Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Crazed Luddite attempts to save computer.

Started by Baruga , Mar 16 2011 03:29 PM

  • This topic is locked This topic is locked
150 replies to this topic

#76 Baruga

Baruga

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 18 March 2011 - 06:18 PM

Ok, just to be clear: When I finish this process do I reboot the machine? (It ain't easy bein' me Tom) :blush:

    Advertisements

Register to Remove

#77 Baruga

Baruga

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 18 March 2011 - 06:26 PM

That was really quick. I have some free MBs now! (Whatever the heck they are) This is getting easier.....I feel as though I may be ready to perform brain surgery within the next few days. :wacko:

#78 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 18 March 2011 - 06:36 PM

Yep. That process is very quick. Can you please describe for me how things are running now?
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#79 Baruga

Baruga

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 18 March 2011 - 06:49 PM

Well, things are running no differently really.... Things were never running slow....there are the usual annoyances with Facebook, but that is the fault of that ADHD Poster Boy, Zuckerberg. The freezing up, which only happened if I tried to close to many pages down to quickly, stopped happening as of yesterday. And that had only been occasional. I'm assuming that the virus and malware that was here would be more problematic for people who use their machine in a more sophisticated manner than I do... I use gmail, I use facebook, and I cruise the web and youtube.....I do a fair amount of academic research, so I stick to University sites, and more reputable sources.....I don't play games and I don't do any financial transactions whatsoever - I think that is crazy. One thing I do know about the internet - it is NEVER private and NEVER secure. What I need, is to be able to use my headset, so that I can use Gmail callphone....but when the troubles started, I ended up dumping my Realtek, and I guess the malware would not allow it to properly reinstall. I have sound from my speakers and headset, but my voice is not picked up. I don't have a camera thing, and I never will. It's creepy to have your image online...people do warped things with people's pictures... And I don't understand what Windows Defender is on about. In one place it keeps telling me I have no virus protection....but in another place it says that I do. When I run scans on defender , it has ALWAYS said, everything is AOK....Which is why I was shocked to find over 250 viruses and malware things. I ran a quick video on youtube, and that worked fine..... What else should I do to see that "things are running fine"

#80 Baruga

Baruga

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 18 March 2011 - 06:53 PM

Correction: Facebook is MUCH faster loading pages.....

#81 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 18 March 2011 - 07:14 PM

Please run me a new set of DDS logs (thats the logs from the first program you posted in this thread). I'll look it over one more time to see what I can, then if it is looking good... we'll clean up and let you head over to the windows forums to fix your sound.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#82 Baruga

Baruga

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 18 March 2011 - 07:28 PM

k secsvcs C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Owner\Downloads\dds (1).scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.ca/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://en.ca.acer.yahoo.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - uURLSearchHooks: H - No File mURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [SpiralFrog] c:\program files\spiralfrog\Spiralfrog.exe mRun: [WHITNEY_S2P] c:\program files\samsung\samsung scx-4x21 series\psu\Scan2pc.exe mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript dRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\acerpr~1.lnk - c:\program files\acer registration\ACE1.exe StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Yahtzee/Images/stg_drm.ocx DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL AppInit_DLLs: c:\progra~1\google\google~4\GoogleDesktopNetwork3.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\r1yjv0iq.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRfox000&fl=0&ptb=3MvANHFNQxb.yvOnb3UHZg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\r1yjv0iq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2007-9-14 269448] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-5 21504] R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2007-12-26 5120] R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2007-9-13 454520] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2007-9-13 46592] S1 avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112] S2 avgfws;AVG Firewall;"c:\program files\avg\avg10\avgfws.exe" --> c:\program files\avg\avg10\avgfws.exe [?] S2 avgwd;AVG WatchDog;"c:\program files\avg\avg10\avgwdsvc.exe" --> c:\program files\avg\avg10\avgwdsvc.exe [?] S2 gupdate1c9c6d11bff959c;Google Update Service (gupdate1c9c6d11bff959c);c:\program files\google\update\GoogleUpdate.exe [2009-4-26 133104] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-3-25 30192] =============== Created Last 30 ================ 2011-03-18 14:34 <DIR> --d----- c:\program files\ESET 2011-03-17 23:39 <DIR> --dsh--- C:\$RECYCLE.BIN 2011-03-17 14:38 256,512 a------- c:\windows\PEV.exe 2011-03-17 14:38 161,792 a------- c:\windows\SWREG.exe 2011-03-17 14:38 98,816 a------- c:\windows\sed.exe 2011-03-17 14:38 89,088 a------- c:\windows\MBR.exe 2011-03-16 20:48 <DIR> --d----- c:\users\owner\appdata\roaming\Malwarebytes 2011-03-16 20:47 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-16 20:47 <DIR> --d----- c:\programdata\Malwarebytes 2011-03-16 20:47 <DIR> --d----- c:\progra~2\Malwarebytes 2011-03-16 20:47 20,952 a------- c:\windows\system32\drivers\mbam.sys 2011-03-16 20:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2011-03-12 13:41 <DIR> --d----- c:\programdata\McAfee 2011-03-11 14:47 429,056 a------- c:\windows\system32\EncDec.dll 2011-03-11 14:47 322,560 a------- c:\windows\system32\sbe.dll 2011-03-11 14:47 177,664 a------- c:\windows\system32\mpg2splt.ax 2011-03-11 14:47 153,088 a------- c:\windows\system32\sbeio.dll 2011-03-11 14:41 2,067,968 a------- c:\windows\system32\mstscax.dll 2011-03-11 14:41 677,888 a------- c:\windows\system32\mstsc.exe 2011-03-02 20:04 <DIR> --d----- c:\program files\iPod 2011-03-02 20:04 <DIR> --d----- c:\program files\iTunes 2011-03-02 19:59 <DIR> --d----- c:\program files\Bonjour 2011-02-23 17:39 2,048 a------- c:\windows\system32\winrsmgr.dll ==================== Find3M ==================== 2011-03-02 20:01 143,360 a------- c:\windows\inf\infstrng.dat 2011-03-02 20:01 86,016 a------- c:\windows\inf\infstor.dat 2011-03-02 20:01 51,200 a------- c:\windows\inf\infpub.dat 2011-02-02 22:40 472,808 a------- c:\windows\system32\deployJava1.dll 2011-02-02 18:11 222,080 -------- c:\windows\system32\MpSigStub.exe 2011-01-20 13:37 638,336 a------- c:\windows\system32\drivers\dxgkrnl.sys 2011-01-20 13:08 478,720 a------- c:\windows\system32\dxgi.dll 2011-01-20 13:08 1,029,120 a------- c:\windows\system32\d3d10.dll 2011-01-20 13:08 219,648 a------- c:\windows\system32\d3d10_1core.dll 2011-01-20 13:08 189,952 a------- c:\windows\system32\d3d10core.dll 2011-01-20 13:08 160,768 a------- c:\windows\system32\d3d10_1.dll 2011-01-20 13:07 37,376 a------- c:\windows\system32\cdd.dll 2011-01-20 13:07 258,048 a------- c:\windows\system32\winspool.drv 2011-01-20 13:07 586,240 a------- c:\windows\system32\stobject.dll 2011-01-20 13:06 2,873,344 a------- c:\windows\system32\mf.dll 2011-01-20 13:06 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll 2011-01-20 13:04 209,920 a------- c:\windows\system32\mfplat.dll 2011-01-20 13:04 98,816 a------- c:\windows\system32\mfps.dll 2011-01-20 11:28 1,554,432 a------- c:\windows\system32\xpsservices.dll 2011-01-20 11:27 876,032 a------- c:\windows\system32\XpsPrint.dll 2011-01-20 11:26 667,648 a------- c:\windows\system32\printfilterpipelinesvc.exe 2011-01-20 11:25 847,360 a------- c:\windows\system32\OpcServices.dll 2011-01-20 11:24 288,768 a------- c:\windows\system32\XpsGdiConverter.dll 2011-01-20 11:24 135,680 a------- c:\windows\system32\XpsRasterService.dll 2011-01-20 11:15 979,456 a------- c:\windows\system32\MFH264Dec.dll 2011-01-20 11:14 357,376 a------- c:\windows\system32\MFHEAACdec.dll 2011-01-20 11:14 302,592 a------- c:\windows\system32\mfmp4src.dll 2011-01-20 11:14 261,632 a------- c:\windows\system32\mfreadwrite.dll 2011-01-20 11:12 1,172,480 a------- c:\windows\system32\d3d10warp.dll 2011-01-20 11:11 486,400 a------- c:\windows\system32\d3d10level9.dll 2011-01-20 10:47 683,008 a------- c:\windows\system32\d2d1.dll 2011-01-20 10:44 1,068,544 a------- c:\windows\system32\DWrite.dll 2011-01-20 10:44 797,184 a------- c:\windows\system32\FntCache.dll 2011-01-08 05:47 34,304 a------- c:\windows\system32\atmlib.dll 2011-01-08 03:28 292,352 a------- c:\windows\system32\atmfd.dll 2010-12-31 10:57 2,039,808 a------- c:\windows\system32\win32k.sys 2010-12-28 12:55 413,696 a------- c:\windows\system32\odbc32.dll 2009-11-18 10:10 665,600 a------- c:\windows\inf\drvindex.dat 2009-08-06 14:21 108 a------- c:\users\owner\appdata\roaming\wklnhst.dat 2008-08-12 23:58 48 a---h--- c:\programdata\ezsidmv.dat 2008-08-12 23:58 48 a---h--- c:\progra~2\ezsidmv.dat 2008-04-05 21:59 174 a--sh--- c:\program files\desktop.ini 2006-11-02 09:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 09:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 09:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 09:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 06:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 06:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 06:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 06:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2010-09-29 16:11 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat 2010-09-29 16:11 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat 2010-09-29 16:11 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat 2010-10-18 08:38 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2010-10-18 08:38 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2010-10-18 08:38 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat 2010-08-13 19:37 262,144 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2010-11-19 22:42 262,144 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat 2007-12-14 14:19 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT ============= FINISH: 22:24:55.81 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-06-26.01) Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 14/12/2007 12:26:17 PM System Uptime: 18/03/2011 10:33:07 AM (12 hours ago) Motherboard: Acer | | F672CR Processor: Intel® Pentium® D CPU 3.00GHz | Socket 775 | 3000/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 72 GiB total, 29.525 GiB free. D: is FIXED (NTFS) - 72 GiB total, 70.737 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1012: 15/03/2011 11:13:12 AM - Windows Update RP1014: 17/03/2011 6:40:41 PM - Scheduled Checkpoint RP1015: 18/03/2011 10:41:40 AM - Windows Update ==== Installed Programs ====================== Acer Arcade Live Main Page Acer Assist Acer DV Magician Acer DVDivine Acer eDataSecurity Management Acer Empowering Technology Acer ePerformance Management Acer HomeMedia Acer HomeMedia Connect Acer Registration Acer ScreenSaver Acer SlideShow DVD Acer Tour Acer VideoMagician Activation Assistant for the 2007 Microsoft Office suites Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.3 APC PowerChute Personal Edition Apple Application Support Apple Mobile Device Support Apple Software Update AVG 2011 Bonjour CCleaner (remove only) DivX Setup Google Chrome Google Desktop Google Earth Google Gmail Notifier Google Photos Screensaver Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper Google Updater Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) iPhone Configuration Utility iTunes Java Auto Updater Java™ 6 Update 24 LightScribe 1.4.142.1 Malwarebytes' Anti-Malware Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Works MobileMe Control Panel Mozilla Firefox (3.0.8) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Picasa 2 QuickTime RealPlayer RealUpgrade 1.1 Revo Uninstaller 1.90 Safari SAMSUNG Dr. Printer Samsung SCX-4x21 Series Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2289158) Security Update for 2007 Microsoft Office System (KB2344875) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office Excel 2007 (KB2345035) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office PowerPoint Viewer (KB2413381) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) SiS VGA Utilities Skype Toolbars Skype™ 5.0 SmarThru 4 SmarThru PC Fax SpiralFrog Download Manager 0.8.24 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VC80CRTRedist - 8.0.50727.4053 Windows Media Player Firefox Plugin ==== Event Viewer Messages From Past Week ======== 18/03/2011 10:34:32 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgfwfd AVGIDSEH 18/03/2011 10:34:32 AM, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The system cannot find the file specified. 18/03/2011 10:34:32 AM, Error: Service Control Manager [7000] - The AVG Firewall service failed to start due to the following error: The system cannot find the file specified. 18/03/2011 10:33:34 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer SmarThru PC Fax with shared resource name SmarThru PC Fax. Error 2114. The printer cannot be used by others on the network. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.67.3.190:63331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.67.159.110:63331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.67.143.213:63331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.67.143.213:6331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.67.134.160:63331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.67.130.140:63331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.66.93.59:6331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.66.89.123:6331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.66.88.19:6331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.66.88.128:6331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.66.8.97:6331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.66.4.39:6331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.66.28.74:6331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.66.28.127:6331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.66.24.93:63331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.66.21.157:63331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.66.20.181:6331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.66.20.106:6331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.66.2.207:6331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.66.2.156:6331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.66.18.123:6331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.66.16.213:63331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.66.16.197:6331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 70.66.12.109:6331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 24.138.60.150:63331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.98.3:63331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.100.11:63331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.100.11:6331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.192.218:63331. The error status code is contained within the returned data. 18/03/2011 10:33:29 AM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.192.218:6331. The error status code is contained within the returned data. 17/03/2011 11:35:46 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 17/03/2011 10:16:52 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgfwfd 17/03/2011 10:16:52 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 17/03/2011 10:15:59 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Send To OneNote 2007 with shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used by others on the network. 17/03/2011 10:15:59 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Samsung SCX-4x21 Series with shared resource name Samsung SCX-4x21 Series. Error 2114. The printer cannot be used by others on the network. 16/03/2011 3:16:16 PM, Error: EventLog [6008] - The previous system shutdown at 3:12:52 PM on 16/03/2011 was unexpected. 14/03/2011 4:22:06 PM, Error: EventLog [6008] - The previous system shutdown at 4:19:33 PM on 14/03/2011 was unexpected. 14/03/2011 2:49:39 PM, Error: EventLog [6008] - The previous system shutdown at 2:44:56 PM on 14/03/2011 was unexpected. 11/03/2011 11:41:59 PM, Error: EventLog [6008] - The previous system shutdown at 11:36:10 PM on 11/03/2011 was unexpected. ==== End Of File ===========================

#83 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 18 March 2011 - 08:16 PM

Alright.

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Firefox::
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\r1yjv0iq.default\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

Folder::
c:\program files\AVG
c:\programdata\McAfee

Driver::
avgfwfd
avgfws
avgwd
AVG Security Toolbar Service
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    If you are unable to save this file to your desktop (homepage), don't continue with below instructions... stop and post to me where you saved the CFScript.txt file.

  • Disable your Windows Defender again.
  • Click on Start, run, and in the runbox copy/paste the following: "c:\users\Owner\Downloads\ComboFix.exe" "%userprofile%\desktop\CFScript.txt"
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#84 Baruga

Baruga

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 18 March 2011 - 08:22 PM

I'm going to take this on tomorrow Tom. We are having very high winds here, and I am nervous of losing power in the middle of some operation. I understand that you may not be around much over the next few days. Enjoy your weekend! :notworthy:

#85 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 18 March 2011 - 09:22 PM

That message is basically for the summertime when I spend a significant number of weekends at our ranch (no cell service, electricity, internet.... people :woot: ) I'll be around this weekend.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

    Advertisements

Register to Remove

#86 Baruga

Baruga

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 19 March 2011 - 08:23 AM

Good morning Tom :) Oh, how I love human-free-off-the-grid zones!!! I've spent a fair amount of time in the bush myself. :D , which is why I am mostly Luddite. I rejected pretty much all technology between the years of 1995 and 2005, after having spent thousands of dollars on computer courses that became obsolete about a month after I completed them.....and I have not had a tv for 20 years. Anyhoo - here we are entrenched in the machine. Just wanted to let you know about some stuff before I launch into the next step here. I did have some issues last night....I tried to watch some online documentaries, but they kept stalling. I rebooted a few times, and it seems that my browser is not closing down properly (that has been a little issue for a while too) I close each window, and then shut down - but when I start up again, I am informed that "Google Chrome did not close properly, click restore"....so there is something going on there. Finally, that INFERNAL AVG picture is still on my opening screen, so I assume that means that it is still inside this box somewhere. K...Imma get a new tea, write out your latest instructions, and then dive in.

#87 Baruga

Baruga

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 19 March 2011 - 09:10 AM

Geez... I can't even begin this process. When I click on the blue Combofix thing...nothing happens.

#88 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 19 March 2011 - 11:07 AM

Nothing is supposed to happen. It's not a link. It's just a title. There are no links to click on in those instructions. You need to just follow the instructions.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#89 Baruga

Baruga

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 19 March 2011 - 11:36 AM

:wacko: Alrighty then. :blush: Just gonna have some lunch and I will try again.

#90 Baruga

Baruga

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 19 March 2011 - 12:08 PM

I'm sorry Tom....I don't understand these instructions at all.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·