Page 3 of 3 FirstFirst 123
Results 21 to 26 of 26

Thread: multipul problems after fake spybot remover downloaded

  1. #21
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    RAM:
    I have too many unneeded programs loading at start up that are draining my available RAM.
    Yes, that is an issue we need to correct, but you have other issues that I believe need to be addressed first.

    http://www.processlibrary.com/directory/files/svchost/ <<< read this:
    Acting as a host, the file svchost.exe creates multiple instances of itself.
    Defrag: If the program you downloaded worked, fine. I would like to know what error message you get when you try to run the Windows XP defrag, that might tell us why it is not working?

    Combofix: delete the program (right click) and download it again, this time before you save it to the Desktop, checkge the name like this:

    You must rename it before saving it, save it to your Desktop.




    I will comment briefly on any number in the last post that needs a comment.

    2. Can be many reason and difficult to troubleshoot without error messages. Out of date drivers often cause this and you had three out of date, are they updated now?

    3. Spybot S&D is the least of your problems. Please do not try to use it. Once all other issues are resolved, then you can uninstall it and reinstall it, that will likely fix issues with the program. If not, you can discuss that with Spybot S&D experts here:
    http://forums.spybot.info/forumdisplay.php?f=4

    4. post error messages word for word.

    5. What browser are you using when this happens? Did you try another browser? There is likely malware still onboard, that is why I am trying to get combofix run. The situation is that the computer was in poor shape and there was much to do.

    6. Post error/message you get when you try to run it. Have you run chkdsk on this computer recently?
    http://support.microsoft.com/kb/315265

    Besides running combofix, please also update the diagnostic at PCPitStop and post the link.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  2. #22
    Junior Member
    Join Date
    Jul 2009
    Posts
    16

    Default

    Combofix Log:

    ComboFix 09-07-25.08 - Tyler W 07/26/2009 16:58.1.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.191 [GMT -5:00]
    Running from: c:\documents and settings\Tyler W\Desktop\Combo-Fix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\data
    c:\data\IluPak.exe
    c:\program files\QUAD Utilities
    c:\program files\WinPCap
    c:\program files\WinPCap\rpcapd.exe
    c:\recycler\NPROTECT
    c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
    c:\windows\Installer\11bf05e.msi
    c:\windows\Installer\17c9e6f.msi
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\drivers\UAClwhosvdkturrwdpap.sys
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\UACdnixfujbohoqombij.dll
    c:\windows\system32\UAChsrfvkkemqpwltusx.dat
    c:\windows\system32\uacinit.dll
    c:\windows\system32\UACpqdqkyxmpkqqrwuig.dll
    c:\windows\system32\UACqhttlbvnvnfgqwosf.log
    c:\windows\system32\UACqqaorduhewxdqsgkg.dll
    c:\windows\system32\UACrqupbimryllxmixyb.log
    c:\windows\system32\UACvylxymdwdwxfclyeo.log
    c:\windows\system32\UACwcdoyfnxjlbbdxxna.dll
    c:\windows\system32\UACwunrbutejftbldlya.dll
    c:\windows\system32\WanPacket.dll
    c:\windows\system32\wpcap.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_UACd.sys
    -------\Legacy_NPF
    -------\Legacy_SVCPROC
    -------\Service_npf


    ((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
    .

