124 replies to this topic

[compudodo]

Ok, I"ve just about had it....... LAPTOP got slammed yesterday, message popped up saying i caught 28 viruses and worms from my social networking site. hello? this happen often on facebook? I just joined the darn thing. My malware bytes says no infections. My microsoft security essentials FULL scan say no infections...... plus I had zone alarm enabled at the time....so the microsoft anti virus was on as was Zone Alarm....and this time it seems to be a variation on the old theme. last two times i was infected with this same type of program....it looks like it comes from Microsoft, looks like it is valid from my antivirus program...but of course they want $79.99 to remove the infections. and you can't do a thing because the more you click to close down the screens that keep popping up, the more they pop up. Last two times the machine froze up... You couldn't run a scan from anywhere or download anything. first time I lost everything, had to start all over, second time we got rid of it with OTL or some other such program.... THIS time it is not freezing, this time I could run scans from malware bytes and my virus program....but the difference this time is, when i shut the machine down..... and went away for a few hours, then logged back on.... a notice keeps popping up with the IP address of who is trying to hack me. HUH? but it's the same variation on the old theme that i had the last two times and I'm so sick of it and i even downloaded that latest version of internet explorer when it came out because it said it was SAFER..... should I go back to Avast????? IS MOZILLA safer????????? HUH???? HUH???? I am again typing on my desk top which never seems to get infected, or ,maybe i just am not on it as much as the laptop. My laptop had the bought and paid for version of Avast.... but when I got that huge huge virus attack that totally wiped out my computer, I switched to the microsoft essentials as per recommended here. this desktop only has the free version, but I haven't had a virus on this for two years now. Is this stupid VIRUS that pretends it is from Microsoft, trying to bilk me for $79.99, is it smart enough to know right now all I have is microsoft security essentials...it was recommended by you guys. I'm thinking, third virus in three months, time to go back to AVAST. or switch to MOZilla???? ok..... and you will want me to send you reports from HiJack This ....but is it possible that it is really true that the pop up screens telling me who is hacking me with their IP address, is that for real????? I'm scared... let's not forget I"m an old lady here, and prone to nervous breakdowns and apoplexies now. LOL and sighing for the good old days where I sent hand written letters on gently scented with L'air Du Temps paper and had to wait a week for a reply, but who cared, it was sure better than constantly being hit with this stupid lame brain virus.

[Tomk]

Well hello there Candice.

You do realize that it is perfectly acceptable to just stop by and say hi once and awhile. You don't need to bork your system to hang out with us.

To sort of answer some of your questions... Microsoft security essentials is a good AV program. AVAST is a good AV program. Either of them should serve you well. That being said, none of them are perfect and seeing as how the "script kiddies" that enjoy seeing you have nervous breakdowns and apoplexies are writing new garbage every day and inventing new ways to deliver it to you... no program can block 100% of the garbage out there because they can't create a cure before they get a chance to see the infection.

Just as it can't truly be said that it is actually "safe" to get out of bed in the morning... let alone cross the street - the goal of everyone here is to try to make the internet safer... it will never be safe.

Yes... that warning is trying to bilk you for $79.99. But you're to sharp to pay it.

The good news is, you may not be truly "infected". This may just be a scare tactic to try to get you to pay them.

Can you please provide me with the IP address that is supposedly hacking you and as much detail of the warning as you can?

Also, you are right - my hands are tied a bit without a log to work with. HighJackThis just doesn't play nice with Windows 7 and doesn't give enough information anyway so I'd like a different log please:

Please download DDS by sUBs from one of the following links and save it to your desktop.

• • DDS.scr
  • DDS.pif
• Disable any script blocking protection (How to Disable your Security Programs)
• Double click DDS icon to run the tool (may take up to 3 minutes to run)
• When done, DDS.txt will open.
• After a few moments, attach.txt will open in a second window.
• Save both reports to your desktop.

---------------------------------------------------

• Post the contents of the DDS.txt report in your next reply
• Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.

[compudodo]

HI Sweetie!!!! LOL..... excuse me???? YOU have to stop infecting my computer just to get me to brighten up your day!!!!!! Yeah, but, ......... YEAH.....BUT...... IT'S ALWAYS THE SAME INFECTION!!!!!!!!!!!! and this time it looks legit...the last two times it didn't, this time it really does, it has all the correct microsoft logos on all the pop up boxes and ya know microsoft wouldn't just make up a scare tactic to get you to buy protection...so something is screwy here.....this is the same virus every time. WHAT ARE THE ODDS ON THAT???????? Seriously, it is the same infection every time. that is pretty weird, ya gotta admit. OK..... I turned on my lap top..... (yes, I'm on the desk top now)....and I can't log in..... PUTER IS RUNNING VERY SLOWLY TOO....NOT A GOOD SIGN How come when I click on what the tech in favorites menu, i'm automatically good to go here, on this computer, haven't been on the websit for how long now? maybe a month or two...just had this infection a few weeks ago, PatNDoris helped me. BUT: on my laptop, I have to enter my password and user name.....and now I can't remember the freaking password .....and yeppers, you got it, ....this virus thing has done something to my cursor, that little circle thingy is there now FOREVER....it won't redirect me to the retrieve password. now what? I can't onto What the Tech from the laptop..... see? I write down the passwords, but then I lose the paper they are written on...it happens every time and there is no solution to this with my oldsheimers disease, now probably into Alzheimers and I'm going crazy....i'll be back...try to find that piece of paper.....

[Tomk]

The reason the one computer just logs directly in is because at some point you clicked on "remember me" or something like that when you logged in. The quickest solution I know of is - using the computer that is logged in - click on where it says My controls on the upper right of your page. Then on the lower left of the next page it will say Change my password. Click on it, give yourself a new password that you can then remember. Use the new password to log into the site on your laptop.

[compudodo]

ok, now i got back on to the laptop...got everything straightened out...logged on.... clicked on my thread....and i get another pop up screen that says: YOUR QUERY LOOKS SIMILAR TO AUTOMATED REQUESTS FROM A SPYWARE APPLICATION (cute huh? this virus is pretty smart, you can't go anywhere to fix this, you can't access anything...last time my machine froze up....this time they just block you from everything) THEN IT TELLS ME TO RUN SCAN NOW TO REMOVE VIRUSES....i CAN'T GET TO MY THREAD PAGE TOM!!!!! I've shut it down....i'm going to try to reboot and see if now that I am logged on, maybe it will let me access the thread...seems like the more actions you take, clicking and doing things, it stops working at a certain point.

[compudodo]

OH, that IP address is 101,123.34.123 seems fake to me

[compudodo]

ok...i shut it down.... i got to what the tech... i was logged in... I clicked on malware forums....got to the thread page...clicked on my thread... And yay, it worked.... I got two clicks....and when I replied to you that I was now going to try to run DDS..... and i clicked add reply? no go....wouldn't redirect...so this time hopefully I'll get back on...and just try to download the DDs...but warning: last time DDS did not work on this virus...we had to go a different route....while I"m spending all this time, anyway you can go back a month or so and see what PatnDoris did that fixed this whole thing?

[compudodo]

ok...... it downloaded the dds....got one report, when i copied and pasted it...and hello? hit reply so it would post... no go.... the cursor is endlessly circling again.... i'll try again

[compudodo]

NOPE....i have both the reports...I think...I think i saved them to desktop... who knows? with me you never know if i did it right.... won't let me post.... i hit reply, and it does nothing,

[compudodo]

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by cici at 15:49:06.95 on Tue 04/12/2011
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1858 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\DDNI\DIBS\DDNIService.exe
C:\windows\System32\IgrsSvcs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
C:\Program Files\Lenovo\VeriFace\PManage.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Lenovo\YouCam\YouCamTray.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\cici\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8WUD9Z51\dds.scr
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\cici\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [71374d08-9eee-4727-87fd-ec0b42a5e469] rundll32.exe "c:\programdata\71374d08-9eee-4727-87fd-ec0b42a5e469.dat", zyfzehvv
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IdeaNotesUser] c:\program files\ddni\lenovo idea notes\DDNIMSGUser.exe
mRun: [VeriFaceManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [UCam_Menu] "c:\program files\lenovo\youcam\muitransfer\muistartmenu.exe" "c:\program files\lenovo\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\program files\lenovo\youcam\YouCamTray.exe" /s
mRun: [UpdateP2GShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0"
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [PCFix] c:\program files\pcfix\PCFix.exe
dRunOnce: [WLStart] "c:\program files\windows live\installer\wlstart.exe" /nosearch /nohomepage
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/amun/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://zone.msn.com/bingame/feed/default/SproutLauncher.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-4-20 172032]
R2 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2010-12-30 163680]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2010-4-20 21256]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-4-20 5340160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-4-20 152064]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-4-20 58368]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-4-20 30392]
R3 usbsmi;Lenovo EasyCamera;c:\windows\system32\drivers\SMIksdrv.sys [2010-4-20 171776]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2010-4-20 11792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DDNIMSGService;DDNIMSGService;c:\program files\ddni\lenovo idea notes\DDNIMSGService.exe [2010-12-30 171872]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-20 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Bridge0;Bridge0;c:\windows\system32\drivers\wdbridge.sys [2010-4-20 63240]
S3 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2009-7-15 38152]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\lenovo\readycomm\AppSvc.exe [2010-4-20 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\lenovo\readycomm\ConnSvc.exe [2010-4-20 575304]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-4-20 189984]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-23 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-31 1343400]
S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-21 81704]
.
=============== Created Last 30 ================
.
2011-04-12 19:10:36 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{9beef4fb-a890-410f-b7fe-7094921b3709}\mpengine.dll
2011-04-12 19:05:31 -------- d-----w- c:\users\cici\appdata\roaming\PCFix
2011-04-12 18:38:35 -------- d-----w- c:\program files\PCFix
2011-04-12 18:34:43 -------- d-----w- c:\users\cici\appdata\local\{D11A10B4-573C-4DD7-9FD4-E06EA917072F}
2011-04-11 22:12:11 -------- d-----w- c:\users\cici\appdata\local\{4434FC7A-B76B-49AC-872C-D361097D263B}
2011-04-11 03:39:59 1613573 --sha-w- c:\progra~2\71374d08-9eee-4727-87fd-ec0b42a5e469.dat
2011-04-11 03:39:59 -------- d-----w- c:\program files\Internet Protection
2011-04-11 00:11:26 -------- d-----w- c:\users\cici\appdata\local\{7978BE95-0D33-4A04-A2DD-6673B0B87ED4}
2011-04-09 16:06:18 -------- d-----w- c:\users\cici\appdata\local\{E69B056B-7B3A-4DCD-B8DD-C4947B25E2B2}
2011-04-08 14:15:12 -------- d-----w- c:\users\cici\appdata\local\{3F92FA22-95DB-406D-8BE1-E1AF086A76A8}
2011-04-08 02:14:37 -------- d-----w- c:\users\cici\appdata\local\{1CC52244-640A-45C6-A3B5-9FA7C252A1B4}
2011-04-07 15:18:20 -------- d-----w- c:\users\cici\appdata\local\{4450FBD8-CFE5-4168-BD5C-DA5CF04D9EA7}
2011-04-07 02:33:47 -------- d-----w- c:\users\cici\appdata\local\{5E93B8F3-56FE-453D-A49C-BDA5AA22A4EF}
2011-04-06 14:33:22 -------- d-----w- c:\users\cici\appdata\local\{35A57AD2-912F-4A60-AE2F-CB79B84F0186}
2011-04-05 22:11:29 -------- d-----w- c:\users\cici\appdata\local\{5C97E5D3-E8A0-410F-9D07-A7EE6AB3F2E6}
2011-04-05 15:38:45 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{7d074fae-f067-4066-88c0-4d7d07a15e65}\gapaengine.dll
2011-04-04 11:40:49 -------- d-----w- c:\users\cici\appdata\local\{5C51381B-2337-4592-B773-DD7724C90923}
2011-04-03 10:37:44 -------- d-----w- c:\users\cici\appdata\local\{600E3012-AEC5-4966-BFEF-627F662CC2A6}
2011-04-02 13:09:26 -------- d-----w- c:\users\cici\appdata\local\{CF4552CD-69B7-47F0-A805-90010A4481CC}
2011-04-02 01:08:46 -------- d-----w- c:\users\cici\appdata\local\{BA9D007D-B348-4FB9-AC9D-69903FFC5727}
2011-04-01 05:56:07 -------- d-----w- c:\users\cici\appdata\local\{D1B6E34A-3CC8-42DA-8755-BFDEE919BD3F}
2011-03-31 17:29:06 -------- d-----w- c:\users\cici\appdata\local\{68373B5F-97E7-49A5-93B3-E73F303B573E}
2011-03-31 08:26:50 -------- d-----w- c:\users\cici\appdata\local\{F618D4B9-7193-4737-9FEA-4439D55B064E}
2011-03-28 12:09:12 -------- d-----w- c:\users\cici\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-03-26 01:31:22 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-03-23 08:21:01 -------- d-----w- c:\windows\system32\SPReview
2011-03-23 08:12:59 520064 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2011-03-23 08:11:59 380416 ----a-w- c:\windows\system32\sxs.dll
2011-03-23 08:10:59 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2011-03-23 08:09:59 94208 ----a-w- c:\program files\common files\system\msadc\msadcf.dll
2011-03-23 08:08:54 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-03-23 08:08:54 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-03-23 08:08:54 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-23 08:08:54 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-23 08:08:37 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-03-23 08:08:26 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-23 08:08:26 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-03-23 08:07:45 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-03-23 08:07:44 257024 ----a-w- c:\windows\system32\dpx.dll
2011-03-23 07:37:06 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-03-23 07:37:06 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-23 07:33:37 -------- d-----w- c:\users\cici\appdata\local\ElevatedDiagnostics
2011-03-23 07:29:05 -------- d-----w- c:\windows\system32\EventProviders
2011-03-19 04:42:56 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-03-19 04:42:40 461400 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2011-03-19 04:42:40 -------- d-----w- c:\windows\system32\ZoneLabs
2011-03-19 04:42:37 -------- d-----w- c:\program files\Zone Labs
2011-03-19 04:39:08 -------- d-----w- c:\progra~2\CheckPoint
2011-03-19 04:39:07 -------- d-----w- c:\windows\Internet Logs
2011-03-14 21:57:16 -------- d-----w- c:\program files\ESET
2011-03-14 04:11:31 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-03-14 04:08:23 -------- d-----w- c:\progra~2\gPiMkPc16633
.
==================== Find3M ====================
.
2011-03-23 08:45:42 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-19 06:30:54 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30:51 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-03 01:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 15:50:37.19 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/29/2010 1:53:34 PM
System Uptime: 4/12/2011 3:47:00 PM (0 hours ago)
.
Motherboard: LENOVO | | Bali
Processor: AMD Athlon™ II Dual-Core M320 | Socket S1G3 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 105 GiB total, 77.704 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 5.332 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP109: 3/30/2011 3:00:12 AM - Windows Update
RP110: 4/2/2011 6:38:56 PM - Windows Backup
RP111: 4/2/2011 9:38:58 PM - Windows Backup
RP112: 4/2/2011 10:08:25 PM - Windows Backup
RP113: 4/3/2011 6:46:01 AM - Windows Update
RP114: 4/3/2011 7:00:17 PM - Windows Backup
RP115: 4/6/2011 12:28:05 PM - Windows Update
RP116: 4/10/2011 11:37:41 AM - Windows Update
RP117: 4/10/2011 7:00:12 PM - Windows Backup
.
==== Installed Programs ======================
.
2007 Microsoft Office system
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 9.0.1
Adobe Shockwave Player 11.5
ALPS Touch Pad Driver
AMD USB Filter Driver
Astra Jigsaw Art Edition version 1.21
Astra Jigsaw Art II version 1.21
Astra Jigsaw Europe Tour version 1.21
Astra Jigsaw France and UK version 1.21
Astra Jigsaw Italy and Spain version 1.21
Astra Jigsaw Japan version 1.21
Astra Jigsaw Landmarks Edition version 1.21
Astra Jigsaw My Favorite Things version 1.21
Astra Jigsaw Tropical Edition version 1.21
Astra Jigsaw USA Edition version 1.21
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
Big Fish Games: Game Manager
BigJig version 8.15
BigPatience version 5.01
Bricks of Atlantis
Bricks of Egypt 2
Broadcom 802.11 Wireless Driver
Business Contact Manager for Outlook 2007 SP2
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Conexant HD Audio
CyberLink YouCam
D3DX10
Desktop Taipei version 2.2
DIBS
Energy Management
ESET Online Scanner v3
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Java Auto Updater
Java™ 6 Update 24
Junk Mail filter update
Lenovo DirectShare
Lenovo EasyCamera
Lenovo First Boot
Lenovo Idea Central
Lenovo Idea Notes
Lenovo OneKey Recovery
Lenovo ReadyComm 5
Lenovo ReadyComm 5.0 Service
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
PCFix
Power2Go
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SpywareBlaster 4.4
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2508979)
VeriFace
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZoneAlarm
.
==== Event Viewer Messages From Past Week ========
.
4/8/2011 9:56:16 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/8/2011 1:34:24 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/7/2011 9:25:36 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/7/2011 11:18:04 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/12/2011 3:50:36 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
4/12/2011 2:43:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1200.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/12/2011 2:43:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1200.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/10/2011 8:56:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/10/2011 8:04:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/10/2011 10:05:10 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================

[compudodo]

FINALLY OH MY GOD...TOOK WHAT? 10 TRYS??? BACK ON DESKTOP....YOU GOT BOTH REPORTS....YAY FOR ME!!!! I DOWNLOADED THEM CORRECTLY TO MY DESKTOP.... I NEVER KNOW IF I'M DOING THINGS RIGHT!!!

[Tomk]

Candice,

You did perfect.

Now let's see if I can dismantle that thing.

Please download the OTM by OldTimer.

• Save it to your desktop.
• Please double-click OTM.exe to run it.
  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  
  :Services
  
  :Reg
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "71374d08-9eee-4727-87fd-ec0b42a5e469"=-
  :Files
  c:\programdata\71374d08-9eee-4727-87fd-ec0b42a5e469.dat
  c:\program files\Internet Protection
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

[compudodo]

I do have vista and i clicked on run as administrator...but nothing is happening..i tried twice

[compudodo]

i just tried again....i comes up as a blank box..... three buttons to click on on top... moveit.... cleanup and exit screen is split in half... one side says paste instructions other side says results... the cursor is sitting, blinking in the results box

[Tomk]

Copy/paste the information in the code box above into the window that says paste instructions and then click on Move it! button.