Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Analyze HJT Logfile for server access failure causes

(In Progress)
(!)

SeaSalt's Avatar
SeaSalt SeaSalt is offline
Computer Specs
Member with 56 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate and below...
23-Oct-2009, 10:23 PM #16
SeaSalt here!

CookieGal, I'm in the process of following your instructions regarding Combofix. However, you did not make it clear as to what you wanted done with "puppy.exe" after the renaming ceromony :-)

I made the assumption you wanted it launched and I did it. I got a very loud and alerting double beep telling me that the file was in no way affiliated with ComboFix and, basically to ask for my money back if I purchased the file.

You have been quite thorough so far as to letting me know what to expect at various steps along the way. After the "alarm" sounded, I decided to back off and send this email to you.

At the moment, I have disabled AVG8 and Zonealarm. I have spybot S&D on my computer but don't think it is running in the background. Therefore, I have done nothing to it. I have the renamed ComboFix on my desktop as puppy.exe.

I need your guidance to proceed.

Thanks again in advance................SeaSalt
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,690 posts.
 
Join Date: Aug 2003
24-Oct-2009, 02:49 PM #17
The instructions in how to run the program were all in the link at Bleeping Computer.

Please disable your security programs again and run the puppy.exe and allow it to do its full run. Then post the resulting log.
SeaSalt's Avatar
SeaSalt SeaSalt is offline
Computer Specs
Member with 56 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate and below...
25-Oct-2009, 02:52 AM #18
Hi CookieGal,

I'm in a pickle again.
In following the directions for running puppy.exe, I get a WARNING box that states:
ComboFix has detected the following real time scanner(s) to be active:

Anti-Spyware: ZoneAlarm Anti Spyware
Anti-Spyware: AVG Anti Virus Free

Anti-virus and intrusion prevention programs are known to interfere with ComboFix's running.
This may lead to unpredictabel results or possible machine damage.
Please disable these scanners before clicking O.K.


CookieGal, I've actually uninstalled Zone Alarm and AVG Free from my computer.
I did this because every thing else I tried continued to give me the same WARNING whenever I tried to run puppy.exe.

I've rebooted my computer numerous times after various uninstalls and I've confirmed that these two programs are not on the Control Panel's uninstall programs list.

These WARNINGS are as far as I've gone in trying to run puppy.exe (combofix).

What do you recommend I do next?

Thanks for hanging in there with me.

SeaSalt
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,690 posts.
 
Join Date: Aug 2003
26-Oct-2009, 07:08 PM #19
Download GMER from: http://gmer.net/index.php

Save it on your desktop and unzip it.

Double click the gmer.exe to run it and select the rootkit tab and press scan. When the scan is done, click Copy. This will copy the report to the clipboard. Paste it into Notepad and save it and also paste the log report back here please.
__________________
Microsoft MVP - Consumer Security
SeaSalt's Avatar
SeaSalt SeaSalt is offline
Computer Specs
Member with 56 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate and below...
27-Oct-2009, 09:05 PM #20
Hi CookieGal,

Thanks for your on-going help.
Below is the Gmer scan report.

Look forward to taking the next step towards becoming bug free.

SeaSalt

=================================

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-27 17:38:26
Windows 6.0.6000
Running: zeztlu49.exe; Driver: C:\Users\Boltons\AppData\Local\Temp\uxdiyfow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

Device \Driver\BTHUSB \Device\0000006c bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bdb9438
Reg HKLM\SYSTEM\ControlSet028\Services\BTHPORT\Parameters\Keys\001a6bdb9438 (not active ControlSet)

---- EOF - GMER 1.0.15 ----
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,690 posts.
 
Join Date: Aug 2003
28-Oct-2009, 06:05 PM #21
Open HijackThis and click on the Open Misc Tools section button. Click on the Open Uninstall Manager button. Click the Save List button. Save the list then copy and paste it here.
SeaSalt's Avatar
SeaSalt SeaSalt is offline
Computer Specs
Member with 56 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate and below...
29-Oct-2009, 02:46 AM #22
CookieGal,

Below is the saved list generated when I clicked on the "Save List" button as per your instructions.
As a reminder, I still have not reinstalled my anti-virus program nor my firewall program.

Thank you for continuing to help.

SeaSalt

========================================================

Acrobat.com
Acrobat.com
Adobe Acrobat Reader 3.01
Adobe AIR
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9
Adobe Stock Photos 1.0
Adobe Type Manager 4.0
Conexant HD Audio
EA Link
Easy CD & DVD Creator 6
ESU for Microsoft Vista
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.3
HP QuickTouch 1.00 C1
HP Total Care Advisor
HP Update
HP User Guides 0060
HP Wireless Assistant
HPNetworkAssistant
Java(TM) SE Runtime Environment 6
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Mozilla Firefox (3.0.1)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.0
My HP Games
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
QuickPlay SlingPlayer 0.3.0
RealPlayer
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio DVDMAX Player
Roxio MyDVD Basic v9
Roxio PhotoSuite 5 LITE
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Microsoft Office Word 2007 (KB969604)
Spybot - Search & Destroy
TDK Launcher
Touch Pad Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb973514)
VC 9.0 Runtime
VC 9.0 Runtime
VueScan
Windows Media Player Firefox Plugin
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,690 posts.
 
Join Date: Aug 2003
31-Oct-2009, 12:18 PM #23
Please run this AVG removal tool that will remove any remnants that may be in the registry:

http://www.avg.com/us-en/download-tools

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 16.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 16 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment, JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Then reboot and try running ComboFix (Puppy.exe) again please.

Last edited by Cookiegal; 08-Nov-2009 at 05:46 PM..
SeaSalt's Avatar
SeaSalt SeaSalt is offline
Computer Specs
Member with 56 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate and below...
31-Oct-2009, 06:59 PM #24
CookieGal,

I downloaded the AVG file remover and ran it. Then, I updated my Java as per your instructions.
However, when I ran ComboFix, I go the below messages:
Note: At the end I described the additional action I took.
=============================
Warning!!
ComboFix has detected the following real time scanner(s) to be active:
AntiSpyware: ZoneAlarm Antispyware
AntiSpyware: AVG Antispyware Free
Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage.
Please disable these scanners before clicking OK
NOTE: I clicked to box with the X in it.
===============================
A second dialog box appeared:
Warning!!
Antispyware: ZoneAlarm Anti-spyware
Antispyware: AvG Anti-Virus Free
The above real time scanner(s) are still active but ComboFix shall contine to run. Kindly note that this is at your own risk.
NOTE: Again, I clicked the box with the X in it; then, I hit ESC a few times to stop ComboFix from continuing to run.
================================
The NEXT dialog box appeared when I stopped ComboFix and was:
Version_09-10-22l01
Current date is ~. ComboFix has expired
Click "YES" to run in REDUCED FUNCTIONALITY mode. Click "NO" to exit.
NOTE: At this point, I clicked NO
=======================================
CookieGal, I went back to the link and downloaded the AVG Remover executable file, ran it, & rebooted. For good measure, I did it a second time.
Nothing changed. I still got the ....scanner(s) ... active message and more of what I've typed above when I tried to run ComboFix.

What do you want me to do next?

Thanks.............SeaSalt......
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,690 posts.
 
Join Date: Aug 2003
01-Nov-2009, 08:52 PM #25
Download OTS.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTS on your desktop.
  1. Close any open browsers.
  2. If your Real protection or Antivirus interferes with OTS, allow it to run.
  3. Open the OTS folder and double-click on OTS.exe to start the program.
  4. In Additional Scans section put a check in Disabled MS Config Items and EventViewer logs
  5. Now click the Run Scan button on the toolbar.
  6. Let it run unhindered until it finishes.
  7. When the scan is complete Notepad will open with the report file loaded in it.
  8. Save that notepad file.
Use the Reply button, scroll down to the attachments section and attach the notepad file here.
SeaSalt's Avatar
SeaSalt SeaSalt is offline
Computer Specs
Member with 56 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate and below...
02-Nov-2009, 01:56 AM #26
CookieGal,

Here is the attached Notepad log file from the OTS scans.
I had some operator-error issues and renamed the text file (which explains the "x" at the beginning of the filename) in an attempt to remedy a problem that did not exist.
All should be O.K.
As always, looking for your next bit of guidance.....



Seasalt............
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,690 posts.
 
Join Date: Aug 2003
04-Nov-2009, 08:35 PM #27
Start OTS. Copy/Paste the information in the code box below into the pane where it says "Paste fix here" and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.
Code:
[Kill All Processes]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> QlbCtrl hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YN -> Sharkbyte hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Grooveshark\sharkbyte.exe
YN -> Windows Defender hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
[Files/Folders - Created Within 30 Days]
NY ->  1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  54 C:\Users\Boltons\AppData\Local\Temp\*.tmp files -> C:\Users\Boltons\AppData\Local\Temp\*.tmp
NY ->  54 C:\Users\Boltons\AppData\Local\Temp\*.tmp files -> C:\Users\Boltons\AppData\Local\Temp\*.tmp
NY ->  1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp
[Empty Temp Folders]
[Start Explorer]
[Reboot]
SeaSalt's Avatar
SeaSalt SeaSalt is offline
Computer Specs
Member with 56 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate and below...
04-Nov-2009, 11:49 PM #28
Hi CookieGal,

Thank you for your ongoing help.
As per your instructions, I am pasting the OTS notepad logfile below. After that, I will be pasting the latest HJT logfile.

NEW NEWS: Two days ago, I received the following message while I was on my computer, but was offline. I don't know if the below will be a factor in your help to me:
"Media Foundation Protected Pipeline EXE was closed. To help protect your computer, Data Execution Prevention has closed." [end of new news]
==========================
[begin paste OTS logfile]
All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QlbCtrl hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sharkbyte hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
[Files/Folders - Created Within 30 Days]
C:\Windows\System32\drivers\~GLH0013.TMP deleted successfully.
[Files/Folders - Modified Within 30 Days]
C:\Users\Boltons\AppData\Local\Temp\469F5DBD.TMP deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\CFG1FA0.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\CFGDEAB.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\CFGF517.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\IEC341D.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\nsb1BCA.tmp folder deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\nsi34E9.tmp folder deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF210A.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF25CB.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF2F0B.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF3481.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF34E0.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF3A8A.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF3FF6.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF482F.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF4B74.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF4ED8.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF5F5D.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF624E.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF65E2.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF6AEF.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF7EDE.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF820F.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8481.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8974.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF89C4.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8A94.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8B18.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8B4D.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8B96.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8C02.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8C0F.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8C58.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8D0D.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8DCB.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8E6E.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF9010.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF9044.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF9078.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF9FAD.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFA39D.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFB7B7.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFD2DC.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFD2E1.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFDD91.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFE12C.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFE25A.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFE28F.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFE2D8.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFE321.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFED41.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFF17E.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFF2FE.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFF955.tmp deleted successfully.
[Empty Temp Folders]


User: All Users

User: Boltons
->Temp folder emptied: 10172358 bytes
->Temporary Internet Files folder emptied: 222696495 bytes
->Java cache emptied: 789626 bytes
->FireFox cache emptied: 80490761 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Working Account
->Temp folder emptied: 279371 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 9393 bytes
->FireFox cache emptied: 70501780 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 1459713 bytes
RecycleBin emptied: 17862939 bytes

Total Files Cleaned = 385.60 mb

< End of fix log >
OTS by OldTimer - Version 3.1.2.1 fix logfile created on 11042009_221035

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
[end OTS logfile]
========================================
[begin HJT logfile]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:08 PM, on 11/4/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\notepad.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Boltons\Documents\Computer Software Etc\Utilities\HijackTxhis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [cdloader] "C:\Users\Boltons\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.akamai.net
O15 - Trusted Zone: akamai.avg.com
O15 - Trusted Zone: update.avg.com
O15 - Trusted Zone: akamai.avg.cz
O15 - Trusted Zone: backup.avg.cz
O15 - Trusted Zone: download.avg.cz
O15 - Trusted Zone: files2.avg.cz
O15 - Trusted Zone: akamai.avg.com.edgesuite.net
O15 - Trusted Zone: akamai.avg.cz.edgesuite.net
O15 - Trusted Zone: akamai.grisoft.com.edgesuite.net
O15 - Trusted Zone: akamai.grisoft.cz.edgesuite.net
O15 - Trusted Zone: akamai.grisoft.com
O15 - Trusted Zone: update.grisoft.com
O15 - Trusted Zone: akamai.grisoft.cz
O15 - Trusted Zone: backup.grisoft.cz
O15 - Trusted Zone: download.grisoft.cz
O15 - Trusted Zone: files2.grisoft.cz
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5677 bytes
[end HJT logfile]
Thanks again CookieGal............SeaSalt
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,690 posts.
 
Join Date: Aug 2003
06-Nov-2009, 09:11 PM #29
I think I see the problem with ComboFix, you renamed the file puppy.exe.exe so you gave it a double .exe extension.

Please rename it to just puppy with an exe extension (puppy.exe) and then see if you can get ComboFix to run a scan without those error messages.
SeaSalt's Avatar
SeaSalt SeaSalt is offline
Computer Specs
Member with 56 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate and below...
06-Nov-2009, 11:58 PM #30
CookieGal,

I renamed puppy.exe to puppy and ran it as per the original instructions.
I right-click on the desktop icon "puppy" and selected "run as administrator".
I still got the same warning message about AVG and Zonealarm.
There appears to be no change from before.
If you wish, I can do a screen capture of my desktop with the warning message on it. Then, I can send it to you as an attachment if there is any value to you in having it.

What would you like me to do next?

Thanks again in advance for your time and attention on this,

SeaSalt
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
access failure, hjt, logfile, server

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