|
|
|
100% CPU Usage Random Programs Open
|
|
Senior Member
|
19. October 2008 @ 00:09 |
Link to this message
|
Just earlier today my desktop started acting weird. At first it wouldn't read any DVDs and failed to burn any CDs, but read commercially pressed CDs, so I flashed the firmware and rebooted. Immediately after rebooting, my pc began to open random IE popups from the desktop. I cloed them and thought it was short term. Shortly afterwards random things started to open such as installations for COD4 patches, I figured something was wrong then. I opened task manager and monitored programs for a while, thought everything was fine and opened itunes for some music. Then AppleMobileDeviceManager.exe started to open over and over again. I rebooted into safe mode and ran Ad Aware since no programs would open due to regular windows having 100% CPU usage and almost no ram. It showed me a few programs that could not be removed, and keep in mind explorer.exe crashed about 10 times while the scan was running. When it finished it said some programs would be removed after reboot. I watched the prgrams remove at the windows login screen before windows started, and thought everything was fine. I put some songs on my ipod, left for a few hours, and I just got back. Now there are 255 processes mainly of which are AppleMobileDeviceHelper.exe programs, and no programs will open due to 100% cpu usage and no ram again. I would just reboot and run AGV however it will not open, and this problem seems to start slow and build up so by the time I reinsall AGV it is likely that it will be back up to 255 processes again.
Sorry for the long post, however this is my first problem like this in about 3 years so alot has changed on how to handle this type of thing. I have searched around but couldn't find anything quite exactly like what I'm experiencing, but I figured you all could help.
Thanks in advance everybody.
|
|
Advertisement
|
 |
|
|
Senior Member
|
19. October 2008 @ 02:42 |
Link to this message
|
Hi Spenman91
This might be quite hard, considering the state of your computer. If it doesn't work in normal mode, do it in safe mode.Go into your Add/Remove programs, and uninstall "Apple Mobile Device Support".
After that, please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file.
Rename HijackThis(.exe) to scanner(.exe).
Next, run scanner(.exe). A window will pop up.
? Click on the button which says Main Menu, then Do a system scan and save a logfile.
? Please wait for the scan to be completed.
? After the scan has completed, a text window will pop up. Please post the contents of this window here.
This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved.
NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
19. October 2008 @ 14:43 |
Link to this message
|
I don't remember if I mentioned that what ever has infected my computer has disabled my internet for every program that uses internet. I do not already have HijackThis, so I suppose I'll have to reboot the laptop I'm on now so that I can download it and transfer it to my infected desktop through networking.
Also, I managed to get my computer to run close a little better last night. I disabled all startup programs using msconfig just to be safe, and I searched around on google and found what you mentioned about uninstalling applemobiledecicehelper.exe. Doing this helped alot, my ram in task manager now shows up at around 487 MB, and CPU usage generally remains low, however there is now constant HDD usage, making everything run pretty slow. I was able to run an outdated AVG scan but could not update due to no internet, I removed alot of infections, and ran spybot as well as ad aware.
I believe now my internet loss may have been caused by me attempting to setup Nortins Internet Succurity which came pre installed on my PC, but did not finish due to a crash and sudden crash. I thought it could be blocking all internet connection becuase it is not configured correctly. As of now it will not open so I cannot do anyting with it, but I suppose that shouldn't really affect anything as I believe the program is closed.
I will try HijackThis and report back. Thanks for the reply.
|
Senior Member
|
19. October 2008 @ 15:09 |
Link to this message
|
Alright, I finally was able to get HijackThis file.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:56 PM, on 10/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Programs\PhotoshopElementsFileAgent.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\HP_Administrator\Desktop\scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...LION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...LION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...LION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...LION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...LION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...LION&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: mysidesearch search enhancer - {4622fd96-a223-c489-0112-b7420da7394e} - C:\WINDOWS\system32\ofdetjenflebtwk.dll (file missing)
O2 - BHO: (no name) - {46D7049A-9DB9-4AEC-82B1-F101B9367CB1} - C:\WINDOWS\system32\opnlMdDU.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: {af1d37a1-7452-7c0a-4574-e5d1292ff046} - {640ff292-1d5e-4754-a0c7-25471a73d1fa} - C:\WINDOWS\system32\opuvwc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Knight Online Toolbar Helper - {9D006D63-579B-4D77-9C12-15623661ADDA} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {B56F9CCA-0431-450D-9B6C-A4D5764D462E} - C:\WINDOWS\system32\nNededba.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: agadoo browser optimizer - {eb704584-2c90-9f34-56c6-d688067197eb} - C:\WINDOWS\system32\mgmqzcwpiyuiup.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Knight Online Toolbar - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Programs\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: opuvwc.dll,avgrsstx.dll
O20 - Winlogon Notify: opnlMdDU - C:\WINDOWS\SYSTEM32\opnlMdDU.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - G:\Programs\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PRTG Service (PRTGService) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
O23 - Service: PRTG Watchdog (prtgwatchservice) - Unknown owner - C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Softperfect Traffic Meter service process (StmSvc) - Unknown owner - C:\Program Files\SoftPerfect Traffic Meter\stmsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
--
End of file - 15089 bytes
|
Senior Member
|
19. October 2008 @ 23:12 |
Link to this message
|
Hey Spenman91
Boy, are you infected. Before I can do any fixes, I need you to uninstall either Symantec or AVG. If Norton is running on your computer because you cannot uninstall it, try the Norton Removal Tool. One reason your computer is slow is because of two antiviruses running: this will cause conflicts and crashes.
After that, please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required.
Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop.
Configuring Malwarebytes
? Click on the tab Settings.
? Make sure only these boxes are checked:
Terminate Internet Explorer
Automatically save and display logfile after removal
Always scan memory objects
Always scan registry objects
Always scan filesystem
Always scan extra and heuristics objects
Updating Malwarebytes
? Click on the tab Update.
? Press the button Check for Updates
? Wait for Malwarebytes to be fully updated.
**If you cannot update Malwarebytes because of the lack of internet, skip this step.
Scanning Time
? Click on the tab Scanner.
? Check Perform full scan and click on Scan
? Wait for the scan to complete, and then click on Show Results.
? Make sure all items are checked, then click on Remove Selected.
**If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.
Post A Log
? A text box will pop up after the removal process is over. Post the contents of the text here.
? If no text box pops up, launch Malwarebytes, and click on the tab Logs.
? The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open.
? Post the log here.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
20. October 2008 @ 18:34 |
Link to this message
|
I downloaded Malwarebytes, and am now in the process of scanning, but I assume that will take a while.
The main reason why I am posting is because I attempted to uninstall Nortons Internet Security as you instructed. I should have thought to do that. However, when I tried to download the Norton Removal Tool it asked for a code of some kind. I don't have any code for it because I believe the Nortons program that I have is simply a trial that came with my PC, therefore I don't have a code. I uninstalled AVG so that at least now I do not have 2 Anti-Virus programs installed.
I will post back when the scan is finished. I had the setup file for Malwarebytes downloaded but never installed it, thinking it was not any better than Spybot or Ad Aware Remover.
@cdavfrew, Thanks for all of the help.
|
Senior Member
|
20. October 2008 @ 22:36 |
Link to this message
|
Alright, nearly 4 hours later it is finished, here is the log file.
Malwarebytes' Anti-Malware 1.29
Database version: 1276
Windows 5.1.2600 Service Pack 2
10/20/2008 9:21:05 PM
mbam-log-2008-10-20 (21-21-05).txt
Scan type: Full Scan (C:\|D:\|E:\|G:\|I:\|)
Objects scanned: 388782
Time elapsed: 3 hour(s), 49 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 18
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 11
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\nNededba.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\opnlMdDU.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\opuvwc.dll (Trojan.Vundo.H) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46d7049a-9db9-4aec-82b1-f101b9367cb1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnlmddu (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{46d7049a-9db9-4aec-82b1-f101b9367cb1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{640ff292-1d5e-4754-a0c7-25471a73d1fa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{640ff292-1d5e-4754-a0c7-25471a73d1fa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b56f9cca-0431-450d-9b6c-a4d5764d462e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b56f9cca-0431-450d-9b6c-a4d5764d462e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\agadoo (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4622fd96-a223-c489-0112-b7420da7394e} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4622fd96-a223-c489-0112-b7420da7394e} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb704584-2c90-9f34-56c6-d688067197eb} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eb704584-2c90-9f34-56c6-d688067197eb} (Adware.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{46d7049a-9db9-4aec-82b1-f101b9367cb1} (Trojan.Vundo.H) -> Delete on reboot.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nnededba -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nnededba -> Delete on reboot.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\opnlMdDU.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\opuvwc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nNededba.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\abdedeNn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\abdedeNn.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\axgjyhsy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yshyjgxa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rpxbccgi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuVnNHab.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
Thanks
|
Senior Member
|
21. October 2008 @ 01:17 |
Link to this message
|
Hey Spenman91
Try using this program to uninstall Norton.
http://www.revouninstaller.com/
Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
? Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be completed.
? If it requires a reboot, please do it.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
21. October 2008 @ 17:49 |
Link to this message
|
ComboFix 08-10-19.04 - HP_Administrator 2008-10-21 16:26:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1471 [GMT -5:00]
Running from: D:\Combo-Fix.exe.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\HP_Administrator\Application Data\inst.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
E:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-09-21 to 2008-10-21 )))))))))))))))))))))))))))))))
.
