1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Altnet won't uninstall

Discussion in 'Virus & Other Malware Removal' started by gowgarq, Feb 11, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. gowgarq

    gowgarq Thread Starter

    Joined:
    Feb 5, 2012
    Messages:
    142
    Raised ? about this in other section.closed it i think,kind of got off the original subject. Have ? about
    someone saying the music plugin i had (from kazaa),having spyware. In program files,it is called Altnet.
    I paid like 20 or so for monthly thing about a year ago,for 1 month. Maybe this belongs in Multimedia,
    don't know? Anyway,have been not able to remove this.Tried add/remove programs and My Uninstaller.
    Anyone have thoughts ?
     
  2. gowgarq

    gowgarq Thread Starter

    Joined:
    Feb 5, 2012
    Messages:
    142
    ok,no hits on this yet, so i will offer my own theory,which might be crap.
    Lets say this plug-in attaches itself to the Media Player and therefore prevents removal. If that were the case, how much trouble would it be to uninstall Media Player and reinstall.??
    Is the Media Player not come with xp OS. Would I need original xp disc to reinstall.
     
  3. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    You cannot uninstall Altnet without uninstalling Kazaa or whichever other crappy P2P installed it first

    follow advice here and post the logs those programs make
     
  4. gowgarq

    gowgarq Thread Starter

    Joined:
    Feb 5, 2012
    Messages:
    142
    I was trying to remove all. There is only one item in add/remove. I dont know what p2p refers to,but
    this was a legal,as I paid for a subscription,not a copyright infringement! When the subscription runs out
    then the downloads are not useful. The other theory could be that,since these people did come under
    fire for their sponsorship of the earlier activity,they might have implemented detection of previous
    copyright data storage.In other words,two wrongs to make a right.
     
  5. gowgarq

    gowgarq Thread Starter

    Joined:
    Feb 5, 2012
    Messages:
    142
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:58:27 AM, on 2/11/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\Altnet Music Plugin\AMPMDM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\user\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ampmdm] C:\Program Files\Altnet Music Plugin\AMPMDM.exe
    O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-1123561945-606747145-839522115-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'lisa')
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1297645016151
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll (file missing)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    O24 - Desktop Component 0: (no name) - http://www.na.org/images/mainBG.jpg
    --
    End of file - 6822 bytes
     
  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
  7. gowgarq

    gowgarq Thread Starter

    Joined:
    Feb 5, 2012
    Messages:
    142
    TY much for reply. I am on it.
     
  8. gowgarq

    gowgarq Thread Starter

    Joined:
    Feb 5, 2012
    Messages:
    142
    Didn't work. Once again it would not remove.Even though It did not I went ahead with the renaming
    of DRM file to (DRM old).Then restarted and something weird happened. Desktop had 6 faded
    looking icons ! Thanks for helping!think maybe i need to go ahead with check to see if it's orphan remnants.Can't remember how to do this.
     
  9. gowgarq

    gowgarq Thread Starter

    Joined:
    Feb 5, 2012
    Messages:
    142
    .see if this helps solve
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/15/2010 2:46:28 AM
    System Uptime: 2/11/2012 4:54:10 PM (4 hours ago)
    .
    Motherboard: | | PM800-8237
    Processor: Intel(R) Celeron(R) CPU 2.40GHz | Socket 478 | 2394/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 37 GiB total, 20.994 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: RAID Controller
    Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_32061565&REV_80\3&13C0B0C5&0&78
    Manufacturer:
    Name: RAID Controller
    PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_32061565&REV_80\3&13C0B0C5&0&78
    Service:
    .
    ==== System Restore Points ===================
    .
    RP502: 1/6/2012 4:12:24 PM - System Checkpoint
    RP503: 1/7/2012 4:13:29 PM - System Checkpoint
    RP504: 1/8/2012 4:48:18 PM - System Checkpoint
    RP505: 1/1/2004 4:00:41 AM - Software Distribution Service 3.0
    RP506: 1/1/2004 11:34:22 PM - Software Distribution Service 3.0
    RP507: 1/11/2012 12:18:14 PM - Software Distribution Service 3.0
    RP508: 1/14/2012 12:03:28 PM - System Checkpoint
    RP509: 1/30/2012 11:10:47 AM - Installed %1 %2.
    RP510: 1/30/2012 12:40:52 PM - Removed Bing Bar
    RP511: 1/30/2012 9:12:10 PM - Software Distribution Service 3.0
    RP512: 1/30/2012 9:47:19 PM - Software Distribution Service 3.0
    RP513: 1/30/2012 10:34:14 PM - Software Distribution Service 3.0
    RP514: 1/31/2012 11:14:01 PM - System Checkpoint
    RP515: 2/1/2012 11:54:05 PM - System Checkpoint
    RP516: 2/2/2012 11:58:46 PM - System Checkpoint
    RP517: 2/4/2012 12:08:28 AM - System Checkpoint
    RP518: 2/5/2012 1:45:59 AM - System Checkpoint
    RP519: 2/6/2012 2:16:21 AM - System Checkpoint
    RP520: 2/7/2012 2:46:19 AM - System Checkpoint
    RP521: 2/8/2012 3:28:12 AM - System Checkpoint
    RP522: 2/9/2012 6:00:43 AM - System Checkpoint
    RP523: 2/10/2012 6:56:47 AM - System Checkpoint
    RP524: 2/10/2012 11:59:47 PM - Installed Java(TM) 6 Update 30
    RP525: 2/11/2012 4:39:57 PM - Removed Microsoft .NET Framework 1.1
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    avast! Free Antivirus
    C-Media WDM Audio Driver
    Conexant D850 56K V.9x DFVc Modem
    CueClub
    GameHouse Games Collection: Academy of Magic
    GameHouse Games Collection: Adventure Inlay
    GameHouse Games Collection: Adventure Inlay - Safari Edition
    GameHouse Games Collection: Air Strike 3D
    GameHouse Games Collection: Alien Sky
    GameHouse Games Collection: Aloha Solitaire
    GameHouse Games Collection: Aloha TriPeaks
    GameHouse Games Collection: Ancient Tri-Jong
    GameHouse Games Collection: Ancient Tripeaks
    GameHouse Games Collection: Astrobatics
    GameHouse Games Collection: Atlantis
    GameHouse Games Collection: Atomaders
    GameHouse Games Collection: Bejeweled 2
    GameHouse Games Collection: Bewitched
    GameHouse Games Collection: Big Kahuna Reef
    GameHouse Games Collection: Boggle Supreme
    GameHouse Games Collection: Bounce Out Blitz
    GameHouse Games Collection: Casino Island To Go
    GameHouse Games Collection: Chainz
    GameHouse Games Collection: Chainz 2 - Relinked
    GameHouse Games Collection: Charm Solitaire
    GameHouse Games Collection: Charm Tale
    GameHouse Games Collection: Chicktionary
    GameHouse Games Collection: Chuzzle Deluxe
    GameHouse Games Collection: Collapse! Crunch
    GameHouse Games Collection: Combo Chaos!
    GameHouse Games Collection: Crystal Path
    GameHouse Games Collection: Cubis Gold 2
    GameHouse Games Collection: Digby's Donuts
    GameHouse Games Collection: Diner Dash
    GameHouse Games Collection: Feeding Frenzy
    GameHouse Games Collection: Fiber Twig
    GameHouse Games Collection: Five Card Deluxe
    GameHouse Games Collection: Flip Words
    GameHouse Games Collection: Flying Leo
    GameHouse Games Collection: Fortune Tiles Gold
    GameHouse Games Collection: Fresco Wizard
    GameHouse Games Collection: GameHouse Sudoku
    GameHouse Games Collection: Gearz
    GameHouse Games Collection: Granny in Paradise
    GameHouse Games Collection: Gutterball
    GameHouse Games Collection: Gutterball 2
    GameHouse Games Collection: Hamsterball
    GameHouse Games Collection: Hello!
    GameHouse Games Collection: Holiday Express
    GameHouse Games Collection: Iggle Pop!
    GameHouse Games Collection: Incadia
    GameHouse Games Collection: Incredible Ink
    GameHouse Games Collection: Insaniquarium Deluxe
    GameHouse Games Collection: Inspector Parker
    GameHouse Games Collection: Invadazoid
    GameHouse Games Collection: Jewel Quest
    GameHouse Games Collection: Lemonade Tycoon
    GameHouse Games Collection: Luxor
    GameHouse Games Collection: Mad Caps
    GameHouse Games Collection: Magic Ball
    GameHouse Games Collection: Magic Ball 2
    GameHouse Games Collection: Magic Ball 2 - New Worlds
    GameHouse Games Collection: Magic Inlay
    GameHouse Games Collection: Magic Vines
    GameHouse Games Collection: Mah Jong Adventures
    GameHouse Games Collection: Mah Jong Medley
    GameHouse Games Collection: Mah Jong Quest
    GameHouse Games Collection: Mahjong Garden To Go
    GameHouse Games Collection: Mahjong Towers Eternity
    GameHouse Games Collection: Maui Wowee
    GameHouse Games Collection: Phlinx To Go
    GameHouse Games Collection: Pin High Country Club Golf
    GameHouse Games Collection: Pizza Frenzy
    GameHouse Games Collection: Platypus
    GameHouse Games Collection: Poker Superstars
    GameHouse Games Collection: Puzzle Express
    GameHouse Games Collection: Puzzle Inlay
    GameHouse Games Collection: Puzzle Solitaire
    GameHouse Games Collection: QBz
    GameHouse Games Collection: Reader's Digest Super Word Power
    GameHouse Games Collection: Ricochet
    GameHouse Games Collection: Ricochet Lost Worlds
    GameHouse Games Collection: Ricochet Lost Worlds - Recharged
    GameHouse Games Collection: Roller Rush
    GameHouse Games Collection: Saints & Sinners Bingo
    GameHouse Games Collection: SCRABBLE
    GameHouse Games Collection: Shape Shifter
    GameHouse Games Collection: Slingo Deluxe
    GameHouse Games Collection: Spelvin
    GameHouse Games Collection: Splash
    GameHouse Games Collection: Spring Sprang Sprung
    GameHouse Games Collection: Super 5-Line Slots
    GameHouse Games Collection: Super Blackjack!
    GameHouse Games Collection: Super Bounce Out!
    GameHouse Games Collection: Super Candy Cruncher
    GameHouse Games Collection: Super Collapse!
    GameHouse Games Collection: Super Collapse! II
    GameHouse Games Collection: Super Collapse! II Platinum
    GameHouse Games Collection: Super Fruit Frolic
    GameHouse Games Collection: Super GameHouse Solitaire Vol. 1
    GameHouse Games Collection: Super GameHouse Solitaire Vol. 2
    GameHouse Games Collection: Super GameHouse Solitaire Vol. 3
    GameHouse Games Collection: Super Gem Drop
    GameHouse Games Collection: Super Glinx!
    GameHouse Games Collection: Super Letter Linker
    GameHouse Games Collection: Super Mah Jong Solitaire
    GameHouse Games Collection: Super Nisqually
    GameHouse Games Collection: Super PileUp!
    GameHouse Games Collection: Super Pool
    GameHouse Games Collection: Super Pop & Drop!
    GameHouse Games Collection: Super Rumble Cube
    GameHouse Games Collection: Super SpongeBob Collapse!
    GameHouse Games Collection: Super TextTwist
    GameHouse Games Collection: Super WHATword
    GameHouse Games Collection: Super Wild Wild Words
    GameHouse Games Collection: Tap a Jam
    GameHouse Games Collection: Ten Pin Championship Bowling Pro
    GameHouse Games Collection: Tennis Titans
    GameHouse Games Collection: Tradewinds 2
    GameHouse Games Collection: Trivia Machine
    GameHouse Games Collection: Tropical Swaps
    GameHouse Games Collection: Tumblebugs
    GameHouse Games Collection: Turtle Bay
    GameHouse Games Collection: Twistingo
    GameHouse Games Collection: Ultimate Dominoes
    GameHouse Games Collection: Varmintz Deluxe
    GameHouse Games Collection: Walls of Jericho, The
    GameHouse Games Collection: Wheel of Fortune
    GameHouse Games Collection: Word Jolt
    GameHouse Games Collection: Word Slinger
    GameHouse Games Collection: WordJong To Go
    GameHouse Games Collection: Zuma Deluxe
    GameSpy Arcade
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    Java Auto Updater
    Java(TM) 6 Update 30
    JEmu2 - Online Games System Emulator
    Kazaa Music Plugin
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Baseball 2000
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft UI Engine
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Monopoly
    Monopoly (remove only)
    NAMCO ALL-STARS - PAC-MAN
    PAC-MAN (remove only)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SUPERAntiSpyware
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2362765)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VIA Rhine-Family Fast Ethernet Adapter
    Web Games Player Plugin
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows Search 4.0
    Windows XP Service Pack 3
    Yahoo! Install Manager
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/6/2012 6:54:25 PM, error: DCOM [10000] - Unable to start a DCOM Server: {9DE77B51-89F6-468E-9402-16050382E950}. The error: "%2" Happened while starting this command: "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe" -Embedding
    2/6/2012 6:27:26 PM, error: DCOM [10000] - Unable to start a DCOM Server: {31371420-098D-4C0E-A11E-EBEC2305DD01}. The error: "%2" Happened while starting this command: "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe" -Embedding
    2/6/2012 6:27:22 PM, error: DCOM [10000] - Unable to start a DCOM Server: {3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}. The error: "%2" Happened while starting this command: "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe" -Embedding
    2/4/2012 12:39:34 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    .
    ==== End Of File ===========================
     
  10. gowgarq

    gowgarq Thread Starter

    Joined:
    Feb 5, 2012
    Messages:
    142
    I just want to restate my theory about this program attaching itself to the Media player. I think I know,
    that it can be removed,and reinstalled.But there is something called (Windows Media Format 11 runtime)
    that shows in programs,same size,same icon. Also concerned about those faded looking icons,on desktop. I am not desperate,and there others that need help more than I do. So I will be very patient.
    TY . Appreciate help.
     
  11. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    what isn't removing when you try to uninstall kazaa media plug in

    Do you follow instructions fully & close all browsers & media player first
    please post the full DDS log so we can see what is still active. You have only posted the attach txt and that doesn't help us with this one


    What do the fafded icons on desktop look like
    please take a screenshot & post that. I think they are probably desktop.ini files which are normally hidden & you have unhidden them while following the kazaa removal instructions
     
  12. gowgarq

    gowgarq Thread Starter

    Joined:
    Feb 5, 2012
    Messages:
    142
    Can someone elaborate on the full dds log thing,as I am not sure on what to click. I ran and posted ,but did not get full log.???
     
  13. gowgarq

    gowgarq Thread Starter

    Joined:
    Feb 5, 2012
    Messages:
    142
    OK !


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by user at 10:21:45 on 2012-02-12
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.177 [GMT -6:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Altnet Music Plugin\AMPMDM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page =
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uStart Page = hxxp://www.yahoo.com/
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uSearchAssistant =
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [ampmdm] c:\program files\altnet music plugin\AMPMDM.exe
    uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    mRun: [VTTimer] VTTimer.exe
    mRun: [VTTrayp] VTtrayp.exe
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1297645016151
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 97.64.168.12 97.64.183.165
    TCP: Interfaces\{30679D40-F831-4596-A070-AC6C988C7759} : DhcpNameServer = 97.64.168.12 97.64.183.165
    Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-6 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-15 314456]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-15 20568]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-15 44768]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-27 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-27 136176]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
    .
    =============== Created Last 30 ================
    .
    2012-02-11 22:57:01 -------- d-sh--w- c:\documents and settings\all users\DRM
    2012-01-30 17:17:55 -------- d-----w- c:\documents and settings\user\application data\ElevatedDiagnostics
    .
    ==================== Find3M ====================
    .
    2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-29 00:59:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
    2011-02-14 01:06:50 292184 ----a-w- c:\program files\dxwebsetup.exe
    .
    ============= FINISH: 10:22:47.18 ===============
     
  14. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    OK I can see what still needs doing so
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Here or Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  15. gowgarq

    gowgarq Thread Starter

    Joined:
    Feb 5, 2012
    Messages:
    142
    Is this right ? TY !ComboFix 12-02-12.01 - user 02/12/2012 15:19:21.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.263 [GMT -6:00]
    Running from: c:\documents and settings\user\Desktop\username123.exe.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\data
    c:\data\default\us_sres.data
    c:\data\e60hoss_o\us_sres.data
    c:\documents and settings\user\WINDOWS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-12 20:55 . 2012-02-12 20:55 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-02-12 20:16 . 2012-02-12 20:16 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\FixItCenter
    2012-02-12 20:07 . 2012-02-12 20:07 -------- d-----w- c:\windows\MATS
    2012-02-12 20:07 . 2012-02-12 20:07 -------- d-----w- c:\program files\Microsoft Fix it Center
    2012-02-11 22:57 . 2012-02-12 17:05 -------- d-sh--w- c:\documents and settings\All Users\DRM
    2012-02-04 19:21 . 2012-02-06 06:19 -------- d-----w- c:\documents and settings\lisa
    2012-01-30 17:37 . 2012-01-31 04:19 -------- d-----w- c:\documents and settings\Administrator.USER-D6AB3730FA
    2012-01-30 17:17 . 2012-01-30 17:17 -------- d-----w- c:\documents and settings\user\Application Data\ElevatedDiagnostics
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-10 21:24 . 2004-01-01 06:52 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-29 00:59 . 2011-11-29 00:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-28 18:01 . 2010-09-15 08:11 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 18:01 . 2010-09-15 08:11 199816 ----a-w- c:\windows\system32\aswBoot.exe
    2011-11-28 17:53 . 2011-03-06 06:59 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-28 17:53 . 2010-09-15 08:11 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-11-28 17:52 . 2010-09-15 08:11 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-11-28 17:52 . 2010-09-15 08:11 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-11-28 17:52 . 2010-09-15 08:11 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-11-28 17:51 . 2010-09-15 08:11 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-11-28 17:51 . 2010-09-15 08:11 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-11-28 17:48 . 2010-09-15 08:11 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2004-08-04 12:00 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21 . 2004-08-04 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21 . 2004-08-04 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
    2011-02-14 01:06 . 2011-02-14 01:05 292184 ----a-w- c:\program files\dxwebsetup.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ampmdm"="c:\program files\Altnet Music Plugin\AMPMDM.exe" [2010-09-08 431576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VTTimer"="VTTimer.exe" [2006-04-01 53248]
    "VTTrayp"="VTtrayp.exe" [2006-04-01 143360]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:18bc7092c9
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-03-28 01:53 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\NetMeeting\\conf.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-28 136176]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-28 136176]
    R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-14 267568]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
    S2 aswFsBlk;aswFsBlk; [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-02-12 40776]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-28 01:53]
    .
    2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-28 01:53]
    .
    2012-02-12 c:\windows\Tasks\User_Feed_Synchronization-{ECF424E4-0163-452B-8D69-71E66BDADCF5}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uSearchAssistant =
    TCP: DhcpNameServer = 97.64.168.12 97.64.183.165
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKCU-Run-AROReminder - c:\program files\Advanced Registry Optimizer\ARO.exe
    HKLM-Run-Cmaudio - cmicnfg.cpl
    MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-12 15:37
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1123561945-606747145-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(660)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    Completion time: 2012-02-12 15:43:46
    ComboFix-quarantined-files.txt 2012-02-12 21:43
    .
    Pre-Run: 22,592,192,512 bytes free
    Post-Run: 22,964,666,368 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - CA543FB0FD12E8DB9199490133D19565
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1040480