GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

hello and heres my current problem

View previous topic View next topic Go down

hello and heres my current problem

Post by paulsky on Fri Jan 15, 2010 3:50 pm

hello you already know my username, im here after searching for a solution to a virus problem.

heres my laptop specs,

OS: windows Vista - home premium (32 BIT)
processor: AMD turion ultra dual core mobile ZM-80 2.1GHz
RAM: 2GB

i was recently infected with trojans which bypassed my security and sent files to the trojans user... i downloade malware bytes and scanned my hard drive using MALWARE BYTES, AVG 9 and CCLEANER... it appears to be all clean but im told by a friend that i may have to format my hard drive just to be sure... this has nme worried as i will lose important files... as i have been stupid and backed nothing up.

what is your diagnosis of the situation.

oh and why do people have to ruin other peoples lives with this software it makes me so angry having to change passwords and stuff because of incidents like this (Gunsmoke)

paulsky
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2010-01-15
OS : windows vista - home premium
Points : 25388
# Likes : 0

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by Dr Jay on Sat Jan 16, 2010 6:19 am

Please visit this webpage for instructions for downloading and running ComboFix:

[You must be registered and logged in to see this link.]

Post the log from ComboFix when you've accomplished that.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by paulsky on Sat Jan 16, 2010 11:00 am

ill get on it and reply with the results also id like to point out that my mouse is clicking more than once now when i only click once also it seems to click on its own sometimes, i disabled touch clicking on my mouse pad but it seems to have had no effect

paulsky
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2010-01-15
OS : windows vista - home premium
Points : 25388
# Likes : 0

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by paulsky on Sat Jan 16, 2010 11:29 am

heres the report *fingers crossed*

ComboFix 10-01-15.05 - paulsky 16/01/2010 11:12:09.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.858 [GMT 0:00]
Running from: c:\users\paulsky\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2286261249-2696303160-3064204685-500
c:\$recycle.bin\S-1-5-21-3553129364-3174251934-2841646252-500

.
((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 )))))))))))))))))))))))))))))))
.

