1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Analyze HJT Logfile for server access failure causes

Discussion in 'Virus & Other Malware Removal' started by SeaSalt, Oct 11, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. SeaSalt

    SeaSalt Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    56
    SeaSalt here!

    CookieGal, I'm in the process of following your instructions regarding Combofix. However, you did not make it clear as to what you wanted done with "puppy.exe" after the renaming ceromony :)

    I made the assumption you wanted it launched and I did it. I got a very loud and alerting double beep telling me that the file was in no way affiliated with ComboFix and, basically to ask for my money back if I purchased the file.

    You have been quite thorough so far as to letting me know what to expect at various steps along the way. After the "alarm" sounded, I decided to back off and send this email to you.

    At the moment, I have disabled AVG8 and Zonealarm. I have spybot S&D on my computer but don't think it is running in the background. Therefore, I have done nothing to it. I have the renamed ComboFix on my desktop as puppy.exe.

    I need your guidance to proceed.

    Thanks again in advance................SeaSalt
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,656
    The instructions in how to run the program were all in the link at Bleeping Computer.

    Please disable your security programs again and run the puppy.exe and allow it to do its full run. Then post the resulting log.
     
  3. SeaSalt

    SeaSalt Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    56
    Hi CookieGal,

    I'm in a pickle again.
    In following the directions for running puppy.exe, I get a WARNING box that states:
    ComboFix has detected the following real time scanner(s) to be active:

    Anti-Spyware: ZoneAlarm Anti Spyware
    Anti-Spyware: AVG Anti Virus Free

    Anti-virus and intrusion prevention programs are known to interfere with ComboFix's running.
    This may lead to unpredictabel results or possible machine damage.
    Please disable these scanners before clicking O.K.


    CookieGal, I've actually uninstalled Zone Alarm and AVG Free from my computer.
    I did this because every thing else I tried continued to give me the same WARNING whenever I tried to run puppy.exe.

    I've rebooted my computer numerous times after various uninstalls and I've confirmed that these two programs are not on the Control Panel's uninstall programs list.

    These WARNINGS are as far as I've gone in trying to run puppy.exe (combofix).

    What do you recommend I do next?

    Thanks for hanging in there with me.

    SeaSalt
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,656
    Download GMER from: http://gmer.net/index.php

    Save it on your desktop and unzip it.

    Double click the gmer.exe to run it and select the rootkit tab and press scan. When the scan is done, click Copy. This will copy the report to the clipboard. Paste it into Notepad and save it and also paste the log report back here please.
     
  5. SeaSalt

    SeaSalt Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    56
    Hi CookieGal,

    Thanks for your on-going help.
    Below is the Gmer scan report.

    Look forward to taking the next step towards becoming bug free.

    SeaSalt

    =================================

    GMER 1.0.15.15163 - http://www.gmer.net
    Rootkit scan 2009-10-27 17:38:26
    Windows 6.0.6000
    Running: zeztlu49.exe; Driver: C:\Users\Boltons\AppData\Local\Temp\uxdiyfow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

    Device \Driver\BTHUSB \Device\0000006c bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
    Device \Driver\BTHUSB \Device\0000006e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bdb9438
    Reg HKLM\SYSTEM\ControlSet028\Services\BTHPORT\Parameters\Keys\001a6bdb9438 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,656
    Open HijackThis and click on the Open Misc Tools section button. Click on the Open Uninstall Manager button. Click the Save List button. Save the list then copy and paste it here.
     
  7. SeaSalt

    SeaSalt Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    56
    CookieGal,

    Below is the saved list generated when I clicked on the "Save List" button as per your instructions.
    As a reminder, I still have not reinstalled my anti-virus program nor my firewall program.

    Thank you for continuing to help.

    SeaSalt

    ========================================================

    Acrobat.com
    Acrobat.com
    Adobe Acrobat Reader 3.01
    Adobe AIR
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player ActiveX
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 9
    Adobe Stock Photos 1.0
    Adobe Type Manager 4.0
    Conexant HD Audio
    EA Link
    Easy CD & DVD Creator 6
    ESU for Microsoft Vista
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hewlett-Packard Active Check
    Hewlett-Packard Asset Agent
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Active Support Library 32 bit components
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP Easy Setup - Frontend
    HP Help and Support
    HP Photosmart Essential 2.0
    HP Quick Launch Buttons 6.20 B1
    HP QuickPlay 3.3
    HP QuickTouch 1.00 C1
    HP Total Care Advisor
    HP Update
    HP User Guides 0060
    HP Wireless Assistant
    HPNetworkAssistant
    Java(TM) SE Runtime Environment 6
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook 2007
    Microsoft Office Outlook 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Mozilla Firefox (3.0.1)
    MSCU for Microsoft Vista
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    muvee autoProducer 6.0
    My HP Games
    NetWaiting
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    QuickPlay SlingPlayer 0.3.0
    RealPlayer
    Rhapsody
    Rhapsody Player Engine
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio DVDMAX Player
    Roxio MyDVD Basic v9
    Roxio PhotoSuite 5 LITE
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB969679)
    Security Update for Microsoft Office Excel 2007 (KB969682)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Spybot - Search & Destroy
    TDK Launcher
    Touch Pad Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB969907)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (kb973514)
    VC 9.0 Runtime
    VC 9.0 Runtime
    VueScan
    Windows Media Player Firefox Plugin
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,656
    Please run this AVG removal tool that will remove any remnants that may be in the registry:

    http://www.avg.com/us-en/download-tools

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

    Upgrading Java:

    • Download the latest version of Java Runtime Environment (JRE) 6 Update 16.
    • Click the "Download" button to the right.
    • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 16 License Agreement.".
    • Click on Continue.
    • Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment, JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.

    Then reboot and try running ComboFix (Puppy.exe) again please.
     
  9. SeaSalt

    SeaSalt Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    56
    CookieGal,

    I downloaded the AVG file remover and ran it. Then, I updated my Java as per your instructions.
    However, when I ran ComboFix, I go the below messages:
    Note: At the end I described the additional action I took.
    =============================
    Warning!!
    ComboFix has detected the following real time scanner(s) to be active:
    AntiSpyware: ZoneAlarm Antispyware
    AntiSpyware: AVG Antispyware Free
    Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage.
    Please disable these scanners before clicking OK
    NOTE: I clicked to box with the X in it.
    ===============================
    A second dialog box appeared:
    Warning!!
    Antispyware: ZoneAlarm Anti-spyware
    Antispyware: AvG Anti-Virus Free
    The above real time scanner(s) are still active but ComboFix shall contine to run. Kindly note that this is at your own risk.
    NOTE: Again, I clicked the box with the X in it; then, I hit ESC a few times to stop ComboFix from continuing to run.
    ================================
    The NEXT dialog box appeared when I stopped ComboFix and was:
    Version_09-10-22l01
    Current date is ~. ComboFix has expired
    Click "YES" to run in REDUCED FUNCTIONALITY mode. Click "NO" to exit.
    NOTE: At this point, I clicked NO
    =======================================
    CookieGal, I went back to the link and downloaded the AVG Remover executable file, ran it, & rebooted. For good measure, I did it a second time.
    Nothing changed. I still got the ....scanner(s) ... active message and more of what I've typed above when I tried to run ComboFix.

    What do you want me to do next?

    Thanks.............SeaSalt......
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,656
    Download OTS.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTS on your desktop.
    1. Close any open browsers.
    2. If your Real protection or Antivirus interferes with OTS, allow it to run.
    3. Open the OTS folder and double-click on OTS.exe to start the program.
    4. In Additional Scans section put a check in Disabled MS Config Items and EventViewer logs
    5. Now click the Run Scan button on the toolbar.
    6. Let it run unhindered until it finishes.
    7. When the scan is complete Notepad will open with the report file loaded in it.
    8. Save that notepad file.
    Use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  11. SeaSalt

    SeaSalt Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    56
    CookieGal,

    Here is the attached Notepad log file from the OTS scans.
    I had some operator-error issues and renamed the text file (which explains the "x" at the beginning of the filename) in an attempt to remedy a problem that did not exist.
    All should be O.K.
    As always, looking for your next bit of guidance.....



    Seasalt............
     

    Attached Files:

  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,656
    Start OTS. Copy/Paste the information in the code box below into the pane where it says "Paste fix here" and then click the "Run Fix" button.

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.
    Code:
    [Kill All Processes]
    [Registry - Safe List]
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YN -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
    [Registry - Additional Scans - Safe List]
    < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
    YN -> QlbCtrl hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    YN -> Sharkbyte hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Grooveshark\sharkbyte.exe
    YN -> Windows Defender hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    [Files/Folders - Created Within 30 Days]
    NY ->  1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp
    [Files/Folders - Modified Within 30 Days]
    NY ->  54 C:\Users\Boltons\AppData\Local\Temp\*.tmp files -> C:\Users\Boltons\AppData\Local\Temp\*.tmp
    NY ->  54 C:\Users\Boltons\AppData\Local\Temp\*.tmp files -> C:\Users\Boltons\AppData\Local\Temp\*.tmp
    NY ->  1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp
    [Empty Temp Folders]
    [Start Explorer]
    [Reboot]
     
  13. SeaSalt

    SeaSalt Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    56
    Hi CookieGal,

    Thank you for your ongoing help.
    As per your instructions, I am pasting the OTS notepad logfile below. After that, I will be pasting the latest HJT logfile.

    NEW NEWS: Two days ago, I received the following message while I was on my computer, but was offline. I don't know if the below will be a factor in your help to me:
    "Media Foundation Protected Pipeline EXE was closed. To help protect your computer, Data Execution Prevention has closed." [end of new news]
    ==========================
    [begin paste OTS logfile]
    All Processes Killed
    [Registry - Safe List]
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    [Registry - Additional Scans - Safe List]
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QlbCtrl hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
    File not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sharkbyte hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
    File not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
    File not found.
    [Files/Folders - Created Within 30 Days]
    C:\Windows\System32\drivers\~GLH0013.TMP deleted successfully.
    [Files/Folders - Modified Within 30 Days]
    C:\Users\Boltons\AppData\Local\Temp\469F5DBD.TMP deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\CFG1FA0.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\CFGDEAB.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\CFGF517.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\IEC341D.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\nsb1BCA.tmp folder deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\nsi34E9.tmp folder deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF210A.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF25CB.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF2F0B.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF3481.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF34E0.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF3A8A.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF3FF6.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF482F.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF4B74.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF4ED8.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF5F5D.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF624E.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF65E2.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF6AEF.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF7EDE.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF820F.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF8481.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF8974.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF89C4.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF8A94.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF8B18.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF8B4D.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF8B96.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF8C02.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF8C0F.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF8C58.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF8D0D.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF8DCB.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF8E6E.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF9010.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF9044.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF9078.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DF9FAD.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DFA39D.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DFB7B7.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DFD2DC.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DFD2E1.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DFDD91.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DFE12C.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DFE25A.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DFE28F.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DFE2D8.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DFE321.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DFED41.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DFF17E.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DFF2FE.tmp deleted successfully.
    C:\Users\Boltons\AppData\Local\Temp\~DFF955.tmp deleted successfully.
    [Empty Temp Folders]


    User: All Users

    User: Boltons
    ->Temp folder emptied: 10172358 bytes
    ->Temporary Internet Files folder emptied: 222696495 bytes
    ->Java cache emptied: 789626 bytes
    ->FireFox cache emptied: 80490761 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: Working Account
    ->Temp folder emptied: 279371 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 9393 bytes
    ->FireFox cache emptied: 70501780 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1459713 bytes
    RecycleBin emptied: 17862939 bytes

    Total Files Cleaned = 385.60 mb

    < End of fix log >
    OTS by OldTimer - Version 3.1.2.1 fix logfile created on 11042009_221035

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    [end OTS logfile]
    ========================================
    [begin HJT logfile]
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:39:08 PM, on 11/4/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16890)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\notepad.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Boltons\Documents\Computer Software Etc\Utilities\HijackTxhis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.1:3128
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [cdloader] "C:\Users\Boltons\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.akamai.net
    O15 - Trusted Zone: akamai.avg.com
    O15 - Trusted Zone: update.avg.com
    O15 - Trusted Zone: akamai.avg.cz
    O15 - Trusted Zone: backup.avg.cz
    O15 - Trusted Zone: download.avg.cz
    O15 - Trusted Zone: files2.avg.cz
    O15 - Trusted Zone: akamai.avg.com.edgesuite.net
    O15 - Trusted Zone: akamai.avg.cz.edgesuite.net
    O15 - Trusted Zone: akamai.grisoft.com.edgesuite.net
    O15 - Trusted Zone: akamai.grisoft.cz.edgesuite.net
    O15 - Trusted Zone: akamai.grisoft.com
    O15 - Trusted Zone: update.grisoft.com
    O15 - Trusted Zone: akamai.grisoft.cz
    O15 - Trusted Zone: backup.grisoft.cz
    O15 - Trusted Zone: download.grisoft.cz
    O15 - Trusted Zone: files2.grisoft.cz
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 5677 bytes
    [end HJT logfile]
    Thanks again CookieGal............SeaSalt
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,656
    I think I see the problem with ComboFix, you renamed the file puppy.exe.exe so you gave it a double .exe extension.

    Please rename it to just puppy with an exe extension (puppy.exe) and then see if you can get ComboFix to run a scan without those error messages.
     
  15. SeaSalt

    SeaSalt Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    56
    CookieGal,

    I renamed puppy.exe to puppy and ran it as per the original instructions.
    I right-click on the desktop icon "puppy" and selected "run as administrator".
    I still got the same warning message about AVG and Zonealarm.
    There appears to be no change from before.
    If you wish, I can do a screen capture of my desktop with the warning message on it. Then, I can send it to you as an attachment if there is any value to you in having it.

    What would you like me to do next?

    Thanks again in advance for your time and attention on this,

    SeaSalt
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/867841