Jump to content


Photo

Please review HijackThis files; Problems arise after following steps described in 'http://support.microsoft.com/kb/941729/'


  • This topic is locked This topic is locked
9 replies to this topic

#1 Tristan_W

Tristan_W

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 26 November 2009 - 03:55 AM

My computer has presented me with some mysterious problems recently:

1. This all started with having had a reoccuring prompt to install a security update for Microsoft XML Core Services 4.0 Service Pack 2 (KB 954430) (even after I "successfully" installed it several times).

2. This issue appeared to be addressed by http://support.micro...com/kb/941729/; however, problems arose in following the steps described in the aforementioned article, which were as follows:

To resolve this problem, follow these steps:
(1). Click Start, click Run, type cmd, and then press ENTER.
(2). At the command prompt, type ren %windir%\System32\msxml4.dll msxml4.old, and then press ENTER.
Note After you press ENTER, you may receive the following error message.
Cannot find the file specified.
Ignore this message, and go to step 3.
(3). At the command prompt, type exit, and then press ENTER.
(4). Visit the following Microsoft Web site:
http://www.update.microsoft.com (http://www.update.microsoft.com)
Download and then install the latest MSXML security update.



3. After successfully completing steps 1 - 3 in the above article, I went to the Windows Update web site (per step 4) in order to install KB 954430; however, it was not shown in the list of needed/available updates.

4. I restarted my computer. When I logged into Windows XP Professional using my username (with administrator priviledges), I noted that Windows firewall temporarily turned itself off, but then turned itself on after a couple of minutes. Hmmm...weird...never seen that before. Concurrently, Windows Installer started automatically, with the message: "Please wait while Windows configures VIPRE Antivirus + Antispyware." Hmmm, that's weird...I'm not sure how my antivirus program would have been involved, as I have not touched it nor has it ever presented me with any such prompt before. I then got the following messages:

a. "The feature that you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter an alternative path to a folder containing the installation package 'SBVIPRE_EN.msi' in the box below."
b. Without changing the path, I click OK and got the following message: "Error 1706. No valid source could be found for product 'VIPRE Antivirus + Antispyware'. The Windows Installer cannot continue."
c. In subsequent attempts, I also got the following error message: "The path 'C:\DOCUME~1\Tristan\LOCALS~1\Temp\{CE5E91FA-D105-4B19-A60E-F72E239F6A11}\SBVIPRE_EN.msi' cannot be found. Verify that you have access to this location and try again, or try to find the installation package 'SBVIPRE_EN.msi' in a folder from which you can install the product VIPRE Antivirus + Antispyware." (Note: Vipre is my anti-virus software).

I was not able to close the Windows Installer window--neither clicking OK or Cancel worked, nor was I able to locate the specified file 'SBVIPRE_EN.msi' as the prompt was requesting.

5. I also notice that my Vipre antivirus program does not start automatically when restarting the computer and when I try to start it manually, I get the behavior described in #4 above. In other words, I no longer appear to have my antivirus software working (or even properly installed??).

6. I posted the above to http://social.answer...01-d135e9e88326 and received feedback suggesting that I may be infected with 'hijackware'. Pursuant to this feedback, I ran Microsoft's Malicious Software Removal Tool (http://www.microsoft...ve/default.mspx), which found no problems; I also ran the Windows Live Safety Center 'Protection Scan' (http://onecare.live....ter/howsafe.htm) and found no "problems" although it did report that "2 issues found and removed, 3 items detected and cleaned". The computer issues described above did not go away, and in fact while running this scan, I noted that Windows Automatic Updating indicated that 2 new updates were ready for download: KB973687 and KB976098, which both appear to be related to my computer's clock, *which I just have noticed is no longer running normally--calendar tool is still there, but the clock is missing from the task bar...* (side note: I use a 3rd party system clock tool called 'Chameleon Clock 4' that has been working flawlessly for years--funny that it would die now).

7. Lastly, this feedback recommended running a HijackThis [version 2.0.0.2] log and posting to this web site, which I've attached.

8. Possibly pertinent: I have had two separate bank accounts racked with multiple fraudulent charges over the past 6 weeks. Two separate groups of charges separated by a month--fishy (and scary) that anyone could have obtained all that information on us (*have* we been hijacked somehow?). We are quite cautious and have always had anti-virus software installed and are conservative with what we download.

At this point, I'm still not sure if this is a virus or hacking situation or something else. We are feeling quite scared right now. Any and all help would be very greatly appreciated. I'm intersted in confirming that my original issue involving KB954430 has been resolved (even though I was not able to install it per step 4 of http://support.micro....com/kb/941729/); and I would like to resolve the subsequent issues that appeared immediately afterward.


Best regards,

Tristan

PS I am running Windows XP Professional.



FOLLOW-UP 27NOV09:

9. Per the SpywareInfo Forum FAQ, I performed a 'quick scan' using Malwarebytes' Anti-Malware, which detected (and removed) (4) instances of 'Backdoor.Bot' and one instance of 'Malware.Trace'. The log file is attached. Could this explain my tapped bank accounts? The only change I noticed is that my computer's clock is now visible and working normally (see #6 above); all other issues remain. One additional observation: the computer does not power down via 'Start --> Turn Off Computer'. I am forced to cut power to the computer manually, which is a symptom that started with #4 above.

10. Also per the SpywareInfo Forum FAQ, I installed and performed a scan using 'Spybot-Search and Destroy', which detected (and removed) (4) problems: 'Morpheus Toolbar' (note: I did download/install Morpheus--probably the most risky behavior I've engaged in on the web--although I'm careful to scan the music that I occasionally receive); 'Statcounter' (a cookie); and (2) instances of 'Win32.Agent.pz'.

...eagerly awaiting the possibility of feedback! (and inspired by the good people who are volunteering to help people like me) :-)



FOLLOW-UP 28NOV09:

11. Attached an updated HijackThis log (subsequent to performing additional scans per #9 and #10.



FOLLOW-UP 30NOV09:

12. Possibly pertinent: when I started my computer this morning and started my email program, I received the following message: "Outlook experienced a serious problem with the 'sunbelt software outlook antivirus object' add-in. If you have seen this message multiple times, you should disable this add-in and check to see if an update is available. Do you want to disable this add-in?" Given that this was the one and only time I had seen this message, I clicked 'No'.


FOLLOW-UP 06DEC09:

13. The issue described in #12 has returned multiple times.

14. I am posting from my mother's computer because my web browswer appears to have been hijacked: it repeatedly redirects me to the web address to 'www.home.clearwire.com' and will not let me navigate to any other web pages. It looks a lot like the home page of my internet service provider ('www.clearwire.com'). My home page itself is not changed, but I am agressively redirected to this other web page and am prompted to 'Click here to view your message'. Fishy! Sounds like an invitation to download additional malware if you ask me. I could sure use some help!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:51 AM, on 11/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\GEEK SQUAD UPS\ppped.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\GEEK SQUAD UPS\pppeuser.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Tristan\My Documents\Installation Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...Sys=DTP&M=FX530
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.guitar4you.com/tulavak.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...Sys=DTP&M=FX530
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onlinereg...vak@hotmail.com (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE"
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\GEEK SQUAD UPS\pppeuser.exe"
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gatew...r/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1229932308156
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creat...15109/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: GEEK SQUAD POWER MANAGEMENT Service (ppped) - Unknown owner - C:\Program Files\GEEK SQUAD UPS\ppped.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\rthlpsvc.exe
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


Note:
Please paste your logs do not use the attachment function.

Attached Files


Edited by nasdaq, 10 December 2009 - 02:08 PM.
HijackThis log paste to the topic.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 28 November 2009 - 04:34 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 10 December 2009 - 02:15 PM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Sorry for this long delay.

The way you describe your problems and the results of your log you have a bad infection. Virut infection, which is a file infector and is very bad.

Read this article.
Virut and other File infectors - Throwing in the Towel?
http://miekiemoes.bl...s-throwing.html

I can't in all conscience advise you to do something I wouldn't do myself. I can't guarantee you a clean PC or a stable one, so I really suggest you save your data and reformat and reinstall Windows.

p.s. These file types should not be backed up.
exe/.scr/.htm/.html/.xml/.zip/.rar files
if you do and they are infected you will infect your new installation.

Sorry.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 Tristan_W

Tristan_W

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 10 December 2009 - 09:33 PM

Hello, Nasdaq,

Thank you for assisting me. By the way, I have discovered that the issue I described in #14 was due to my internet service provider, Clearwire, and not a virus/malware. (I contacted Clearwire and they confirmed that they redirected my web address in order to convey an 'important message' about my service; after following their steps, I now have full control of my web browser). In light of that info, is there any chance that I might disinfect rather than reformat? I'm just thinking about how careful I've been and about how I've always had up-to-date anti-virus software running with definitions downloaded daily and two automatic deep scans every day (noon and midnight) which did not detect or warn about Virut. I would also never have clicked on an email to install a Windows Update, which I see is a way that this virus can spread (per info I read at http://miekiemoes.bl...again-sigh.html).

And other than the few issues mentioned above, the computer and all programs seem to run normally. I guess I am just wanting to double check that I really do have to reformat...

Again, I sincerely appreciate your help!


Best regards,

Tristan

Edited by Tristan_W, 10 December 2009 - 11:59 PM.


#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 11 December 2009 - 09:28 AM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

See that must of your problems are gone, lets do this.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
  • Run Spybot-S&D
  • Go to the Mode menu , and make sure "Advanced Mode " is selected
  • On the left hand side, choose Tools -> Resident
  • Uncheck "Resident TeaTimer " and OK any prompts
  • Restart your computer.
When everything is done and your log is clean again, you can enable it again.
If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

Please don't forget this step to disable TeaTimer.
[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:


R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onlinereg...vak@hotmail.com (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll


Click on Fix Checked when finished and exit HijackThis.

Restart the computer normally.
===

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply with a fresh HijackThis log.

Do not mouse click combofix's window while it's running. That may cause it to stall
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 Tristan_W

Tristan_W

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 12 December 2009 - 12:17 AM

Nasdaq,

So, I have followed the steps you outlined but did encounter some issues:

1. Everything went perfectly up until I needed to disable Vipre Antivirus + Antispyware prior to running ComboFix.exe. Since Vipre isn't running normally, I was not able to open it in order to positively disable it. However, I did not see it in the system tray nor under any obvious description in the Task Manager (so that I might 'End Task'). Therefore, I figured that maybe it wasn't running to begin with. When I ran ComboFix.exe, it notified me that Vipre was indeed active and running and warned me to disable it. However, given what I've just mentioned, it wasn't obvious to me how to accomplish this. I tried clicking the X at the upper right of the ComboFix dialogue box to cancel the process, but that didn't seem to cancel anything--the program continued to run with the notification that I was proceeding at my own risk.

2. I was notified that I did not have Windows Recovery Console installed. Per your advice, I attempted to install it, but was subsequently notified that I had not clicked 'yes' (even though I am nearly positive that I did) and that therefore the program had not been installed. Darned!

3. The program proceeded apparently normally and eventually rebooted my computer. When it restarted and I logged in, the 'Windows Installer' window appeared as described in #4 of my first post; in addition, ComboFix opened a box and indicated that it was running (and warned not to run any programs until it was done). I waited patently.

4. Suddenly, a 'Windows Explorer' dialogue box appeared with the message "Windows Explorer has encountered a problem and needs to close. We are sorry for the inconvenience." That dialogue box also gave the option to 'Send Error Report'. I didn't touch anything until FixCombo had finished, which it did after a few minutes.

The ComboFix report log and a fresh HijackThis log are included as follows:

ComboFix 09-12-11.01 - Tristan 12/11/2009 20:20:48.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2767 [GMT -8:00]
Running from: c:\documents and settings\Tristan\Desktop\ComboFix.exe
AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3908156949-2022285918-3105907657-500
C:\System
c:\system\INSTALL.LOG
c:\windows\TEMP\logishrd\LVPrcInj01.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-11-12 to 2009-12-12 )))))))))))))))))))))))))))))))
.

2009-12-04 06:39 . 2009-12-04 06:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-12-04 06:34 . 2009-12-04 06:43 -------- d-----w- c:\documents and settings\Tristan\Local Settings\Application Data\Temp
2009-12-04 06:34 . 2009-12-04 06:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-11-28 04:30 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-11-28 04:30 . 2009-11-28 04:30 -------- d-----w- c:\program files\Panda Security
2009-11-28 00:45 . 2009-11-28 03:35 -------- d-----w- c:\windows\BDOSCAN8
2009-11-27 23:42 . 2009-11-28 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-27 23:42 . 2009-11-27 23:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-27 20:04 . 2009-11-27 20:04 -------- d-----w- c:\documents and settings\Tristan\Application Data\Malwarebytes
2009-11-27 20:04 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-27 20:04 . 2009-11-27 20:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-27 20:04 . 2009-11-27 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-27 20:04 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 07:52 . 2009-11-26 07:52 -------- d-----w- c:\program files\Trend Micro
2009-11-25 16:08 . 2009-11-25 16:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-11-25 16:06 . 2009-11-25 16:06 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-11-25 06:40 . 2009-11-26 04:24 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-14 10:40 . 2009-11-14 10:40 152576 ----a-w- c:\documents and settings\Tristan\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-14 10:37 . 2009-11-14 10:37 79488 ----a-w- c:\documents and settings\Tristan\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-12 04:31 . 2008-01-09 06:16 -------- d-----w- c:\program files\Chameleon Clock
2009-12-12 04:30 . 2008-01-14 04:03 -------- d-----w- c:\program files\GEEK SQUAD UPS
2009-12-11 10:00 . 2008-01-15 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Retrospect
2009-12-08 16:15 . 2008-01-09 06:42 -------- d-----w- c:\documents and settings\Tristan\Application Data\ACD Systems
2009-12-08 16:15 . 2008-01-09 06:09 -------- d-----w- c:\program files\ACD Systems
2009-12-08 16:15 . 2008-08-02 05:20 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-12-07 07:31 . 2008-08-02 05:18 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-12-07 03:52 . 2007-12-28 06:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-07 03:51 . 2007-12-28 06:18 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-07 03:51 . 2007-12-28 06:18 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-04 06:44 . 2007-12-28 06:08 -------- d-----w- c:\program files\Google
2009-11-22 04:47 . 2008-12-09 08:15 -------- d-----w- c:\documents and settings\Tristan\Application Data\LimeWire
2009-11-14 10:40 . 2007-12-28 06:05 -------- d-----w- c:\program files\Java
2009-11-14 06:55 . 2007-12-28 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-11 12:17 . 2008-12-09 08:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 21:00 . 2008-09-15 04:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-09 19:16 . 2009-10-09 19:16 371272 ----a-r- c:\documents and settings\Mia\Application Data\Microsoft\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
2009-10-08 22:57 . 2007-10-09 21:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 22:57 . 2006-06-01 03:16 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 22:56 . 2006-06-01 03:16 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-16 04:07 . 2009-09-16 04:06 670130 ----a-w- c:\documents and settings\Tristan\Application Data\Move Networks\MoveMediaPlayerWin_071505000010.exe
2001-11-27 17:35 . 2008-01-09 07:21 543232 ------r- c:\program files\CONVERT.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"PowerPanel Personal Edition User Interaction"="c:\program files\GEEK SQUAD UPS\pppeuser.exe" [2007-03-10 270336]
"HomeAlarm"="c:\program files\Chameleon Clock\ChamClock.exe" [2007-07-31 637440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-18 68856]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-18 53341]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gateway Extended Warranty"="c:\program files\Gateway\GWCares\GWCares.exe" [2004-02-09 73728]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]
"nwiz"="nwiz.exe" [2009-03-28 1657376]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-15 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-15 2407184]
"CTHelper"="CTHELPER.EXE" [2008-01-14 19456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 86016]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 93208]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2009-09-07 959784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]

c:\documents and settings\Tristan\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-6-14 479232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-8 110592]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-8 110592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/27/2009 8:30 PM 28552]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [9/11/2009 11:23 PM 13360]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [1/9/2009 8:42 PM 202928]
R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [9/7/2009 1:02 PM 1012040]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [9/11/2009 11:25 PM 69936]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [10/30/2007 7:35 PM 329024]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2/19/2009 9:42 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2/19/2009 9:43 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2/19/2009 9:43 AM 72728]
R3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [12/27/2007 9:58 PM 40448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/3/2009 10:34 PM 135664]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [7/3/2009 9:58 AM 79360]
S3 ct20xflt;ct20xflt;c:\windows\system32\drivers\ct20xflt.sys [7/13/2009 5:53 PM 1811224]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2/19/2009 9:42 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2/19/2009 9:43 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2/19/2009 9:43 AM 72728]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2/19/2009 9:54 AM 1222680]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/5/2009 2:58 PM 93872]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.guitar4you.com/tulavak.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-11 20:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3988883988-293894354-3670886912-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(6020)
c:\windows\system32\WININET.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\crypserv.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\GEEK SQUAD UPS\ppped.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Retrospect\Retrospect 7.6\retrorun.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\CTHELPER.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\CTXFIHLP.EXE
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\dwwin.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\MsiExec.exe
.
**************************************************************************
.
Completion time: 2009-12-11 20:35:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-12 04:35

Pre-Run: 632,140,259,328 bytes free
Post-Run: 633,287,983,104 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

- - End Of File - - 04D7B51E904E89094E5528C681B381E4











Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:54 PM, on 12/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\GEEK SQUAD UPS\ppped.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\GEEK SQUAD UPS\pppeuser.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.guitar4you.com/tulavak.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE"
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\GEEK SQUAD UPS\pppeuser.exe"
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gatew...r/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1229932308156
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creat...15109/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: GEEK SQUAD POWER MANAGEMENT Service (ppped) - Unknown owner - C:\Program Files\GEEK SQUAD UPS\ppped.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\rthlpsvc.exe
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13412 bytes









Thanks Nasdaq!

Tristan

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 12 December 2009 - 10:19 AM

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Your logs are clean.

Vipre Antivirus may have prevented the installation of the Recovery Console, not sure.

If all is well Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 Tristan_W

Tristan_W

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 12 December 2009 - 11:59 AM

Nasdaq,

I followed the step you mentioned, again unable to successfully disable Vipre (even though I ended one process via Task Manager that I thought was associated with Vipre: SBAMSvc.exe). However, this time again got the message that:

"ComboFix has detected the following real time scanner(s) to be active:
antivirus: Sunbelt Vipre
Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine dammage.
Please disable these scanners before clicking 'OK'."

Still at a loss as to how to disable Vipre, I cringed and clicked 'OK' and was then notified that ComboFix was uninstalled.

At this point, the 'Windows Installer' window that I mentioned in #4 of my first post is still appearing whenever I try to start Vipre and also when I start Microsoft Office Outlook, and the only way to get rid of it is to 'End Task' via the Task Manager. In addition, when starting Outlook, I still get the message: "Outlook experienced a serious problem with the 'sunbelt software outlook antivirus object' add-in. If you have seen this message multiple times, you should disable this add-in and check to see if an update is available. Do you want to disable this add-in?" So far, I have always clicked 'No'.

By the way, I wrote to the makers of Sunbelt Vipre and mentioned that Vipre didn't appear to be working normally. They recommended that I try running the 'Vipre Rescue Program' in Safe Mode twice. Do you think I should proceed with that, or wait for us to carry out any further steps?


Thanks once again Nasdaq!

PS I've also noticed that the computer has been somewhat slower than usual to boot up since this whole thing started.

Edited by Tristan_W, 12 December 2009 - 12:03 PM.


#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 13 December 2009 - 05:04 PM

By the way, I wrote to the makers of Sunbelt Vipre and mentioned that Vipre didn't appear to be working normally. They recommended that I try running the 'Vipre Rescue Program' in Safe Mode twice. Do you think I should proceed with that, or wait for us to carry out any further steps?


You got it from the horse's mouth please execute it.

If all fails can you check with Sunbelt if you can Remove it completely or is this an all in one situation with them
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 28 December 2009 - 10:06 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button