2008-10-21 16:04 . 2008-10-21 16:04 <DIR> d-------- C:\Program Files\VS Revo Group
2008-10-20 15:58 . 2008-10-20 15:58 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-10-20 15:57 . 2008-10-20 15:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-20 15:57 . 2008-10-20 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-20 15:57 . 2008-10-20 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-20 15:57 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-20 15:57 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-19 01:23 . 2008-10-19 01:23 10,520 --------- C:\WINDOWS\system32\avgrsstx.dll.install_backup
2008-10-19 01:22 . 2008-10-19 01:22 <DIR> d-------- C:\Program Files\AVG
2008-10-18 18:05 . 2008-10-18 18:05 90,915 --a------ C:\WINDOWS\system32\ofdetjenflebtwk.dll-uninst.exe
2008-10-18 16:39 . 2008-10-19 04:16 <DIR> d-------- C:\WINDOWS\system32\WS
2008-10-18 16:39 . 2008-10-18 17:58 <DIR> d-------- C:\WINDOWS\system32\pi
2008-10-18 16:39 . 2008-10-19 04:15 <DIR> d-------- C:\WINDOWS\system32\nys3
2008-10-18 16:39 . 2008-10-18 17:58 <DIR> d-------- C:\WINDOWS\system32\mco2
2008-10-18 16:39 . 2008-10-18 16:39 <DIR> d-------- C:\WINDOWS\system32\EV02
2008-10-18 16:39 . 2008-10-18 16:39 <DIR> d-------- C:\temp\xp34
2008-10-18 16:39 . 2008-10-18 16:39 64,859 --a------ C:\WINDOWS\system32\zelbervupmarrjwp.exe
2008-10-18 16:38 . 2008-10-18 16:38 45,568 --a------ C:\Documents and Settings\HP_Administrator\index.exe
2008-10-18 16:38 . 2008-10-18 16:38 68 --a------ C:\Documents and Settings\HP_Administrator\z.bat
2008-10-18 16:33 . 2008-10-18 16:33 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\ImgBurn
2008-10-18 15:44 . 2008-10-18 15:45 <DIR> d-------- C:\Program Files\ImgBurn
2008-10-14 16:39 . 2008-10-14 16:44 <DIR> d-------- C:\WINDOWS\NV3264952.TMP
2008-10-14 16:39 . 2008-09-17 09:55 201,050 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-10-10 19:03 . 2008-10-10 19:03 <DIR> d-------- C:\WINDOWS\Logs
2008-10-10 12:52 . 2008-10-10 12:52 <DIR> d-------- C:\Program Files\Common Files\BioWare
2008-10-09 20:23 . 2008-10-09 20:23 <DIR> d-------- C:\Program Files\Activision
2008-10-04 22:48 . 2008-10-04 22:48 <DIR> d-------- C:\Program Files\gBurner
2008-10-01 03:00 . 2008-10-01 03:00 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-09-29 22:09 . 2008-09-29 22:09 <DIR> d-------- C:\Program Files\Microsoft Student
2008-09-29 22:07 . 2008-09-29 22:07 <DIR> d-------- C:\Program Files\Learning Essentials
2008-09-26 18:15 . 2008-09-26 18:15 268 --ah----- C:\sqmdata15.sqm
2008-09-26 18:15 . 2008-09-26 18:15 244 --ah----- C:\sqmnoopt15.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 02:24 --------- d-----w C:\Program Files\SoftPerfect Traffic Meter
2008-10-18 23:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-18 20:43 --------- d-----w C:\Program Files\DVDFab 5
2008-10-18 20:43 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Vso
2008-10-18 01:05 137,480 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-15 22:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-15 22:16 --------- d-----w C:\Program Files\SpeedFan
2008-10-15 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-10-14 21:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-14 21:40 --------- d-----w C:\Program Files\AGEIA Technologies
2008-10-10 00:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-08 18:15 --------- d-----w C:\Program Files\FrostWire
2008-10-01 01:26 --------- d-----w C:\Program Files\World of Warcraft
2008-10-01 00:58 --------- d-----w C:\Program Files\MagicISO
2008-09-30 02:36 --------- d-----w C:\Program Files\BitComet
2008-09-20 10:44 99,648 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-09-17 20:52 --------- d-----w C:\Program Files\IrfanView
2008-09-17 14:55 6,132,576 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-06-09 23:02 47,360 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys
2007-12-28 05:45 22,328 -c--a-w C:\Documents and Settings\HP_Administrator\Application Data\PnkBstrK.sys
2007-12-04 03:30 158 -c--a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-05-31 20:16 1 -c--a-w C:\Documents and Settings\HP_Administrator\SI.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-17 13574144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=opuvwc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Deewoo.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Deewoo.lnk
backup=C:\WINDOWS\pss\Deewoo.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^DW_Start.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Folding@Home 5.03.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Folding@Home 5.03.lnk
backup=C:\WINDOWS\pss\Folding@Home 5.03.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 23:46 624248 G:\Programs\Acrobat 8.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-10-02 15:45 67488 G:\Programs\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 17:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a--c--- 2006-03-20 14:43 331776 C:\Program Files\AGEIA Technologies\TrayIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
--a--c--- 2006-11-17 16:49 77824 C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-09-20 05:45 2177984 C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a--c--- 2005-09-17 02:27 52848 c:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-09 16:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
--a------ 2008-05-19 09:57 1400832 C:\Program Files\Curse\CurseClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 17:29 165784 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
--a--c--- 2006-03-15 21:12 1077248 C:\Program Files\DISC\DISCover.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
--a--c--- 2006-03-15 21:11 61440 C:\Program Files\DISC\DISCUpdMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
--a--c--- 2006-03-20 04:05 90112 c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-02-14 23:37 3057152 C:\Program Files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
--a------ 2006-11-27 15:18 1582616 C:\Program Files\DU Meter\DUMeter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 15:56 64512 C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a--c--- 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2005-12-15 13:18 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a--c--- 2006-02-15 17:34 249856 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a--c--- 2005-06-02 01:35 49152 c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
--a--c--- 2005-09-30 00:33 120464 c:\Program Files\Norton Internet Security\CfgWiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISPMonitor]
--a------ 2008-02-23 11:59 442704 C:\Program Files\ISP Monitor\isp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a--c--- 2005-02-02 16:44 61440 C:\hp\KBD\kbd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-09-17 09:55 13574144 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-04-04 14:20 81920 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-09-17 09:55 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a--c--- 2004-11-11 20:50 212992 C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-14 18:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a--c--- 2005-07-22 17:14 237568 C:\WINDOWS\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a--c--- 2004-12-13 21:23 663552 C:\WINDOWS\CREATOR\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a--c--- 2004-11-02 17:59 218240 c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a--c--- 2007-12-24 02:03 1266936 C:\Valve\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-19 03:15 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
--a--c--- 2007-02-12 17:21 734624 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-07-16 15:17 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a--c--- 2005-08-02 18:19 77312 C:\WINDOWS\arpwrmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 01:56 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-09-17 09:55 1657376 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a--c--- 2006-03-08 06:54 16010240 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OpUtils Service"=2 (0x2)
"netflowanalyzer"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BearFlix\\bearflix.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Valve\\Steam\\steamapps\\spenman91\\condition zero\\hl.exe"=
"C:\\Program Files\\Microsoft Games\\Shadowrun\\Shadowrun.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Program Files\\Signal\\Signal.exe"=
"C:\\Program Files\\Common Files\\InstallShield\\Engine\\6\\Intel 32\\IKernel.exe"=
"C:\\Program Files\\PRTG Traffic Grapher\\PRTG Traffic Grapher.exe"=
"C:\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\XBC\\neXBC.exe"=
"G:\\Games\\BF2142.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"D:\\Games Installed\\Orange Box\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\UT2004\\System\\UT2004.exe"=
"D:\\Games Installed\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"G:\\Programs\\AdobePhotoshopElementsMediaServer.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"D:\\Games Installed\\Call Of Duty 4\\iw3mp.exe"=
"D:\\Games Installed\\Mass Effect\\Binaries\\MassEffect.exe"=
"D:\\Games Installed\\Mass Effect\\MassEffectLauncher.exe"=
"D:\\Games Installed\\Crysis\\Bin32\\Crysis.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21906:TCP"= 21906:TCP:BitComet 21906 TCP
"21906:UDP"= 21906:UDP:BitComet 21906 UDP
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;G:\Programs\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
R2 PRTGService;PRTG Service;C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe [2008-01-14 3814728]
R2 prtgwatchservice;PRTG Watchdog;C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe [2006-07-26 443904]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\WINDOWS\system32\DRIVERS\evsbc.sys [2007-06-22 25120]
S1 imagedrvv;imagedrvv;C:\WINDOWS\system32\drivers\imagedrvv.sys [ ]
S2 ISPMonitorSrv;ISP Monitor;C:\Program Files\ISP Monitor\ISPMonitorSrv.exe [2007-07-05 36864]
S2 StmSvc;Softperfect Traffic Meter service process;C:\Program Files\SoftPerfect Traffic Meter\stmsvc.exe [2005-07-18 1077248]
S3 cpuz;cpuz;C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\cpuz.sys [ ]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\WINDOWS\system32\DRIVERS\evserial.sys [2007-06-22 51616]
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv [ ]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 19677]
