Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93116 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Viruses, Windows Crashing, HDD problems

Started by jeff matthews , Jun 29 2010 08:50 PM

  • This topic is locked This topic is locked
13 replies to this topic

#1 jeff matthews

jeff matthews

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 783 posts

Posted 29 June 2010 - 08:50 PM

I can't believe once again im having trouble with this computer. I am getting sick and tired of this. I think im going to try windows 7 and forget all about windows XP. It has caused nothing but disaster to my computer in numerous ways. I will start with saying that so far my computer is running extremely slow. Internet pages are not loading correctly. I told some one else to test a certain website and it loads perfectly for them, but not for me. My drivers are just malfunctioning all the time. In my device manager i see one of the devices that have a "yellow" exclamation mark next to it that says its an unknown device. I am not sure what that is. I also think my entire windows XP operating system is corrupted some how. When i reboot my computer, some times it won't even boot to windows.

Its getting worse and worse as time goes on to. Another problem, i have no idea if this relates to my computer problems but some how i think some one hack either hijacked or hacked my msn account. I received a message from msn when i tried to reset my password "that i logged into many times and there for was locked out of the "windows live ID" service. I used a different account and i can log in perfectly. I also tried using my same account for windows live ID on windows messenger and i could log in. I just can't log in with that account on my windows live id. Another thing i noticed was that when i was logged in windows messenger, i would notice that i would periodictically get disconnected and it says "you have been disconnected because of a network problem".
In windows live ID every time i try to login, it just brings up an error code and says that i am unable to login, like my password and user id are incorrect.

Perhaps one of the biggest disasters was that my external hd suddenly got this error which caused around 1tb of data to be deleted. I am not exactly sure if its permanently deleted, i hope to all hell that i can recover it. The one thing i can say is the hard drive still says its full. It says space left 68.7 gb. It also shows all the folders in which all the files were supposed to be. But there is no files in any of the folders. When i saw that i just flipped out. Some of that data is so extremely important i can't afford to loose it all. I do have a error displayed like every hr or so that appears on the bottom right of my screen and i will take a screen cap of that and show you. It pertains to my external hard drive i think because it says Volume I. The I drive is my external hard drive so im sure that has to do with something.

One good thing that you did help me with before, was i found the solution to my BSOD crashes and that was a previous topic discussion that i had. Apparently windows xp can only read 2 gb of ram and when i installed 8 gb of ram into my account. 2 cards were 2gb, and then one card was 4gb. I think my computer recognized it as unmatched memory and that caused my memory problems. As soon i took out the 4gb ram card, i so far have not had a BSOD crash yet, so thats good.

I plan on upgrading to windows 7 very soon, cause im tired of all these problems. Hopefully that OS is a much more stable system. But anyways i ask once again for your technically assistance in solving these problems and finding out what is causing all these issues. I need to have a working operating system so i can begin backing up all this data so i can install windows 7. But as it is now, im having so many issues im not even able to back up the data.


Im going to post the link for the error code pic below, take a look at it.

http://img33.imagesh...writefailed.jpg

    Advertisements

Register to Remove

#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 01 July 2010 - 05:07 AM

:welcome:

Hello Jeff, sorry your having so many problems. This forum is for the removal of malware only, I would like you to run this scan and if no malware is detected than I can link you to our windows forum that can help you.

Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.com
  • DDS.scr
  • DDS.pif
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control Here

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 jeff matthews

jeff matthews

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 783 posts

Posted 01 July 2010 - 12:44 PM

Ok thanks, ill post my log file for both the attach form and the DDS script here. Let me know if you find any malware.





DDS (Ver_10-03-17.01) - NTFSx86
Run by Jeff Matthews at 11:43:12.96 on Thu 07/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1242 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Documents and Settings\Jeff Matthews\Local Settings\Apps\2.0\B9GB7AQO.9E6\6643M34N.XJK\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jeff Matthews\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
uRun: [Mal Updater 2] c:\program files\mal updater 2\MalUpdater.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [PlayNC Launcher]
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\documents and settings\jeff matthews\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &AOL Toolbar Search
IE: &D&ownload &with BitComet
IE: &D&ownload all video with BitComet
IE: &D&ownload all with BitComet
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F}
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243547212812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 78.46.17.80 l2authd.lineage2.com
Hosts: 78.46.17.80 l2patcher.lineage2.com
Hosts: 78.46.17.80 nprotect.lineage2.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jeffma~1\applic~1\mozilla\firefox\profiles\t00b4ems.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\jeff matthews\application data\mozilla\firefox\profiles\t00b4ems.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-5-30 20968]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-6-26 54760]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2010-1-11 25832]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-11-26 95568]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-7-25 85504]

=============== Created Last 30 ================

2010-07-01 03:29:27 0 d-----w- c:\windows\vbSkinner
2010-07-01 03:28:37 0 d-----w- c:\windows\Movie Joiner
2010-07-01 03:28:37 0 d-----w- c:\program files\Movie Joiner
2010-06-30 21:12:45 0 d-----w- c:\program files\Active Data Recovery Software
2010-06-30 02:25:28 0 d-----w- c:\windows\system32\NtmsData
2010-06-26 10:45:00 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-06-23 01:46:02 0 d-----w- c:\program files\McAfee Security Scan
2010-06-17 22:18:54 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-06-17 22:18:44 0 d-----w- c:\program files\NVIDIA Corporation
2010-06-17 22:15:18 6300544 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2010-06-17 22:15:18 6300544 ----a-w- c:\windows\system32\nv4_disp.dll
2010-06-17 21:50:28 0 d-----w- c:\program files\Phyxion.net
2010-06-15 18:56:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero
2010-06-15 18:55:19 0 d-----w- c:\program files\Nero
2010-06-15 18:48:38 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-06-15 18:48:34 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-06-15 17:43:43 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2010-06-15 17:43:43 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2010-06-15 17:43:35 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-06-15 17:43:35 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-06-09 02:15:33 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 00:34:52 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-06-08 00:34:42 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-06-08 00:34:42 13902440 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-08 00:34:42 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-08 00:34:40 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2010-06-08 00:34:40 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-06-07 02:14:23 0 d-sh--w- c:\docume~1\jeffma~1\applic~1\.#
2010-06-06 18:29:14 0 d-----w- c:\program files\common files\Symantec Shared
2010-06-06 11:07:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-06-06 11:07:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-06-06 11:07:07 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-06-05 02:11:35 63060360 ----a-w- c:\program files\Allods-EU_English.exe
2010-06-05 02:11:06 0 d-----w- c:\program files\Neffy

==================== Find3M ====================

2010-06-17 22:18:51 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-06-17 22:18:49 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-06-12 21:50:17 5002 ----a-w- c:\documents and settings\jeff matthews\FilterData.dat
2010-06-07 23:57:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-07 23:57:00 4554752 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57:00 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcodins.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57:00 2186342 ----a-w- c:\windows\system32\nvdata.bin
2010-06-07 23:57:00 2165352 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-07 23:57:00 15192064 ----a-w- c:\windows\system32\nvoglnt.dll
2010-06-07 23:57:00 1359872 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57:00 10531200 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-06-07 23:57:00 10256384 ----a-w- c:\windows\system32\nvcompiler.dll
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 18:58:00 18824 -c--a-w- c:\docume~1\jeffma~1\applic~1\GDIPFONTCACHEV1.DAT
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 07:04:40 306032 ----a-w- c:\windows\WLXPGSS.SCR
2010-04-17 05:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-13 00:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-04 19:51:41 23113 ----a-w- c:\windows\hpqins15.dat
2010-04-03 19:58:11 206822 ----a-w- c:\windows\hpoins35.dat
2009-11-14 11:52:13 56 --sh--r- c:\windows\system32\BE6684D741.sys
2009-11-14 11:52:13 952 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 11:43:39.25 ===============

Attached Files


Edited by jeff matthews, 01 July 2010 - 12:47 PM.

#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 01 July 2010 - 04:33 PM

Hi,

First off your hostfile is directing you to SLOVENIA, are you aware of this ?

Hosts: 78.46.17.80 l2authd.lineage2.com
Hosts: 78.46.17.80 l2patcher.lineage2.com
Hosts: 78.46.17.80 nprotect.lineage2.com

lineage2thegame.com (78.46.17.80)

78.46.17.80 - 78.46.17.80
Lineage2TheGame

Dean Crnigoj
Lineage2TheGame
Gradisce Pri Vipavi 51a
5271 Vipava
SLOVENIA
+38640353314
dean.crnigoj@gmail.com




c:\program files\bitcomet <--Your downloading that file from an unknown source and not all but most contain malware, its like playing Russian Roulette malwarewise. You should uninstall this program and stay away from any file sharing sites, the bad guys are aware of this and this is one of there latest ways of infecting your computer

c:\program files\mal updater 2 <-- this falls somewhere in the gray area, your call to remove it or not



Please download ATF Cleaner by Atribune to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.





Please download Malwarebytes from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#5 jeff matthews

jeff matthews

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 783 posts

Posted 02 July 2010 - 12:02 AM

Ok, um i don't have Bitcomet on my computer, nore do i have MAL updater 2. I haven't used those programs in quite some time. I just checked in my program files in the control panel and there not there. I also looked in the C drive for MALupdater and i couldn't find it. How do i change my host file, i know what file that is. Its actually a video game i used to play, but i don't any more so i don't need anything that is lineage2 on my computer. Well no files were found to be infected with that program so i guess im clean. I think my problem is more pertaining to root kit files in windows that may be corrupted. Cause my OS is obviously unstable. My external hard drive is having the same issues. I tried to use a "Partition Recovery" software to repair the MFT files and it started working again. But shortly after i downloaded another file to that drive, it started failing again and with out the MFT, window's won't recognize the hard drive, so im not sure how to fix the drive so it doesn't have any problems. Anyways ill post the maleware log. Malwarebytes' Anti-Malware 1.44 Database version: 3545 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/1/2010 11:12:18 PM mbam-log-2010-07-01 (23-12-18).txt Scan type: Quick Scan Objects scanned: 110623 Time elapsed: 4 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Edited by jeff matthews, 02 July 2010 - 12:16 AM.

#6 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 02 July 2010 - 03:50 AM

If that linage game is in the Add Remove Programs than I would uninstall it

This will set your hosts file back to Microsoft default


Download the HostsXpert 4.3 - Hosts File Manager.
  • Unzip HostsXpert 4.2.0.0 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper left corner.
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.



Post a new DDS log

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#7 jeff matthews

jeff matthews

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 783 posts

Posted 04 July 2010 - 12:51 PM

I didn't find the lineage client in my programs apps for some reason. Here is my dds log again.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Jeff Matthews at 11:44:10.08 on Sun 07/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1272 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Documents and Settings\Jeff Matthews\Local Settings\Apps\2.0\B9GB7AQO.9E6\6643M34N.XJK\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\NCSoft\Launcher\NCLauncher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jeff Matthews\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
uRun: [Mal Updater 2] c:\program files\mal updater 2\MalUpdater.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [PlayNC Launcher]
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\documents and settings\jeff matthews\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &AOL Toolbar Search
IE: &D&ownload &with BitComet
IE: &D&ownload all video with BitComet
IE: &D&ownload all with BitComet
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F}
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243547212812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jeffma~1\applic~1\mozilla\firefox\profiles\t00b4ems.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\jeff matthews\application data\mozilla\firefox\profiles\t00b4ems.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-6-26 54760]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-5-30 20968]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2010-1-11 25832]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-11-26 95568]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-7-25 85504]

=============== Created Last 30 ================

2010-07-02 08:49:20 1908 ----a-w- c:\windows\diagwrn.xml
2010-07-02 08:49:20 1908 ----a-w- c:\windows\diagerr.xml
2010-07-01 03:29:27 0 d-----w- c:\windows\vbSkinner
2010-07-01 03:28:37 0 d-----w- c:\windows\Movie Joiner
2010-07-01 03:28:37 0 d-----w- c:\program files\Movie Joiner
2010-06-30 21:12:45 0 d-----w- c:\program files\Active Data Recovery Software
2010-06-30 02:25:28 0 d-----w- c:\windows\system32\NtmsData
2010-06-26 10:45:00 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-06-23 01:46:02 0 d-----w- c:\program files\McAfee Security Scan
2010-06-17 22:18:54 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-06-17 22:18:44 0 d-----w- c:\program files\NVIDIA Corporation
2010-06-17 22:15:18 6300544 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2010-06-17 22:15:18 6300544 ----a-w- c:\windows\system32\nv4_disp.dll
2010-06-17 21:50:28 0 d-----w- c:\program files\Phyxion.net
2010-06-15 18:56:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero
2010-06-15 18:55:19 0 d-----w- c:\program files\Nero
2010-06-15 18:48:38 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-06-15 18:48:34 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-06-15 17:43:43 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2010-06-15 17:43:43 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2010-06-15 17:43:35 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-06-15 17:43:35 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-06-09 02:15:33 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 00:34:52 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-06-08 00:34:42 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-06-08 00:34:42 13902440 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-08 00:34:42 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-08 00:34:40 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2010-06-08 00:34:40 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-06-07 02:14:23 0 d-sh--w- c:\docume~1\jeffma~1\applic~1\.#
2010-06-06 18:29:14 0 d-----w- c:\program files\common files\Symantec Shared
2010-06-06 11:07:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-06-06 11:07:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-06-06 11:07:07 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-06-05 02:11:35 63060360 ----a-w- c:\program files\Allods-EU_English.exe
2010-06-05 02:11:06 0 d-----w- c:\program files\Neffy

==================== Find3M ====================

2010-06-17 22:18:51 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-06-17 22:18:49 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-06-12 21:50:17 5002 ------w- c:\documents and settings\jeff matthews\FilterData.dat
2010-06-07 23:57:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-07 23:57:00 4554752 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57:00 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcodins.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57:00 2186342 ----a-w- c:\windows\system32\nvdata.bin
2010-06-07 23:57:00 2165352 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-07 23:57:00 15192064 ----a-w- c:\windows\system32\nvoglnt.dll
2010-06-07 23:57:00 1359872 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57:00 10531200 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-06-07 23:57:00 10256384 ----a-w- c:\windows\system32\nvcompiler.dll
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 18:58:00 18824 -c--a-w- c:\docume~1\jeffma~1\applic~1\GDIPFONTCACHEV1.DAT
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 07:04:40 306032 ----a-w- c:\windows\WLXPGSS.SCR
2010-04-17 05:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-13 00:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2009-11-14 11:52:13 56 --sh--r- c:\windows\system32\BE6684D741.sys
2009-11-14 11:52:13 952 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 11:44:37.03 ===============

Oh btw. when your finished with this, can you direct me to the appropriate area for upgrading windows. I will need some help with that. I plan on upgrading to windows 7 but i do not want to loose all my saved passwords and stuff like that. I already backed up all the physical data, but i want to keep my internet favorites and my passwords ID information. I also need some help in installing all my up to date drivers for windows 7. Is there a program that i can use that detects what missing drivers I will need. I've always had trouble with this every time i repartition a drive, it never runs right because my drivers are always outdated. I think thats one of the major causes to why my computer never runs great because after a reformat, i continue to run the OS not fully up to date or with the drivers outdated. I think i also never repartition the drive right, it just duplicate it some how so im running two OS's at once but i want to completely delete the infected partition and start fresh with a new partition for windows 7. At the same time though i want to restore my password/ID information so that this computer will recognize all that. If its all gone i will run into alot of trouble because all my banking information, game accounts and other business companies i won't be able to access cause i never backed up all those passwords and id's.

Attached Files


#8 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 04 July 2010 - 01:11 PM

Hi,

You can uninstall both these programs from your Add Remove Programs
µTorrent
MarketResearch

As far as upgrading to win 7, that depends on the age of your computer, if its fairly old there wont be drivers to run most of your programs and hardware and that could be a serious problem. You can run this quick scan that will tell you if your computer will be compatible with win 7
http://www.microsoft...;displaylang=en


You didn't follow the instructions for running Malwarebytes, you need to check for updates and then run a quick scan, your using an outdated version .

Open it, check for updates, install them and then run the quick scan please and post the log

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#9 jeff matthews

jeff matthews

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 783 posts

Posted 04 July 2010 - 02:50 PM

I couldn't find Market Research in the "add and remove programs" wizard. I just checked. I would like to add that i get an error every now and then when i open up files that says "data execution prevention" and all the programs close on me. Thats obviously something pertaining to either my OS or my HDD's i have had the problem off and on for a while though and not sure what is causing it. I ran the scan for windows 7 and there are a few compatibility problems, but most of them are programs so i think this can be easily fixed but ill let you take a look at the log. I don' t think it found any system problems and those are the most crucial. I also have 2 sticks of 2gb ram that i just bought, but haven't installed yet. So memory won't be an issue once i install those 4 gigs of ram. If you happen to know the steps to take to upgrade to windows 7, let me know what i need to fix and install, and what drivers i need to update and so forth. I even have a laptop i can use so you can walk me through the steps and i can still stay in contact with you on my other computer. C:\Documents and Settings\Jeff Matthews\Desktop\Windows advisor log.mht Here is my new Malewale bytes log. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/4/2010 2:04:04 PM mbam-log-2010-07-04 (14-04-04).txt Scan type: Quick scan Objects scanned: 118793 Time elapsed: 5 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Edited by jeff matthews, 04 July 2010 - 03:15 PM.

#10 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 04 July 2010 - 07:19 PM

Looks good, how are things running now ?

As far as your win 7 upgrade, you can post in our windows forum for help, we just do malware removal on this one. Wait until we are finished on this forum and then post here, we have a great windows team that can advise and guide you

http://forums.whatth...p?showforum=119

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#11 jeff matthews

jeff matthews

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 783 posts

Posted 04 July 2010 - 08:29 PM

Hey thanks i appreciate it. I will be sure to let them know. is it a forum where a VPM team talks to you one on one, or is it just a forum where several people discuss your issue. Cause i prefer this type of discussion. Its more easy to follow and there is no interference from other people on the forum. I am not sure they are viruses, like i said before i think there more pertaining to either HDD failures or OS curropted files. I will tell you the errors that i still do get. One of them is "data Prevention error" like i said before. Another error is it brings up scrambled text code when ever i open a folder and all the programs and folders are non responsive so then i am forced to close all my programs. The task bar also disappears for a brief second. I am really not sure what is causing this. Also i have another error that caused my external hard drive to malfunction. At the bottom left of the screen it will say $MFT file was corrupted and then windows isn't able to access my hard drive. So i used a data partition recovery software to recover the mft root files in the external HD and then it starts working. But right when i start using the hard drive some more, the same error pops up. For a min it scared the hell out of me cause i thought i lost 1 tb of data.

#12 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 05 July 2010 - 05:03 AM

Looks like you have some hardware and software issues, I will let the windows team sort it out for you. Its a forum just like this one and one of the windows team will reply to your post,






Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .



Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
  • Spybot Search and Destroy 1.6
    Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  • Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  • Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  • IE-Spyad
    IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.


Safe Surfn
Ken

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#13 jeff matthews

jeff matthews

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 783 posts

Posted 05 July 2010 - 02:10 PM

Ok thank you ken very much for your expert advice. I already created a topic for the windows team and hopefully they will be able to find out all my issues and get my computer up and running securely with windows 7.

This is the topic http://forums.whatth...howtopic=113008

That should give them enough information that they can work at it, hopefully Thanks again!

#14 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 05 July 2010 - 03:05 PM

Your welcome Jeff, Your in good hands with Doug Ken

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·