3 came up again. Let me know what else I can do. Looks like we are almost home though.

Thanks Paul,
Dave

...

C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is...

C:\Documents and Settings\Kristina\Cookies\kristina@spywarestop[2].txt Object is locked skipped
C:\Documents and Settings\Kristina\Cookies\kristina@statse.webtrendslive[1].txt Object is...

C:\Documents and Settings\Kristina\Application Data\Microsoft\Office\Recent\Yep.LNK Object is locked skipped
C:\Documents and Settings\Kristina\Application Data\Microsoft\Office\VB10.pip Object is...

C:\Documents and Settings\Kristina\Application Data\Macromedia\Shockwave Player\Prefs\K8YME3FA\grooveloader.txt Object is locked skipped
C:\Documents and Settings\Kristina\Application...

C:\Documents and Settings\Kristina\Application Data\Macromedia\Flash Player\#SharedObjects\FWE95P55\www.youtube.com\videostats.sol Object is locked skipped
C:\Documents and...

C:\Documents and Settings\Kristina\Application Data\Macromedia\Flash Player\#SharedObjects\FWE95P55\graphics.millsberry.com\home\home_v79.swf\backup.sol Object is locked skipped
C:\Documents and...

C:\Documents and Settings\Kristina\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_poly-closed-blue_l.png Object is locked skipped
C:\Documents and Settings\Kristina\Application...

C:\Documents and Settings\Kristina\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_canada_transcanada_hwy_n.png Object is locked skipped
C:\Documents and Settings\Kristina\Application...

C:\Documents and Settings\Kristina\Application Data\Google\GoogleEarth\dbCache.dat Object is locked skipped
C:\Documents and Settings\Kristina\Application...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 20, 2008 8:16:12 AM
Operating System: Microsoft Windows XP...

I installed Recovery Console.
We can finish this up. Just lead the way.
Whats next?
Dave

ok, here is the latest HJT scan. I removed the O20 - Winlogon Notify: urqqqpo - C:\WINDOWS
I will work on the recovery console if you think I need it. I do have the disk.
Also, My internet...

Yeah I typed it wrong. I believe I deleted the correct one and will check again.
Also I missed the 020 line on the HJT fix.
I will fix this and install the RC tonight Is system restore the
same...

I just realized that you wanted me to delete the SCVHHost(2 h's)
I think HJT did this for us.
Just an update.
Thanks

PSKELLY,Found some time this morning and got it done.
The machine is running better but I am still disconnected from the internet.
The "file not found" message went away.
I found the...

Will do.
I will post again tonight about 7:00PM after work.

Dave

on reboot, i also get an error message stating:
error loading
c:/windows/system32/ermvtqsq.dll
file could not be found

Is this a problem that was caused bt the virus or did I delete something...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:22 PM, on 3/18/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
...

ComboFix 08-03-14.4 - janice @ home 2008-03-18 17:02:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.748 [GMT -5:00]
Running from: C:\Documents and Settings\janice @...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:18:59 PM, on 3/17/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
...

ComboFix 08-03-14.4 - janice @ home 2008-03-17 17:58:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.732 [GMT -5:00]
Running from: C:\Documents and Settings\janice @...

thank you for the reply.
here is the vundoscan:


VundoFix V7.0.3

Scan started at 5:30:31 PM 3/17/2008

Listing files found while scanning....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:36 PM, on 3/16/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
...

sorry about that. I am runnning the s & d in safe mode right now on the infected computer.
I will post the hjt file as soon as it is done.
Thank you in advance for your help.
Dave

Posted in error, removed for the member...pskelley

C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is...