S3 XDva025;XDva025;C:\WINDOWS\system32\XDva025.sys [ ]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 50048]
S4 netflowanalyzer;ManageEngine NetFlow Analyzer 6;C:\ADVENT~1\ME\NetFlow\bin\wrapper.exe [2007-08-20 126976]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9671ce66-f2e2-11dc-a24f-001731b05535}]
\Shell\Auto\command - J:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5b15151-4972-11dd-9278-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb803bd5-107b-11dc-8b92-001731b05535}]
\Shell\Auto\command - O:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2008-10-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-10-18 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2005-12-31 00:42]
2008-07-04 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2005-09-09 16:21]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-704d7525 - C:\WINDOWS\system32\axgjyhsy.dll
MSConfigStartUp-ExploreUpdSched - C:\WINDOWS\system32\scntrtdl.exe
MSConfigStartUp-LSA Shellu - C:\Documents and Settings\HP_Administrator\lsass.exe
MSConfigStartUp-{0db84872-8f97-71dc-47e7-01f962d35210} - C:\WINDOWS\system32\mgmqzcwpiyuiup.dll
MSConfigStartUp-{D7-75-58-8A-DW} - C:\windows\system32\dwwnw64r.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tlmvz68r.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 16:33:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-10-21 16:41:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-21 21:40:59
Pre-Run: 1,190,211,584 bytes free
Post-Run: 1,433,051,136 bytes free
386 --- E O F --- 2008-10-15 08:01:45
|
Senior Member
|
21. October 2008 @ 23:07 |
Link to this message
|
Hey Spenman91
Post a new HijackThis log and tell me what problems you have left.
Also upload this file: C:\WINDOWS\system32\ofdetjenflebtwk.dll-uninst.exe to Virustotal.com, that is, if your internet is back.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
22. October 2008 @ 17:05 |
Link to this message
|
Here is the HijackThis log you requested, as for uploading the file, I would but the PC is still without internet. Do you think that it was one of the infections I had that caused this or something else I need to look for?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:11 PM, on 10/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Programs\PhotoshopElementsFileAgent.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\Desktop\scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...LION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...LION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...LION&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Knight Online Toolbar Helper - {9D006D63-579B-4D77-9C12-15623661ADDA} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Knight Online Toolbar - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Programs\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: opuvwc.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - G:\Programs\PhotoshopElementsFileAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PRTG Service (PRTGService) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
O23 - Service: PRTG Watchdog (prtgwatchservice) - Unknown owner - C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Softperfect Traffic Meter service process (StmSvc) - Unknown owner - C:\Program Files\SoftPerfect Traffic Meter\stmsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
--
End of file - 13552 bytes
|
Senior Member
|
22. October 2008 @ 23:54 |
Link to this message
|
Hey Spenman91
1.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
Open Notepad and copy/paste the text in the code box below into it:
File::
C:\Windows\system32\opuvwc.dll
? Save this as CFScript.txt in the same folder as ComboFix.
? Then drag the CFScript.txt into Combo-Fix.exe.
? This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt).
Do not click on the ComoboFix window, as it may cause it to stall.
2.
Please run HijackThis.
? Click on the button which says Main Menu, then Do a system scan only.
? Please wait for the scan to be completed.
? After the scan has completed, check the following entries.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O20 - AppInit_DLLs: opuvwc.dll
Click on the button Fix checked
NOTE:: Close all browsers before fixing anything.
3.
Download Advanced Windowscare Personal and install it on a different computer. Update it, and then transfer the program files (C:\Program Files\Iobit) to the computer with no internet. Run Awcl.exe in the program files, do a scan, and fix everything except Startup Manage.
After that, reboot.
Is your internet back yet?
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
23. October 2008 @ 00:40 |
Link to this message
|
Here is the ComboFix log, I haven't had time to do anything else from your last post. I really appreciate all of the help too, by the way.
ComboFix 08-10-19.04 - HP_Administrator 2008-10-22 23:17:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1462 [GMT -5:00]
Running from: D:\Combo-Fix.exe.exe
Command switches used :: D:\CFscript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-09-23 to 2008-10-23 )))))))))))))))))))))))))))))))
.
2008-10-22 16:54 . 2008-10-22 16:54 <DIR> d-------- C:\ERDNT
2008-10-21 16:04 . 2008-10-21 16:04 <DIR> d-------- C:\Program Files\VS Revo Group
2008-10-20 15:58 . 2008-10-20 15:58 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-10-20 15:57 . 2008-10-20 15:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-20 15:57 . 2008-10-20 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-20 15:57 . 2008-10-20 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-20 15:57 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-20 15:57 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-19 01:23 . 2008-10-19 01:23 10,520 --------- C:\WINDOWS\system32\avgrsstx.dll.install_backup
2008-10-19 01:22 . 2008-10-19 01:22 <DIR> d-------- C:\Program Files\AVG
2008-10-18 18:05 . 2008-10-18 18:05 90,915 --a------ C:\WINDOWS\system32\ofdetjenflebtwk.dll-uninst.exe
2008-10-18 16:39 . 2008-10-19 04:16 <DIR> d-------- C:\WINDOWS\system32\WS
2008-10-18 16:39 . 2008-10-18 17:58 <DIR> d-------- C:\WINDOWS\system32\pi
2008-10-18 16:39 . 2008-10-19 04:15 <DIR> d-------- C:\WINDOWS\system32\nys3
2008-10-18 16:39 . 2008-10-18 17:58 <DIR> d-------- C:\WINDOWS\system32\mco2
2008-10-18 16:39 . 2008-10-18 16:39 <DIR> d-------- C:\WINDOWS\system32\EV02
2008-10-18 16:39 . 2008-10-18 16:39 <DIR> d-------- C:\temp\xp34
2008-10-18 16:39 . 2008-10-18 16:39 64,859 --a------ C:\WINDOWS\system32\zelbervupmarrjwp.exe
2008-10-18 16:38 . 2008-10-18 16:38 45,568 --a------ C:\Documents and Settings\HP_Administrator\index.exe
2008-10-18 16:38 . 2008-10-18 16:38 68 --a------ C:\Documents and Settings\HP_Administrator\z.bat
2008-10-18 16:33 . 2008-10-18 16:33 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\ImgBurn
2008-10-18 15:44 . 2008-10-18 15:45 <DIR> d-------- C:\Program Files\ImgBurn
2008-10-14 16:39 . 2008-10-14 16:44 <DIR> d-------- C:\WINDOWS\NV3264952.TMP
2008-10-14 16:39 . 2008-09-17 09:55 201,050 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-10-10 19:03 . 2008-10-10 19:03 <DIR> d-------- C:\WINDOWS\Logs
2008-10-10 12:52 . 2008-10-10 12:52 <DIR> d-------- C:\Program Files\Common Files\BioWare
2008-10-09 20:23 . 2008-10-09 20:23 <DIR> d-------- C:\Program Files\Activision
2008-10-04 22:48 . 2008-10-04 22:48 <DIR> d-------- C:\Program Files\gBurner
2008-10-01 03:00 . 2008-10-01 03:00 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-09-29 22:09 . 2008-09-29 22:09 <DIR> d-------- C:\Program Files\Microsoft Student
2008-09-29 22:07 . 2008-09-29 22:07 <DIR> d-------- C:\Program Files\Learning Essentials
2008-09-26 18:15 . 2008-09-26 18:15 268 --ah----- C:\sqmdata15.sqm
2008-09-26 18:15 . 2008-09-26 18:15 244 --ah----- C:\sqmnoopt15.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 00:02 --------- d-----w C:\Program Files\SoftPerfect Traffic Meter
2008-10-18 23:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-18 20:43 --------- d-----w C:\Program Files\DVDFab 5
2008-10-18 20:43 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Vso
2008-10-18 01:05 183,120 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-10-18 01:05 137,480 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-15 22:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-15 22:16 --------- d-----w C:\Program Files\SpeedFan
2008-10-15 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-10-14 21:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-14 21:40 --------- d-----w C:\Program Files\AGEIA Technologies
2008-10-10 00:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-08 18:15 --------- d-----w C:\Program Files\FrostWire
2008-10-01 01:26 --------- d-----w C:\Program Files\World of Warcraft
2008-10-01 00:58 --------- d-----w C:\Program Files\MagicISO
2008-09-30 02:36 --------- d-----w C:\Program Files\BitComet
2008-09-20 10:44 99,648 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-09-17 20:52 --------- d-----w C:\Program Files\IrfanView
2008-09-17 02:27 453,152 -c--a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-09-04 14:31 288,024 ----a-w C:\WINDOWS\system32\PhysXCplUI.exe
2008-08-29 13:57 70,936 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
2008-08-19 09:38 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-08-14 10:00 2,180,352 ------w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-08-14 09:58 2,136,064 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:58 2,136,064 ------w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:22 2,057,728 ------w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:22 2,015,744 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 09:22 2,015,744 ------w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-07-31 15:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 15:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 15:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-06-09 23:02 47,360 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys
2007-12-28 05:45 22,328 -c--a-w C:\Documents and Settings\HP_Administrator\Application Data\PnkBstrK.sys
2007-12-04 03:30 158 -c--a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-05-31 20:16 1 -c--a-w C:\Documents and Settings\HP_Administrator\SI.bin
.
((((((((((((((((((((((((((((( snapshot@2008-10-21_16.40.36.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-25 08:04:06 65,248 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-23 00:06:59 65,248 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-25 08:04:06 410,904 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-23 00:06:59 410,904 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-23 00:02:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_8f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-17 13574144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=opuvwc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Deewoo.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Deewoo.lnk
backup=C:\WINDOWS\pss\Deewoo.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^DW_Start.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Folding@Home 5.03.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Folding@Home 5.03.lnk
backup=C:\WINDOWS\pss\Folding@Home 5.03.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 23:46 624248 G:\Programs\Acrobat 8.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-10-02 15:45 67488 G:\Programs\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 17:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a--c--- 2006-03-20 14:43 331776 C:\Program Files\AGEIA Technologies\TrayIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
--a--c--- 2006-11-17 16:49 77824 C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-09-20 05:45 2177984 C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a--c--- 2005-09-17 02:27 52848 c:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-09 16:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
--a------ 2008-05-19 09:57 1400832 C:\Program Files\Curse\CurseClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 17:29 165784 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
--a--c--- 2006-03-15 21:12 1077248 C:\Program Files\DISC\DISCover.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
--a--c--- 2006-03-15 21:11 61440 C:\Program Files\DISC\DISCUpdMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
--a--c--- 2006-03-20 04:05 90112 c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-02-14 23:37 3057152 C:\Program Files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
--a------ 2006-11-27 15:18 1582616 C:\Program Files\DU Meter\DUMeter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 15:56 64512 C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a--c--- 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2005-12-15 13:18 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a--c--- 2006-02-15 17:34 249856 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a--c--- 2005-06-02 01:35 49152 c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
--a--c--- 2005-09-30 00:33 120464 c:\Program Files\Norton Internet Security\CfgWiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISPMonitor]
--a------ 2008-02-23 11:59 442704 C:\Program Files\ISP Monitor\isp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a--c--- 2005-02-02 16:44 61440 C:\hp\KBD\kbd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-09-17 09:55 13574144 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-04-04 14:20 81920 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-09-17 09:55 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a--c--- 2004-11-11 20:50 212992 C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-14 18:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a--c--- 2005-07-22 17:14 237568 C:\WINDOWS\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a--c--- 2004-12-13 21:23 663552 C:\WINDOWS\CREATOR\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a--c--- 2004-11-02 17:59 218240 c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a--c--- 2007-12-24 02:03 1266936 C:\Valve\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-19 03:15 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
--a--c--- 2007-02-12 17:21 734624 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-07-16 15:17 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a--c--- 2005-08-02 18:19 77312 C:\WINDOWS\arpwrmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 01:56 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-09-17 09:55 1657376 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a--c--- 2006-03-08 06:54 16010240 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OpUtils Service"=2 (0x2)
"netflowanalyzer"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BearFlix\\bearflix.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Valve\\Steam\\steamapps\\spenman91\\condition zero\\hl.exe"=
"C:\\Program Files\\Microsoft Games\\Shadowrun\\Shadowrun.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Program Files\\Signal\\Signal.exe"=
"C:\\Program Files\\Common Files\\InstallShield\\Engine\\6\\Intel 32\\IKernel.exe"=
"C:\\Program Files\\PRTG Traffic Grapher\\PRTG Traffic Grapher.exe"=
"C:\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\XBC\\neXBC.exe"=
"G:\\Games\\BF2142.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"D:\\Games Installed\\Orange Box\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\UT2004\\System\\UT2004.exe"=
"D:\\Games Installed\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"G:\\Programs\\AdobePhotoshopElementsMediaServer.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"D:\\Games Installed\\Call Of Duty 4\\iw3mp.exe"=
"D:\\Games Installed\\Mass Effect\\Binaries\\MassEffect.exe"=
"D:\\Games Installed\\Mass Effect\\MassEffectLauncher.exe"=
"D:\\Games Installed\\Crysis\\Bin32\\Crysis.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21906:TCP"= 21906:TCP:BitComet 21906 TCP
"21906:UDP"= 21906:UDP:BitComet 21906 UDP
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;G:\Programs\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
R2 ISPMonitorSrv;ISP Monitor;C:\Program Files\ISP Monitor\ISPMonitorSrv.exe [2007-07-05 36864]
R2 PRTGService;PRTG Service;C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe [2008-01-14 3814728]
R2 prtgwatchservice;PRTG Watchdog;C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe [2006-07-26 443904]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\WINDOWS\system32\DRIVERS\evsbc.sys [2007-06-22 25120]
S1 imagedrvv;imagedrvv;C:\WINDOWS\system32\drivers\imagedrvv.sys [ ]
S2 StmSvc;Softperfect Traffic Meter service process;C:\Program Files\SoftPerfect Traffic Meter\stmsvc.exe [2005-07-18 1077248]
S3 cpuz;cpuz;C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\cpuz.sys [ ]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\WINDOWS\system32\DRIVERS\evserial.sys [2007-06-22 51616]
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv [ ]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 19677]
S3 XDva025;XDva025;C:\WINDOWS\system32\XDva025.sys [ ]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 50048]
S4 netflowanalyzer;ManageEngine NetFlow Analyzer 6;C:\ADVENT~1\ME\NetFlow\bin\wrapper.exe [2007-08-20 126976]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9671ce66-f2e2-11dc-a24f-001731b05535}]
\Shell\Auto\command - J:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5b15151-4972-11dd-9278-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb803bd5-107b-11dc-8b92-001731b05535}]
\Shell\Auto\command - O:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
*Newly Created Service* - 6TO4
*Newly Created Service* - COMHOST
*Newly Created Service* - IP6FW
*Newly Created Service* - TCPIP6
.
Contents of the 'Scheduled Tasks' folder
2008-10-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-10-18 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2005-12-31 00:42]
2008-07-04 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2005-09-09 16:21]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-22 23:21:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
.
Completion time: 2008-10-22 23:22:44
ComboFix-quarantined-files.txt 2008-10-23 04:22:19
ComboFix2.txt 2008-10-21 21:41:24
Pre-Run: 1,392,930,816 bytes free
Post-Run: 1,375,182,848 bytes free
362 --- E O F --- 2008-10-15 08:01:45
|
Senior Member
|
23. October 2008 @ 22:27 |
Link to this message
|
|
I ran everything you suggested. Advanced Windowscare found quite a few errors but repaired them all with the exception of the ones you told me to exclude.
My internet is still not back yet. I am beginning to wonder if this is a Spyware/Virus issue or not concerning the internet.
|
Senior Member
|
24. October 2008 @ 00:59 |
Link to this message
|
Hey Spenman91
I see that Norton is still on your system. Could Symantec be the one blocking your internet?
To find out, do this:
Please then reboot your computer into Safe Mode With Networking by doing the following:
? Restart your computer
? After pressing the power button, repeatedly tap the F8 key.
? Instead of Windows loading as normal, the Advanced Options Menu should appear;
? Select the option to run Windows in Safe Mode With Networking, then press Enter.
? Choose the administrator's account.
See if your internet works here.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
24. October 2008 @ 15:58 |
Link to this message
|
|
I'll try that when I get home, I thought that could be the issue.
I used the program you recommend to attempt to remove Nortons but it said something about no being able to uninstall it, and needed to open Nortons and do something involving administrative privileges, so I was still unable to remove Nortons. However, I may have been doing something incorrectly during the uninstall process using the software. I will give it another attempt once I am home.
Edit: I just got home and was able to get internet to work in safe mode. I then uninstalled Nortons using the Nortons Removal Tool which I acquired from a website other than Nortons because I didn't have the key code. I just rebooted and I now have internet.
Is all of my spware and infection gone? My computer runs much better than it did even before the viruses and spyware. If my computer is clean, thank you for all of your help, it is much appreciated.
This message has been edited since posting. Last time this message was edited on 24. October 2008 @ 17:55
|
Senior Member
|
25. October 2008 @ 04:28 |
Link to this message
|
Hey Spenman91
Wonderful! So Symantec was the problem! I recommend Antivir as an antivirus, as it has better detection than any other antivirus.
Post a new HijackThis log so that I can see if there's anything left to clean up.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
25. October 2008 @ 23:17 |
Link to this message
|
I am very happy to have my computer back up and running as it should. I should have thought to uninstall Nortons when the internet issue began, I had to correct a problem for someone just the other day becuase Zone Alarm was blocking their internet connection. I just never would have thought Nortons would have blocked anything because it was not even configured.
Anyway, Here is the HijackThis log that you requested.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:27 PM, on 10/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Programs\PhotoshopElementsFileAgent.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\Desktop\scanner.exe.exe
C:\WINDOWS\system32\taskmgr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...LION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...LION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...LION&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Knight Online Toolbar Helper - {9D006D63-579B-4D77-9C12-15623661ADDA} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Knight Online Toolbar - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Programs\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - G:\Programs\PhotoshopElementsFileAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PRTG Service (PRTGService) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
O23 - Service: PRTG Watchdog (prtgwatchservice) - Unknown owner - C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Softperfect Traffic Meter service process (StmSvc) - Unknown owner - C:\Program Files\SoftPerfect Traffic Meter\stmsvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
--
End of file - 11416 bytes
|
|
Advertisement
|
|
|
Senior Member
|
26. October 2008 @ 01:54 |
Link to this message
|
Hey Spenman91
Update Java using JavaRa
Please download JavaRa and unzip it to your desktop.
? Double-click on JavaRa.exe to start the program.
? Click on Remove Older Versions to remove the older versions of Java installed on your computer.
? Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
? A logfile will pop up. Please save it to a convenient location.
Then download and install Java Runtime Environment (JRE) 6 Update 7.
After that. you should be good.
Cheers :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