2010-01-16 11:22 . 2010-01-16 11:23 -------- d-----w- c:\users\paulsky\AppData\Local\temp
2010-01-16 11:22 . 2010-01-16 11:22 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-01-16 11:22 . 2010-01-16 11:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-16 11:22 . 2010-01-16 11:22 -------- d-----w- c:\users\other people\AppData\Local\temp
2010-01-16 11:22 . 2010-01-16 11:22 -------- d-----w- c:\users\Andrew\AppData\Local\temp
2010-01-16 11:06 . 2010-01-16 11:06 -------- d-----w- C:\32788R22FWJFW
2010-01-15 08:29 . 2010-01-13 22:43 1260312 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-01-15 08:29 . 2010-01-13 22:43 2303680 ----a-w- c:\programdata\avg9\update\backup\avgfws9.exe
2010-01-14 00:34 . 2010-01-14 00:33 3776280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-01-14 00:34 . 2010-01-13 22:43 4043032 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-01-14 00:34 . 2010-01-13 22:43 2033432 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2010-01-14 00:34 . 2010-01-13 22:43 2352920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll
2010-01-14 00:34 . 2010-01-13 22:43 916248 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
2010-01-14 00:34 . 2010-01-14 00:32 3966744 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-01-14 00:28 . 2010-01-14 03:25 -------- d-----w- C:\$AVG
2010-01-13 22:43 . 2010-01-13 22:43 25608 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-01-13 22:43 . 2010-01-13 22:43 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-13 04:59 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 04:59 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-11 14:00 . 2010-01-11 14:00 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-01-11 14:00 . 2010-01-11 14:00 -------- d-----w- c:\programdata\avg9
2010-01-11 13:13 . 2010-01-11 13:13 -------- d-----w- c:\users\paulsky\AppData\Roaming\Malwarebytes
2010-01-11 13:13 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-11 13:13 . 2010-01-11 13:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 13:13 . 2010-01-11 13:13 -------- d-----w- c:\programdata\Malwarebytes
2010-01-11 13:13 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-11 12:45 . 2010-01-11 12:45 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-11 09:45 . 2009-12-14 22:14 50176 ----a-w- c:\users\paulsky\AppData\Roaming\Mozilla\Firefox\Profiles\mzmvgptv.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
2010-01-11 09:45 . 2009-12-14 22:14 94208 ----a-w- c:\users\paulsky\AppData\Roaming\Mozilla\Firefox\Profiles\mzmvgptv.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
2010-01-11 09:45 . 2009-12-27 22:20 52224 ----a-w- c:\users\paulsky\AppData\Roaming\Mozilla\Firefox\Profiles\mzmvgptv.default\extensions\{fb0cd3f4-0591-4cde-a9b4-eb36dfc950ac}\components\FFExternalAlert.dll
2010-01-11 09:45 . 2009-12-27 22:20 101376 ----a-w- c:\users\paulsky\AppData\Roaming\Mozilla\Firefox\Profiles\mzmvgptv.default\extensions\{fb0cd3f4-0591-4cde-a9b4-eb36dfc950ac}\components\RadioWMPCore.dll
2010-01-11 01:22 . 2010-01-11 01:24 -------- d-----w- c:\users\paulsky\AppData\Roaming\GetRightToGo
2009-12-25 14:43 . 2009-12-25 14:43 -------- d-----w- C:\Sounds
2009-12-25 14:40 . 2009-12-25 14:40 -------- d-----w- c:\program files\LG Electronics
2009-12-25 14:38 . 2007-11-08 16:26 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2009-12-25 14:38 . 2009-12-25 15:01 -------- d-----w- c:\users\paulsky\AppData\Roaming\LG Electronics
2009-12-25 14:38 . 2009-12-25 15:01 -------- d-----w- c:\program files\LG PC Suite II
2009-12-21 00:02 . 2009-12-22 23:44 -------- d-----w- c:\program files\Euro Gunz v8.5.8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 11:07 . 2008-07-28 09:33 12780 ----a-w- c:\windows\bthservsdp.dat
2010-01-15 23:00 . 2008-12-17 08:38 -------- d-----w- c:\program files\Ares Galaxy FasterDownload
2010-01-13 22:44 . 2009-07-06 12:56 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-13 22:43 . 2009-07-06 12:56 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-13 22:43 . 2009-07-06 12:56 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-13 22:43 . 2009-07-06 12:56 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-13 05:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-11 14:00 . 2008-12-11 15:31 -------- d-----w- c:\program files\AVG
2010-01-11 12:46 . 2008-12-16 00:28 -------- d-----w- c:\program files\Google
2010-01-11 12:46 . 2009-05-10 21:20 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-11 12:46 . 2009-01-15 16:29 -------- d-----w- c:\program files\DivX
2009-12-25 14:40 . 2008-05-27 07:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-25 07:44 . 2009-03-16 22:02 -------- d-----w- c:\program files\Steam
2009-12-24 11:31 . 2009-03-16 22:02 -------- d-----w- c:\program files\Common Files\Steam
2009-12-24 11:30 . 2008-10-10 07:19 72312 ----a-w- c:\users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-22 03:05 . 2009-03-25 00:26 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-22 02:45 . 2008-10-08 13:03 680 ----a-w- c:\users\paulsky\AppData\Local\d3d9caps.dat
2009-12-12 03:00 . 2009-12-12 03:00 -------- d-----w- c:\programdata\Nokia
2009-12-12 02:55 . 2009-12-12 02:50 -------- d-----w- c:\users\paulsky\AppData\Roaming\Nokia
2009-12-12 02:54 . 2009-12-12 02:50 -------- d-----w- c:\users\paulsky\AppData\Roaming\PC Suite
2009-12-12 02:52 . 2009-12-12 02:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-12 02:51 . 2009-12-12 02:50 -------- d-----w- c:\programdata\PC Suite
2009-12-12 02:47 . 2009-12-12 02:46 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-12 02:46 . 2009-12-12 02:36 -------- d-----w- c:\program files\Nokia
2009-12-12 02:45 . 2009-12-12 02:45 -------- d-----w- c:\program files\DIFX
2009-12-12 02:44 . 2009-12-12 02:44 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-12 02:37 . 2009-12-12 02:37 12212040 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2009-12-12 02:36 . 2009-12-12 02:36 13930312 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2009-12-12 02:36 . 2009-12-12 02:36 77824 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-12 02:36 . 2009-12-12 02:36 61440 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx86.exe
2009-12-12 02:36 . 2009-12-12 02:36 58880 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx64.exe
2009-12-12 02:36 . 2009-12-12 02:36 50000 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\pcswpc.exe
2009-12-12 02:36 . 2009-12-12 02:36 -------- d-----w- c:\programdata\OviInstallerCache
2009-12-12 02:36 . 2009-12-12 02:36 94628904 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Nokia_Ovi_Suite_webinstaller_ALL.exe
2009-11-02 20:42 . 2009-10-03 22:51 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 00:07 . 2009-10-30 00:07 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 09:17 . 2009-11-25 03:01 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-28 23:47 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-09-15 05:47 1784856 ----a-w- c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-09-29 842816]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-14 2033432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=c:\windows\pss\Clean Access Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk
backup=c:\windows\pss\Philips GoGear VIBE Device Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^paulsky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\users\paulsky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccelerometerSysTrayApplet]
2008-04-17 16:52 73008 ----a-w- c:\windows\System32\accelerometerST.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 12:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 04:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-11-23 00:24 203208 ----a-w- c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 15:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-01-14 00:33 2033432 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Diamondback]
2007-08-01 14:07 147456 ----a-w- c:\program files\Razer\Diamondback 3G\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 20:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-11-20 14:44 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-07-12 19:43 226904 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-28 20:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2009-10-27 15:10 401728 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-11-02 01:42 554288 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-03-14 15:45 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-05-15 05:56 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 00:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 17:24 32768 ----a-w- c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-30 10:28 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-14 11:22 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 22:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
2006-11-02 12:35 176128 ----a-w- c:\windows\System32\wpcumi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4f,53,84,79,87,47,ca,01