    2009-07-26 21:57 . 2009-07-26 22:08 237600 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-07-26 21:57 . 2009-07-26 22:07 2848 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    2009-07-26 21:05 . 2009-07-26 21:05 -------- d-----w- c:\windows\VirtualEar
    2009-07-26 21:05 . 2003-08-19 23:36 65536 ----a-w- c:\windows\system32\Audio3d.dll
    2009-07-26 21:05 . 2001-10-04 19:50 991232 ----a-w- c:\windows\system32\virtear.dll
    2009-07-26 21:05 . 2009-07-26 21:05 -------- d-----w- c:\program files\Analog Devices
    2009-07-26 21:05 . 2004-11-19 15:00 49152 ----a-w- c:\windows\system32\DSndUp.exe
    2009-07-26 21:05 . 2002-04-17 19:05 45056 ----a-w- c:\windows\system32\CleanUp.exe
    2009-07-26 21:03 . 2004-10-05 21:10 23040 ----a-w- c:\windows\system32\PostProc.dll
    2009-07-26 21:03 . 2004-09-23 12:55 311296 ----a-w- c:\windows\system32\Edcrypt.dll
    2009-07-26 21:03 . 2004-09-17 14:02 732928 ----a-w- c:\windows\system32\drivers\senfilt.sys
    2009-07-26 21:03 . 2001-09-19 17:47 765952 ----a-w- c:\windows\system\crlds3d.dll
    2009-07-26 19:30 . 2009-07-26 20:39 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2009-07-26 19:30 . 2009-07-26 20:39 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ParetoLogic
    2009-07-25 03:44 . 2009-07-25 03:44 -------- d-----w- c:\documents and settings\Tyler W\Application Data\IObit
    2009-07-25 03:44 . 2009-07-25 03:44 -------- d-----w- c:\program files\IObit
    2009-07-24 21:04 . 2009-07-24 21:04 -------- d-----w- c:\documents and settings\Tyler W\Application Data\True Sword
    2009-07-24 16:32 . 2009-07-24 16:32 -------- d-----w- c:\documents and settings\Tyler W\Application Data\Malwarebytes
    2009-07-24 16:24 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-07-24 16:24 . 2009-07-24 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-07-24 16:24 . 2009-07-24 16:24 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
    2009-07-24 16:24 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-07-24 15:12 . 2009-07-24 15:12 -------- d-----w- c:\program files\ERUNT
    2009-07-24 06:19 . 2009-07-24 06:19 -------- d-----w- c:\program files\Common Files\xing shared
    2009-07-24 06:14 . 2009-07-24 06:14 390664 ----a-w- c:\documents and settings\Tyler W\Application Data\Real\RealPlayer\setup\AU_setup.exe
    2009-07-24 05:58 . 2009-07-24 05:58 -------- d-----w- c:\documents and settings\Tyler W\Application Data\vlc
    2009-07-24 04:42 . 2009-07-24 04:42 -------- d-----w- c:\program files\iPod
    2009-07-24 04:41 . 2009-07-24 04:42 -------- d-----w- c:\program files\iTunes
    2009-07-24 04:41 . 2009-07-24 04:42 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-07-24 03:48 . 2009-07-24 03:48 -------- d-----w- c:\program files\Secunia
    2009-07-22 22:09 . 2009-07-22 22:10 -------- d-----w- c:\program files\Common Files\DivX Shared
    2009-07-22 04:34 . 2009-07-22 04:34 -------- d-----w- c:\program files\Trend Micro
    2009-07-22 04:05 . 2009-07-26 21:49 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
    2009-07-22 04:05 . 2009-07-25 21:26 -------- d-----w- c:\program files\SpywareBlaster
    2009-07-22 03:25 . 2009-07-24 20:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-07-22 02:15 . 2004-03-22 17:24 4272 ----a-r- c:\windows\system32\drivers\bvrp_pci.sys
    2009-07-22 00:35 . 2009-07-22 00:35 -------- d-----w- C:\$WIN_NT$.~BT
    2009-07-19 22:36 . 2009-07-19 22:36 -------- d-----w- c:\documents and settings\Tyler W\Application Data\RegistryPC
    2009-07-19 22:36 . 2009-07-22 05:09 -------- d-----w- c:\program files\RegistryPC
    2009-07-15 17:40 . 2008-05-30 19:40 29712 ----a-w- c:\windows\system32\VCFCHK.exe
    2009-07-15 17:40 . 2008-05-30 19:40 268944 ----a-w- c:\windows\system32\drivers\VCFFltr.SYS
    2009-07-15 07:13 . 2009-07-15 07:13 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-07-02 03:13 . 2008-10-16 19:06 268648 ----a-w- c:\windows\system32\mucltui.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-26 22:06 . 2009-07-26 21:57 3788 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2009-07-26 22:06 . 2009-07-26 21:57 1292 --sha-w- c:\windows\system32\drivers\fidbox2.idx
    2009-07-26 22:06 . 2005-02-06 21:18 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000003-00000000-00000000-00001102-00000004-20061102}.dat
    2009-07-26 22:06 . 2005-02-06 21:18 384 ----a-w- c:\windows\system32\DVCState-{00000003-00000000-00000000-00001102-00000004-20061102}.dat
    2009-07-26 21:05 . 2005-02-06 21:17 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-07-24 17:22 . 2006-03-15 20:53 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2009-07-24 06:18 . 2003-03-19 02:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2009-07-24 05:03 . 2008-03-15 12:07 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint
    2009-07-24 05:00 . 2005-02-06 21:17 -------- d-----w- c:\program files\Java
    2009-07-24 04:42 . 2007-10-05 19:35 -------- d-----w- c:\program files\Common Files\Apple
    2009-07-24 04:41 . 2005-12-09 02:42 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple Computer
    2009-07-24 04:27 . 2005-02-15 20:07 -------- d-----w- c:\program files\Common Files\Adobe
    2009-07-24 04:04 . 2006-04-17 13:53 -------- d-----w- c:\program files\QuickTime
    2009-07-23 23:09 . 2005-02-23 06:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2009-07-23 23:07 . 2005-02-23 06:34 -------- d-----w- c:\program files\Symantec
    2009-07-22 22:11 . 2005-02-27 10:01 -------- d-----w- c:\program files\DivX
    2009-07-21 23:14 . 2005-02-06 21:20 -------- d-----w- c:\program files\CyberLink
    2009-07-15 17:40 . 2009-07-15 17:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_VCFFltr_01005.Wdf
    2009-07-15 17:40 . 2009-07-15 17:40 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2009-07-13 03:30 . 2008-06-16 16:14 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-06-25 04:06 . 2005-03-19 07:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-06-22 21:56 . 2008-06-16 16:14 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-06-17 12:20 . 2009-06-17 12:20 12648 ----a-w- c:\windows\system32\drivers\psi_mf.sys
    2009-06-16 14:36 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-16 14:36 . 2004-08-04 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-13 12:50 . 2009-06-12 01:29 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
    2009-06-12 01:29 . 2009-06-12 01:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
    2009-06-10 16:16 . 2009-06-10 16:16 152576 ----a-w- c:\documents and settings\Tyler W\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
    2009-06-07 03:54 . 2009-06-07 03:54 -------- d-----w- c:\documents and settings\Tyler W\Application Data\aAvgApi
    2009-06-03 19:09 . 2004-08-04 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll
    2009-05-28 02:30 . 2009-04-02 00:58 -------- d-----w- c:\program files\GameTap Web Player
    2009-05-26 15:12 . 2008-06-16 16:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-05-26 15:11 . 2008-06-16 16:14 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-05-21 16:33 . 2008-11-26 16:11 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-05-13 05:15 . 2004-08-04 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-05-07 15:32 . 2004-08-04 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
    2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
    2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
    2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
    2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
    2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
    2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
    2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
    2009-01-17 02:13 . 2009-01-17 02:13 64061 -c--a-w- c:\program files\AUG2007_d3dx9_35_x64.cab
    2008-10-27 16:37 . 2008-10-27 16:37 696881 -c--a-w- c:\program files\APR2007_d3dx10_33_x86.cab
    2008-10-27 16:37 . 2008-10-27 16:37 196782 -c--a-w- c:\program files\APR2007_XACT_x64.cab
    2008-10-27 16:37 . 2008-10-27 16:37 183919 ----a-w- c:\program files\AUG2006_XACT_x64.cab
    2008-10-27 16:37 . 2008-10-27 16:37 180149 -c--a-w- c:\program files\Apr2006_XACT_x64.cab
    2008-10-27 16:37 . 2008-10-27 16:37 152241 -c--a-w- c:\program files\APR2007_XACT_x86.cab
    2008-10-27 16:37 . 2008-10-27 16:37 139033 -c--a-w- c:\program files\OCT2006_XACT_x86.cab
    2008-10-27 16:37 . 2008-10-27 16:37 138251 -c--a-w- c:\program files\AUG2006_XACT_x86.cab
    2008-10-27 16:37 . 2008-10-27 16:37 134119 -c--a-w- c:\program files\Apr2006_XACT_x86.cab
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-06-26 15:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-24 198160]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "CTHelper"="CTHELPER.EXE" - c:\windows\SYSTEM32\CTHELPER.EXE [2004-03-11 28672]
    "nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2008-10-07 1630208]

    c:\documents and settings\Tyler W\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-6-24 803176]

    c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-2-6 24576]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoViewOnDrive"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-05-26 15:12 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Pml Driver HPZ12"=2 (0x2)
    "iPod Service"=3 (0x3)
    "Apple Mobile Device"=2 (0x2)
    "AOL ACS"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1133074693\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1133074693\\ee\\aim6.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\GameTap\\bin\\Release\\gametap.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\GameTap Web Player\\bin\\release\\GameTapPlayer.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [6/16/2008 11:14 AM 335752]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [6/16/2008 11:14 AM 108552]
    R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/2/2008 5:24 PM 907032]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/2/2008 5:24 PM 298776]
    R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2/25/2005 12:53 AM 3744]
    R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2/25/2005 12:53 AM 3904]
    R3 IPN2120;Wireless-B PCI Adapter Driver;c:\windows\SYSTEM32\DRIVERS\LSIPNDS.sys [5/8/2009 2:47 PM 96256]
    R3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [6/17/2009 7:20 AM 12648]
    S0 adwarealert;adwarealert; [x]
    S2 QALQYEVI;QALQYEVI; [x]
    S2 ssmfwt;ssmfwt;c:\windows\system32\drivers\eenjh.sys --> c:\windows\system32\drivers\eenjh.sys [?]
    S3 gtermddo;gtermddo; [x]
    S3 NVIAIDE;NVIAIDE; [x]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Aim6 - (no file)
    HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://vermillion.mchsionline.net/community/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-26 17:08
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-405351864-486159836-3339079740-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\’e*’B*’ ’N*’9 ’x*’9 ]
    "Order"=hex:08,00,00,00,02,00,00,00,a8,00,00,00,01,00,00,00,01,00,00,00,9c,00,
    00,00,00,00,00,00,8e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7c,00,31,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2116)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ctagent.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\SYSTEM32\CTSVCCDA.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\SYSTEM32\nvsvc32.exe
    c:\windows\SYSTEM32\snmp.exe
    c:\windows\SYSTEM32\UAService7.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\AVG\AVG8\avgcsrvx.exe
    c:\windows\SYSTEM32\wscntfy.exe
    c:\windows\SYSTEM32\rundll32.exe
    .
    **************************************************************************
    .
    Completion time: 2009-07-26 17:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-07-26 22:14

    Pre-Run: 42,206,846,976 bytes free
    Post-Run: 42,557,919,232 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [Boot Loader]
    timeout=2
    Default=c:\$win_nt$.~bt\BOOTSECT.DAT
    [Operating Systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
    c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Setup"
    [spybotsd]
    timeout.old=5

    Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
    298 --- E O F --- 2009-07-23 22:25


    HJT Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:30:41 PM, on 7/26/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Secunia\PSI\psi.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://trueblaze.proboards.com/index.cgi?
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_14.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_14.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
    O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - https://fixit.support.microsoft.com/...ixItClient.CAB
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1246406993921
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
    O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://archives.gametap.com/static/c...WebUpdater.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 9494 bytes

  3. #23
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Thanks a nasty rootkit infection combofix removed, you need to keep this computer offline unless you are troubleshooting the problems until we are sure you are clean. This junk can download more.

    TeaTimer is running, please follow these directions to diable it and leave it disabled until we finish.
    We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
    * Run Spybot-S&D in Advanced Mode.
    * If it is not already set to do this Go to the Mode menu select "Advanced Mode"
    * On the left hand side, Click on Tools
    * Then click on the Resident Icon in the List
    * Uncheck "Resident TeaTimer" and OK any prompts.
    * Restart your computer.

    Post the link to the fresh diagnostic at PCPitStop next please.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  4. #24
    Junior Member
    Join Date
    Jul 2009
    Posts
    16

    Default

    here you go: http://www.pcpitstop.com/betapit/sec.asp?conid=22439574


    I've tried looking up up dates for Creative SB Audigy 2 ZS (WDM) but I can't find one that doesn't require me to download an update scanner that scans for free but requires payment to use.

    Also note: I ran the malware program and found no trace of the file we were trying to get rid of. My windows defrag is working, spybot is working, and it apears I'm no longer being redirected during google and yahoo searches (though this is still too early to tell if it's working for sure). I do notice that my comp seems to be running a little slower since the combofix scan, although I'm guessing that's normal.

    Anywho, I'll be sure to stay off line unless checking this sight or running updates or scans. Thanks for everything so far.

  5. #25
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    This information will help with the first item:
    http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx

    I will allow you to resolve the other issue, you made good progress.

    Have a look at this information, you do have programs I doubt you need running all of the time. Remember, if you turn off a program in MSConfig (System Configuration Utility) It can always be start in All Programs if needed. Make sure not to turn of security programs.
    http://www.netsquirrel.com/msconfig/msconfig_xp.html
    http://users.telenet.be/bluepatchy/m...wcomputer.html
    http://www.malwareremoval.com/tutori...ningslowly.php
    http://www.bleepingcomputer.com/foru...2&#entry487112
    http://www.microsoft.com/atwork/getstarted/speed.mspx

    Let's proceed like this and see what happens.

    Remove combofix from the computer like this:

    Click START then RUN
    Now type or copy Combofix /u in the runbox and click OK.
    Note the space between the X and the U, it needs to be there.



    Clean the System Restore files like this:

    Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Reboot

    Turn ON System Restore,
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK.

    (optional if it was just clean)
    Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
    (MBAM is yours to keep if you wish, keep it updated and run it once a month or so)

    Update AVG8 and scan the system, to be sure it is running right and scanning clean.
    Some good AVG information:
    FAQ: http://www.avg.com/faq
    AVG Free Forum: http://freeforum.avg.com/

    If all is well at this point, let me know and I will close the topic.

    Some good information for you:
    http://users.telenet.be/bluepatchy/m...wcomputer.html
    http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx

    Here is some great information from experts in this field that will help you stay clean and safe online.
    http://users.telenet.be/bluepatchy/m...revention.html
    http://forums.spybot.info/showthread.php?t=279
    http://russelltexas.com/malware/allclear.htm
    http://forum.malwareremoval.com/viewtopic.php?t=14
    http://www.bleepingcomputer.com/forums/topict2520.html
    http://cybercoyote.org/security/not-admin.shtml

    http://www.malwarecomplaints.info/

    Thanks...pskelley
    Safer Networking Forums
    http://www.spybot.info/en/donate/index.html
    If you are reading this information...thank a teacher,
    If you are reading it in English...thank a soldier.

    How hard are your passwords to crack?
    http://www.microsoft.com/protect/you...d/checker.mspx

    http://users.telenet.be/bluepatchy/m...oes/Links.html
    http://www.microsoft.com/windows/ie/...rotection.mspx
    Improve the safety of your browsing and e-mail activities
    http://www.microsoft.com/protect/com.../browsing.mspx
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  6. #26
    Junior Member
    Join Date
    Jul 2009
    Posts
    16

    Default

    Welp, ADV and Malware say my system's clean. Seems like all I've gatta do now is figure out how to turn off those programs that are eatin' up my eccess RAM. It's probably more a systems problem than a malware, but last night when I updated my drivers, and when I reset for some reason my computer was set to color quality was 4bit and I couldn't increase it. So I did a systems restore I had made before updating the drivers and it reset it back to the way it was suposed to be. However, I now notice I once again have seven instances of svhost.exe running again instead of three and pc pitstop is showing I'm back up to 83% of my RAM being used (it also shows I need to update two of my drivers but when I try to they say there already updated).

    But anyway like I said that seems to be more of a systems problem that I can try to work out on my own or find someone who knows more about systems than I do. Thank you pskelley, your a real life saver on this one. I don't have any spare cash right now but when I do I'll be sure to make a donation, after all I want you guys to be around the next time I download a virus now don't I .

    Laters

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •