Applications Won't Run After Virus Removal

View previous topic View next topic Go down

Applications Won't Run After Virus Removal

Post by Charlie2 on 27th April 2010, 3:59 pm

New member with new problem.

I'm using my wife's computer because I ran SUPERAntiSpyware to remove XP Defender from my computer yesterday and now cannot run applications on my computer.
.
I'm using Windows XP Media Edition with COMODO A/V.

I get a desktop but when I click on anything, I get a window with 'Open With', listing possibly all programs in Programs.

When I click on anything in that list, it goes through the whole download routine which it gives me either 'Java missing or if i get to the program to run it gives me 'Application Missing".

I also have another virus; the Google Redirect Trojan, but will work that later when I get able to access my computer.

Please help me. There must be a way.

Additional Info: I went back to the computer and was fooling around with it. I now have redirect as well as XP Defender on it.

Just for drill, I clicked on an a Spam icon which took me back to Firefox. I found that I can use Bookmarks, Home with Search and use the address bar. I still can't run anything from the desktop except this lone program. Very strange, indeed. C2


Last edited by Charlie2 on 27th April 2010, 5:12 pm; edited 1 time in total (Reason for editing : Additional Info)

Charlie2
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-04-26
OS OS : XP
Points Points : 24393
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Applications Won't Run After Virus Removal

Post by Belahzur on 27th April 2010, 8:21 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Can't Access Computer After Trojaan Removal

Post by Charlie2 on 28th April 2010, 1:06 am

I tried to download OTL.exe and I got the following message

C:/Documents and Settings/Admin/Downloads/OTL.exe

Application not found

I'll keep trying. C2

Additional info: I went to Downloads and OTL.exe is there/ I tried to run it and I got the same window: 'Open with', with my Program Files as previously reported. C2

Charlie2
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-04-26
OS OS : XP
Points Points : 24393
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Applications Won't Run After Virus Removal

Post by Belahzur on 28th April 2010, 6:29 pm

Hello.

We need to use the RKill Tool by Grinler

[You must be registered and logged in to see this link.]

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this [You must be registered and logged in to see this link.] if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]
which are renamed copies of rkill.com, and try them instead.

Please download exeHelper from one of the two links.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Try OTL now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Applications Won't Run After Virus Removal

Post by Charlie2 on 1st May 2010, 3:15 am

[You must be registered and logged in to see this link.] wrote:Hello.

We need to use the RKill Tool by Grinler

[You must be registered and logged in to see this link.]

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this [You must be registered and logged in to see this link.] if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]
which are renamed copies of rkill.com, and try them instead.

Please download exeHelper from one of the two links.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Try OTL now.

I tried to download rkill but it loaded and ran almost instaneous and produced a script: " Log located at c:/rkill.log . I went there and there's the same script(text): Process terminated.

It obviously didn't scan anything. C2

Charlie2
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-04-26
OS OS : XP
Points Points : 24393
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Applications Won't Run After Virus Removal

Post by Belahzur on 1st May 2010, 2:56 pm

Did you run exeHelper?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Applications Won't Run After Virus Removal

Post by Charlie2 on 1st May 2010, 4:20 pm

I caan download all programs but once I try to run them, I get the location of th eprogran: [You must be registered and logged in to see this link.] etc, followed by 'application missing'.

I try to run programs off the desk top but I get a window with 'Open with'.

I tried to run rkill but it looked like it ran too fast and didn't leave a log.

To answer your question: No; I didn't run the prograam. Where is it? Something built in Windows?? C2

Charlie2
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-04-26
OS OS : XP
Points Points : 24393
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Applications Won't Run After Virus Removal

Post by Belahzur on 1st May 2010, 6:32 pm

Read my first post, there is 2 tools, RKill, and exeHelper.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Applications Won't Run After Virus Removal

Post by Charlie2 on 1st May 2010, 9:46 pm

[You must be registered and logged in to see this link.] wrote:Read my first post, there is 2 tools, RKill, and exeHelper.

I tried to run both from a DVD made from my clean computer.

I get 'application missing' when I try to run anything.

I can see the programs in the computer but they won't run.

Charlie2
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-04-26
OS OS : XP
Points Points : 24393
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Applications Won't Run After Virus Removal

Post by Charlie2 on 1st May 2010, 10:33 pm

[You must be registered and logged in to see this link.] wrote:
[You must be registered and logged in to see this link.] wrote:Read my first post, there is 2 tools, RKill, and exeHelper.

I tried to run both from a DVD made from my clean computer.

I get 'application missing' when I try to run anything.

I can see the programs in the computer but they won't run.

You can't guess what happened! I was reviewing everything that you told me to do and I got OTL to run. I ran it and now my computer works! I'm going to check now to see if my redirect virus is still with us.

The redirect virus is still with us. At least we can download and run something to fix that.

I do thank you for your help. You're a life saver!

Charlie2
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-04-26
OS OS : XP
Points Points : 24393
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Applications Won't Run After Virus Removal

Post by Charlie2 on 2nd May 2010, 4:53 pm

[You must be registered and logged in to see this link.] wrote:
[You must be registered and logged in to see this link.] wrote:
[You must be registered and logged in to see this link.] wrote:Read my first post, there is 2 tools, RKill, and exeHelper.

I tried to run both from a DVD made from my clean computer.

I get 'application missing' when I try to run anything.

I can see the programs in the computer but they won't run.

You can't guess what happened! I was reviewing everything that you told me to do and I got OTL to run. I ran it and now my computer works! I'm going to check now to see if my redirect virus is still with us.

The redirect virus is still with us. At least we can download and run something to fix that.

I do thank you for your help. You're a life saver!

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:50:39 AM, on 5/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 google.com
O1 - Hosts: 94.75.207.107 google.com.au
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 google.be
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 google.com.br
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 google.ca
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 google.ch
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 google.de
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 google.fr
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 google.ie
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 google.it
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 google.co.jp
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 google.nl
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 google.no
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 google.co.nz
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 google.pl
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 google.se
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 google.co.uk
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 google.co.za
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 search.yahoo.com
O1 - Hosts: 94.75.207.107 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.107 uk.search.yahoo.com
O1 - Hosts: 94.75.207.107 ca.search.yahoo.com
O1 - Hosts: 94.75.207.107 de.search.yahoo.com
O1 - Hosts: 94.75.207.107 fr.search.yahoo.com
O1 - Hosts: 94.75.207.107 au.search.yahoo.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{80C489CA-D524-4DCD-8129-B1572D3BE4AE}: NameServer = 68.105.28.11,68.105.29.11
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: WUSB54GSC - GEMTEKS - C:\Program Files\Linksys\WUSB54GSC\WLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11111 bytes

Charlie2
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-04-26
OS OS : XP
Points Points : 24393
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Applications Won't Run After Virus Removal

Post by Charlie2 on 2nd May 2010, 5:23 pm

[You must be registered and logged in to see this link.] wrote:
[You must be registered and logged in to see this link.] wrote:
[You must be registered and logged in to see this link.] wrote:Read my first post, there is 2 tools, RKill, and exeHelper.

I tried to run both from a DVD made from my clean computer.

I get 'application missing' when I try to run anything.

I can see the programs in the computer but they won't run.

You can't guess what happened! I was reviewing everything that you told me to do and I got OTL to run. I ran it and now my computer works! I'm going to check now to see if my redirect virus is still with us.

The redirect virus is still with us. At least we can download and run something to fix that.

I do thank you for your help. You're a life saver!

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4059

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/2/2010 12:13:05 PM
mbam-log-2010-05-02 (12-13-05).txt

Scan type: Quick scan
Objects scanned: 141487
Time elapsed: 12 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Charlie2
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-04-26
OS OS : XP
Points Points : 24393
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Applications Won't Run After Virus Removal

Post by Belahzur on 2nd May 2010, 9:03 pm

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
C:\WINDOWS\system32\drivers\etc\hosts

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Applications Won't Run After Virus Removal

Post by Charlie2 on 2nd May 2010, 11:10 pm

I get to where it says execute and it tells me that the script copied from above is invalid-should start with a command. So far; working. C2

Charlie2
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-04-26
OS OS : XP
Points Points : 24393
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Applications Won't Run After Virus Removal

Post by Charlie2 on 2nd May 2010, 11:29 pm

Me Bad! You did say all of the quotation. Avenger restarted my computer and is now doing something. Lots of activity(light on front of the computer.) Stand by! C2

Charlie2
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-04-26
OS OS : XP
Points Points : 24393
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Applications Won't Run After Virus Removal

Post by Charlie2 on 3rd May 2010, 12:02 am

Avenger stopped.

I got this message "cannot open c: cleanup.exe Error 5. Access is denied.

The first time it did as you described but produced a short log. Aborted.C2

Charlie2
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-04-26
OS OS : XP
Points Points : 24393
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Applications Won't Run After Virus Removal

Post by Charlie2 on 3rd May 2010, 3:23 am

Here's a copy of the log:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Sun May 02 19:00:29 2010

19:00:16: Error: can't open file 'C:\cleanup.exe' (error 5: access is denied.)
19:00:22: Error: Could not open cleanup program.
Aborting execution! (error 6: the handle is invalid.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Sun May 02 19:00:53 2010

19:00:45: Error: can't open file 'C:\cleanup.exe' (error 5: access is denied.)
19:00:49: Error: Could not open cleanup program.
Aborting execution! (error 6: the handle is invalid.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Sun May 02 19:01:08 2010

19:01:03: Error: can't open file 'C:\cleanup.exe' (error 5: access is denied.)
19:01:05: Error: Could not open cleanup program.
Aborting execution! (error 6: the handle is invalid.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Sun May 02 19:03:25 2010

19:03:09: Error: can't open file 'C:\cleanup.exe' (error 5: access is denied.)
19:03:14: Error: Could not open cleanup program.
Aborting execution! (error 6: the handle is invalid.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Sun May 02 19:03:53 2010

19:03:42: Error: can't open file 'C:\cleanup.exe' (error 5: access is denied.)
19:03:45: Error: Could not open cleanup program.
Aborting execution! (error 6: the handle is invalid.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Sun May 02 19:04:22 2010

19:04:14: Error: can't open file 'C:\cleanup.exe' (error 5: access is denied.)
19:04:16: Error: Could not open cleanup program.
Aborting execution! (error 6: the handle is invalid.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Sun May 02 19:06:27 2010

19:06:23: Error: can't open file 'C:\cleanup.exe' (error 5: access is denied.)
19:06:24: Error: Could not open cleanup program.
Aborting execution! (error 6: the handle is invalid.)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\drivers\etc\hosts" not found!
Deletion of file "C:\WINDOWS\system32\drivers\etc\hosts" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Charlie2
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-04-26
OS OS : XP
Points Points : 24393
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Applications Won't Run After Virus Removal

Post by Charlie2 on 3rd May 2010, 3:32 pm

From my limited knowledge of what I'm supposed to see, the hosts file no longer exists at least as malwarebytes and hijack this indicate.

I tried search and the computer is going where it's supposed to. No redirect!

Let me keep an eye on this beast and see if it's gone for real.

If so; I owe you big! You've accomplished what some other people couldn't. C2

Charlie2
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-04-26
OS OS : XP
Points Points : 24393
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Applications Won't Run After Virus Removal

Post by Belahzur on 3rd May 2010, 9:58 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Applications Won't Run After Virus Removal

Post by Charlie2 on 4th May 2010, 1:41 am

I'm back on my wife's computer because I ran combofix per directions.

It completed it's scan and printed a log in C:/. The log looked liked it deleted a heckuva lot of stuff.

Now; I can't access the Internet to publish the log but right now, I can't enter Firefox and Geek Police.

I checked and all Internet connections haven't changed since I last had it up and running(prior to running Combofix. C2

Charlie2
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-04-26
OS OS : XP
Points Points : 24393
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Applications Won't Run After Virus Removal

Post by Charlie2 on 4th May 2010, 2:33 am

Here''s a ciopy of the log. See if you can figure it out.

ComboFix 10-05-03.03 - Administrator 05/03/2010 19:40:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1406 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-

F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions

)))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Administrator\Local Settings\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\1b1718d
c:\documents and settings\All Users\Application Data\1b1718d\536.mof
c:\documents and settings\All Users\Application Data\1b1718d\BackUp\Firefox Preloader.lnk
c:\documents and settings\All Users\Application Data\1b1718d\BackUp\HP Digital Imaging

Monitor.lnk
c:\documents and settings\All Users\Application Data\1b1718d\BackUp\OpenOffice.org 3.1.lnk
c:\documents and settings\All Users\Application Data\1b1718d\BackUp\Updates From HP.lnk
c:\documents and settings\All Users\Application Data\1b1718d\CUA.ico
c:\documents and settings\All Users\Application Data\1b1718d\CUASys\vd952342.bd
c:\documents and settings\All Users\Application Data\1b1718d\mozcrt19.dll
c:\documents and settings\All Users\Application Data\1b1718d\sqlite3.dll
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Start Menu\Programs\Math Advantage
c:\documents and settings\HP_Administrator\System
c:\documents and settings\HP_Administrator\System\win_qs8.jqx
c:\program files\WindowsUpdate
c:\recycler\S-1-5-21-1094055662-2996563461-3734226956-1007
c:\recycler\S-1-5-21-2572421180-1643941509-4216002024-1007
c:\windows\system32\winsrc.dll.tmp
D:\Autorun.inf

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04

)))))))))))))))))))))))))))))))
.