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\System32\drivers\Amddfltr.sys [28/07/2008 09:48 15416]
R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\drivers\AVGIDSvx.sys [13/01/2010 22:43 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [13/01/2010 22:43 161800]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [11/01/2010 14:00 24856]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [06/07/2009 12:56 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [06/07/2009 12:56 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [13/01/2010 22:43 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [13/01/2010 22:43 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [11/01/2010 14:02 5832712]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 02:23 21504]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [27/03/2008 01:27 595248]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [13/01/2010 22:43 122376]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [13/01/2010 22:43 30216]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [13/01/2010 22:43 27800]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [23/01/2008 21:23 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [01/04/2008 11:14 81296]
R3 vfs101x;vfs101x;c:\windows\System32\drivers\vfs101x.sys [27/03/2008 01:28 40752]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [03/04/2009 13:20 717296]
S2 gupdate1ca92bbfaa10203;Google Update Service (gupdate1ca92bbfaa10203);c:\program files\Google\Update\GoogleUpdate.exe [11/01/2010 12:45 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:23 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [06/10/2009 13:24 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\System32\drivers\DB3G.sys [25/12/2008 17:51 13225]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe [27/06/2008 19:53 77824]
S4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [27/05/2008 07:43 193840]
S4 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18/03/2008 23:24 24880]
S4 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [22/08/2008 15:32 361808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 12:45]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 12:45]

2010-01-16 c:\windows\Tasks\HPCeeScheduleForpaulsky.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-27 22:14]

2010-01-16 c:\windows\Tasks\User_Feed_Synchronization-{9A47604B-EA67-4E9B-A171-C010CD561C92}.job
- c:\windows\system32\msfeedssync.exe [2009-12-08 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\wpclsp.dll
DPF: {5EE6BFED-B016-4FE4-9781-789522416391} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\paulsky\AppData\Roaming\Mozilla\Firefox\Profiles\mzmvgptv.default\
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\users\paulsky\AppData\Roaming\Mozilla\Firefox\Profiles\mzmvgptv.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
FF - component: c:\users\paulsky\AppData\Roaming\Mozilla\Firefox\Profiles\mzmvgptv.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-Internet Security Service - c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
MSConfigStartUp-O2Start - c:\program files\O2CM-CE\O2 Connection Manager\tscui.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-Yahoo Messsenger - c:\users\paulsky\AppData\Roaming\support\svchost.exe
MSConfigStartUp-ZangoOE - c:\program files\Zango\bin\10.3.75.0\OEAddOn.exe
MSConfigStartUp-ZangoSA - c:\program files\Zango\bin\10.3.75.0\ZangoSA.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-16 11:23
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PEVSystemStart]
"ImagePath"="\"c:\combofix\PEV.cfxxe\" EXEC /i \"c:\combofix\REGT.cfxxe\" /S \"c:\combofix\CregB.dat\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2286261249-2696303160-3064204685-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6c,46,3e,63,f2,b1,4c,f7,3c,30,25,5b,4e,7e,ae,e4,6d,b7,29,93,da,e5,3f,
31,a1,2a,f3,2c,46,d1,63,d2,b6,9a,be,48,4e,b0,eb,ad,c9,c5,4e,07,25,85,78,45,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d

[HKEY_USERS\S-1-5-21-2286261249-2696303160-3064204685-1000\Software\SecuROM\License information*]
"datasecu"=hex:ea,f8,43,4a,02,eb,67,ab,95,ec,d4,f3,9e,83,af,b5,36,5d,9a,0e,ce,
f7,86,2c,72,dc,ec,ff,55,5d,ee,ec,5a,0b,3c,6e,ef,38,33,8b,4b,14,93,80,50,f1,\
"rkeysecu"=hex:56,c6,0d,e0,20,27,f2,5f,5e,7a,0c,15,6c,01,a7,f3

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\DPPWDFLT.dll
.
Completion time: 2010-01-16 11:26:15
ComboFix-quarantined-files.txt 2010-01-16 11:26

Pre-Run: 29,031,915,520 bytes free
Post-Run: 29,252,751,360 bytes free

- - End Of File - - 2AA82CC116E8938A958DBC1A53ABAD46

paulsky
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2010-01-15
OS : windows vista - home premium
Points : 25388
# Likes : 0

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by Dr Jay on Sun Jan 17, 2010 2:31 am

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by paulsky on Sun Jan 17, 2010 7:54 pm

heres the Mbam Report

Malwarebytes' Anti-Malware 1.44
Database version: 3584
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

17/01/2010 19:52:36
mbam-log-2010-01-17 (19-52-36).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 338703
Time elapsed: 1 hour(s), 32 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

im worried that there might also be a threat hiding itself from the scan and hiding itself, man am i paranoid now i got this ... sigh

paulsky
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2010-01-15
OS : windows vista - home premium
Points : 25388
# Likes : 0

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by paulsky on Sun Jan 17, 2010 7:54 pm

heres the Mbam Report

Malwarebytes' Anti-Malware 1.44
Database version: 3584
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

17/01/2010 19:52:36
mbam-log-2010-01-17 (19-52-36).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 338703
Time elapsed: 1 hour(s), 32 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

im worried that there might also be a threat hiding itself from the scan and hiding itself, man am i paranoid now i got this ... sigh

paulsky
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2010-01-15
OS : windows vista - home premium
Points : 25388
# Likes : 0

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by Dr Jay on Sun Jan 17, 2010 9:36 pm

Please download the [You must be registered and logged in to see this link.]. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by paulsky on Sun Jan 17, 2010 11:07 pm

will get on it and get back to you Smile

paulsky
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2010-01-15
OS : windows vista - home premium
Points : 25388
# Likes : 0

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by paulsky on Mon Jan 18, 2010 12:24 am

heres the report, it should be noted that windows came up with a popup twice saying that the program had stopped working, but after the third attempt the results are as follows.

GMER 1.0.15.15281 - [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-18 00:19:51
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\paulsky\AppData\Local\Temp\kftdyfod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys ZwOpenProcess [0xAAD0A620]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys ZwTerminateProcess [0xAAD0A6D0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys ZwTerminateThread [0xAAD0A770]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys ZwWriteVirtualMemory [0xAAD0A810]

INT 0x61 ? 87C00BF8
INT 0x61 ? 87C00BF8
INT 0x61 ? 87C00BF8
INT 0x71 ? 85491BF8
INT 0x71 ? 85491BF8
INT 0x71 ? 85491BF8
INT 0x71 ? 85491BF8
INT 0x71 ? 87C00BF8
INT 0x71 ? 87C00BF8
INT 0xA2 ? 85493BF8
INT 0xB2 ? 85493BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 826C0B34 4 Bytes [20, A6, D0, AA]
.text ntkrnlpa.exe!KeSetEvent + 621 826C0D64 8 Bytes [D0, A6, D0, AA, 70, A7, D0, ...]
.text ntkrnlpa.exe!KeSetEvent + 681 826C0DC4 4 Bytes [10, A8, D0, AA]
? System32\Drivers\spqv.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9D403000, 0x1FA4DA, 0xE8000020]
.text USBPORT.SYS!DllUnload 9D9AC41B 5 Bytes JMP 87C001D8
.text a72cf5q8.SYS 9DE61000 22 Bytes [82, 43, 9D, 82, 6C, 42, 9D, ...]
.text a72cf5q8.SYS 9DE61017 45 Bytes [00, 32, A7, 71, 80, 3D, A5, ...]
.text a72cf5q8.SYS 9DE61045 135 Bytes [AA, 6B, 82, FD, 29, 65, 82, ...]
.text a72cf5q8.SYS 9DE610CE 10 Bytes [00, 00, 00, 00, 00, 00, 6D, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; INSD ; POPF ; SCASB ; DEC EAX}
.text a72cf5q8.SYS 9DE610DA 12 Bytes [00, 00, 02, 00, 00, 00, 26, ...]
.text ...
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xB06EB300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xB072E300, 0x1BEE, 0xE8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806116D2] \SystemRoot\System32\Drivers\spqv.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80611040] \SystemRoot\System32\Drivers\spqv.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806117FC] \SystemRoot\System32\Drivers\spqv.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806110BE] \SystemRoot\System32\Drivers\spqv.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8061113C] \SystemRoot\System32\Drivers\spqv.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80621048] \SystemRoot\System32\Drivers\spqv.sys
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortNotification] 009E840F
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortWritePortUchar] 8B660000
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortWritePortUlong] 89662448
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 4D8BE84D
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 02C183E8
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortGetScatterGatherList] EA4D8966
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortReadPortUchar] 0320488B
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortStallExecution] 08458DC8
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortGetParentBusType] 8D575750
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortRequestCallback] 6850F045
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortWritePortBufferUshort] B0020000
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 50E8458D
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortCompleteRequest] 6FBC35FF
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortMoveMemory] 4D899DE8
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 45C757EC
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 000001F0
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] E5FEE800
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortReadPortUshort] C73B0001
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C8A14675
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortInitialize] 6A9DE86F
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortGetDeviceBase] 9A888D52
IAT \SystemRoot\System32\Drivers\a72cf5q8.SYS[ataport.SYS!AtaPortDeviceStateChange] 83000000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 862491F8

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys

Device \FileSystem\fastfat \FatCdrom A0662500

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 862251F8
Device \Driver\usbohci \Device\USBPDO-0 87BFF1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{E29570C8-7B75-445E-ACD6-9C4D1B80C663} 9EF291F8
Device \Driver\usbohci \Device\USBPDO-1 87BFF1F8
Device \Driver\usbehci \Device\USBPDO-2 87BFE1F8
Device \Driver\usbohci \Device\USBPDO-3 87BFF1F8
Device \Driver\usbohci \Device\USBPDO-4 87BFF1F8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbehci \Device\USBPDO-5 87BFE1F8
Device \Driver\volmgr \Device\HarddiskVolume1 862251F8
Device \Driver\volmgr \Device\HarddiskVolume2 862251F8
Device \Driver\cdrom \Device\CdRom0 87C111F8
Device \Driver\netbt \Device\NetBT_Tcpip_{FDC18415-00E6-4671-BC66-B928682A26BA} 9EF291F8
Device \Driver\cdrom \Device\CdRom1 87C111F8
Device \Driver\atapi \Device\Ide\IdePort0 862281F8
Device \Driver\atapi \Device\Ide\IdePort1 862281F8
Device \Driver\netbt \Device\NetBT_Tcpip_{7018BB7D-4B93-43AC-BA00-404A7D8EF1A3} 9EF291F8
Device \Driver\netbt \Device\NetBt_Wins_Export 9EF291F8
Device \Driver\Smb \Device\NetbiosSmb 9EF211F8
Device \Driver\PCI_PNP5539 \Device\00000094 spqv.sys

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\iScsiPrt \Device\RaidPort1 87CE81F8

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\sptd \Device\1287969578 spqv.sys
Device \Driver\usbohci \Device\USBFDO-0 87BFF1F8
Device \Driver\usbohci \Device\USBFDO-1 87BFF1F8
Device \Driver\usbehci \Device\USBFDO-2 87BFE1F8
Device \Driver\usbohci \Device\USBFDO-3 87BFF1F8
Device \Driver\usbohci \Device\USBFDO-4 87BFF1F8
Device \Driver\usbehci \Device\USBFDO-5 87BFE1F8
Device \Driver\JMCR \Device\Scsi\JMCR1 87BE31F8
Device \Driver\JMCR \Device\Scsi\JMCR2 87BE31F8
Device \Driver\JMCR \Device\Scsi\JMCR3 87BE31F8
Device \Driver\JMCR \Device\Scsi\JMCR4 87BE31F8
Device \Driver\a72cf5q8 \Device\Scsi\a72cf5q81 87D291F8
Device \Driver\a72cf5q8 \Device\Scsi\a72cf5q81Port8Path0Target0Lun0 87D291F8
Device \FileSystem\fastfat \Fat A0662500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.sys

Device \FileSystem\cdfs \Cdfs 87BF91F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186742848
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186742848@0019b71504b9 0xCD 0x22 0x4D 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186742848@0022b461dc54 0xD9 0x0D 0xFF 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186742848@0023f1a45c62 0x03 0x68 0x0B 0xD5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186742848@001f01141348 0x87 0x4D 0x09 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186742848@0024907fb944 0x00 0xC7 0x31 0x0C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186742848@001f0104bc13 0x8D 0x8E 0x3A 0xC6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186742848@0023d613c440 0x08 0xE1 0xF2 0xC5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186742848@001a75308520 0x62 0x03 0xD9 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186742848@00265dc78683 0x1A 0xDC 0xF5 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186742848@0023b4a803c1 0x58 0xE2 0xEE 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186742848@2021a503099a 0x09 0xBD 0x79 0xFF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0xB2 0xD3 0x38 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xCE 0xC7 0xD0 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x50 0xAF 0xCB 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xD0 0xAB 0xB3 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186742848 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186742848@0019b71504b9 0xCD 0x22 0x4D 0xA7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186742848@0022b461dc54 0xD9 0x0D 0xFF 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186742848@0023f1a45c62 0x03 0x68 0x0B 0xD5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186742848@001f01141348 0x87 0x4D 0x09 0x20 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186742848@0024907fb944 0x00 0xC7 0x31 0x0C ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186742848@001f0104bc13 0x8D 0x8E 0x3A 0xC6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186742848@0023d613c440 0x08 0xE1 0xF2 0xC5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186742848@001a75308520 0x62 0x03 0xD9 0x52 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186742848@00265dc78683 0x1A 0xDC 0xF5 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186742848@0023b4a803c1 0x58 0xE2 0xEE 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186742848@2021a503099a 0x09 0xBD 0x79 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0xB2 0xD3 0x38 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xCE 0xC7 0xD0 0x52 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x50 0xAF 0xCB 0xF7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xD0 0xAB 0xB3 0x02 ...

---- EOF - GMER 1.0.15 ----

paulsky
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2010-01-15
OS : windows vista - home premium
Points : 25388
# Likes : 0

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by Dr Jay on Mon Jan 18, 2010 5:42 am

Please download avast! ANTIROOTKIT from [You must be registered and logged in to see this link.] and save it to your Desktop.

Note: to prevent false positives, please quit all running programs before starting the scan!
  • Double-click on aswar.exe to start the program.
  • Click Show Scan Options.
  • Make sure the following checkboxes have checkmarks in them: hȋdden Files and Directories, hȋdden Services and Drivers, hȋdden Registry Keys and Values, hȋdden Processes, Log all scanned items.
  • Click the big Scan Now! button.
  • Click View scan log. Please post the contents of that log in your next reply. If the scan log will not launch, please tell me.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by paulsky on Mon Jan 18, 2010 11:58 am

hello i have the report saved on my desktop but it wont paste to the box it keeps crashing my browser O_O

paulsky
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2010-01-15
OS : windows vista - home premium
Points : 25388
# Likes : 0

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by Dr Jay on Tue Jan 19, 2010 12:49 am

Odd. Did you open it in Notepad, then copy and paste the report in to your reply?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by paulsky on Tue Jan 19, 2010 10:24 am

yup thats exaxtly what 9 did, after that the browser freezes, i thought it would take a while so i left it but after half an hour it still wouldn't paste it and was still frozen

paulsky
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2010-01-15
OS : windows vista - home premium
Points : 25388
# Likes : 0

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by Dr Jay on Tue Jan 19, 2010 10:33 am

Ok. Upload it to Mediafire.com and paste the link to it here please.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by paulsky on Tue Jan 19, 2010 11:28 am

kk

paulsky
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2010-01-15
OS : windows vista - home premium
Points : 25388
# Likes : 0

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by paulsky on Tue Jan 19, 2010 11:33 am

the file keeps reaching 92% 93% etc then stopping ugh im gonna keep trying

nope for some reason it wont upload, ill come back later and copy and paste in parts (that should take a few hours XD) since the only way i can past it in as to copy parts of it and paste them in peice by peice

paulsky
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2010-01-15
OS : windows vista - home premium
Points : 25388
# Likes : 0

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by Dr Jay on Tue Jan 19, 2010 4:31 pm

Ok. No need for that.

Let us try this, then try to upload again.

Open NOTEPAD.exe and copy/paste the text in the codebox below:
(don't forget to copy and paste REGEDIT4)
Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog]
"Start"=dword:00000004
Save this as fix.reg Choose to "Save type as - All Files"
It should look like this:
Double click on fix.reg & allow it to merge into the registry


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by paulsky on Wed Jan 20, 2010 8:40 pm

I couldn't host it on media-fire so I got it here instead

[You must be registered and logged in to see this link.]

please note this link can only be used once

paulsky
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2010-01-15
OS : windows vista - home premium
Points : 25388
# Likes : 0

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by Dr Jay on Thu Jan 21, 2010 12:49 am

Oh, because it is a 43 mb log. I never thought it would be so large.

Nothing bad found.

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Please close all other applications running on your system.
  • Please double click GetSystemInfo.exe to open it.
  • Click the Settings button.
  • Set it to Maximum
  • IMPORTANT! Then please click Customize - choose Driver / Ports tab and
  • Uncheck Scan Ports.
  • Click Create Report to run it.
  • It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to [You must be registered and logged in to see this link.] and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by paulsky on Sun Jan 24, 2010 4:32 am

right im on it ... sorry i was offline a while

paulsky
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2010-01-15
OS : windows vista - home premium
Points : 25388
# Likes : 0

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by paulsky on Wed Jan 27, 2010 11:11 am

heres your link

[You must be registered and logged in to see this link.]

paulsky
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2010-01-15
OS : windows vista - home premium
Points : 25388
# Likes : 0

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by Dr Jay on Wed Jan 27, 2010 11:51 am

To manually create a new Restore Point

  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
You are now done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by paulsky on Wed Jan 27, 2010 3:20 pm

it wont let me create the restore point it keeps telling me the that the request is not supported (0x80070032)

paulsky
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2010-01-15
OS : windows vista - home premium
Points : 25388
# Likes : 0

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by Dr Jay on Wed Jan 27, 2010 3:48 pm

This happens if the Windows Event Log and the Task Scheduler services are disabled. Follow these steps to fix the problem.
1. Click Start, Services.msc. Press {ENTER}
2. Double-click Windows Event Log
3. In the Start type list box, ensure that Automatic is selected
4. Click Start to start the service, if it's not already running
5. Close the Services console
6. Restart Windows. Then, let me know if you can create a Restore Point now.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by paulsky on Wed Jan 27, 2010 4:41 pm

i got the restore point done and heres the screen317 report

Results of screen317's Security Check version 0.99.1
Windows Vista Service Pack 2 (UAC is disabled!)
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG 9.0
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 11
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

paulsky
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2010-01-15
OS : windows vista - home premium
Points : 25388
# Likes : 0

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by Dr Jay on Wed Jan 27, 2010 9:47 pm

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


See [You must be registered and logged in to see this link.] for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: hello and heres my current problem

Post by paulsky on Thu Jan 28, 2010 10:26 am

thanks for your help. im going to download some of these, i just ran a malware bytes scan and found 1 trojan though *sigh* this is growing tiresome

i took comodo spyware blaster and hp hosts, im currently using google chrome as well as having firefix installed, however firefox has an irritating tendancy to crash so im using google chrome at the moment

paulsky
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2010-01-15
OS : windows vista - home premium
Points : 25388
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum