I need some help

View previous topic View next topic Go down

I need some help

Post by fatrb on 23rd February 2009, 12:21 am

Hi everyone, I was downloading movies and got a couple that was not movies but a trap, requesting me to get specific codecs, so I went and downloaded from the site in question.

xtalvid

since then I've been experiencing mass popups, blue screens and performance is getting slow

the machine is a HP dv2681ca laptop

AMD turion64 X2
windows vista

p.s., there's probably alot more to this, any help getting it back to its almost original state and performance would be appreciated

thx Side

here's the hjt log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:22, on 2009-02-22
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\temp\Desktop\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AxisBlah] "C:\ProgramData\Deaf wipe wipe.st4w2o"
O4 - HKCU\..\Run: [SHIM LINK FREE BALL] "C:\ProgramData\Base tick program.6ij3mne"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - [You must be registered and logged in to see this link.]
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10289 bytes

fatrb
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-02-23
OS OS : windows vista
Points Points : 28440
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need some help

Post by Belahzur on 23rd February 2009, 12:25 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKCU\..\Run: [AxisBlah] "C:\ProgramData\Deaf wipe wipe.st4w2o"
    O4 - HKCU\..\Run: [SHIM LINK FREE BALL] "C:\ProgramData\Base tick program.6ij3mne"


  • Press "Fix Checked"
  • Close Hijack This.

Download [You must be registered and logged in to see this link.]

Right-click Lop S&D.exe > Select "Run as administrator"
When it opens, choose the language "English", then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need some help

Post by fatrb on 24th February 2009, 12:53 am

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 TL-58 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : temp ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.552 7.5.552 (Activated)
C:\ (Local Disk) - NTFS - Total:223 Go (Free:81 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:1 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 2009-02-23|19:43 )

[ UAC => 1 ]

--------------------\\ Listing folders in Local

[2009-02-22|18:12] C:\Users\temp\AppData\Local\Adobe
[2008-03-24|21:09] C:\Users\temp\AppData\Local\Application Data
[2008-03-24|21:29] C:\Users\temp\AppData\Local\AtStart.txt
[2009-02-22|17:08] C:\Users\temp\AppData\Local\d3d9caps.dat
[2009-02-15|12:41] C:\Users\temp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-03-24|21:26] C:\Users\temp\AppData\Local\Downloaded Installations
[2008-03-24|21:29] C:\Users\temp\AppData\Local\DSwitch.txt
[2008-03-24|21:28] C:\Users\temp\AppData\Local\GDIPFONTCACHEV1.DAT
[2008-03-24|21:09] C:\Users\temp\AppData\Local\History
[2008-09-20|14:32] C:\Users\temp\AppData\Local\HP
[2009-02-22|22:42] C:\Users\temp\AppData\Local\IconCache.db
[2009-01-27|19:24] C:\Users\temp\AppData\Local\Microsoft
[2008-12-19|15:42] C:\Users\temp\AppData\Local\Microsoft Games
[2008-09-06|21:41] C:\Users\temp\AppData\Local\Microsoft Help
[2008-03-24|21:29] C:\Users\temp\AppData\Local\QSwitch.txt
[2008-10-25|01:32] C:\Users\temp\AppData\Local\QuickPlay
[2008-03-29|17:41] C:\Users\temp\AppData\Local\Real
[2009-02-23|19:42] C:\Users\temp\AppData\Local\Temp
[2008-03-24|21:09] C:\Users\temp\AppData\Local\Temporary Internet Files
[2008-06-20|15:59] C:\Users\temp\AppData\Local\VirtualStore

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[2009-02-01 08:30][--a------] C:\Windows\tasks\Schedule Task Weekly.job
[2008-03-29 02:48][--a------] C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2009-02-23 09:19][--ah-----] C:\Windows\tasks\SA.DAT
[2009-02-22 22:42][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[2008-03-24|18:54] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009-02-22|18:12] C:\ProgramData\Adobe
[2006-11-02|08:02] C:\ProgramData\Application Data
[2008-06-25|21:54] C:\ProgramData\avg7
[2008-06-24|21:18] C:\ProgramData\Avg8
[2009-02-09|19:12] C:\ProgramData\Base tick program.6ij3mne
[2008-03-30|23:11] C:\ProgramData\CyberLink
[2009-02-09|19:12] C:\ProgramData\Deaf wipe wipe.3wju5
[2009-02-09|19:12] C:\ProgramData\Deaf wipe wipe.st4w2o
[2006-11-02|08:02] C:\ProgramData\Desktop
[2006-11-02|08:02] C:\ProgramData\Documents
[2008-03-29|19:12] C:\ProgramData\DVD Shrink
[2008-03-24|21:26] C:\ProgramData\Electronic Arts
[2006-11-02|08:02] C:\ProgramData\Favorites
[2008-06-24|21:23] C:\ProgramData\Grisoft
[2008-03-24|19:52] C:\ProgramData\Hewlett-Packard
[2009-02-09|19:12] C:\ProgramData\hide cool shim link
[2008-03-28|00:41] C:\ProgramData\HP
[2008-03-24|19:09] C:\ProgramData\hpzinstall.log
[2009-02-09|19:12] C:\ProgramData\Inside Mpeg Keep
[2008-05-30|20:27] C:\ProgramData\LUUnInstall.LiveUpdate
[2009-02-09|20:59] C:\ProgramData\Malwarebytes
[2008-03-27|21:41] C:\ProgramData\Microsoft
[2009-02-22|18:24] C:\ProgramData\Microsoft Help
[2009-02-22|17:59] C:\ProgramData\NOS
[2008-03-24|18:11] C:\ProgramData\NVIDIA
[2008-03-29|17:41] C:\ProgramData\Real
[2008-09-07|23:34] C:\ProgramData\Roxio
[2008-06-20|20:06] C:\ProgramData\Sandlot Games
[2008-03-24|18:33] C:\ProgramData\Sonic
[2006-11-02|08:02] C:\ProgramData\Start Menu
[2008-05-30|20:28] C:\ProgramData\Symantec
[2006-11-02|08:02] C:\ProgramData\Templates
[2008-12-02|20:40] C:\ProgramData\WildTangent
[2008-03-29|02:34] C:\ProgramData\WLInstaller

--------------------\\ Listing Folders in C:\Program Files

[2008-03-24|18:54] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2009-02-22|18:12] C:\Program Files\Adobe
[2008-03-24|18:00] C:\Program Files\Apoint2K
[2008-05-30|20:55] C:\Program Files\AVG
[2009-02-22|18:12] C:\Program Files\Common Files
[2008-03-24|18:15] C:\Program Files\CONEXANT
[2008-03-29|17:25] C:\Program Files\DivX
[2008-03-29|19:11] C:\Program Files\DVD Shrink
[2008-03-24|21:26] C:\Program Files\Electronic Arts
[2008-06-24|21:23] C:\Program Files\Grisoft
[2008-10-08|17:26] C:\Program Files\Hewlett-Packard
[2008-04-14|23:40] C:\Program Files\HP
[2008-12-02|20:24] C:\Program Files\HP Games
[2008-03-24|19:22] C:\Program Files\HPQ
[2008-10-08|17:28] C:\Program Files\InstallShield Installation Information
[2008-08-12|21:44] C:\Program Files\InterActual
[2008-10-24|08:37] C:\Program Files\Internet Explorer
[2009-02-22|17:52] C:\Program Files\Java
[2008-03-29|17:41] C:\Program Files\K-Lite Codec Pack
[2009-02-12|22:44] C:\Program Files\Malwarebytes' Anti-Malware
[2006-11-02|07:37] C:\Program Files\Microsoft Games
[2008-03-24|18:52] C:\Program Files\Microsoft Office
[2008-10-03|17:46] C:\Program Files\Microsoft Works
[2008-03-24|18:52] C:\Program Files\Microsoft.NET
[2008-10-24|08:37] C:\Program Files\Movie Maker
[2006-11-02|07:37] C:\Program Files\MSBuild
[2008-03-28|10:03] C:\Program Files\MSXML 4.0
[2008-03-24|19:16] C:\Program Files\muvee Technologies
[2008-03-24|18:15] C:\Program Files\NetWaiting
[2009-02-22|17:59] C:\Program Files\NOS
[2009-02-04|14:51] C:\Program Files\QuickTime
[2008-03-24|19:20] C:\Program Files\Real
[2006-11-02|07:37] C:\Program Files\Reference Assemblies
[2008-03-24|19:20] C:\Program Files\Rhapsody
[2008-03-24|18:34] C:\Program Files\Roxio
[2008-03-24|18:54] C:\Program Files\Sling Media
[2008-05-30|20:27] C:\Program Files\Symantec
[2006-11-02|08:01] C:\Program Files\Uninstall Information
[2008-04-01|23:57] C:\Program Files\Winamp
[2008-10-24|08:37] C:\Program Files\Windows Calendar
[2008-10-24|08:37] C:\Program Files\Windows Collaboration
[2008-10-24|08:37] C:\Program Files\Windows Defender
[2008-10-24|08:37] C:\Program Files\Windows Journal
[2008-03-29|02:45] C:\Program Files\Windows Live
[2008-03-29|02:47] C:\Program Files\Windows Live Favorites
[2008-03-29|02:48] C:\Program Files\Windows Live Toolbar
[2009-02-22|18:22] C:\Program Files\Windows Mail
[2008-10-24|08:37] C:\Program Files\Windows Media Player
[2006-11-02|07:37] C:\Program Files\Windows NT
[2008-10-24|08:37] C:\Program Files\Windows Photo Gallery
[2008-10-24|08:37] C:\Program Files\Windows Sidebar

--------------------\\ Listing Folders in C:\Program Files\Common Files

[2009-02-22|18:12] C:\Program Files\Common Files\Adobe
[2009-02-22|18:12] C:\Program Files\Common Files\Adobe AIR
[2008-03-24|18:52] C:\Program Files\Common Files\DESIGNER
[2008-03-24|19:09] C:\Program Files\Common Files\HP
[2008-03-24|18:55] C:\Program Files\Common Files\InstallShield
[2008-03-24|19:37] C:\Program Files\Common Files\Java
[2008-03-24|19:22] C:\Program Files\Common Files\LightScribe
[2008-09-06|21:41] C:\Program Files\Common Files\microsoft shared
[2008-03-24|19:17] C:\Program Files\Common Files\muvee Technologies
[2008-03-24|18:34] C:\Program Files\Common Files\Roxio Shared
[2008-06-24|00:06] C:\Program Files\Common Files\Sandlot Shared
[2006-11-02|06:18] C:\Program Files\Common Files\Services
[2008-03-24|18:33] C:\Program Files\Common Files\Sonic Shared
[2006-11-02|06:18] C:\Program Files\Common Files\SpeechEngines
[2008-03-24|18:34] C:\Program Files\Common Files\SureThing Shared
[2008-05-30|20:28] C:\Program Files\Common Files\Symantec Shared
[2008-10-24|08:37] C:\Program Files\Common Files\System
[2008-03-29|02:45] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 76 Processes )

iexplore.exe ~ [PID:2824]
iexplore.exe ~ [PID:2892]
iexplore.exe ~ [PID:5844]

--------------------\\ Searching with S_Lop

C:\ProgramData\Deaf wipe wipe.3wju5
C:\ProgramData\Deaf wipe wipe.st4w2o
C:\ProgramData\Base tick program.6ij3mne
C:\Users\temp\AppData\Local\Temp\bisAD59.exe

--------------------\\ Searching for Lop Files - Folders

C:\ProgramData\hide cool shim link
C:\ProgramData\hide cool shim link\Peak For.dat
C:\ProgramData\hide cool shim link\Peak For.exe
C:\Users\temp\AppData\Local\Temp\nsmAE4F.tmp
C:\Users\temp\AppData\Local\Temp\nsn8E0C.tmp
C:\Users\temp\AppData\Roaming\MICROS~1\Windows\Cookies\temp@[You must be registered and logged in to see this link.]
C:\Users\temp\AppData\Roaming\MICROS~1\Windows\Cookies\temp@advertising[1].txt
C:\Users\temp\AppData\Roaming\MICROS~1\Windows\Cookies\temp@partypoker[1].txt

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-02-23 19:43:27
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\Users\temp\AppData\Roaming\Microsoft\Windows\Cookies\Low\temp@crackdb[1].txt


[F:1449][D:78]-> C:\Users\temp\AppData\Local\Temp
[F:185][D:1]-> C:\Users\temp\AppData\Roaming\MICROS~1\Windows\Cookies
[F:6363][D:11]-> C:\Users\temp\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:15][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 2009-02-23|19:46 - Option : [1]

--------------------\\ Scan completed at 19:46:38
[ UAC => 1 ]

fatrb
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-02-23
OS OS : windows vista
Points Points : 28440
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need some help

Post by Belahzur on 24th February 2009, 12:58 am

Hello.

Restart Lop S&D by selecting "Run as administrator" again

This time choose Option 3 (Fix - Hosts)
Don't close the window during suppression!
Post the log which is created: (%SystemDrive%\lopR.txt)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need some help

Post by fatrb on 24th February 2009, 1:40 am

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 TL-58 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : temp ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.552 7.5.552 (Activated)
C:\ (Local Disk) - NTFS - Total:223 Go (Free:81 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:1 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [3] ( 2009-02-23|20:33 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\ProgramData\hide cool shim link\Peak For.dat
Deleted! - C:\ProgramData\hide cool shim link\Peak For.exe
Deleted! - C:\Users\temp\AppData\Local\Temp\nsmAE4F.tmp
Deleted! - C:\Users\temp\AppData\Local\Temp\nsn8E0C.tmp
Deleted! - C:\Users\temp\AppData\Roaming\MICROS~1\Windows\Cookies\temp@[You must be registered and logged in to see this link.]
Deleted! - C:\Users\temp\AppData\Roaming\MICROS~1\Windows\Cookies\temp@advertising[1].txt
Deleted! - C:\Users\temp\AppData\Roaming\MICROS~1\Windows\Cookies\temp@partypoker[1].txt
Deleted! - C:\ProgramData\Deaf wipe wipe.3wju5
Deleted! - C:\ProgramData\Deaf wipe wipe.st4w2o
Deleted! - C:\ProgramData\Base tick program.6ij3mne
Deleted! - C:\Users\temp\AppData\Local\Temp\bisAD59.exe
Deleted! - C:\ProgramData\hide cool shim link

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in Local

[2009-02-22|18:12] C:\Users\temp\AppData\Local\Adobe
[2008-03-24|21:09] C:\Users\temp\AppData\Local\Application Data
[2008-03-24|21:29] C:\Users\temp\AppData\Local\AtStart.txt
[2009-02-22|17:08] C:\Users\temp\AppData\Local\d3d9caps.dat
[2009-02-15|12:41] C:\Users\temp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-03-24|21:26] C:\Users\temp\AppData\Local\Downloaded Installations
[2008-03-24|21:29] C:\Users\temp\AppData\Local\DSwitch.txt
[2008-03-24|21:28] C:\Users\temp\AppData\Local\GDIPFONTCACHEV1.DAT
[2008-03-24|21:09] C:\Users\temp\AppData\Local\History
[2008-09-20|14:32] C:\Users\temp\AppData\Local\HP
[2009-02-22|22:42] C:\Users\temp\AppData\Local\IconCache.db
[2009-01-27|19:24] C:\Users\temp\AppData\Local\Microsoft
[2008-12-19|15:42] C:\Users\temp\AppData\Local\Microsoft Games
[2008-09-06|21:41] C:\Users\temp\AppData\Local\Microsoft Help
[2008-03-24|21:29] C:\Users\temp\AppData\Local\QSwitch.txt
[2008-10-25|01:32] C:\Users\temp\AppData\Local\QuickPlay
[2008-03-29|17:41] C:\Users\temp\AppData\Local\Real
[2009-02-23|20:33] C:\Users\temp\AppData\Local\Temp
[2008-03-24|21:09] C:\Users\temp\AppData\Local\Temporary Internet Files
[2008-06-20|15:59] C:\Users\temp\AppData\Local\VirtualStore

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[2009-02-01 08:30][--a------] C:\Windows\tasks\Schedule Task Weekly.job
[2008-03-29 02:48][--a------] C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2009-02-23 09:19][--ah-----] C:\Windows\tasks\SA.DAT
[2009-02-22 22:42][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[2008-03-24|18:54] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009-02-22|18:12] C:\ProgramData\Adobe
[2006-11-02|08:02] C:\ProgramData\Application Data
[2008-06-25|21:54] C:\ProgramData\avg7
[2008-06-24|21:18] C:\ProgramData\Avg8
[2008-03-30|23:11] C:\ProgramData\CyberLink
[2009-02-23|19:57] C:\ProgramData\Deaf wipe wipe.m6odfu
[2006-11-02|08:02] C:\ProgramData\Desktop
[2006-11-02|08:02] C:\ProgramData\Documents
[2008-03-29|19:12] C:\ProgramData\DVD Shrink
[2008-03-24|21:26] C:\ProgramData\Electronic Arts
[2006-11-02|08:02] C:\ProgramData\Favorites
[2008-06-24|21:23] C:\ProgramData\Grisoft
[2008-03-24|19:52] C:\ProgramData\Hewlett-Packard
[2008-03-28|00:41] C:\ProgramData\HP
[2008-03-24|19:09] C:\ProgramData\hpzinstall.log
[2009-02-09|19:12] C:\ProgramData\Inside Mpeg Keep
[2008-05-30|20:27] C:\ProgramData\LUUnInstall.LiveUpdate
[2009-02-09|20:59] C:\ProgramData\Malwarebytes
[2008-03-27|21:41] C:\ProgramData\Microsoft
[2009-02-22|18:24] C:\ProgramData\Microsoft Help
[2009-02-22|17:59] C:\ProgramData\NOS
[2008-03-24|18:11] C:\ProgramData\NVIDIA
[2008-03-29|17:41] C:\ProgramData\Real
[2008-09-07|23:34] C:\ProgramData\Roxio
[2008-06-20|20:06] C:\ProgramData\Sandlot Games
[2008-03-24|18:33] C:\ProgramData\Sonic
[2006-11-02|08:02] C:\ProgramData\Start Menu
[2008-05-30|20:28] C:\ProgramData\Symantec
[2006-11-02|08:02] C:\ProgramData\Templates
[2008-12-02|20:40] C:\ProgramData\WildTangent
[2008-03-29|02:34] C:\ProgramData\WLInstaller

--------------------\\ Listing Folders in C:\Program Files

[2008-03-24|18:54] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2009-02-22|18:12] C:\Program Files\Adobe
[2008-03-24|18:00] C:\Program Files\Apoint2K
[2008-05-30|20:55] C:\Program Files\AVG
[2009-02-22|18:12] C:\Program Files\Common Files
[2008-03-24|18:15] C:\Program Files\CONEXANT
[2008-03-29|17:25] C:\Program Files\DivX
[2008-03-29|19:11] C:\Program Files\DVD Shrink
[2008-03-24|21:26] C:\Program Files\Electronic Arts
[2008-06-24|21:23] C:\Program Files\Grisoft
[2008-10-08|17:26] C:\Program Files\Hewlett-Packard
[2008-04-14|23:40] C:\Program Files\HP
[2008-12-02|20:24] C:\Program Files\HP Games
[2008-03-24|19:22] C:\Program Files\HPQ
[2008-10-08|17:28] C:\Program Files\InstallShield Installation Information
[2008-08-12|21:44] C:\Program Files\InterActual
[2008-10-24|08:37] C:\Program Files\Internet Explorer
[2009-02-22|17:52] C:\Program Files\Java
[2008-03-29|17:41] C:\Program Files\K-Lite Codec Pack
[2009-02-12|22:44] C:\Program Files\Malwarebytes' Anti-Malware
[2006-11-02|07:37] C:\Program Files\Microsoft Games
[2008-03-24|18:52] C:\Program Files\Microsoft Office
[2008-10-03|17:46] C:\Program Files\Microsoft Works
[2008-03-24|18:52] C:\Program Files\Microsoft.NET
[2008-10-24|08:37] C:\Program Files\Movie Maker
[2006-11-02|07:37] C:\Program Files\MSBuild
[2008-03-28|10:03] C:\Program Files\MSXML 4.0
[2008-03-24|19:16] C:\Program Files\muvee Technologies
[2008-03-24|18:15] C:\Program Files\NetWaiting
[2009-02-22|17:59] C:\Program Files\NOS
[2009-02-04|14:51] C:\Program Files\QuickTime
[2008-03-24|19:20] C:\Program Files\Real
[2006-11-02|07:37] C:\Program Files\Reference Assemblies
[2008-03-24|19:20] C:\Program Files\Rhapsody
[2008-03-24|18:34] C:\Program Files\Roxio
[2008-03-24|18:54] C:\Program Files\Sling Media
[2008-05-30|20:27] C:\Program Files\Symantec
[2006-11-02|08:01] C:\Program Files\Uninstall Information
[2008-04-01|23:57] C:\Program Files\Winamp
[2008-10-24|08:37] C:\Program Files\Windows Calendar
[2008-10-24|08:37] C:\Program Files\Windows Collaboration
[2008-10-24|08:37] C:\Program Files\Windows Defender
[2008-10-24|08:37] C:\Program Files\Windows Journal
[2008-03-29|02:45] C:\Program Files\Windows Live
[2008-03-29|02:47] C:\Program Files\Windows Live Favorites
[2008-03-29|02:48] C:\Program Files\Windows Live Toolbar
[2009-02-22|18:22] C:\Program Files\Windows Mail
[2008-10-24|08:37] C:\Program Files\Windows Media Player
[2006-11-02|07:37] C:\Program Files\Windows NT
[2008-10-24|08:37] C:\Program Files\Windows Photo Gallery
[2008-10-24|08:37] C:\Program Files\Windows Sidebar

--------------------\\ Listing Folders in C:\Program Files\Common Files

[2009-02-22|18:12] C:\Program Files\Common Files\Adobe
[2009-02-22|18:12] C:\Program Files\Common Files\Adobe AIR
[2008-03-24|18:52] C:\Program Files\Common Files\DESIGNER
[2008-03-24|19:09] C:\Program Files\Common Files\HP
[2008-03-24|18:55] C:\Program Files\Common Files\InstallShield
[2008-03-24|19:37] C:\Program Files\Common Files\Java
[2008-03-24|19:22] C:\Program Files\Common Files\LightScribe
[2008-09-06|21:41] C:\Program Files\Common Files\microsoft shared
[2008-03-24|19:17] C:\Program Files\Common Files\muvee Technologies
[2008-03-24|18:34] C:\Program Files\Common Files\Roxio Shared
[2008-06-24|00:06] C:\Program Files\Common Files\Sandlot Shared
[2006-11-02|06:18] C:\Program Files\Common Files\Services
[2008-03-24|18:33] C:\Program Files\Common Files\Sonic Shared
[2006-11-02|06:18] C:\Program Files\Common Files\SpeechEngines
[2008-03-24|18:34] C:\Program Files\Common Files\SureThing Shared
[2008-05-30|20:28] C:\Program Files\Common Files\Symantec Shared
[2008-10-24|08:37] C:\Program Files\Common Files\System
[2008-03-29|02:45] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 69 Processes )

... OK !

--------------------\\ Searching with S_Lop

C:\ProgramData\Deaf wipe wipe.m6odfu

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AxisBlah"="\"C:\\ProgramData\\Deaf wipe wipe.m6odfu\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-02-23 20:33:58
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\Users\temp\AppData\Roaming\Microsoft\Windows\Cookies\Low\temp@crackdb[1].txt


[F:1431][D:76]-> C:\Users\temp\AppData\Local\Temp
[F:188][D:1]-> C:\Users\temp\AppData\Roaming\MICROS~1\Windows\Cookies
[F:6363][D:11]-> C:\Users\temp\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:15][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 2009-02-23|19:46 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 2009-02-23|20:36 - Option : [3]

--------------------\\ Scan completed at 20:36:55
[ UAC => 1 ]

fatrb
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-02-23
OS OS : windows vista
Points Points : 28440
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need some help

Post by Belahzur on 24th February 2009, 5:10 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    C:\ProgramData\Deaf wipe wipe.m6odfu

    :reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AxisBlah"=-


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need some help

Post by fatrb on 24th February 2009, 11:14 pm

========== FILES ==========
C:\ProgramData\Deaf wipe wipe.m6odfu moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AxisBlah deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02242009_181315

fatrb
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-02-23
OS OS : windows vista
Points Points : 28440
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need some help

Post by Belahzur on 24th February 2009, 11:15 pm

Hello.
How is everything for you now?

Lets make sure we haven't missed anything.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need some help

Post by fatrb on 24th February 2009, 11:18 pm

thx very much, so far after I ran HJT and "fix checked", there was no more popups

thx again.

fatrb
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-02-23
OS OS : windows vista
Points Points : 28440
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need some help

Post by Belahzur on 24th February 2009, 11:19 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need some help

Post by fatrb on 24th February 2009, 11:26 pm

DDS (Ver_09-02-01.01) - NTFSx86
Run by temp at 18:23:01,64 on 2009-02-24
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.1357 [GMT -5:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\temp\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AxisBlah] "c:\programdata\Deaf wipe wipe.t7780"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - [You must be registered and logged in to see this link.]
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - [You must be registered and logged in to see this link.]
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - [You must be registered and logged in to see this link.]
Notify: avgwlntf - avgwlntf.dll

============= SERVICES / DRIVERS ===============

R3 AvgWFP;AVG7 Firewall Driver x86;c:\windows\system32\drivers\avgwfp.sys [2008-6-24 53768]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-2-22 33752]

=============== Created Last 30 ================

2009-02-24 18:13 --d----- C:\_OTMoveIt
2009-02-23 19:41 --d----- C:\Lop SD
2009-02-22 18:20 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-22 18:20 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-22 18:20 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-22 18:20 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-22 18:20 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-22 18:20 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-02-22 18:20 147,456 a------- c:\windows\system32\Faultrep.dll
2009-02-22 18:20 125,952 a------- c:\windows\system32\wersvc.dll
2009-02-22 18:20 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-02-22 18:20 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-02-22 18:20 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-02-22 18:19 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-02-22 18:18 1,645,568 a------- c:\windows\system32\connect.dll
2009-02-22 17:59 --d----- c:\programdata\NOS
2009-02-22 17:18 --d----- c:\users\temp\.SunDownloadManager
2009-02-22 16:52 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-22 16:52 97,800 a------- c:\windows\system32\infocardapi.dll
2009-02-22 16:52 622,080 a------- c:\windows\system32\icardagt.exe
2009-02-22 16:52 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-02-22 16:52 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-02-22 16:52 11,264 a------- c:\windows\system32\icardres.dll
2009-02-22 16:52 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-02-22 16:52 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-02-22 16:46 96,760 a------- c:\windows\system32\dfshim.dll
2009-02-22 16:45 282,112 a------- c:\windows\system32\mscoree.dll
2009-02-22 16:45 41,984 a------- c:\windows\system32\netfxperf.dll
2009-02-22 16:45 158,720 a------- c:\windows\system32\mscorier.dll
2009-02-22 16:45 83,968 a------- c:\windows\system32\mscories.dll
2009-02-10 18:34 827,392 a------- c:\windows\system32\wininet.dll
2009-02-10 18:34 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-02-09 20:59 --d----- c:\users\temp\appdata\roaming\Malwarebytes
2009-02-09 20:59 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-09 20:59 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-09 20:59 --d----- c:\programdata\Malwarebytes
2009-02-09 20:59 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-09 20:59 --d----- c:\progra~2\Malwarebytes
2009-02-09 19:12 --d----- c:\programdata\Inside Mpeg Keep
2009-02-09 19:12 --d----- c:\progra~2\Inside Mpeg Keep

==================== Find3M ====================

2009-02-24 17:32 27,240 a------- c:\users\temp\appdata\roaming\nvModes.dat
2009-02-22 17:52 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-03 21:58 812 a------- c:\users\temp\appdata\roaming\wklnhst.dat
2008-10-24 08:47 174 a--sh--- c:\program files\desktop.ini
2008-10-24 08:44 143,360 a------- c:\windows\inf\infstrng.dat
2008-10-24 08:44 86,016 a------- c:\windows\inf\infstor.dat
2008-10-24 08:44 51,200 a------- c:\windows\inf\infpub.dat
2008-10-24 08:33 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-04-24 16:59 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-04-24 16:59 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-04-24 16:59 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 18:24:01,11 ===============

fatrb
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-02-23
OS OS : windows vista
Points Points : 28440
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need some help

Post by Belahzur on 24th February 2009, 11:29 pm

Stupid run value isn't dead.

  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AxisBlah"=-

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.

It should be fine now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need some help

Post by fatrb on 24th February 2009, 11:40 pm

I really appreciate your help, I wish I could understand half of what I did to fix the problem.

thx again and I will sure take the time to fill out the feedback form, and yes hopefully I don't need to go through this again.

Side

fatrb
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-02-23
OS OS : windows vista
Points Points : 28440
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum