80 replies to this topic

[IndiGenus]

First, I can't remember if I asked you to uninstall the YouTube Downloader Toolbar or not. But if not then go into Add or Remove Programs in Control Panel and uninstall. I'll also have OTL delete the folder below just in case.

Run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Files
  C:\ntuser_mssec.exe 
  C:\Documents and Settings\Administrator\Application Data\Agyvak
  C:\Documents and Settings\Default User\Start Menu\Programs\Startup\afraf.exe 
  C:\Documents and Settings\gareth.NX8220\Start Menu\Programs\Startup\riunmi.exe 
  C:\Documents and Settings\Guest\Start Menu\Programs\Startup\byvea.exe 
  C:\Program Files\YouTube Downloader Toolbar
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the resulting OTL log

[bar457]

report attached: All processes killed ========== FILES ========== C:\ntuser_mssec.exe moved successfully. C:\Documents and Settings\Administrator\Application Data\Agyvak folder moved successfully. C:\Documents and Settings\Default User\Start Menu\Programs\Startup\afraf.exe moved successfully. C:\Documents and Settings\gareth.NX8220\Start Menu\Programs\Startup\riunmi.exe moved successfully. C:\Documents and Settings\Guest\Start Menu\Programs\Startup\byvea.exe moved successfully. File\Folder C:\Program Files\YouTube Downloader Toolbar not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 1007610 bytes ->Temporary Internet Files folder emptied: 9383431 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Administrator.WFDOM ->Flash cache emptied: 0 bytes User: All Users ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: GARETH ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: gareth.NX8220 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 505 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 10.00 mb OTL by OldTimer - Version 3.2.7.1 log created on 07172010_124330 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_3f8.dat not found! Registry entries deleted on Reboot...

[IndiGenus]

Okay please run DDS again and post the log.

Also, Seagate has a tool you can download to run some diagnostics on the drive.

http://www.seagate.c...nloads/seatools

[bar457]

I will do the Seagate diagnostics, thanks. log as follows: DDS (Ver_09-06-26.01) - NTFSx86 Run by Administrator at 13:00:24.09 on 18/07/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.287 [GMT 1:00] ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\POP Peeper\POPPeeper.exe C:\WINDOWS\system32\ctfmon.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Documents and Settings\Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyServer = sbserver:8080 uInternet Settings,ProxyOverride = local.;*.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: : {206e52e0-d52e-11d4-ad54-0000e86c26f6} - c:\progra~1\freshd~1\freshd~1\FDCatch.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: FreshDownload Bar: {ed0e8ca5-42fb-4b18-997b-769e0408e79d} - c:\progra~1\freshd~1\freshd~1\fdiebar.dll TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [PopUpStopperFreeEdition] "c:\progra~1\panicw~1\pop-up~1\PSFree.exe" uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {DDDD6D68-CF2E-4E7A-A8DF-43DF07C586F0} - c:\program files\freshdevices\freshdownload\fd.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox 3 beta 4\greprefs\all.js - pref("security.fileuri.origin_policy", 2); c:\program files\mozilla firefox 3 beta 4\defaults\pref\firefox.js - pref("browser.places.importBookmarksHTML", true); c:\program files\mozilla firefox 3 beta 4\defaults\pref\firefox.js - pref("browser.places.createdSmartBookmarks", false); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-15 64288] R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2009-11-17 4064] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384] =============== Created Last 30 ================ 2010-07-16 12:31 <DIR> --d----- c:\program files\ESET 2010-07-13 23:24 256,512 a------- c:\windows\PEV.exe 2010-07-13 23:24 161,792 a------- c:\windows\SWREG.exe 2010-07-13 23:24 98,816 a------- c:\windows\sed.exe 2010-07-13 23:24 77,312 a------- c:\windows\MBR.exe 2010-07-13 23:23 <DIR> --ds---- C:\ComboFix 2010-07-13 15:57 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes 2010-07-13 15:56 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-13 15:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-07-13 15:56 20,952 a------- c:\windows\system32\drivers\mbam.sys 2010-07-13 15:56 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2010-07-08 13:58 293,376 a------- C:\i6pndm98.exe 2010-07-08 13:56 <DIR> --d----- C:\New Folder 2010-07-06 18:27 <DIR> --d----- c:\docume~1\admini~1\applic~1\PeaZip 2010-07-06 18:25 <DIR> --d----- c:\program files\PeaZip 2010-07-05 17:07 <DIR> --d----- C:\_OTL 2010-07-02 20:39 <DIR> --d----- C:\ComboFix Logs 2010-07-01 15:20 <DIR> a-dshr-- C:\cmdcons ==================== Find3M ==================== 2010-06-15 16:43 15,880 a------- c:\windows\system32\lsdelete.exe 2010-06-15 16:42 64,288 a------- c:\windows\system32\drivers\Lbd.sys 2010-05-05 14:30 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe 2010-05-02 06:22 1,851,264 a------- c:\windows\system32\win32k.sys 2010-05-02 06:22 1,851,264 -------- c:\windows\system32\dllcache\win32k.sys 2010-04-20 06:30 285,696 a------- c:\windows\system32\atmfd.dll 2010-04-20 06:30 285,696 -------- c:\windows\system32\dllcache\atmfd.dll ============= FINISH: 13:02:28.98 ===============

[bar457]

I have done the Seagate diagnostics tests and it passed all as ok, so looks like the hard drive is alright which is good to know. Computer seems to be running fine with good speed now. The only problems I have are:- the difficulty getting out of screen saver as reported before if left idle for say 5 minutes, strange thing is after leaving it all night it seems to come straight out to desktop. And within Outlook, after first opening, if I delete a message, it just hangs for 3-4 minutes and does this several times before righting itself. I guess I need to get help from another section of What the Tech for these items. bar457

[bar457]

Hi IndiGenus I hope you have got my last couple of replies, they show up when I view myself so I guess they have posted ok best regards bar457

[IndiGenus]

I apologize for the delay and don't think I received an email notification on your last post, so thanks for the "poke".

We should clean up first before you tackle your other issues.

Uninstall Combofix

• Click START then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

The above procedure will:

• Delete the following: ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Reset System Restore.

Uninstall OTL and related files/folders

• Make sure you have an Internet Connection.
• Double-click OTL.exe to run it.
• Click on the CleanUp! button
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTL to reach the Internet, please allow the application to do so.
• Click Yes to begin the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

[bar457]

ok have run the uninstalls.

here is security log:


Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
avast! Free Antivirus
ESET Online Scanner v3
McAfee Personal Firewall Plus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
Eusing Free Registry Cleaner
Java™ 6 Update 18
Out of date Java installed!
Adobe Reader 9.3.2
Mozilla Firefox (3.0b4.) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

[IndiGenus]

Windows Security Center service is not running! This report may not be accurate!

Did you knowingly disable this? If not,

Please go Start-->Control Panel-->Administrative Tools-->Services.
Scroll down the list until you find Security Center, and make sure the start up type is Automatic (delayed)
If it is not started, then please start it.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says "Java Runtime Environment (JRE) 6u21 allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.

You should also update Firefox. You can do that from right in the program. Click on Help on the menu and select Check for updates.

[bar457]

I think I did disable this some time ago when I added Avast , etc as I understood it might clash with it. I have gone in and tried to restart it several times, but it 'starts & stops' according to a pop-up message, but it is set to automatic, just will not start. Clicking the Java link and going to site , I cannot find the entries you state for: "Java Runtime Environment (JRE) 6u21 allows end-users to run Java applications". or "Windows Offline Installation" or "jre-6u21-windows-i586-p.exe" but see only other entries which do not seem to link to this chain. has the site changed? I do not use Firefox , so had not updated it, but will perhaps do so anyway.

[IndiGenus]

Yes they change the layout of the site all the time. Try this link.

https://cds.sun.com/...S-CDS_Developer

[bar457]

That leads me to the x64 version and not the x586, is that right?

[bar457]

Ah ok, I have chosen another option which leads to x586 so will download it now.

[bar457]

ok, job done, new updated Java installed. Still cannot get Security Centre to switch on and stay on.

[IndiGenus]

That leads me to the x64 version and not the x586, is that right?

Sorry about that. Glad you got it sorted.

Let me look into the Security Center service issue and I'll get back to you in a bit.