Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] At Wits End

Started by mickey7 , Sep 30 2009 08:12 PM

  • This topic is locked This topic is locked
7 replies to this topic

#1 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 30 September 2009 - 08:12 PM

I am wondering if anyone can help. I had posted this in the mail forum but closed it because the "professionals" were coming to take a look at the problem. Here it is: My father had been having on and off again issues with his mail. Now it is a constant battle. Basically, he cannot send attachments. I am posting it here instead of in the mail forum the reason will becom clear in just a moment.
He has an HP touchsmart IQ 770 PC (one of the first models)
He is running Vista Home Premium Service Pack 1.

At first we thought it was a conflict with windows mail and norton. He spent numerous hours on the phone with them. They had him uninstall and the problem still existed. So he put that back on. He then called the ISP. They had him tweak a few settings in the windows mail settings and this did not solve the problem either. They finally, suggested he use a third party mail program, like Thunderbird. We installed that on his machine and that did not help. (Plus he did not like the interface.) So back to windows mail. We did get rid of norton and did use the removal tool and have since installed AVG on the machine. He got so frustrated that he had the local computer patrol come out to his house and assess the situation. They could not get his account to work either. On other machines as well. The tech had the ISP delete the account and reissue it. This did nothing. He then suggested that the router was the problem and said he should get a new one. He did and nothing changed. So the tech then said it must be his cable modem and had the cable guy sent out to assess that. Nothing was wrong there either. So now they are thinking that maybe it is on their end after all. SO another tech comes out and verifies that somewhere along the 7th step (?) it fails to send. That now becomes an engineering issue. They won't do anything for just one user, basically they told him to again use a third party or web based email. They suggested gmail. So I set him up on a gmail account and imported all his contacts and also configured the windows mail to use that gmail account. He STILL had the attachment issue. So I tried setting him up with Yahoo. mail. The problem exists there as well. It did not matter what size attachment was attempted to be added either. The only difference is that with his original isp mail account and the gmail one used through windows mail and using yahoo or the gmail via the web is that the windows mail program attached the attachments but would not send and the others failed to attach. Text emails are fine and forwarded emails with attachments ususally go as well. It is primarily when he tries to create an email and attach something to it that it fails. This is extremely frustrating to him and now me as he is constantly querying me on how to fix this. I am at a loss. There are other internet users in his household that have no problem using hotmail or yahoo mail etc. I have logged into yahoo with my account on his machine and seem to have the same issue. But not from my laptop. This is, finally, what leads me to post this in this forum instead of mail. I think there is something, somewhere on this machine that is simply just not being caught but the normal scans. Posted below are the results of his HJT log and his Malwarebytes log. Please find something. This is an othewise great computer. Thank you in advance. Mickey7
Malwarebytes Log:
Malwarebytes' Anti-Malware 1.41
Database version: 2879
Windows 6.0.6001 Service Pack 1

9/30/2009 8:22:47 PM
mbam-log-2009-09-30 (20-22-47).txt

Scan type: Quick Scan
Objects scanned: 85284
Time elapsed: 7 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:16 PM, on 8/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ptd.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PC Hardware Manager] C:\Program Files\PC Hardware Manager\PCHardwareManager.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Preload.lnk = ? (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll (file missing)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 8317 bytes

Edited by mickey7, 30 September 2009 - 08:13 PM.

    Advertisements

Register to Remove

#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 02 October 2009 - 07:48 PM

:welcome:

You said you uninstalled Norton and ran there removal tool but I still see part of Norton running as a service on this computer.

Not sure whats going on, lets do a few things and if it looks like your system is malware and virus free I can link you to some excellent windows support sites that may help you.


Please download RootRepeal one of these locations and save it to your desktop
Here
Here
Here
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check just these boxes:
  • Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:, and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.




Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.com
  • DDS.scr
  • DDS.pif
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control Here

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 03 October 2009 - 09:59 AM

Ken, I don't know what is going on. I am not sure if there is a problem with the scan or if it really takes hours. I ran the scan once. Although I don't think it did anything but lock up the system. I downloaded it from the first link and ran it. All was as you stated except that after you pushed ok after checking the boxes it just flashed something in the main box and then started scanning. It showed the hidden processes tab as the active tab and stated scanning in the bottom left corner. It seemed to be going forever and when I checked the scanning was not showing in the bottom any more and nothing was available but to click the red x. Even after "closing" the program it continued to run in the background or something and I could not shut it down even from taskmanager. I have to force a reboot of the system. I deleted that version and downloaded it again from the second link but have had the same results. I get nothing to show a report or any results etc... I tried to download the dds from the first link but it gave me page cannot be displayed. I was successful from the second but chose not to run it because I was not sure if it had to be run after the first or if it could be run anytime. What is the next step?

#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 03 October 2009 - 01:11 PM

OK, lets do this, we will just disable Symantec for the time being.

  • Go to Start> Run and type in services.msc then press Enter
  • Scroll down to Symantec RemoteAssist -
  • Double Click that service to open it.
  • Click on Stop Service.
  • Then change the Startup Type to Disabled.
  • OK your way out of the program.


Try either or both of these.

Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries






Please download Rooter Rootkit Detector to your Desktop
  • Doubleclick it to start the tool.
  • A Notepad file containing the report will open, also found at %systemdrive% (usually C:\Rooter.txt.
  • Post the report for me to see.





Then run this scan, it wont fix anything but I need to see the report

Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.com
  • DDS.scr
  • DDS.pif
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control Here

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#5 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 04 October 2009 - 10:21 AM

Ok this time we had better results. All scans ran through with no trouble. I am however, having difficulty uploading the first gmer file. At first I thought it was because I have all three scans in the post (I was told the post was too big and to reduce it.) I then tried to repost it again one post at a time starting with the gmer file alone. It still would't post stating it was too large and to reduce it. I will try posting the other files first.
Here is the rooter file:
Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows Vista Home Edition (6.0.6001) Service Pack 1
[32_bits] - x86 Family 15 Model 72 Stepping 2, AuthenticAMD
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Disabled !
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.6001.18813
Mozilla Firefox 3.0.13 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:291 Go - Free:218 Go )
D:\ [Fixed-NTFS] .. ( Total:6 Go - Free:0 Go )
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
.
Scan : 11:29.38
Path : C:\Users\Lew\Desktop\Rooter.exe
User : Lew ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (420)
Locked csrss.exe (496)
Locked wininit.exe (548)
Locked csrss.exe (560)
Locked services.exe (600)
Locked lsass.exe (612)
Locked lsm.exe (620)
Locked winlogon.exe (796)
Locked svchost.exe (904)
Locked svchost.exe (960)
Locked svchost.exe (1000)
Locked svchost.exe (1108)
Locked svchost.exe (1136)
Locked audiodg.exe (1200)
Locked svchost.exe (1220)
Locked SLsvc.exe (1240)
Locked svchost.exe (1308)
Locked svchost.exe (1516)
Locked AAWService.exe (1636)
Locked spoolsv.exe (1744)
Locked svchost.exe (1768)
Locked AEADISRV.EXE (1944)
Locked avgwdsvc.exe (1976)
Locked svchost.exe (1988)
Locked LSSrvc.exe (2032)
Locked svchost.exe (316)
Locked svchost.exe (592)
Locked svchost.exe (824)
Locked SeaPort.exe (740)
Locked svchost.exe (1508)
Locked avgrsx.exe (1532)
Locked avgnsx.exe (1916)
Locked svchost.exe (2064)
Locked SearchIndexer.exe (2160)
Locked taskeng.exe (2660)
Locked alg.exe (2704)
Locked unsecapp.exe (2712)
Locked WmiPrvSE.exe (2860)
Locked ehsched.exe (4080)
Locked ehrecvr.exe (1356)
______ C:\Windows\system32\taskeng.exe (3320)
______ C:\Windows\system32\Dwm.exe (3644)
______ C:\Windows\Explorer.EXE (3764)
______ C:\hp\support\hpsysdrv.exe (4012)
______ C:\hp\KBD\kbd.exe (3608)
______ C:\Program Files\PC Hardware Manager\PCHardwareManager.exe (3636)
______ C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (4004)
______ C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (1608)
______ C:\Windows\System32\rundll32.exe (3080)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (3332)
______ C:\Program Files\Analog Devices\Core\smax4pnp.exe (3604)
______ C:\Program Files\AVG\AVG8\avgtray.exe (2964)
______ C:\Windows\vsnp2uvc.exe (3196)
______ C:\Program Files\Java\jre6\bin\jusched.exe (3060)
______ C:\Program Files\Windows Sidebar\sidebar.exe (3040)
______ C:\Windows\ehome\ehtray.exe (2628)
______ C:\Program Files\Windows Media Player\wmpnscfg.exe (3216)
______ C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (2784)
______ C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe (2764)
Locked wmpnetwk.exe (3432)
______ C:\Windows\ehome\ehmsas.exe (3384)
______ c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (3828)
______ C:\Program Files\Internet Explorer\iexplore.exe (4504)
______ C:\Program Files\Internet Explorer\iexplore.exe (4536)
Locked SearchProtocolHost.exe (4744)
Locked SearchFilterHost.exe (5756)
______ C:\Program Files\Internet Explorer\iexplore.exe (4924)
______ C:\Windows\system32\SearchProtocolHost.exe (684)
______ C:\Users\Lew\Desktop\Rooter.exe (5496)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:313195405824)
\Device\Harddisk0\Partition2 (Start_Offset:313195438080 | Length:6874398720)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Ad-Aware Update (Weekly).job
C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Lew.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{E62612CC-0C48-4D70-81AF-E91E7195F1ED}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 11:29.42
.
C:\Rooter$\Rooter_1.txt - (04/10/2009 | 11:29.42)

#6 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 04 October 2009 - 10:26 AM

Next is the DDS file however I cannot attach the Attach.txt file that I was told to upload as an attachment. The file is only a little over 5kb but it stated that the Upload fialed. The file was larger than the available space. It does say that attachment pasce used is 2.17mb of 2mb. But that must have been from an old closed issue. Also btw, the symantec item was already listed as stopped and disabled and how would you like me to handle the gmer and attach.txt files? Ok here is the DDS file: DDS (Ver_09-09-29.01) - NTFSx86 Run by Lew at 11:30:17.68 on Sun 10/04/2009 Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_15 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2047.947 [GMT -4:00] SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\AEADISRV.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Windows\system32\svchost.exe -k bthsvcs c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\alg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\ehome\ehsched.exe C:\Windows\ehome\ehRecvr.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\hp\support\hpsysdrv.exe C:\hp\KBD\kbd.exe C:\Program Files\PC Hardware Manager\PCHardwareManager.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\vsnp2uvc.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\ehome\ehmsas.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Lew\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.ptd.net/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [PC Hardware Manager] c:\program files\pc hardware manager\PCHardwareManager.exe mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [masqform.exe] c:\program files\pureedge\viewer 6.5\masqform.exe -RunOnce mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [snp2uvc] c:\windows\vsnp2uvc.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\microt~1.lnk - c:\program files\microtek\scanwizard 5\ScannerFinder.exe mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll Trusted Zone: army.mil\www.us DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - AppInit_DLLs: avgrsstx.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\lew\appdata\roaming\mozilla\firefox\profiles\32jhnfla.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://www.ptd.net/ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\users\lew\appdata\local\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-25 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-25 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-25 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-25 297752] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1028432] R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656] R3 asusledbt;ASUS Bluetooth LED Device Driver;c:\windows\system32\drivers\asusledbt.sys [2007-2-1 24880] R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2007-11-22 893440] R3 CFXPDisplayName;CFXPDisplayName;c:\windows\system32\drivers\CFACPI.sys [2007-2-1 7680] R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-3-19 391168] S3 ar5524;Atheros AR5007 Wireless LAN device driver;c:\windows\system32\drivers\ar5524.sys [2007-2-1 424448] =============== Created Last 30 ================ 2009-10-04 11:29 <DIR> --d----- C:\Rooter$ 2009-09-27 13:12 4,984 a------- c:\windows\system32\drivers\nvphy.bin ==================== Find3M ==================== 2009-10-01 19:48 12,931 a------- c:\users\lew\appdata\roaming\nvModes.dat 2009-09-27 13:12 143,360 a------- c:\windows\inf\infstrng.dat 2009-09-27 13:12 51,200 a------- c:\windows\inf\infpub.dat 2009-09-27 13:12 86,016 a------- c:\windows\inf\infstor.dat 2009-09-21 07:59 15,688 a------- c:\windows\system32\lsdelete.exe 2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-08-28 08:39 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-08-28 08:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2009-08-28 08:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll 2009-08-28 08:38 541,696 a------- c:\windows\apppatch\AcLayers.dll 2009-08-28 08:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll 2009-08-28 06:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-20 08:53 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-08-20 08:53 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-08-14 13:07 897,608 a------- c:\windows\system32\drivers\tcpip.sys 2009-08-14 12:29 104,960 a------- c:\windows\system32\netiohlp.dll 2009-08-14 12:29 17,920 a------- c:\windows\system32\netevent.dll 2009-08-14 10:16 17,920 a------- c:\windows\system32\ROUTE.EXE 2009-08-14 10:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE 2009-08-14 10:16 11,264 a------- c:\windows\system32\MRINFO.EXE 2009-08-14 10:16 27,136 a------- c:\windows\system32\NETSTAT.EXE 2009-08-14 10:16 19,968 a------- c:\windows\system32\ARP.EXE 2009-08-14 10:16 10,240 a------- c:\windows\system32\finger.exe 2009-08-14 10:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE 2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll 2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll 2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll 2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll 2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe 2009-07-17 10:35 71,680 a------- c:\windows\system32\atl.dll 2009-07-14 09:00 313,344 a------- c:\windows\system32\wmpdxm.dll 2009-07-14 08:59 4,096 a------- c:\windows\system32\dxmasf.dll 2009-07-14 08:58 7,680 a------- c:\windows\system32\spwmp.dll 2009-07-14 06:59 8,147,456 a------- c:\windows\system32\wmploc.DLL 2009-07-11 15:32 513,024 a------- c:\windows\system32\wlansvc.dll 2009-07-11 15:32 302,592 a------- c:\windows\system32\wlansec.dll 2009-07-11 15:32 293,376 a------- c:\windows\system32\wlanmsm.dll 2009-07-11 15:29 127,488 a------- c:\windows\system32\L2SecHC.dll 2008-12-07 07:58 56 a---h--- c:\programdata\ezsidmv.dat 2008-12-07 07:58 56 a---h--- c:\progra~2\ezsidmv.dat 2008-06-11 08:10 665,600 a------- c:\windows\inf\drvindex.dat 2008-03-21 18:33 174 a--sh--- c:\program files\desktop.ini 2008-03-04 18:30 32 a------- c:\programdata\ezsid.dat 2008-03-04 18:30 32 a------- c:\progra~2\ezsid.dat 2008-01-16 17:46 92 a------- c:\users\lew\appdata\roaming\wklnhst.dat 2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 08:10 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-06-10 08:10 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2008-11-21 11:29 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat 2008-11-21 11:29 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat 2008-11-21 11:29 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat 2009-06-10 08:10 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat 2009-06-10 08:10 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat ============= FINISH: 11:31:32.39 ===============

Edited by mickey7, 04 October 2009 - 10:27 AM.

#7 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 04 October 2009 - 10:50 AM

Hello Mickey,

Not looking at anything out of the ordinary on either log.

Here is the removal tool for Norton, you may want to run it , it may not have been run correctly before
http://service1.syma...005033108162039


Run this cleaner, your system may be gummed up.

Please download ATF Cleaner by Atribune to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.


Why don't you post here in our mail forum as this issue does not appear to be malware related
http://forums.whatth...email_f123.html


Ken :)

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#8 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 07 October 2009 - 03:12 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·