2010-05-02 01:16 . 2010-05-02 02:02 -------- d-----w- c:\program

files\Common Files\PC Tools
2010-05-02 01:16 . 2010-05-02 01:34 -------- d-----w- c:\documents and

settings\All Users\Application Data\PC Tools
2010-05-02 01:14 . 2010-05-02 01:59 -------- d-----w- c:\documents and

settings\Administrator\Application Data\GetRightToGo
2010-04-28 04:02 . 2010-04-28 04:02 -------- d-----w- c:\documents and

settings\Administrator\Local Settings\Application Data\Help
2010-04-27 17:21 . 2010-04-27 17:21 -------- d-----w- c:\documents and

settings\Administrator\Local Settings\Application Data\IsolatedStorage
2010-04-27 17:18 . 2010-04-27 17:18 -------- d-----w- c:\documents and

settings\Administrator\Application Data\Ulead Systems
2010-04-26 18:05 . 2010-05-02 17:00 -------- d-----w- c:\program

files\Malwarebytes' Anti-Malware
2010-04-26 17:39 . 2010-04-26 17:50 87104 ----a-w- c:\windows\system32

\drivers\inspect.sys
2010-04-26 17:39 . 2010-04-26 17:50 171552 ----a-w- c:\windows\system32

\guard32.dll
2010-04-26 17:39 . 2010-04-26 17:50 25160 ----a-w- c:\windows\system32

\drivers\cmdhlp.sys
2010-04-26 17:39 . 2010-04-26 17:50 134344 ----a-w- c:\windows\system32

\drivers\cmdguard.sys
2010-04-26 13:43 . 2010-04-26 13:43 52224 ----a-w- c:\documents and

settings\Administrator\Application

Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-26 13:43 . 2010-05-01 22:42 117760 ----a-w- c:\documents and

settings\Administrator\Application

Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-26 13:42 . 2010-04-26 13:42 -------- d-----w- c:\documents and

settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-04-26 13:42 . 2010-04-26 13:42 -------- d-----w- c:\program

files\Common Files\Wise Installation Wizard
2010-04-26 13:36 . 2010-04-26 13:36 -------- d-----w- c:\documents and

settings\Administrator\Application Data\Sierra
2010-04-25 01:12 . 2010-04-25 01:12 -------- d-----w- c:\documents and

settings\Administrator\Local Settings\Application Data\Yahoo
2010-04-24 16:55 . 2010-05-03 04:52 -------- d-----w- c:\documents and

settings\Administrator\Application Data\ArcSoft
2010-04-24 13:28 . 2010-04-24 13:28 -------- d-----w- c:\documents and

settings\Administrator\Application Data\TeamViewer
2010-04-23 19:11 . 2010-04-23 19:11 -------- d-----w- c:\documents and

settings\Administrator\Local Settings\Application Data\COMODO
2010-04-23 17:46 . 2010-04-23 17:46 95024 ----a-w- c:\windows\system32

\drivers\SBREDrv.sys
2010-04-23 17:43 . 2010-04-23 17:43 -------- d-----w- c:\documents and

settings\Administrator\Local Settings\Application Data\Google
2010-04-23 17:43 . 2010-04-23 17:43 -------- d-----w- c:\program

files\Google
2010-04-23 17:43 . 2010-04-23 17:46 -------- d-----w- c:\documents and

settings\All Users\Application Data\Lavasoft
2010-04-20 07:23 . 2010-04-20 07:23 -------- d-----w- C:\VritualRoot
2010-04-20 07:23 . 2010-04-20 07:23 -------- d-----w- c:\documents and

settings\All Users\Application Data\COMODO
2010-04-20 07:19 . 2010-04-20 07:19 5542592 ----a-w- c:\documents and

settings\All Users\Application Data\Comodo Downloader\hopsurf.exe
2010-04-20 07:19 . 2010-04-20 07:20 -------- d-----w- c:\documents and

settings\All Users\Application Data\Comodo Downloader
2010-04-20 07:01 . 2010-04-20 07:01 -------- d-----w- c:\windows\system32

\wbem\Repository
2010-04-20 06:58 . 2010-04-20 06:58 -------- d-----w- c:\program

files\CCleaner
2010-04-20 06:58 . 2010-04-20 06:58 -------- d-----w- c:\program

files\McAfeeMOBK
2010-04-20 06:58 . 2010-04-20 06:58 -------- d-----w- c:\program

files\McAfee
2010-04-20 06:58 . 2010-04-20 06:58 -------- d-----w- c:\program

files\Eusing Free Registry Cleaner
2010-04-20 06:58 . 2010-04-24 14:13 -------- d-----w- c:\program

files\COMODO
2010-04-20 06:57 . 2010-04-25 07:26 -------- d-----w- c:\documents and

settings\Administrator\Application Data\HPQ
2010-04-19 16:20 . 2010-01-22 17:06 40603920 ----a-w-

C:\CIS_Setup_3.13.125662.579_XP_Vista_x32.exe
2010-04-18 01:58 . 2010-04-18 07:18 -------- d-----w- c:\documents and

settings\Administrator\Tracing
2010-04-18 01:43 . 2010-04-18 01:43 -------- d-----w- c:\program

files\Common Files\Windows Live
2010-04-17 10:11 . 2010-04-17 10:11 262144 ----a-w- C:\ntuser.dat
2010-04-17 10:11 . 2010-04-17 10:11 -------- d-----w- c:\documents and

settings\Administrator\Local Settings\Application Data\Yahoo!
2010-04-17 10:10 . 2010-04-26 14:42 -------- d-----w- c:\documents and

settings\All Users\Application Data\Yahoo! Companion
2010-04-17 10:10 . 2010-04-27 11:53 -------- d-----w- c:\documents and

settings\Administrator\Application Data\Yahoo!
2010-04-15 10:50 . 2010-04-15 10:50 -------- d-----w- c:\documents and

settings\Administrator\Application Data\Canneverbe Limited
2010-04-15 03:40 . 2010-04-15 03:40 388096 ----a-r- c:\documents and

settings\Administrator\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-

B7AFBF24A24A}\HiJackThis.exe
2010-04-14 00:57 . 2010-04-27 12:12 -------- d-----w- c:\documents and

settings\Administrator\Application Data\HPAppData
2010-04-12 08:12 . 2010-04-12 08:12 -------- d-----w- c:\documents and

settings\LocalService\Local Settings\Application Data\Identities
2010-04-12 06:57 . 2010-04-12 06:57 -------- d-----w- c:\program

files\Alwil Software
2010-04-12 06:57 . 2010-04-12 06:57 -------- d-----w- c:\documents and

settings\All Users\Application Data\Alwil Software
2010-04-12 03:26 . 2010-04-12 03:26 -------- d-----w- c:\documents and

settings\Administrator\Application Data\Malwarebytes
2010-04-09 03:52 . 2010-04-09 03:52 -------- d-----w- c:\documents and

settings\Administrator\Local Settings\Application Data\Identities
2010-04-09 01:53 . 2010-04-18 05:46 125952 ----a-w- c:\documents and

settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-04-09 01:53 . 2010-04-18 08:34 1894176 --sha-w- c:\windows\system32

\drivers\fidbox.dat
2010-04-09 01:53 . 2010-04-18 08:34 123936 --sha-w- c:\windows\system32

\drivers\fidbox2.dat
2010-04-09 01:44 . 2010-04-09 01:44 -------- d-----w- c:\documents and

settings\Administrator\Local Settings\Application Data\Downloaded Installations
2010-04-09 01:39 . 2010-04-18 07:24 -------- d-----w- c:\program

files\Common Files\ParetoLogic
2010-04-09 01:39 . 2010-04-18 07:24 -------- d-----w- c:\documents and

settings\All Users\Application Data\ParetoLogic
2010-04-09 01:01 . 2010-04-09 01:03 -------- d-----w- c:\windows\system32

\NtmsData
2010-04-08 20:49 . 2010-05-02 19:55 -------- d-----w- c:\documents and

settings\Administrator\Local Settings\Application Data\Adobe
2010-04-08 19:31 . 2010-04-08 19:31 61440 ----a-w- c:\documents and

settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-

61149cf9-n\decora-sse.dll
2010-04-08 19:31 . 2010-04-08 19:31 503808 ----a-w- c:\documents and

settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-

477c1c26-n\msvcp71.dll
2010-04-08 19:31 . 2010-04-08 19:31 499712 ----a-w- c:\documents and

settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-

477c1c26-n\jmc.dll
2010-04-08 19:31 . 2010-04-08 19:31 348160 ----a-w- c:\documents and

settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-

477c1c26-n\msvcr71.dll
2010-04-08 19:31 . 2010-04-08 19:31 12800 ----a-w- c:\documents and

settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-

61149cf9-n\decora-d3d.dll
2010-04-08 19:26 . 2010-04-08 19:26 -------- d-----w- c:\documents and

settings\Administrator\Local Settings\Application Data\Mozilla
2010-04-08 19:22 . 2010-04-08 19:22 -------- d-----w- c:\documents and

settings\Administrator\Application Data\PriceGong
2010-04-08 19:22 . 2010-04-08 19:22 -------- d-----w- c:\documents and

settings\Administrator\Application Data\Creative
2010-04-08 19:21 . 2010-04-08 19:21 -------- d-----w- c:\documents and

settings\Administrator\Application Data\WTablet
2010-04-07 23:27 . 2010-04-07 23:27 -------- d-----w- c:\documents and

settings\Charlie2\Local Settings\Application Data\HP
2010-04-07 10:44 . 2010-04-07 10:44 -------- d-----w- c:\documents and

settings\Charlie2\Local Settings\Application Data\IsolatedStorage
2010-04-07 05:41 . 2010-04-07 05:41 503808 ----a-w- c:\documents and

settings\Charlie2\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7d907a46

-n\msvcp71.dll
2010-04-07 05:41 . 2010-04-07 05:41 499712 ----a-w- c:\documents and

settings\Charlie2\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7d907a46

-n\jmc.dll
2010-04-07 05:41 . 2010-04-07 05:41 348160 ----a-w- c:\documents and

settings\Charlie2\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7d907a46

-n\msvcr71.dll
2010-04-07 05:41 . 2010-04-07 05:41 61440 ----a-w- c:\documents and

settings\Charlie2\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-36f4407b

-n\decora-sse.dll
2010-04-07 05:41 . 2010-04-07 05:41 12800 ----a-w- c:\documents and

settings\Charlie2\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-36f4407b

-n\decora-d3d.dll
2010-04-07 02:15 . 2010-04-07 02:15 -------- d-----w- c:\documents and

settings\Charlie2\Application Data\HPQ
2010-04-07 02:08 . 2010-04-07 02:08 -------- d-----w- c:\documents and

settings\Charlie2\Local Settings\Application Data\Identities
2010-04-07 01:52 . 2010-04-07 09:27 -------- d-----w- c:\documents and

settings\Charlie2\Local Settings\Application Data\Adobe
2010-04-06 23:02 . 2010-04-06 23:02 -------- d-----w- c:\documents and

settings\Charlie2\Application Data\Malwarebytes
2010-04-06 22:47 . 2010-04-07 23:28 -------- d-----w- c:\documents and

settings\Charlie2\Application Data\HPAppData
2010-04-06 22:45 . 2010-04-06 22:45 -------- d-----w- c:\documents and

settings\Charlie2\Application Data\PriceGong
2010-04-06 22:26 . 2010-04-06 22:26 -------- d-----w- c:\documents and

settings\Charlie2\Local Settings\Application Data\Mozilla
2010-04-05 01:35 . 2010-04-05 01:35 388096 ----a-r- c:\documents and

settings\HP_Administrator\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-

B7AFBF24A24A}\HiJackThis.exe
2010-04-05 01:35 . 2010-04-05 01:35 -------- d-----w- c:\program

files\TrendMicro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report

))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 00:32 . 2010-03-22 06:39 1474832 ----a-w- c:\windows\system32

\drivers\sfi.dat
2010-05-03 03:01 . 2009-10-22 23:15 -------- d-----w- c:\documents and

settings\LocalService\Application Data\WTablet
2010-05-02 19:57 . 2007-01-17 12:03 -------- d-----w- c:\program

files\ArcSoft
2010-05-02 19:57 . 2006-08-15 07:55 -------- d--h--w- c:\program

files\InstallShield Installation Information
2010-05-02 19:56 . 2008-07-14 21:14 -------- d-----w- c:\program

files\Common Files\Adobe
2010-05-02 01:34 . 2008-09-08 15:57 -------- d---a-w- c:\documents and

settings\All Users\Application Data\TEMP
2010-05-01 23:05 . 2006-08-15 07:57 -------- d-----w- c:\program

files\Microsoft Works
2010-05-01 22:26 . 2006-08-15 07:53 120608 -c--a-w- c:\documents and

settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-01 22:21 . 2008-08-21 19:01 -------- d-----w- c:\program

files\PicToWeave
2010-04-29 20:39 . 2010-03-20 22:15 38224 ----a-w- c:\windows\system32

\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-03-20 22:15 20952 ----a-w- c:\windows\system32

\drivers\mbam.sys
2010-04-26 14:42 . 2007-12-19 03:12 -------- d-----w- c:\documents and

settings\All Users\Application Data\Yahoo!
2010-04-26 14:42 . 2006-08-15 08:12 -------- d-----w- c:\program

files\Yahoo!
2010-04-26 13:42 . 2010-03-28 03:42 -------- d-----w- c:\program

files\SUPERAntiSpyware
2010-04-24 14:14 . 2009-06-02 15:07 -------- d-----w- c:\program

files\iMesh Applications
2010-04-24 05:23 . 2006-08-15 07:24 -------- d-----w- c:\program

files\Common Files\Java
2010-04-24 05:23 . 2009-10-21 18:51 411368 ----a-w- c:\windows\system32

\deploytk.dll
2010-04-24 05:23 . 2006-08-15 07:24 -------- d-----w- c:\program

files\Java
2010-04-18 08:34 . 2010-04-09 01:53 26444 --sha-w- c:\windows\system32

\drivers\fidbox.idx
2010-04-18 08:34 . 2010-04-09 01:53 12692 --sha-w- c:\windows\system32

\drivers\fidbox2.idx
2010-04-12 03:26 . 2009-05-10 21:53 -------- d-----w- c:\program

files\Perfect Uninstaller
2010-04-09 06:15 . 2009-10-21 18:51 -------- d-----w- c:\program

files\OpenOffice.org 3
2010-04-07 22:18 . 2007-01-17 12:30 -------- d-----w- c:\program

files\Trend Micro
2010-04-07 10:44 . 2010-04-06 22:25 131 ----a-w- c:\documents and

settings\Charlie2\Local Settings\Application Data\fusioncache.dat
2010-04-07 05:16 . 2010-04-06 22:25 120024 ----a-w- c:\documents and

settings\Charlie2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-06 22:25 . 2010-04-06 22:25 -------- d-----w- c:\documents and

settings\Charlie2\Application Data\WTablet
2010-04-06 12:35 . 2009-08-30 08:13 -------- d-----w- c:\documents and

settings\HP_Administrator\Application Data\WTablet
2010-04-05 22:40 . 2010-03-08 18:19 439816 ----a-w- c:\documents and

settings\HP_Administrator\Application Data\Real\Update\setup3.10\setup.exe
2010-04-03 23:01 . 2008-08-10 00:19 -------- d-----w- c:\documents and

settings\HP_Administrator\Application Data\HPAppData
2010-04-03 10:53 . 2010-04-03 10:53 -------- d-----w- c:\documents and

settings\All Users\Application Data\242BF
2010-04-03 08:02 . 2010-04-03 08:02 17801 ----a-w- c:\windows\system32

\drivers\AegisP.sys
2010-04-03 08:02 . 2010-04-03 08:02 -------- d-----w- c:\program

files\Linksys
2010-04-03 08:02 . 2010-04-03 08:02 -------- d-----w- c:\documents and

settings\HP_Administrator\Application Data\InstallShield
2010-03-31 06:18 . 2010-03-22 06:36 -------- d-----w- c:\documents and

settings\HP_Administrator\Application Data\Comodo
2010-03-28 03:42 . 2010-03-28 03:42 52224 ----a-w- c:\documents and

settings\HP_Administrator\Application

Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-28 03:42 . 2010-03-28 03:42 117760 ----a-w- c:\documents and

settings\HP_Administrator\Application

Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-28 03:42 . 2010-03-28 03:42 -------- d-----w- c:\documents and

settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-28 03:42 . 2010-03-28 03:42 -------- d-----w- c:\documents and

settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2010-03-27 05:06 . 2010-03-27 05:06 296462 ----a-w- c:\windows\~DF25AA.tmp
2010-03-26 02:55 . 2010-03-26 02:54 296462 ----a-w- c:\windows\~DFBA4F.tmp
2010-03-24 20:06 . 2010-03-24 20:06 348160 ----a-w- c:\documents and

settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-

496a8184-n\msvcr71.dll
2010-03-24 20:06 . 2010-03-24 20:06 503808 ----a-w- c:\documents and

settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-

496a8184-n\msvcp71.dll
2010-03-24 20:06 . 2010-03-24 20:06 61440 ----a-w- c:\documents and

settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-

538ca8d8-n\decora-sse.dll
2010-03-24 20:06 . 2010-03-24 20:06 499712 ----a-w- c:\documents and

settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-

496a8184-n\jmc.dll
2010-03-24 20:06 . 2010-03-24 20:06 12800 ----a-w- c:\documents and

settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-

538ca8d8-n\decora-d3d.dll
2010-03-23 01:55 . 2010-03-23 01:55 296462 ----a-w- c:\windows\~DF1641.tmp
2010-03-22 06:30 . 2009-01-23 01:14 -------- d-----w- c:\documents and

settings\All Users\Application Data\McAfee
2010-03-22 06:30 . 2010-01-08 16:45 -------- d-----w- c:\program

files\Common Files\Mcafee
2010-03-21 19:24 . 2009-10-07 23:14 -------- d-----w- c:\program

files\CDBurnerXP
2010-03-21 15:09 . 2010-03-21 15:09 -------- d-----w- c:\documents and

settings\HP_Administrator\Application Data\Canneverbe Limited
2010-03-21 02:33 . 2009-10-21 18:55 1 ----a-w- c:\documents and

settings\HP_Administrator\Application Data\OpenOffice.org\3

\user\uno_packages\cache\stamp.sys
2010-03-20 22:15 . 2010-03-20 22:15 -------- d-----w- c:\documents and

settings\HP_Administrator\Application Data\Malwarebytes
2010-03-20 22:15 . 2010-03-20 22:15 -------- d-----w- c:\documents and

settings\All Users\Application Data\Malwarebytes
2010-03-20 09:32 . 2010-03-20 09:32 -------- d-----w- c:\documents and

settings\All Users\Application Data\Google Updater
2010-03-20 07:55 . 2010-03-20 07:55 -------- d-sh--w- c:\documents and

settings\All Users\Application Data\CUPXRBA
2010-03-09 11:09 . 2004-08-10 04:00 430080 ----a-w- c:\windows\system32

\vbscript.dll
2010-02-24 13:11 . 2004-08-10 04:00 455680 ------w- c:\windows\system32

\drivers\mrxsmb.sys
2010-02-16 14:08 . 2004-08-10 11:00 2146304 ------w- c:\windows\system32

\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-10 11:00 2024448 ------w- c:\windows\system32

\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-10 04:00 100864 ----a-w- c:\windows\system32

\6to4svc.dll
2010-02-11 12:02 . 2004-08-10 04:00 226880 ------w- c:\windows\system32

\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points

))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25BC7718-0BFA-40EA-B381-4B2D9732D686}]
2010-04-01 03:34 578872 ----a-w- c:\program files\Yahoo!\Search

Protection\ysp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\YspService.exe" [2010-04-01

243000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE

Basic\Monitor.exe" [2003-11-18 45056]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-11 180269]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-

18 248040]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2004-04-29

245760]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004

-07-28 81920]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010

-04-26 1800464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Charlie2\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-15 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe

[2006-8-15 36903]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL"

[2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!

SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program

files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 04:17 49152 -c--a-w- c:\program files\HP\HP Software

Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplicatio

ns\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\temp\\HP_WebRelease\\setup\\HPZnet01.exe"=
"c:\\temp\\HP_WebRelease\\setup\\hponicifs01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\Li

st]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys

[4/26/2010 12:39 PM 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys

[4/26/2010 12:39 PM 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM

12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM

66632]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [8/30/2009 3:12 AM

1373480]
R2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSC\WLService.exe [4/3/2010 3:02 AM

53307]
S0 dfikxrg;dfikxrg;c:\windows\system32\drivers\qncuiqp.sys --> c:\windows\system32

\drivers\qncuiqp.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32

\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32

\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe"

/svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32

\drivers\TfNetMon.sys [?]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [7/30/2008

11:29 AM 14208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: {{BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} -

c:\program files\Yahoo!\Search Protection\ysp.dll
Trusted Zone: trymedia.com
TCP: {80C489CA-D524-4DCD-8129-B1572D3BE4AE} = 68.105.28.11,68.105.29.11
FF - ProfilePath - c:\documents and settings\Administrator\Application

Data\Mozilla\Firefox\Profiles\9skwn8yi.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Yahoo!

\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-

08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation

Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js

- pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows",

false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref

("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref

("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref

("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref

("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm",

false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",

false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",

2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",

1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings",

25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize",

604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",

25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",

5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref

("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref

("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref

("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref

("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref

("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref

("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref

("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08

-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08

-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add",

"addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref

("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref

("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews",

false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref

("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref

("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref

("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref

("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref

("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref

("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-HijackThis - c:\documents and settings\Administrator\My

Documents\Downloads\HijackThis.exe
AddRemove-_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF} - c:\program files\Corel\Corel Painter

Essentials 3\MSILauncher {0C180787-F8C8-42FD-A9D3-689BA44BEAAF}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

[You must be registered and logged in to see this link.]
Rootkit scan 2010-05-03 19:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2833760391-73107954-1958645785-500\ū* *]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:38,94,c1,1f,88,3a,d7,00
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3884)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Linksys\WUSB54GSC\WUSB54GSC.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2010-05-03 19:51:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-04 00:51

Pre-Run: 211,965,730,816 bytes free
Post-Run: 213,641,773,056 bytes free

- - End Of File - - DFA49F6FB33418B77581AA152761C5C8

Charlie2
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-04-26
OS OS : XP
Points Points : 24393
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Applications Won't Run After Virus Removal

Post by Belahzur on 4th May 2010, 10:43 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

sc delete dfikxrg

Then, next do this command.

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum