Desktop keeps changing after each boot up and random sites keep popping up

Status
Not open for further replies.
And to let you know how its operating.........

It seems to be running fine. I was a bit worried after running ComboFix for the first time, a lot of things didn't seem to open properly an error message kept coming up with something about a registry key fault of some kind.
But now it all seems to be running well so far. Do you think it would be ok to do my internet banking on it again since i have been avoiding doing anything like that on it since the problems developed?
 
Romez said:
It seems to be running fine. I was a bit worried after running ComboFix for the first time, a lot of things didn't seem to open properly an error message kept coming up with something about a registry key fault of some kind.
But now it all seems to be running well so far. Do you think it would be ok to do my internet banking on it again since i have been avoiding doing anything like that on it since the problems developed?
Click to expand...
I would suggest you hold off on anything that could expose personal data until you're all clean. I think we're pretty close but better to be safe then sorry, right?

*******************

Is there a reason that you have no Antivirus running?

*******************

The combofix script did not run properly. I'm thinking this is the reason why:

CFScript.txt.txt

Note the extra .txt extension. There should only be one. It should look like this:

CFScript.txt

Please try running that again and make sure you have all the text from the code box. Post the new log.
 
IndiGenus said:
I would suggest you hold off on anything that could expose personal data until you're all clean. I think we're pretty close but better to be safe then sorry, right?

*******************

Is there a reason that you have no Antivirus running?

*******************

The combofix script did not run properly. I'm thinking this is the reason why:

CFScript.txt.txt

Note the extra .txt extension. There should only be one. It should look like this:

CFScript.txt

Please try running that again and make sure you have all the text from the code box. Post the new log.
Click to expand...




*****************************************************
Ever time I've used anti virus software its always had issues with other programs, games or just seems to make the whole comp over all run slow.

As for the script I'll run it all again. I feel like a goose haven't seem to have got much right so far but i'll get there.
 
Ever time I've used anti virus software its always had issues with other programs, games or just seems to make the whole comp over all run slow.
Click to expand...
How much RAM does the PC have?

As for the script I'll run it all again. I feel like a goose haven't seem to have got much right so far but i'll get there.
Click to expand...
Well I'm not doing much better I guess. I forgot a colon on the script and that's likely why it's not working. Please try this one:


1. Open Notepad

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
FCopy::
c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys | c:\windows\System32\drivers\atapi.sys


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScriptB-4.gif



5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new DDS log. Just DDS.txt. .
 
I have 4 gigs of ram which should be more than enough to keep it fast.


*****************************************************

This is the copy of the Take 4 log.......
ComboFix 10-06-17.02 - Micheal 18/06/2010 16:02:46.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3326.1806 [GMT 10:00]
Running from: c:\users\Micheal\Desktop\ComboFix.exe
Command switches used :: c:\users\Micheal\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\win.com

.
--------------- FCopy ---------------

c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys --> c:\windows\System32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-05-18 to 2010-06-18 )))))))))))))))))))))))))))))))
.

2010-06-18 06:07 . 2010-06-18 06:07 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-18 06:07 . 2010-06-18 06:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-18 06:07 . 2010-06-18 06:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-18 06:01 . 2010-06-18 06:01 -------- d-----w- C:\32788R22FWJFW
2010-06-17 05:33 . 2010-06-17 05:33 -------- d-----w- c:\program files\Windows Portable Devices
2010-06-16 10:02 . 2009-09-04 07:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-06-16 10:02 . 2009-09-04 07:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-06-16 10:00 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-06-16 09:57 . 2010-06-16 09:57 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-16 09:51 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-06-16 09:51 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-06-16 09:51 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-06-16 09:48 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-06-16 09:47 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-16 09:47 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-16 09:46 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-06-16 09:46 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-16 09:46 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-06-16 09:45 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-06-16 09:45 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-06-16 09:45 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-06-16 09:44 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-16 09:44 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-16 09:44 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-06-16 09:43 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-16 09:43 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-16 09:41 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-16 09:41 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-16 09:41 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-06-16 09:39 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-16 09:39 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-06-16 09:39 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-06-16 09:39 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-06-16 09:38 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-06-16 09:38 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-06-16 09:38 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-06-16 09:38 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-06-16 09:38 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-06-16 09:38 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-06-16 09:38 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-06-16 09:38 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-06-16 09:38 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-06-16 09:36 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-06-16 09:36 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-16 09:36 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-16 09:35 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 09:35 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2010-06-16 09:32 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-06-16 09:32 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-06-16 09:32 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-06-16 09:32 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-06-16 09:32 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-06-16 09:32 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-06-16 09:32 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-06-16 09:32 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-06-16 09:32 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-06-16 09:31 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-06-16 09:30 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-06-16 09:30 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-06-16 08:30 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-06-16 08:30 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-06-13 03:50 . 2010-06-18 06:07 -------- d-----w- c:\users\Micheal\AppData\Local\temp
2010-06-06 08:03 . 2010-06-06 08:03 293376 ----a-w- C:\e7th6rgo.exe
2010-06-05 04:27 . 2010-06-05 04:23 293376 ----a-w- C:\uckleeh5.exe
2010-06-01 11:01 . 2010-06-01 11:01 -------- d-----w- c:\users\Default\AppData\Local\Apple
2010-05-30 00:24 . 2010-05-30 00:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ArcSoft
2010-05-30 00:24 . 2010-05-30 00:24 -------- d-----w- c:\users\Default\AppData\Roaming\Hewlett-Packard
2010-05-29 04:01 . 2010-05-29 04:01 -------- d-----w- c:\windows\system32\config\systemprofile\DoctorWeb
2010-05-29 03:39 . 2010-05-29 03:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Western_Digital
2010-05-29 03:39 . 2010-05-29 03:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Western Digital
2010-05-29 03:39 . 2010-05-29 03:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Western Digital
2010-05-29 03:39 . 2010-05-29 03:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Hewlett-Packard
2010-05-29 03:39 . 2010-05-30 11:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ArcSoft
2010-05-29 03:39 . 2010-05-29 03:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2010-05-29 03:39 . 2010-06-06 07:23 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2010-05-29 03:39 . 2010-05-29 03:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Hewlett-Packard
2010-05-29 03:39 . 2010-05-29 03:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Logitech
2010-05-27 09:40 . 2010-05-27 09:40 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2010-05-27 09:35 . 2010-05-29 04:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-05-24 14:41 . 2010-05-24 14:41 -------- d-----w- c:\program files\Common Files\Logitech
2010-05-20 00:30 . 2010-05-24 04:51 0 ----a-w- c:\users\Micheal\AppData\Local\prvlcl.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 05:32 . 2009-02-02 23:51 -------- d-----w- c:\programdata\Google Updater
2010-06-18 05:31 . 2009-11-20 05:22 35085 ----a-w- c:\programdata\nvModes.dat
2010-06-17 06:10 . 2008-07-08 03:37 100432 ----a-w- c:\users\Micheal\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-17 06:09 . 2008-07-08 04:14 -------- d-----w- c:\programdata\NVIDIA
2010-06-17 06:06 . 2008-08-27 12:36 5676 ----a-w- c:\windows\bthservsdp.dat
2010-06-17 05:56 . 2008-07-08 07:12 -------- d-----w- c:\programdata\Microsoft Help
2010-06-17 05:54 . 2009-08-23 10:58 -------- d-----w- c:\program files\Microsoft Works
2010-06-17 05:50 . 2009-10-01 03:56 -------- d-----w- c:\program files\Microsoft
2010-06-17 05:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-17 05:33 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-17 05:07 . 2010-06-17 05:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-06-17 05:07 . 2010-06-17 05:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-06-17 05:06 . 2009-10-01 04:00 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-06 07:27 . 2010-02-24 01:25 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-05 03:21 . 2006-11-02 13:02 8484 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
2010-05-30 00:24 . 2008-07-08 03:36 99864 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-30 00:18 . 2008-07-08 03:37 7808 ----a-w- c:\users\Micheal\AppData\Local\d3d9caps.dat
2010-05-26 11:15 . 2009-02-02 23:51 -------- d-----w- c:\program files\Google
2010-05-24 06:34 . 2008-07-08 03:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-24 05:13 . 2010-03-28 01:59 -------- d-----w- c:\users\Micheal\AppData\Roaming\vlc
2010-05-24 05:13 . 2008-07-24 02:13 -------- d-----w- c:\users\Micheal\AppData\Roaming\Winamp
2010-05-24 05:13 . 2010-03-13 02:06 -------- d-----w- c:\programdata\HP Product Assistant
2010-05-24 05:13 . 2010-01-04 04:46 -------- d-----w- c:\program files\QuickTime
2010-05-24 05:13 . 2009-09-02 10:33 -------- d-----w- c:\program files\PokerStars
2010-05-24 05:13 . 2010-01-04 04:47 -------- d-----w- c:\program files\iTunes
2010-05-24 05:13 . 2010-02-24 01:24 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-05-24 05:13 . 2010-01-04 04:47 -------- d-----w- c:\program files\iPod
2010-05-24 05:13 . 2009-10-31 19:18 -------- d-----w- c:\program files\Bonjour
2010-05-24 05:13 . 2008-07-22 10:26 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-24 05:13 . 2008-07-20 01:25 -------- d-----w- c:\program files\Common Files\Apple
2010-05-24 04:15 . 2010-04-01 07:49 -------- d-----w- c:\program files\Bonjour(94)
2010-05-24 04:15 . 2010-04-01 07:54 -------- d-----w- c:\program files\iPod(142)
2010-05-18 10:49 . 2010-05-18 10:49 -------- d-----w- c:\programdata\avg9
2010-05-18 10:49 . 2009-11-11 07:24 -------- d-----w- c:\program files\AVG
2010-05-17 08:48 . 2010-05-17 08:48 -------- d-----w- c:\programdata\WindowsSearch
2010-05-17 07:54 . 2010-05-17 07:54 -------- d-----w- c:\programdata\Team MediaPortal
2010-05-04 05:59 . 2010-06-16 09:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-16 09:37 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-16 09:37 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-16 09:37 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-02 02:05 . 2010-05-02 02:01 -------- d-----w- c:\program files\Microsoft SQL Server
2010-05-02 02:02 . 2009-08-23 10:57 -------- d-----w- c:\program files\Microsoft.NET
2010-04-27 04:45 . 2010-04-27 04:45 72856 ----a-w- c:\windows\system32\xliveinstallhost.exe
2010-04-27 04:45 . 2010-04-27 04:45 187544 ----a-w- c:\windows\system32\xliveinstall.dll
2010-04-21 07:19 . 2008-08-07 06:08 -------- d-----w- c:\program files\BitLord
2010-04-21 06:40 . 2009-06-12 00:58 -------- d-----w- c:\program files\MediaCoder
2010-04-02 07:17 . 2010-04-02 07:17 15426200 ----a-w- c:\windows\system32\xlive.dll
2010-04-02 07:17 . 2010-04-02 07:17 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-03-24 07:38 . 2010-03-24 07:38 0 ----a-w- c:\windows\nsreg.dat
.

((((((((((((((((((((((((((((( SnapShot_2010-06-17_06.39.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-08 01:36 . 2010-06-18 05:41 98304 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-08 01:36 . 2010-06-17 06:09 98304 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-18 05:31 . 2010-06-18 05:41 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-08 01:36 . 2010-06-18 05:41 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-08 01:36 . 2010-06-17 06:09 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-28 08:27 . 2010-06-18 05:31 315616 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-06-17 06:32 . 2010-06-18 06:02 6434816 c:\windows\ERDNT\Hiv-backup\schema.dat
- 2010-06-17 06:32 . 2010-06-17 06:32 6434816 c:\windows\ERDNT\Hiv-backup\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7E5BE89C-2067-4619-A53D-1EBF363C4370}"= "c:\program files\ROCKETON\rtb.dll" [2008-05-20 353792]

[HKEY_CLASSES_ROOT\clsid\{7e5be89c-2067-4619-a53d-1ebf363c4370}]
[HKEY_CLASSES_ROOT\rtb.Band.1]
[HKEY_CLASSES_ROOT\TypeLib\{CC36D8F4-9645-4CFD-BFB8-9F6DECA5A10C}]
[HKEY_CLASSES_ROOT\rtb.Band]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"RunTasktray"="c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe --regkeypath=Software\Hewlett-Packard\HP Easy Printer Care\HPPRun --valuename=InstallTTM" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"iKeyWorks"="c:\program files\A4Tech\Keyboard\Ikeymain.exe" [2007-06-25 65536]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-28 76304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-05-04 161328]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-19 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"KnexStarter"="c:\program files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe" [2009-03-23 159744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]

c:\users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-27 805392]
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-5-24 258048]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-2-26 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-2-26 9136960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):86,47,6b,0a,71,68,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2939810174-3366620000-2785425234-1000]
"EnableNotificationsRef"=dword:00000001

R2 gupdate1c9859185c99a80;Google Update Service (gupdate1c9859185c99a80);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 133104]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2007-06-16 14336]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-01-27 10976]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2008-05-19 150568]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [2007-05-16 13440]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-02-25 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-15 20480]
S3 AF9035BDA;AF9035 BDA Devices;c:\windows\system32\Drivers\AF9035BDA.sys [2008-12-04 241792]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2008-07-25 42280]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 03:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-02 02:59]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 23:53]

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 23:53]

2010-06-18 c:\windows\Tasks\User_Feed_Synchronization-{BDFC15F3-0CC6-4EB9-BF80-F076C8E7E0CE}.job
- c:\windows\system32\msfeedssync.exe [2010-06-16 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{4571FE3F-1E0A-4a78-96BB-8BC1E3332F4B} - {7E5BE89C-2067-4619-A53D-1EBF363C4370} - c:\program files\ROCKETON\rtb.dll
Trusted Zone: hp.com
Handler: HPDCS - {ba135f49-a12c-4e26-a2c4-6ea945999072} - c:\program files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
Handler: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
FF - ProfilePath - c:\users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\98v01kpb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\98v01kpb.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2939810174-3366620000-2785425234-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-18 16:09:52
ComboFix-quarantined-files.txt 2010-06-18 06:09
ComboFix2.txt 2010-06-17 06:41
ComboFix3.txt 2010-06-16 07:45
ComboFix4.txt 2010-06-13 03:50

Pre-Run: 383,369,035,776 bytes free
Post-Run: 383,322,894,336 bytes free

- - End Of File - - 5C784AE8F8C2F4C81A74B84F7BC01163
 
That's better. Amazing what happens when we both get it right.

I'd suggest you uninstall the RocketOn Toolbar. While not explicitly Malware there is very questionable behavior performed. Not to mention slowing things down. Take a look at the following link for more details.

http://www.systemlookup.com/CLSID/34638-rtb_dll.html

*******************

Let's continue the clean up.

Use ATF Cleaner to remove temp files, cookies, cache, ect...
Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply.

************************

Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

**********************

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Regarding the issues with installing an Antivirus, when we're done I can suggest a couple of low overhead free ones to try. With 4 gig of RAM there should be no problem. You do have quite a few items running at startup that are not necessarily needed. Let me know if you'd like some suggestions there.
 
mbam log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4223

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

22/06/2010 1:13:54 PM
mbam-log-2010-06-22 (13-13-54).txt

Scan type: Quick scan
Objects scanned: 137247
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\TDSSsbxq.log (Rootkit.TDSS) -> Quarantined and deleted successfully.
 
Kaspersky problem

It says i have an anti virus program already on my system??????
Do I????
I went through the whole system and i couldn't find one anywhere.
 
Romez said:
It says i have an anti virus program already on my system??????
Do I????
I went through the whole system and i couldn't find one anywhere.
Click to expand...
Does it actually say you have one? I thought it just states to make sure you disable it if you do have one. Just ignore it and move ahead.
 
You where right about what it says but.....

IndiGenus said:
Does it actually say you have one? I thought it just states to make sure you disable it if you do have one. Just ignore it and move ahead.
Click to expand...

For some reason it won't let me go to the next step by being able to click on accept for some reason it is blacked out. This is where i got the impression i still had an anti virus somewhere in my system. Is there anything else it could be????
 
This is the message i get.

Attention! Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0
 
Romez said:
Attention! Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0
Click to expand...
I believe that message comes up every time you run the scan. Why it won't let you continue could be for any number of reasons, as sometimes Kaspersky is a little "flaky". We can try another scanner.

Eset Online Scanner
Run with Internet Explorer
  • Place a check mark in the box YES, I accept the Terms Of Use
  • Click the Start button.
  • Now click the Install button, or click the notification bar at the top of the window and choose to install.
  • Click Start. The scanner engine will initialize and update.
  • Do Not place a check mark in the box beside Remove found threats.
  • Click the Scan button. The scan will now run, please be patient.
  • When the scan finishes click the Details tab.
  • Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.
 
ESET Online Scan results

C:\Program Files\SlySoft\AnyDVD\Patch.exe probably a variant of Win32/HackTool.Patcher.A application
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\ecache.sys.vir Win32/Olmarik.ZC trojan
C:\Windows\winsxs\x86_microsoft-windows-e..memorydevicesdriver_31bf3856ad364e35_6.0.6002.18005_none_fd0def15b6a4c89f\ecache.sys Win32/Olmarik.ZC trojan
G:\Micro usb\Nero 8\Nero-8.3.6.0_eng_update.exe Win32/Toolbar.AskSBar application
G:\Setup Files\Nero 8\Nero-8.3.6.0_eng_update.exe Win32/Toolbar.AskSBar application
G:\Setup Files\Program Files\Setup Files\query19402b.zip probably a variant of Win32/Agent trojan
G:\Setup Files\SlySoft AnyDVD HD v6.6.1.3 Multilingual WinAll Incl Keygen and Patch-BRD [Original]\Keygen\Patch.exe probably a variant of Win32/HackTool.Patcher.A application
 
SecurityCheck results

Results of screen317's Security Check version 0.99.4
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 17
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 9.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````
 
Wow, in reviewing this entire thread (as it's been almost a month in progress), I have to say that the folks who develop and use Malware to prey and profit on PC users like yourself would consider you to be one of their prime targets and "best friends". Let me summarize why I say this.
  1. You knowingly run absolutely no security software.
  2. Turn off security features like (yes, I know it's annoying) UAC.
  3. Turn off your Firewall.
  4. Use cracks and keygens to illegally install software.
  5. And with all of the above taken into consideration, you use this PC for internet banking!
I really don't know how much we can help you here (other than try to make sure you're clean). I promise if you come back for help and a helper reads this topic, and you don't drastically change your habits, you won't get any help next time.

With that said, I will give a warning that I thought I already gave, but didn't and should have much earlier in the topic. Honestly, considering all of the above information I listed above, I don't think this computer can be trusted without a format and re-install but that's up to you.

Considering you use this PC for internet banking and financial transactions you really need to read the following:

One or more of the identified infections is a backdoor Trojan and/or a rootkit.

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

*********************

If you would like to finish cleaning the computer I will help, let me know. Some of your (illegally installed) programs will not work after doing so. So you may want to take that into consideration.

Good luck,
Dave
 
Miss understanding......

# Turn off security features like (yes, I know it's annoying) UAC.
# Turn off your Firewall.

I turned them off when i had trouble running 1 of the programs you wanted me to run.


IndiGenus's Avatar

Join Date: Oct 2009
Location: New England, USA
Posts: 411

Default
Good morning,

Let's go right after this with combofix.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
__________________
IndiGenus

Member of UNITE and ASAP.
IndiGenus is offline Report Post Reply With Quote


And yes i would agree that it would be absolutely stupid if i didn't have at least these 2 things running if not an anti virus program too.
I have previously had Free AVG running and Hitman Pro but what ever viruses i would get in the past they seem to get right through in turn leaving me to try and go back to a restore point to fix it or worst case reformat.

If the help is still available it would be much appreciated.
 
That program you see in the log was acquired that way because at the time it seemed to be a more safer option than to buy it over the internet. This is because you can see that there may be a few people with it that you download it off( my theory was why would they keep it if it has caused problems). I had a friend not so long ago buy and then install an internet anti virus program that he thought was a good thing to do but it turned out the anti virus program was a sham that cleaned out his bank accounts. He went and purchased it online with his credit card because it told him that he had a threat on his computer and that it would be able to get it off for him. But instead he just got rolled over by it. Hence why buying programs over the internet unless they are well known ain't my thing.:fear::fear::fear:
 
Yes, the internet/www is a wild and wooly place for sure. There are lots of people out there looking to take whatever they can get. You're going to be safe if you go to a known site/product and buy from there. I have even one better....at the end I will give a whole list of products to keep you safe, for nothing!

Let's finish off the cleanup and do some updating.

Please download OTM by OldTimer.
  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    :processes
explorer.exe

:files
C:\Program Files\SlySoft\AnyDVD\Patch.exe 
C:\Windows\winsxs\x86_microsoft-windows-e..memorydevicesdriver_31bf3856ad364e35_6.0.6002.18005_none_fd0def15b6a4c89f\ecache.sys 
G:\Micro usb\Nero 8\Nero-8.3.6.0_eng_update.exe 
G:\Setup Files\Nero 8\Nero-8.3.6.0_eng_update.exe
G:\Setup Files\Program Files\Setup Files\query19402b.zip 
G:\Setup Files\SlySoft AnyDVD HD v6.6.1.3 Multilingual WinAll Incl Keygen and Patch-BRD [Original]

:commands
[emptytemp]
[start explorer]
[reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

It is likely that your Nero and Slysoft programs will not work after doing this and will need to be re-installed if you want them.

************************

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u20 allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.

************************

Your Adobe Reader needs updating too.

http://www.adobe.com/support/downloads/detail.jsp?ftpID=4607

************************

Also make sure to turn your Firewall back on. And even though it's annoying you should turn UAC back on too.
 
Status
Not open for further replies.
Back
Top