Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Ramnit virus, nearly cleared
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Network, good; Internet, bad
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Go to first new post This setup thing keeps popping up everyd ...
Go to first new post Extremely unresponsive, massive hang-ups ...
Go to first new post Trojan:dos/alureon.E still here!
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Cannot access any google sites - youtube ...
Go to first new post "Congratulations, you won" &am ...
Go to first new post server not found
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Microsoft Visual C++ Runtime Library Buf ...
Go to first new post Family Cyber Removal
Tag Cloud
access acer asus bios bsod computer crash desktop dns driver drivers error ethernet excel freeze gaming graphics hard drive hardware hdmi internet laptop malware memory monitor motherboard network printer problem ram registry repair router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Solved: CatByte, Please Help!

Page 1 of 2 1 2
Reply  
Thread Tools
ernestbd-8's Avatar
Computer Specs
Junior Member with 14 posts.
  
Join Date: Sep 2010
Experience: Intermediate
05-Sep-2010, 10:35 PM #1
CatByte, Please Help!
Hello CatByte,

This is ernestbd-8 from the other forum -- You were helping me on with the "Search results being redirected" thread.

I finally got Malwarebytes' AntiMalware to run as you last suggested, and the log is below, BUT
Now when I attempt to return to the Thread we were working I get "Internet Explorer cannot display the webpage", and actually, None of that sites pages will load -- What should I do?

Anxiously in need of a reply....
Register for free to hide this ad!
ernestbd-8's Avatar
Computer Specs
Junior Member with 14 posts.
  
Join Date: Sep 2010
Experience: Intermediate
05-Sep-2010, 10:36 PM #2
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4553
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/5/2010 5:42:51 PM
mbam-log-2010-09-05 (17-42-51).txt
Scan type: Quick scan
Objects scanned: 168462
Time elapsed: 4 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
CatByte's Avatar
Malware Removal Specialist with 3,373 posts.
  
Join Date: Feb 2009
05-Sep-2010, 11:56 PM #3
clear all your internet history
do you have FireFox?



run TFC

Download TFC to your desktop
Mirror
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
It's normal after running TFC cleaner that the PC will be slower to boot the first time.


then flush your DNS
  • Go to Start > Run > type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns (note the space between “..g /f…” it needs to be there)
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.


see if that works
__________________
Microsoft MVP - 2010, 2011
ernestbd-8's Avatar
Computer Specs
Junior Member with 14 posts.
  
Join Date: Sep 2010
Experience: Intermediate
06-Sep-2010, 12:17 AM #4
TFC ran fine and rebooted.

ipconfig /flushdns in the cmd window indicated it was successful.

Still get "Internet explorer cannot display the web page" for techsupportforum.com pages.

On the bright side, the original browser redirects are all gone (Google and Bing search results no longer end up in the unwanted advertising pages).

So, it's not just coincidence; the techsupportforum.com site is really up right now, right?

Thanks for your consistent use of your moniker, and I'm just as happy to continue here, as anywhere.
CatByte's Avatar
Malware Removal Specialist with 3,373 posts.
  
Join Date: Feb 2009
06-Sep-2010, 06:12 AM #5
Hi

we'll take a look at your hosts file

Have you tried using an alternate browser, such as FireFox?

http://www.mozilla.com/en-US/firefox/switch.html

please run the following:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply.


EDIT - It's 5:30 am EST and the TSF site is inaccessible right now, must be doing site maintenance, so it may not be just your machine, but we'll take a look anyway.
__________________
Microsoft MVP - 2010, 2011
Last edited by CatByte; 06-Sep-2010 at 06:35 AM..
ernestbd-8's Avatar
Computer Specs
Junior Member with 14 posts.
  
Join Date: Sep 2010
Experience: Intermediate
07-Sep-2010, 12:23 AM #6
Sorry, OTL would not run, threw a "Class not Registered" exception, closed and tried to send an error report. Here's the error dialog text.

AppName: otl.exe AppVer: 3.2.11.0 ModName: kernel32.dll
ModVer: 5.1.2600.5781 Offset: 00012afb\

And a memory dump was available, if you need it I could post it too....

Thanks for the continued attention, busy day today.
ernestbd-8's Avatar
Computer Specs
Junior Member with 14 posts.
  
Join Date: Sep 2010
Experience: Intermediate
07-Sep-2010, 12:26 AM #7
OMG! I just tried the other Forum and it worked!

I guess their server really was just down. What a coincidence.

So, I suppose we should continue working anything else you think needs attention.
CatByte's Avatar
Malware Removal Specialist with 3,373 posts.
  
Join Date: Feb 2009
07-Sep-2010, 07:33 PM #8
Hi

You appear to either be missing necessary files or they are corrupt:

Please do the following

Make sure you have your XP Disc handy

The System File Checker (Sfc.exe) utility is used for scanning protected operating system files to verify their version and integrity. If System File Checker detects any operating system file with the incorrect file version, it replaces the corrupted file with a file that has the correct version from the Windows installation source files.

To use System File Checker, follow these steps:
  1. Click Start, click Run, type cmd.exe, and then click OK.
  2. At the command prompt, type sfc /scannow, and then press ENTER.
    Note This command may take several minutes to finish. You may be prompted to provide Windows installation source files when you run the sfc /scannow command.
  3. At the command prompt, type exit, and then press ENTER to close the command prompt.
__________________
Microsoft MVP - 2010, 2011
ernestbd-8's Avatar
Computer Specs
Junior Member with 14 posts.
  
Join Date: Sep 2010
Experience: Intermediate
07-Sep-2010, 09:17 PM #9
The Windows File Verification completed without any prompts at all. I assume that's good?
CatByte's Avatar
Malware Removal Specialist with 3,373 posts.
  
Join Date: Feb 2009
07-Sep-2010, 10:46 PM #10
Yes, that's good

how is the computer running now?

are there any outstanding issues?

Please post a fresh DDS log and Attach.txt

I'll give you the instructions and download link again, save you looking at the other forum thread:


Please download DDS from LINK 1 or LINK 2
and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
__________________
Microsoft MVP - 2010, 2011
ernestbd-8's Avatar
Computer Specs
Junior Member with 14 posts.
  
Join Date: Sep 2010
Experience: Intermediate
07-Sep-2010, 11:03 PM #11
Computer seems to be running fine. The original browser redirecting problem is gone.

OTL was the only tool that did not run.

First attempt to install AVG 9.0 (free) failed; which of the available free programs would you recommend?

Thanks for all the help. You prefer thi$ forum or the other?











DDS (Ver_10-03-17.01) - NTFSx86
Run by ERNIE at 18:49:56.87 on Tue 09/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2045.1616 [GMT -7:00]

============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\ERNIE\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.dogpile.com/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145761663382
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - hxxp://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 cpuz130;cpuz130;\??\c:\docume~1\ernie\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ernie\locals~1\temp\cpuz130\cpuz_x32.sys [?]
=============== Created Last 30 ================
2010-09-08 00:15:13 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-09-08 00:15:10 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-09-08 00:15:08 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-09-08 00:15:05 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-09-08 00:15:01 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-09-08 00:13:57 19016 ----a-w- c:\windows\system32\dllcache\w926nd.sys
2010-09-08 00:12:56 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-09-08 00:11:56 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2010-09-08 00:10:57 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2010-09-08 00:09:58 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys
2010-09-08 00:08:58 157696 ----a-w- c:\windows\system32\dllcache\sisv256.dll
2010-09-08 00:07:59 17280 ----a-w- c:\windows\system32\dllcache\scr111.sys
2010-09-08 00:06:58 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys
2010-09-08 00:05:57 16128 ----a-w- c:\windows\system32\dllcache\pscr.sys
2010-09-08 00:04:57 41984 ----a-w- c:\windows\system32\dllcache\ovui2rc.dll
2010-09-08 00:03:58 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2010-09-08 00:02:57 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll
2010-09-08 00:01:58 58368 ----a-w- c:\windows\system32\dllcache\m3091dc.dll
2010-09-08 00:00:59 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-09-07 23:59:59 100936 ----a-w- c:\windows\system32\dllcache\ibmtok.sys
2010-09-07 23:58:57 165888 ----a-w- c:\windows\system32\dllcache\hpgt53.dll
2010-09-07 23:57:58 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll
2010-09-07 23:56:58 19996 ----a-w- c:\windows\system32\dllcache\em556n4.sys
2010-09-07 23:55:59 65622 ----a-w- c:\windows\system32\dllcache\digiasyn.dll
2010-09-07 23:54:59 714698 ----a-w- c:\windows\system32\dllcache\cbmdmkxx.sys
2010-09-07 23:53:59 97354 ----a-w- c:\windows\system32\dllcache\aspndis3.sys
2010-09-06 00:37:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-06 00:37:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-06 00:37:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-06 00:37:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-06 00:09:17 0 d-----w- c:\docume~1\ernie\applic~1\Malwarebytes
2010-09-05 23:21:23 0 d-sha-r- C:\cmdcons
2010-09-04 22:07:54 0 d-----w- c:\windows\system32\NtmsData
2010-09-04 22:06:31 0 d-----w- C:\HPAiOScrubber
2010-09-04 21:54:46 0 d-----w- c:\temp\HP All-in-One Series Web Release
2010-09-04 21:31:57 214 ----a-w- c:\windows\HP_48BitScanUpdatePatch.ini
2010-09-04 16:35:40 98816 ----a-w- c:\windows\sed.exe
2010-09-04 16:35:40 77312 ----a-w- c:\windows\MBR.exe
2010-09-04 16:35:40 256512 ----a-w- c:\windows\PEV.exe
2010-09-04 16:35:40 161792 ----a-w- c:\windows\SWREG.exe
2010-09-03 02:22:23 2398955 ----a-w- C:\MGtools.exe
2010-09-03 01:05:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-02 05:29:28 0 d-----w- C:\found.000
2010-08-14 05:26:06 0 d-----w- c:\program files\SpywareBlaster
==================== Find3M ====================
2010-09-05 22:24:10 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2010-09-05 22:24:10 36352 ----a-w- c:\windows\system32\dllcache\intelppm.sys
2010-07-27 06:30:35 8462336 ----a-w- c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\dllcache\schannel.dll
2010-06-25 00:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 1210368 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 12:21:55 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:09 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ----a-w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ----a-w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\dllcache\msxml3.dll
2006-03-24 06:01:09 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 18:50:28.82 ===============






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/21/2006 12:27:45 AM
System Uptime: 9/7/2010 1:59:09 PM (5 hours ago)
Motherboard: Dell Inc. | | 0GC375
Processor: Intel(R) Pentium(R) 4 CPU 3.60GHz | Microprocessor | 3591/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 108.507 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1035: 6/10/2010 10:17:20 PM - Software Distribution Service 3.0
RP1036: 6/22/2010 9:38:37 PM - Software Distribution Service 3.0
RP1037: 6/25/2010 9:32:17 AM - Avg Update
RP1038: 7/2/2010 8:07:36 AM - System Checkpoint
RP1039: 7/8/2010 5:38:24 PM - System Checkpoint
RP1040: 7/9/2010 6:04:43 PM - System Checkpoint
RP1041: 7/10/2010 11:18:35 PM - System Checkpoint
RP1042: 7/13/2010 5:56:55 PM - Software Distribution Service 3.0
RP1043: 7/15/2010 11:27:55 AM - Avg Update
RP1044: 7/15/2010 11:29:44 AM - Avg Update
RP1045: 7/19/2010 10:48:07 AM - System Checkpoint
RP1046: 7/20/2010 4:24:36 PM - Avg Update
RP1047: 7/30/2010 11:12:06 PM - Removed AVG Free 9.0
RP1048: 7/30/2010 11:12:39 PM - Installed AVG Free 9.0
RP1049: 7/31/2010 12:10:29 AM - Installed AVG Free 9.0
RP1050: 7/31/2010 1:58:58 PM - Avg Update
RP1051: 8/2/2010 6:23:51 PM - Software Distribution Service 3.0
RP1052: 8/5/2010 4:20:54 PM - System Checkpoint
RP1053: 8/11/2010 6:34:13 PM - System Checkpoint
RP1054: 8/12/2010 4:20:43 PM - Software Distribution Service 3.0
RP1055: 8/13/2010 5:25:16 PM - System Checkpoint
RP1056: 8/15/2010 6:56:20 PM - System Checkpoint
RP1057: 8/16/2010 11:42:10 PM - Avg Update
RP1058: 8/24/2010 5:58:37 PM - System Checkpoint
RP1059: 9/2/2010 6:05:15 PM - Installed Java(TM) 6 Update 21
RP1060: 9/2/2010 7:05:37 PM - Removed AVG Free 9.0
RP1061: 9/2/2010 7:06:09 PM - Installed AVG Free 9.0
RP1062: 9/4/2010 3:07:13 PM - Removed HP Photo and Imaging 2.0 - All-in-One
RP1063: 9/4/2010 3:07:31 PM - Removed HP Photo and Imaging 2.0 - All-in-One Drivers
RP1064: 9/4/2010 3:07:46 PM - Removed hp psc 2200 series
RP1065: 9/5/2010 7:16:13 PM - System Checkpoint
RP1066: 9/6/2010 9:23:31 PM - System Checkpoint
==== Installed Programs ======================
AC3Filter (remove only)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.2.4
CCleaner
Chuzzle Deluxe 1.0
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
Digital Line Detect
doPDF 6.0 printer
EVEREST Home Edition v2.20
Google
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hoyle Table Games 2004
HP Driver Diagnostics
HP OfficeJet/PSC Scrubber
J2SE Development Kit 5.0 Update 7
Java Auto Updater
Java(TM) 6 Update 21
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Small Business Edition 2003
Microsoft Office Visio Professional 2003
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSXML 6.0 Parser (KB933579)
NetAcquire
NetWaiting
NVIDIA Drivers
Polaroid Digital Camera
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Spelling Dictionaries Support For Adobe Reader 8
SpywareBlaster 4.3
TI Connect 1.6
TI StudyCards Creator
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.1.3 final uninstall
==== Event Viewer Messages From Past Week ========
9/7/2010 5:15:14 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
9/7/2010 4:53:21 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
9/5/2010 8:01:30 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
9/5/2010 8:01:30 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/5/2010 3:24:38 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
9/4/2010 9:35:51 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT nvraid RasAcd Rdbss Tcpip
9/4/2010 9:35:51 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/4/2010 9:35:51 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/4/2010 9:35:51 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/4/2010 9:35:51 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
9/4/2010 9:34:34 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/4/2010 9:34:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/4/2010 2:21:38 PM, error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).
9/2/2010 8:20:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvraid
9/2/2010 8:18:37 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
9/2/2010 8:18:37 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
9/1/2010 9:41:06 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
==== End Of File ===========================
CatByte's Avatar
Malware Removal Specialist with 3,373 posts.
  
Join Date: Feb 2009
07-Sep-2010, 11:52 PM #12
Hi,

There are some orphaned files to sweep up, easier to do it with HJT, please do the following:

Download the latest version of Trendmicro's Hijackthis to your desktop.

Double click the downloaded program icon to install it
Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe

Open HJT

Click on Scan and Save a Log File, it will open in Notepad
Go to Format and make sure Wordwrap is Unchecked
Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Add Reply button.


NEXT

Visit ADOBEand download the latest version of Acrobat Reader (version 9.3)
Having the latest updates ensures there are no security vulnerabilities in your system.
__________________
Microsoft MVP - 2010, 2011
ernestbd-8's Avatar
Computer Specs
Junior Member with 14 posts.
  
Join Date: Sep 2010
Experience: Intermediate
08-Sep-2010, 09:19 PM #13
Okay, HJT is log below, and Adobe Reader updated to 9.3.

I had a bit of trouble with the Adobe Reader Download web page: After deselecting the Google Toolbar option and clicking 'Download', the next page would cycle up and down continuously while displaying the message that an "Error has Occured - This Page has been Recovered". I'm hoping that doesn't happen on other pages...I'll hunt around and see.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:02 PM, on 9/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1145761663382
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - http://www.autodesk.com/global/dwfvi...iewerSetup.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 4850 bytes
CatByte's Avatar
Malware Removal Specialist with 3,373 posts.
  
Join Date: Feb 2009
08-Sep-2010, 10:25 PM #14
Hi

Please do the following:
  • Open HiJackThis
  • Click on Do a system scan only
  • Check the boxes next to ONLY the entries listed below (if still present):

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/game...ploader_v6.cab
  • Close all windows except Hijackthis and click Fix Checked
  • Click Yes when prompted
  • Close HijackThis.


NEXT


To answer your previous question, I use Microsoft security Essentials, it's excellent and free,
http://www.microsoft.com/security_essentials/


to remove all of AVG, you should use the removal tool:

http://www.avg.com/filedir/util/avg_...avgremover.exe


Now we just have some housekeeping to do,

You can delete the MBRCheck, DDS and GMER logs and programs from your desktop.


NEXT

Follow these steps to uninstall Combofix
  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.




NEXT

Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.


If there are any logs/tools remaining > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     Then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.


  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
__________________
Microsoft MVP - 2010, 2011
ernestbd-8's Avatar
Computer Specs
Junior Member with 14 posts.
  
Join Date: Sep 2010
Experience: Intermediate
09-Sep-2010, 12:22 AM #15
Done - except OTL does not run, and never did. It throws an exception immediately upon starting. Should this be addressed? OR, other than deleting the OTL.exe from the desktop is there anything else I might need to manually cleanup from it.


Thank You very much for your help. I'll be installing MS Security Essentials shortly, and thanks also for the other advice.

All the best in future endeavors, ErnestBD.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 2 1 2

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Please help. Please. SCHNURR Windows XP 0 01-Aug-2009 05:38 AM
Solved: Microphone doesnt work in CS and CS:S Please help thrash_til_death Hardware 1 09-Nov-2008 10:51 PM
Please help me repairing my pc... Khiej Windows XP 0 18-Oct-2008 02:20 PM
fatal error during installation please help! mjbhelp Windows Vista 0 18-Sep-2008 02:52 AM
Please Help me! Trojan-ace-x and virtumonde viruses cjbellott Virus & Other Malware Removal 0 10-Jun-2008 06:48 PM


Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 09:27 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.