Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Computer is running slow and locking up.

Started by Gordon22 , Jan 10 2010 04:16 PM

  • This topic is locked This topic is locked
24 replies to this topic

#16 Gordon22

Gordon22

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 18 January 2010 - 08:29 PM

I still cannot run Gmer rootit without having some kind of error. It keeps shutting down my computer. Here is the system look log: SystemLook v1.0 by jpshortstuff (11.01.10) Log created at 16:51 on 18/01/2010 by G-Man (Administrator - Elevation successful) ========== filefind ========== Searching for "*atapi*" C:\cmdcons\ATAPI.SY_ --a--c 49558 bytes [05:59 04/08/2004] [05:59 04/08/2004] 28541D14647BB58502D09D1CEAEE6684 C:\dell\ATAPI.EXE --a--c 28672 bytes [03:56 29/07/2005] [13:23 27/05/2004] 9C559E4CF8C3B2268818F1F6C6B1EE39 C:\i386\atapi.sys --a--c 95360 bytes [20:09 06/11/2005] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51 C:\i386\COMPDATA\DECATAPI.HTM --a--c 881 bytes [17:42 10/08/2004] [10:00 04/08/2004] FDA00ABB8831E4903E9442E9B01843ED C:\i386\COMPDATA\DECATAPI.TXT --a--c 449 bytes [17:42 10/08/2004] [10:00 04/08/2004] F5A5EAC5B4790D90031B913DD5D559A5 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir --a--c 96512 bytes [09:12 31/12/2009] [09:12 31/12/2009] EEDFCA9A9015C2F396E62B99F1343868 C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 95360 bytes [05:05 15/05/2008] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51 C:\WINDOWS\erdnt\cache\atapi.sys --a--c 96512 bytes [20:46 15/01/2010] [20:50 08/01/2010] 9F3A2F5AA6875C72BF062C712CFA2674 C:\WINDOWS\ServicePackFiles\i386\atapi.sys -----c 96512 bytes [04:58 15/05/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674 C:\WINDOWS\system32\dllcache\atapi.sys -----c 96512 bytes [03:59 04/08/2004] [20:50 08/01/2010] 9F3A2F5AA6875C72BF062C712CFA2674 C:\WINDOWS\system32\dllcache\atapi.sys.tmp --a--c 96512 bytes [03:59 04/08/2004] [04:51 02/01/2010] 9F3A2F5AA6875C72BF062C712CFA2674 C:\WINDOWS\system32\drivers\atapi.sys -----c 96512 bytes [09:12 31/12/2009] [20:50 08/01/2010] 9F3A2F5AA6875C72BF062C712CFA2674 C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys --a--c 96512 bytes [06:09 17/05/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674 -=End Of File=-

Edited by Gordon22, 18 January 2010 - 08:30 PM.

    Advertisements

Register to Remove

#17 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 19 January 2010 - 12:30 AM

Hi,

No worries about GMER, we shall skip that and move on to the next.

Please uninstall the following Programs using the Add/Remove Programs utility if they exist.
My Way Search Assistant

Detailed steps below :-
On the Windows XP taskbar:
Click Start > Control Panel.
In the Control Panel window, double-click Add or Remove Programs.

===================================================

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
You can delete JavaRa.Zip, and the unzipped JavaRa.exe now.


Install Java Runtime Environment 6 Update 18
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 18 and Save it to your Desktop.
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 18 The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click Continue
  • Click on the link to download Windows Offline Installation and Save the file to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button.
  • here are two options in the window to clear the cache - Leave BOTH Checked
  • Applications and Applets
  • Trace and Log Files
[*]Click OK on Delete Temporary Files Window.
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
[*]Click OK to leave the Temporary Files Window.
[*]Click OK to leave the Java Control Panel.
[*]Delete jre-6u18-windows-i586.exe from your desktop.
[/list]===================================================

Eset online scannner

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
===================================================

Please run DDS again
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • Save report to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
===================================================

On your next reply please post :
JavaRA
ESET log
DDS log

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#18 Gordon22

Gordon22

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 19 January 2010 - 05:21 PM

I could not remove "my way search assistant". Pretty much said there was no file. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Jan 19 11:29:19 2010 Found and removed: C:\Program Files\Java\j2re1.4.2_03 Found and removed: C:\Program Files\Java\jre1.5.0_03 Found and removed: C:\Program Files\Java\jre1.5.0_06 Found and removed: C:\Program Files\Java\jre1.6.0_07 Found and removed: C:\Documents and Settings\G-Man\Application Data\Sun\Java\jre1.6.0_13 Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142030} Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4 Found and removed: Software\JavaSoft\Java2D\1.5.0_03 Found and removed: Software\JavaSoft\Java2D\1.5.0_06 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510003 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510003 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510003 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\JavaPlugin.150_03 Found and removed: SOFTWARE\Classes\JavaPlugin.150_06 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_03 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_03 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150030} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060} Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_04 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142030} Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410203 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410203 Found and removed: SOFTWARE\Classes\JavaPlugin.142_03 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_03 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\JavaPlugin.142_03 Found and removed: Software\Classes\JavaPlugin.160_04 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACB9B14518A96D117A58000B0D410203 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07 Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_03\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip ------------------------------------ Finished reporting. ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=c8b701eb10331746973c0c995fd0bcce # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-01-19 09:42:17 # local_time=2010-01-19 01:42:17 (-0800, Pacific Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 52452793 52452793 0 0 # compatibility_mode=768 16777215 100 0 52959295 52959295 0 0 # compatibility_mode=5121 16776533 100 96 5092955 16763277 0 0 # compatibility_mode=5891 16776869 100 100 0 17628869 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=185727 # found=18 # cleaned=18 # scan_time=7204 C:\Documents and Settings\G-Man\Local Settings\Application Data\RadarSync\RadarSync\636615.exe a variant of Win32/AdInstaller application (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\41.exe.vir a variant of Win32/Kryptik.BWC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\smss32.exe.vir Win32/TrojanDownloader.FakeAlert.AED trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon32.exe.vir Win32/TrojanDownloader.FakeAlert.AED trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP158\A0103208.vwp a variant of Win32/Kryptik.AHD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP158\A0103537.exe a variant of Win32/Kryptik.CB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP158\A0105202.vwp a variant of Win32/Kryptik.AHD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP158\A0105520.exe a variant of Win32/Kryptik.CB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP158\A0106202.vwp a variant of Win32/Kryptik.AHD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP160\A0111340.exe Win32/TrojanDownloader.FakeAlert.AED trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP160\A0111355.exe Win32/TrojanDownloader.FakeAlert.AED trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP160\A0111377.exe Win32/TrojanDownloader.FakeAlert.AED trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP163\A0111796.exe Win32/TrojanDownloader.FakeAlert.AED trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP163\A0111990.dll Win32/TrojanDownloader.FakeAlert.ASH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP163\A0111991.exe Win32/TrojanDownloader.FakeAlert.AED trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP167\A0120877.exe a variant of Win32/AdInstaller application (deleted - quarantined) 00000000000000000000000000000000 C K:\Documents and Settings\G-Man\Local Settings\Application Data\RadarSync\RadarSync\636615.exe a variant of Win32/AdInstaller application (deleted - quarantined) 00000000000000000000000000000000 C K:\Limewire shared files\Ikimonogakari - Hanabi.mp3 probably a variant of Win32/TrojanDropper.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C DDS (Ver_09-12-01.01) - NTFSx86 Run by G-Man at 14:50:56.03 on Tue 01/19/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1221 [GMT -8:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee.com\Agent\mcagent.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Microsoft Office\Office\OSA.EXE c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\StkASv2K.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\WINDOWS\explorer.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\Documents and Settings\G-Man\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearch Bar = hxxp://www.comcast.net/toolbar2.0/search/ uInternet Settings,ProxyOverride = <local>;*.local uSearchAssistant = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.comcast.net/toolbar2.0/search/ BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Beta: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL TB: &Windows Live Toolbar Beta: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [CTSysVol] "c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe" /r mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE" mRun: [UpdReg] c:\windows\UpdReg.EXE mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [ISUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe" -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [snpstd3] c:\windows\vsnpstd3.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [DMXLauncher] "c:\program files\dell\media experience\DMXLauncher.exe" mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [CTHelper] CTHELPER.EXE mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\g-man\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE StartupFolder: c:\docume~1\g-man\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?1e8ce2536a3445edbd876958dda83ee4 IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?1e8ce2536a3445edbd876958dda83ee4 IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: amazon.com\www Trusted Zone: ebay.com\www Trusted Zone: myspace.com\www Trusted Zone: youtube.com\www DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.yorkphoto.com/YorkActivia.cab DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab47946.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Notify: WRNotifier - WRLogonNTF.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\g-man\applic~1\mozilla\firefox\profiles\qsc4bbo6.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://webauth.comcast.net/auth/login?url=http%253A%252F%252Fwww.comcast.net%252Fqry%252Fgoto%253Fapp%253Dmail%2526CM.src%253Dtop FF - prefs.js: keyword.URL - hxxp://www.ffsearch.net/search/?q= FF - component: c:\documents and settings\g-man\application data\mozilla\firefox\profiles\qsc4bbo6.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\documents and settings\g-man\application data\mozilla\firefox\profiles\qsc4bbo6.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2006-9-28 11000] R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2006-11-29 3968] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-22 214664] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-7-22 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-7-22 144704] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-5-5 92672] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-5-5 548352] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-5-6 560576] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-7-22 606736] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-22 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-22 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-22 40552] S3 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2006-9-28 312880] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-5-5 92672] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-5-5 548352] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-5-5 94208] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-5-5 94208] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-5-6 560576] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2005-11-4 17149] S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-8-17 29744] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-22 34248] =============== Created Last 30 ================ 2010-01-19 19:37:12 0 dc----w- c:\program files\ESET 2010-01-19 19:33:18 73728 -c--a-w- c:\windows\system32\javacpl.cpl 2010-01-17 01:27:31 0 dc-h--w- c:\windows\ie8 2010-01-17 01:22:10 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-01-17 01:22:10 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-01-15 19:51:55 98816 -c--a-w- c:\windows\sed.exe 2010-01-15 19:51:55 77312 -c--a-w- c:\windows\MBR.exe 2010-01-15 19:51:55 261632 -c--a-w- c:\windows\PEV.exe 2010-01-15 19:51:55 161792 -c--a-w- c:\windows\SWREG.exe 2010-01-11 23:49:15 0 dc----w- c:\docume~1\g-man\applic~1\WinPatrol 2010-01-11 23:48:51 0 dc----w- c:\program files\BillP Studios 2010-01-10 22:34:46 181120 -c----w- c:\windows\system32\MpSigStub.exe 2010-01-10 22:32:05 0 dc----w- c:\program files\Microsoft Security Essentials 2010-01-02 05:23:58 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll 2009-12-31 09:12:49 96512 -c----w- c:\windows\system32\drivers\atapi.sys ==================== Find3M ==================== 2010-01-19 19:32:55 411368 -c--a-w- c:\windows\system32\deploytk.dll 2009-10-29 07:45:38 916480 -c----w- c:\windows\system32\wininet.dll 2007-10-19 05:44:09 56 -csh--r- c:\windows\system32\4DA19DB265.sys 2007-10-19 05:44:09 3036 -csha-w- c:\windows\system32\KGyGaAvL.sys 2008-05-15 07:54:22 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051520080516\index.dat ============= FINISH: 14:52:17.79 ===============

#19 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 21 January 2010 - 02:57 AM

Please run SystemLook again
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
C:\Documents and Settings\G-Man\Local Settings\Application Data\RadarSync\RadarSync\

:filefind
636615.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#20 Gordon22

Gordon22

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 21 January 2010 - 04:25 PM

SystemLook v1.0 by jpshortstuff (11.01.10) Log created at 14:04 on 21/01/2010 by G-Man (Administrator - Elevation successful) ========== dir ========== C:\Documents and Settings\G-Man\Local Settings\Application Data\RadarSync\RadarSync - Parameters: "(none)" ---Files--- 154564.exe --a--c 1990640 bytes [23:08 13/05/2009] [23:08 13/05/2009] 154564.rsinfo --a--c 160 bytes [23:08 13/05/2009] [23:08 13/05/2009] 17974.exe --a--c 3012768 bytes [23:08 13/05/2009] [23:09 13/05/2009] 406930.exe --a--c 1267 bytes [23:08 13/05/2009] [23:08 13/05/2009] 406953.exe --a--c 1267 bytes [23:08 13/05/2009] [23:08 13/05/2009] 407161.exe --a--c 1267 bytes [23:08 13/05/2009] [23:08 13/05/2009] 408953.exe --a--c 2513432 bytes [23:08 13/05/2009] [23:08 13/05/2009] 408998.exe --a--c 2513432 bytes [23:08 13/05/2009] [23:08 13/05/2009] 409013.exe --a--c 2513432 bytes [23:08 13/05/2009] [23:09 13/05/2009] 409073.exe --a--c 2513432 bytes [23:08 13/05/2009] [23:09 13/05/2009] 409088.exe --a--c 2513432 bytes [23:08 13/05/2009] [23:08 13/05/2009] 409145.exe --a--c 2513432 bytes [23:08 13/05/2009] [23:08 13/05/2009] 409164.exe --a--c 2513432 bytes [23:08 13/05/2009] [23:09 13/05/2009] 409181.exe --a--c 2513432 bytes [23:08 13/05/2009] [23:09 13/05/2009] 409198.exe --a--c 2513432 bytes [23:08 13/05/2009] [23:10 13/05/2009] 409215.exe --a--c 2513432 bytes [23:08 13/05/2009] [23:09 13/05/2009] 409232.exe --a--c 2513432 bytes [23:08 13/05/2009] [23:09 13/05/2009] 447740.exe --a--c 1267 bytes [23:08 13/05/2009] [23:09 13/05/2009] 465765.exe --a--c 36222737 bytes [23:08 13/05/2009] [23:10 13/05/2009] 471448.rsinfo --a--c 177 bytes [23:08 13/05/2009] [23:08 13/05/2009] 471475.rsinfo --a--c 187 bytes [23:08 13/05/2009] [23:08 13/05/2009] 636615.rsinfo --a--c 170 bytes [23:08 13/05/2009] [23:08 13/05/2009] 665284.rsinfo --a--c 144 bytes [23:08 13/05/2009] [23:08 13/05/2009] 675311.exe --a--c 16409960 bytes [23:08 13/05/2009] [23:11 13/05/2009] 700873.exe --a--c 16409960 bytes [23:08 13/05/2009] [23:11 13/05/2009] 720460.exe --a--c 12248560 bytes [23:08 13/05/2009] [23:09 13/05/2009] 8463.exe --a--c 19387336 bytes [23:08 13/05/2009] [23:10 13/05/2009] ---Folders--- 2.0.1.1 d----c [23:05 13/05/2009] archive d----c [23:07 13/05/2009] hidden d----c [23:07 13/05/2009] ========== filefind ========== Searching for "636615.exe" No files found. -=End Of File=-

#21 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 22 January 2010 - 02:47 AM

Hi,

Do you use RadarSync often for your computer? You might want to uninstall it if you don't use it regularly as this software contains adware which you may want to avoid. Here is the link for your reference : http://www.siteadvis....com/downloads/
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#22 Gordon22

Gordon22

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 22 January 2010 - 09:17 AM

OK, i uninstalled it. I never used it anyways, as far as i know of.

#23 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 22 January 2010 - 09:06 PM

Hi,

Are you still having any problems with your computer? If there are no problems anymore and you feel like it is back where it used to be, we will shall do some clean ups with the tools we used.

Now I want you to delete SystemLookup and any notepads that we have created to reduce clutter on your desktop.

Then,

Click the Start button, click Run. Copy and paste the following line into the run box and click OK
Combofix /uninstall

===================================================

Now to remove most of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
===================================================
Here are some tips to reduce the potential for spyware infection in the future:
  • Make your Internet Explorer More Secure
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab.
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.

      • Change the Download signed ActiveX controls to Prompt.
      • Change the Download unsigned ActiveX controls to Disable.
      • Change the Initialise and script ActiveX controls not marked as safe to Disable.
      • Change the Installation of desktop items to Prompt.
      • Change the Launching programs and files in an IFRAME to Prompt.
      • Change the Navigate sub-frames across different domains to Prompt.
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Consider a custom hosts file such as MVPS HOSTS - This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    For information on how to download and install, please read this tutorial by WinHelp2002
    Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Please also read Tony Klein's excellent article:
How I got
Infected in the First Place


Follow this list and your potential for being infected again will reduce dramatically.

Hopefully this should take care of your problems! Good luck.

**Please respond this one more time to ensure it is resolved.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#24 Gordon22

Gordon22

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 22 January 2010 - 11:33 PM

Ok. I did everything you said and my computer is running great. I really appreciate your, time, patience and hard work. Thank you very much. :D

#25 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 23 January 2010 - 02:24 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

    Advertisements

Register to Remove

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·