Jump to content


Photo

Sound From Ads are Playing in Background from viruses


  • This topic is locked This topic is locked
23 replies to this topic

#1 D_T

D_T

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 31 December 2009 - 04:23 AM

I've downloaded from some bad sites and now I have my laptop infected. Sounds from commercials are playing in the background. Malware Bytes is installed from before the infection, but it will not load now. Avira is still installed, but it seems to be disabled as Panda Scan Informs me. "We have detected that the AntiVir Desktop protection on your PC is disabled and up-to-date." Kaspersky Online Scan seems down for now. Everything runs very slowly. Slower startup. Spybot Search and Destroy doesn't load. Loading pages in Internet Explorer only last a short time before a popup states IE needs to close. Ad Aware works but doesn't find much. But there were some that I've removed however I feel there are more left as the background audio is still there even though I go in and manually delete the whole contents of the Temp Internet Files folder of those ad flash files.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:27 AM, on 12/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\HouseCall\housecall.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.c...ction_message=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N4 - Mozilla: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "C:\\Documents and Settings\\Owner\\My Documents");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CSeaMonkey%5Csearchplugins%5Cgoogle.src");
user_pref("browser.search.mode", 1);
user_pref("browser.search.opentabforcontextsearch", true);
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1.16");
user_pref("browser.startup.page", 0);
user_pref("browser.tabs.autoHide", false);
user_pref("browser.tabs.loadGroup", 0);
user_pref("browser.tabs.open
N4 - Mozilla: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "C:\\Documents and Settings\\Owner\\My Documents");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CSeaMonkey%5Csearchplugins%5Cgoogle.src");
user_pref("browser.search.mode", 1);
user_pref("browser.search.opentabforcontextsearch", true);
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1.16");
user_pref("browser.startup.page", 0);
user_pref("browser.tabs.autoHide", false);
user_pref("browser.tabs.loadGroup", 0);
user_pref("browser.tabs.open
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartupFaster] "C:\Program Files\Startup Faster 2004\StrpFstCfg.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [combofix] "C:\combo-fix\CF21278.cfxxe" /c "C:\combo-fix\C.bat"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: StartupFaster
O4 - Global Startup: StartupFaster
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.co...inAxControl.CAB
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f.../fslauncher.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - https://download.mac...director/sw.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8942.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Avira GmbH - (no file)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9810 bytes

Edited by D_T, 31 December 2009 - 03:00 PM.
HijackThis log requested.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,490 posts

Posted 02 January 2010 - 04:25 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#3 D_T

D_T

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 02 January 2010 - 04:33 PM

Someone if you are available, please help. No one has been assigned to this I believe.

The system seems to not play the audio flash adverts in the background anymore, but it still locks up from time to time and Avira and MBAM and Spybot S/D don't run. (Or they run in the background and I can't get to them.) Suggestions?

#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,380 posts

Posted 03 January 2010 - 09:57 AM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKLM\..\Run: [combofix] "C:\combo-fix\CF21278.cfxxe" /c "C:\combo-fix\C.bat"


Click on Fix Checked when finished and exit HijackThis.

Restart the computer normally.
===

I need to see the results of this scan before suggesting a fix.

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 D_T

D_T

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 03 January 2010 - 03:23 PM

11:43 AM 1/3/2010
Hi,

I shut down all programs, and ran HJT.
Got all the four keys R0, R0, O2, O2, but the last one O4 combofix wasn't there.

11:45 AM 1/3/2010
Restarting..

11:55 AM 1/3/2010
Running RootRepeal.
On start, RootRepeal responds with a popup:
title: RootRepeal[1] Error
message: Error - invalid PE image found!
Saved Log.
Log follows:
11:54:54: Error - invalid PE image found!
11:54:54: Error - invalid PE image found!


Clicked OK.

12:16 PM 1/3/2010
Scan completed
Popup about "2 stealth objects found!"

Report was auto saved without action on my part.

RootRepeal crashed.

Notes: at startup and all during the scan: system pop ups about internet explorer needing to close.

RootRepeal log follows:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/03 12:00
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: giveio.sys
Image Path: giveio.sys
Address: 0xBAE73000 Size: 1664 File Visible: No Signed: -
Status: -

Name: H8SRThlcbdliays.sys
Image Path: C:\WINDOWS\system32\drivers\H8SRThlcbdliays.sys
Address: 0xA7E3E000 Size: 118784 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal[1].sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal[1].sys
Address: 0xA2B11000 Size: 49152 File Visible: No Signed: -
Status: -

Name: speedfan.sys
Image Path: speedfan.sys
Address: 0xBAE72000 Size: 4096 File Visible: No Signed: -
Status: -

Name: srescan.sys
Image Path: srescan.sys
Address: 0xBA5FB000 Size: 81920 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\H8SRTjqyrsrpkns.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\H8SRTkxvcygsbrk.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\H8SRTtfokftulsi.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\H8SRTxmlnxceryo.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\H8SRT1e2c.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\H8SRT3e95.tmp
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\Fifoed(3)\A0149498.lnk
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\Fifoed(3)\A0141621.cfg
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\Fifoed(3)\A0141622.cfg
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\Fifoed(3)\A0141623.mfl
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\Fifoed(3)\A0141624.ini
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\Fifoed(3)\A0141625.cfg
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\Fifoed(3)\A0141626.lnk
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\Fifoed(3)\A0141627.lnk
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\Fifoed(3)\A0141628.lnk
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\Fifoed(3)\A0141629.lnk
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\Fifoed(3)\A0141630.lnk
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\Fifoed(3)\A0141631.lnk
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\Fifoed(3)\A0141632.lnk
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\Fifoed(3)\A0141633.ini
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\Fifoed(3)\A0141634.exe
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\Fifoed(3)\A0141635.exe
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\Fifoed(3)\A0141636.dll
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\Fifoed(3)\A0141637.exe
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0170278.dll
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0170279.dll
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0175759.lnk
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0175777.lnk
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0174896.ini
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0174897.mfl
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0175744.exe
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0175745.exe
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0175746.ini
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0175747.ini
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0175748.dll
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0175749.dll
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0175750.ini
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0175751.ini
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0175752.lnk
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0175753.lnk
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0175754.lnk
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0175755.lnk
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0175756.lnk
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0175757.lnk
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP934(2)\A0175758.lnk
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP901(2)\A0177661.lnk
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP901(2)\A0177679.dll
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP901(2)\A0177643.exe
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP901(2)\A0177644.ini
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP901(2)\A0177645.ini
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP901(2)\A0177646.dll
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP901(2)\A0177647.dll
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP901(2)\A0177648.ini
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP901(2)\A0177649.ini
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP901(2)\A0177650.sys
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP901(2)\A0177651.sys
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP901(2)\A0177652.dll
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP901(2)\A0177653.dll
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP901(2)\A0177654.exe
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP901(2)\A0177655.sys
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP901(2)\A0177656.sys
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP901(2)\A0177657.sys
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP901(2)\A0177658.lnk
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP901(2)\A0177659.lnk
Status: Invisible to the Windows API!

Path: C:\System Volume Information\_restore{F421C541-7B33-4616-998B-48717150EDE0}(2)\RP901(2)\A0177660.lnk
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\H8SRThlcbdliays.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\temp\H8SRT8589.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\temp\h8srtmainqt.dll
Status: Invisible to the Windows API!

Path: c:\documents and settings\owner\local settings\temp\~df1cd2.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\owner\local settings\temp\~df27f.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\owner\local settings\temp\~df33d8.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\owner\local settings\temp\~df533.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\owner\local settings\temp\~df5d4c.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\owner\local settings\temp\~df9552.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\owner\local settings\temp\~dfeaec.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\owner\local settings\temp\~dfec7.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\tabicon_video_off[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\TableListing[1].css
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\tabReviews_off_v1_m56577569833334540[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\tags[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\talkback_header_background[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\TanAd[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\TAN_routines[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\tc_white_shadow_br[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\text-smaller[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\therm_bkgd_10[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\thickbox-obf-3.1.1.cache[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\thumb-no-image._SX60_SY80_[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\thumb1_caefffa601254179843f9b6d1d00d931[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\tickets_traffic[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\signup-background[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\signUp[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\signup_arrow_done[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\site.min[1].css
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\sitetab_www_on[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\site_nav_caret_split_default[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\size=160x600;noperf=1;alias=93218231;cfp=1;noaddonpl=y;kvmn=93218231;target=_blank;aduho=420;grp=369822643;misc=369822643[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\sliderCircle_on[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\smalls2_120_107526_sunset[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\smalls2_120_364813_computecbanner[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\spacer[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\spacer[2].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\spotAudit[2].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\stars[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\ur[1].css
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\user_license_hover[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\Uses_bg[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\UT[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\v=ap[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\v=ap[2].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\v=ap[3].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\v=ap[4].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\v=ap[5].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\Versailles__Paris_mini[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\vertical_line[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\ve_def_discovery_top[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\view-full-size[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\vote2[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\webim16_wp[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\WEBPIC_mini[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\portlet-botl[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\portlet-botr[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\print[1].css
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\print[2].css
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\readingPanel[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\reddit[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\redeemCode[1].xml
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\redir[1].xml
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\refresh_mlb[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\remotelogout[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\reportabuse_tech[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\reset-min[1].css
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\retbutton_50[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\rewardPollSurvey[1].en
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\road_house_6859s2[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\tiny_minus[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\title-popularepisodes-hover[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\titlebg_profile[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\tle_rightCol_blank[1].jpg
Status: Invisible to the Windows API!

Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\34cq2ljn\topic_view[1].css
Status: Size mismatch (API: 11085, Raw: 10999)

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\topnav_america_off[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\topnav_everything_off[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\topnav_symposium_off[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\traffic[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\settings_selected[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\SETUP%20STARTER%20KILL[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\share-friends-reset[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\share-post-myspace[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\shop_now[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\shop_rollover[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\show_js2[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\star_bg_wh_s[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\star_bg_yellow_s[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\star_fld[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\staticLogin.min.200905111329[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\ste2[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\stroke-menu-left[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\stumbleupon[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\style[1].css
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\style[2].css
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\style_icon[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\subnav-browse-hover[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\subnav-spotlight[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\su[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\default[6].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\default[7].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\Defensive-Driving-Course[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\digg[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\digg[2].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\digg[3].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\direct_link[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\DropDown[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\DSC00014_-_Copy_normal[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\embedmovie[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\garmin_80x28[1].gif
Status: Invisible to the Windows API!

Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\34cq2ljn\ga[1].js
Status: Size mismatch (API: 24074, Raw: 19385)

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\globalcart_bottom[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\webtrax_off[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\webtrax_on[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\WEBWinLive1033[1].css
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\WindowsLive[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\wordfilter[1].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\XdCommReceiver[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\yahooBundle[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\yahoo[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\zaggDailyLeftNav_02[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\zoom_in_off[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\34CQ2LJN\zoom_out_off[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Stealth Objects
-------------------
Object: Hidden Module [Name: H8SRTkxvcygsbrk.dll]
Process: svchost.exe (PID: 1412) Address: 0x009c0000 Size: 65536

Object: Hidden Module [Name: H8SRTtfokftulsi.dll]
Process: svchost.exe (PID: 1412) Address: 0x10000000 Size: 69632

Hidden Services
-------------------
Service Name: H8SRTd.sys
Image Path: C:\WINDOWS\system32\drivers\H8SRThlcbdliays.sys

==EOF==



There was also a message about something being too long:
12:00:33: Error - on-disk corruption detected - run chkdsk!
12:00:33: Error - end of index is past block!
12:02:35: Error - end of index is past block!
12:02:35: Error - end of index is past block!
12:02:35: Error - on-disk corruption detected - run chkdsk!
12:02:35: Error - end of index is past block!
12:02:35: Error - on-disk corruption detected - run chkdsk!
12:03:07: Error - end of index is past block!
12:04:50: Error - end of index is past block!
12:04:50: Error - end of index is past block!
12:04:50: Error - end of index is past block!
12:04:50: Error - end of index is past block!
12:04:50: Error - end of index is past block!
12:04:50: Error - end of index is past block!
12:04:50: Error - end of index is past block!
12:04:51: Error - end of index is past block!
12:04:51: Error - end of index is past block!
12:04:51: Error - end of index is past block!
12:07:37: Error - end of index is past block!
12:08:37: Error - end of index is past block!
12:09:09: Error - end of index is past block!
12:09:19: Error - end of index is past block!
12:12:49: Error - on-disk corruption detected - run chkdsk!
12:13:24: Error - end of index is past block!

End log.
1st edit
And now IE is continually crashing after being up for less than a minute.

2nd edit
3:57 PM 1/3/2010
Reboots clear the freezing and locking up, but only for a short while, maybe an hour or so before whatever trigger sets it off.

Now the also has the ads playing in the background again. It has returned. I'll redo the steps in the FAQ to see what might help.

3rd Edit
5:09 PM 1/3/2010
Panda ActiveScan online virus scan
says nothing is wrong.

BitDefender online virus scan
is taking forever and froze, but I'l try it again.

5:22 PM 1/3/2010
Remembered that I used Housecall online virus scan last time to remove thesame rootkits H8.... something, this time they were removed again. But there is no way that I can see on how to save a log or if it autosaved a log for me.

5:28 PM 1/3/2010
Did some snooping around, found a report:

Damage Cleanup Engine (DCE) 6.1(Build 3017)

Windows XP(Build 2600: Service Pack 3)


Start time : Sun Jan 03 2010 17:18:40



Load Damage Cleanup Template (DCT) "C:\DOCUME~1\Owner\LOCALS~1\Temp\HouseCall\pattern\TMRDCT.ptn" (version ) [fail]

Load Damage Cleanup Template (DCT) "C:\DOCUME~1\Owner\LOCALS~1\Temp\HouseCall\pattern\tsc.ptn" (version 1070) [success]

GenericClean::Pattern:WORM_DOWNAD,Virus Name:Suspicious,Virus File Path:C:\WINDOWS\system32\H8SRTtfokftulsi.dll

GenericClean::Pattern:PE_PATCHEP.A,Virus Name:Suspicious,Virus File Path:C:\WINDOWS\system32\H8SRTtfokftulsi.dll

GenericClean::Pattern:BKDR_TIDIES,Virus Name:Suspicious,Virus File Path:C:\WINDOWS\system32\H8SRTtfokftulsi.dll

TSC_GENCLEAN[virus found]

-->delete file("C:\WINDOWS\system32\H8SRTtfokftulsi.dll","","") success

-->add file("C:\DOCUME~1\Owner\LOCALS~1\Temp\HouseCall\DEADLINKS.INI","","") success

-->modify file("C:\DOCUME~1\Owner\LOCALS~1\Temp\HouseCall\DEADLINKS.INI","","") success

-->modify file("C:\DOCUME~1\Owner\LOCALS~1\Temp\HouseCall\DEADLINKS.INI","","") success

-->modify registry data("HKEY_LOCAL_MACHINE","SOFTWARE\TrendMicro\AMSP","LAUNCH_TSC_AFTER_REBOOT") success

-->add file("C:\DOCUME~1\Owner\LOCALS~1\Temp\HouseCall\MARK_TEMP.INI","","") success

-->modify file("C:\DOCUME~1\Owner\LOCALS~1\Temp\HouseCall\MARK_TEMP.INI","","") success

-->delete file("C:\DOCUME~1\Owner\LOCALS~1\Temp\HouseCall\MARK_TEMP.INI","","") success

GenericClean::Pattern:TSC_GENCLEAN,Virus Name:Suspicious,Virus File Path:C:\WINDOWS\system32\H8SRTtfokftulsi.dll

GenericClean::Pattern:WORM_DOWNAD,Virus Name:Suspicious,Virus File Path:C:\WINDOWS\system32\H8SRTjqyrsrpkns.dll

GenericClean::Pattern:PE_PATCHEP.A,Virus Name:Suspicious,Virus File Path:C:\WINDOWS\system32\H8SRTjqyrsrpkns.dll

GenericClean::Pattern:BKDR_TIDIES,Virus Name:Suspicious,Virus File Path:C:\WINDOWS\system32\H8SRTjqyrsrpkns.dll

TSC_GENCLEAN[virus found]

-->delete file("C:\WINDOWS\system32\H8SRTjqyrsrpkns.dll","","") success

-->modify file("C:\DOCUME~1\Owner\LOCALS~1\Temp\HouseCall\DEADLINKS.INI","","") success

-->modify registry data("HKEY_LOCAL_MACHINE","SOFTWARE\TrendMicro\AMSP","LAUNCH_TSC_AFTER_REBOOT") success

-->add file("C:\DOCUME~1\Owner\LOCALS~1\Temp\HouseCall\MARK_TEMP.INI","","") success

-->modify file("C:\DOCUME~1\Owner\LOCALS~1\Temp\HouseCall\MARK_TEMP.INI","","") success

-->delete file("C:\DOCUME~1\Owner\LOCALS~1\Temp\HouseCall\MARK_TEMP.INI","","") success

GenericClean::Pattern:TSC_GENCLEAN,Virus Name:Suspicious,Virus File Path:C:\WINDOWS\system32\H8SRTjqyrsrpkns.dll



Complete time : Sun Jan 03 2010 17:18:44

Execute pattern count(8), Virus found count(2), Virus clean count(2), Clean failed count(0)



End of log file report.

Edited by D_T, 03 January 2010 - 08:30 PM.


#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,380 posts

Posted 04 January 2010 - 08:33 AM

Try to fix the hard disk.

How to perform disk error checking in Windows XP
http://support.microsoft.com/kb/315265

# Click Start, and then Run.
# In Open, type cmd, and then press ENTER.
# type chkdsk C:/f and then press ENTER
===

When completed.


Download ComboFix from any of the links below but rename it to D_T.EXE before saving it to your desktop. <- Important.

Link 1
Link 2
==================================

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    Double click on the renamed ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply with a fresh HijackThis log.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingc...opic114351.html

Do not mouse click combofix's window while it's running. That may cause it to stall
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 D_T

D_T

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 04 January 2010 - 08:53 PM

5:29 PM 1/4/2010
Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Owner>chkdsk c: /f
The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another
process. Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N) y

This volume will be checked the next time the system restarts.

C:\Documents and Settings\Owner>

Tried via Safe mode with command prompt, same message.

5:46 PM 1/4/2010
Tried via My Computer and C: Drive Right Click, Properties, Tools Tab, Error Checking: Check Now.
Error system popup:
Windows was unable to complete the disk check.

===

Pushing forward with Combofix.
Disabled or closed AD Aware and all programs in taskbar.
However Pandascan has informed me before there is Avira Anti Virus running but possibly disabled. However there is no icon there. And the icon is usually there even if the antivirus is temporarily disabled. Should not be an issue however.

Will report back after scan with Combofix.

5:55 PM 1/4/2010
Combofix says:
Cannot rename Combofix as D_T use preferrably alphanumerics instead.

The program quit itself. Trying again. Renaming as something else.

Will update and edit again after successful scan.

6:29 PM 1/4/2010

ComboFix 10-01-04.01 - Owner 01/04/2010 18:04:22.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1411 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\DT.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\H8SRThlcbdliays.sys
c:\windows\system32\drivers\wmndrswwxjfo.sys
c:\windows\system32\drivers\wyvvkobfcupl.sys
c:\windows\system32\H8SRTjqyrsrpkns.dll
c:\windows\system32\H8SRTkxvcygsbrk.dll
c:\windows\system32\H8SRTtfokftulsi.dll
c:\windows\system32\H8SRTxmlnxceryo.dat
c:\windows\system32\srcr.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
-------\Legacy_wmndrswwxjfo
-------\Legacy_wyvvkobfcupl
-------\Service_wmndrswwxjfo
-------\Service_wyvvkobfcupl


((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-04 07:26 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-04 07:18 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-04 07:16 . 2010-01-04 07:16 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-04 07:16 . 2010-01-04 07:16 -------- d-----w- c:\program files\Lavasoft
2010-01-02 10:06 . 2010-01-02 10:06 -------- d-----w- c:\program files\YouTube Downloader
2010-01-02 10:05 . 2009-12-30 22:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-02 10:05 . 2009-12-30 22:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 10:02 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-02 10:02 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-01-02 10:02 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-01-02 10:02 . 2010-01-02 10:02 -------- d-----w- c:\program files\Avira
2010-01-02 10:02 . 2010-01-02 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-01-02 08:45 . 2008-04-14 01:12 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-01-02 08:45 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\irftp.exe
2010-01-02 08:45 . 2008-04-14 01:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-01-02 08:45 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-01-02 08:45 . 2008-04-14 01:11 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-01-02 08:45 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\irmon.dll
2010-01-02 00:30 . 2010-01-02 00:30 -------- d-----w- C:\54c70206bd02a4851e4769d48c
2009-12-31 19:32 . 2009-12-31 19:32 -------- d-----w- c:\program files\twhirl
2009-12-31 19:21 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-31 19:02 . 2010-01-03 19:44 -------- d-----w- C:\HJT
2009-12-31 10:20 . 2009-12-31 10:19 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-31 08:29 . 2009-12-31 08:32 -------- d-----w- C:\Qoofix
2009-12-31 08:22 . 2009-12-31 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-12-31 08:09 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-12-31 08:09 . 2009-12-31 08:09 -------- d-----w- c:\program files\Panda Security
2009-12-31 00:42 . 2009-12-31 00:42 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-12-31 00:41 . 2009-12-31 00:41 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-30 23:10 . 2010-01-04 00:19 860 ----a-w- c:\windows\system32\krl32mainweq.dll
2009-12-23 19:53 . 2009-12-23 19:53 -------- d-----w- c:\program files\Unlocker
2009-12-14 06:25 . 2009-12-14 06:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-14 06:24 . 2009-12-14 06:24 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-12-07 08:51 . 2010-01-04 06:50 -------- d-----w- C:\w

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 02:17 . 2007-07-14 03:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-05 02:14 . 2007-05-20 08:48 17920 -c--a-w- c:\windows\system32\rpcnetp.exe
2010-01-05 02:14 . 2007-05-18 07:36 56680 -c--a-w- c:\windows\system32\Rpcnet.dll
2010-01-04 07:18 . 2010-01-04 07:18 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-04 07:18 . 2010-01-04 07:18 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-04 07:18 . 2010-01-04 07:17 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-04 07:17 . 2010-01-04 07:17 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-04 07:17 . 2010-01-04 07:17 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-04 07:17 . 2010-01-04 07:17 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-04 07:17 . 2010-01-04 07:17 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-04 07:17 . 2010-01-04 07:17 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-04 07:17 . 2010-01-04 07:17 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-04 07:17 . 2010-01-04 07:17 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-04 07:17 . 2010-01-04 07:17 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-04 07:17 . 2010-01-04 07:17 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-04 07:17 . 2010-01-04 07:17 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-04 07:16 . 2008-07-17 04:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-04 07:03 . 2007-05-18 06:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-04 07:03 . 2007-05-18 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-03 00:46 . 2007-05-18 23:44 -------- d-----w- c:\program files\DivX
2010-01-03 00:45 . 2009-03-27 13:23 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-02 10:07 . 2007-07-22 07:02 -------- d-----w- c:\program files\Startup Faster 2004
2010-01-02 10:05 . 2009-10-06 10:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-02 09:53 . 2008-03-30 14:37 -------- d-----w- c:\program files\Collage Maker
2010-01-02 09:53 . 2006-05-22 21:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-02 09:53 . 2007-08-18 03:22 -------- d-----w- c:\program files\Beston
2010-01-02 09:49 . 2006-05-22 18:25 -------- d-----w- c:\program files\Intel
2010-01-02 09:43 . 2007-05-30 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-01-02 09:42 . 2007-05-18 06:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-02 09:41 . 2007-09-20 04:46 -------- d-----w- c:\program files\SpywareBlaster
2010-01-02 09:39 . 2007-05-30 23:37 -------- d-----w- c:\program files\Common Files\AOL
2010-01-02 09:39 . 2007-05-30 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-01-01 21:50 . 2007-05-18 09:32 29464 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-01 02:30 . 2008-11-17 10:29 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-01 01:49 . 2008-09-26 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-31 10:45 . 2007-05-22 12:25 -------- d-----w- c:\program files\LimeWire
2009-12-31 10:19 . 2007-05-22 12:26 -------- d-----w- c:\program files\Java
2009-12-31 10:18 . 2009-12-31 09:50 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-31 10:18 . 2009-12-31 09:50 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-31 03:26 . 2007-06-23 12:30 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-28 23:21 . 2007-05-24 06:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-12-26 03:36 . 2009-12-26 03:36 143976 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\uninstall.exe
2009-12-26 03:36 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071701000002.dll
2009-12-26 03:36 . 2009-12-26 03:35 1794456 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
2009-12-18 03:38 . 2009-12-31 00:40 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-14 06:25 . 2009-12-14 06:25 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-11 22:04 . 2007-05-18 10:57 -------- d-----w- c:\program files\SuperBot
2009-12-09 01:42 . 2009-11-11 22:45 -------- d-----w- c:\program files\Celtx
2009-12-09 01:10 . 2007-05-18 12:03 -------- d-----w- c:\program files\Common Files\Stardock
2009-12-09 01:09 . 2008-03-10 02:59 -------- d-----w- c:\documents and settings\Owner\Application Data\SlimBrowser
2009-12-07 14:10 . 2010-01-04 07:16 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-11-25 11:01 . 2009-11-25 11:01 -------- d-----w- c:\program files\MSXML 4.0
2009-11-25 10:29 . 2006-05-22 21:34 -------- d-----w- c:\program files\Google
2009-11-25 10:21 . 2007-08-03 11:31 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-11-25 10:14 . 2008-01-23 09:47 -------- d-----w- c:\program files\Common Files\Nero
2009-11-25 10:13 . 2008-01-23 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-11-23 23:00 . 2008-01-23 10:01 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2009-11-23 12:43 . 2009-10-06 09:49 -------- d-----w- c:\program files\Protection Sys
2009-11-19 08:46 . 2009-11-19 08:46 -------- d-----w- c:\program files\Xmarks
2009-11-18 11:27 . 2007-05-20 08:49 17920 -c--a-w- c:\windows\system32\rpcnetp.dll
2009-11-15 15:13 . 2009-11-15 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-13 12:01 . 2009-11-13 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-11-12 11:15 . 2009-11-12 11:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Download Manager
2009-11-12 10:53 . 2009-11-12 10:53 -------- d-----w- c:\documents and settings\Owner\Application Data\GARMIN
2009-11-12 10:37 . 2009-11-12 10:37 -------- d-----w- c:\program files\DIFX
2009-11-12 10:37 . 2009-11-12 10:37 -------- d-----w- c:\program files\Garmin
2009-11-11 22:47 . 2009-11-11 22:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Greyfirst
2009-11-03 04:42 . 2009-10-02 23:50 195456 -c----w- c:\windows\system32\MpSigStub.exe
2009-10-30 07:50 . 2009-10-30 07:50 93360 -c--a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 07:45 . 2006-05-22 17:25 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-22 04:53 . 2007-10-15 05:43 664 -c--a-w- c:\windows\system32\d3d9caps.dat
2009-10-21 16:45 . 2008-01-22 01:43 33792 ----a-w- c:\windows\system32\identprv.dll
2009-10-21 05:38 . 2006-05-22 17:25 75776 -c--a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-05-22 17:21 25088 -c--a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00 265728 -c--a-w- c:\windows\system32\drivers\http.sys
2009-10-16 23:50 . 2009-11-13 12:09 2520888 -c--a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\t44mhm3e.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-10-15 00:50 . 2009-10-15 00:50 97216 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-10-13 10:30 . 2006-05-22 17:23 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2006-05-22 17:24 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2006-05-22 17:24 79872 ----a-w- c:\windows\system32\raschap.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 -c--a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 -c--a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-11-24 22:08 . 2519DF50405AFCDE47302C80708C6AFC . 1478612 . . [1.0.0.0] . . c:\windows\system32\updater\explorer.exe
[-] 2007-07-01 . 46057846DDF9CF274A40FCD72F162105 . 974336 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupFaster"="c:\program files\Startup Faster 2004\StrpFstCfg.exe" [2007-01-22 1926624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 55808]

c:\documents and settings\Owner\Start Menu\Programs\Startup\StartupFaster
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]
Shortcut to Homer.exe.lnk - c:\documents and settings\Owner\My Documents\Homer\Homer.exe [2007-2-10 290304]
StartupFaster.ini [2010-1-4 2754]
thoosje's sidebar.lnk - c:\program files\Thoosje Vista Sidebar v1.7.8\thoosje's sidebar.exe [2007-2-12 524288]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-20 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-20 155648]

c:\documents and settings\All Users\Start Menu\Programs\Startup\StartupFaster
LapNetWizard.exe [2008-5-31 970752]
StartupFaster.ini [2010-1-4 870]
twhirl.lnk - c:\program files\twhirl\twhirl.exe [2009-12-31 95232]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\c:\0autocheck autochk *\0OODBS\0pgdfgsvc C 1\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Netscape\\Netscape Browser\\netscape.exe"=
"c:\\Program Files\\mozilla.org\\SeaMonkey\\seamonkey.exe"=
"c:\\Program Files\\Babelgum\\babelgum.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/3/2010 11:18 PM 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/31/2009 12:09 AM 28552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/2/2010 2:02 AM 108289]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [1/10/2007 9:39 PM 243584]
R2 FlashDrv;FlashDrv;c:\progra~1\Fujitsu\FlashAid\FlashDrv.sys [5/22/2006 1:33 PM 7196]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 5:19 AM 1181328]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [5/22/2006 9:39 AM 4864]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 AntiVirUpgradeService;Avira Upgrade Service; [x]
S2 sbbotdi;sbbotdi; [x]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [11/18/1999 12:20 AM 3872]
S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\Drivers\Aldebaran.sys --> c:\windows\system32\Drivers\Aldebaran.sys [?]
S3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [4/21/2008 8:40 PM 1239552]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [7/30/2007 1:21 PM 20856]
S3 QCAbsee;Logitech QuickCam Web (0801);c:\windows\system32\drivers\OVCA.sys [6/18/2007 10:18 PM 25088]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [1/2/2008 3:35 AM 44928]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [11/22/2007 12:21 PM 223128]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/22/2007 12:14 PM 642560]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
2004-08-04 12:00 11776 -c--a-w- c:\program files\Windows Sidebar\regsvr32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
2004-08-04 12:00 11776 -c--a-w- c:\program files\Windows Sidebar\regsvr32.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-05 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 07:17]

2010-01-05 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 07:17]

2010-01-05 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 07:17]

2010-01-05 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 07:17]

2010-01-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 07:17]

2010-01-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

2010-01-04 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\schedule.exe [2007-11-09 06:05]

2010-01-05 c:\windows\Tasks\User_Feed_Synchronization-{63EBB53A-2CF2-45E1-9009-640B0132E94C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.spywareinfoforum.com/index.php?showtopic=127008&st=0&p=711059&fromsearch=1?#entry711059
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\t44mhm3e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\t44mhm3e.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\HuluDesktop\instances\0.9.10.1\nphdplg.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbabelgum.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Notify-!SASWinLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-04 18:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="\??\c:\windows\system32\drivers\rootrepeal
[1].sys"


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rootrepeal[1]]
"ImagePath"="\??\c:\windows\system32\drivers\rootrepeal
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1080236475-3595978650-3415084167-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FFD8A042-8A64-5DF2-A697-CD4EE07F667F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaccbokccmlhfdfegpjbhihndlhkaf"=hex:6a,61,62,64,64,63,6b,65,65,70,65,6c,66,6e,
6f,6d,65,67,6e,6c,00,ba
"naiblmimachfpedhjlfnhkbdcfgk"=hex:6a,61,68,64,63,70,6e,69,66,65,69,6f,65,6b,
6c,68,6a,6c,66,6b,00,ba

[HKEY_USERS\S-1-5-21-1080236475-3595978650-3415084167-1003\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:e2,c9,d3,19,1d,de,68,b5,98,11,33,59,b6,5c,9c,45,bd,72,d7,a4,
c2,d1,f0,52,76,95,6d,e4,ec,0e,aa,81,94,5d,1d,35,03,d1,54,4f,a1,41,7b,dc,f2,\

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\DefaultPreset]
@DACL=(02 0000)
@="DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\Help]
@DACL=(02 0000)
"Support"="http://www.adobe.com.../premiere.html"
"Registration"="\"http://store.adobe.com/cgi-bin/WebObjects/WEC?pageID=RegMp1\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="720155804B0D0FE02814DC31D814A8D42B8C0F5D5C214AF1BB4EDF4913446A62B7337204F4ADAA1D25E406122855711B92C7B92BC5A4531EC1799B0BEEC2470B265209CD325C34C82C09DE5E3E924640DAD87BF965621A5A41BA0EB4F3AC311BAA35B7A1D5C83FC6B6B0F97E8A243E192D657B6EE5795B8BAC55144D288CAA2AA9D6308AE38335FBB62F009B2EC5487BA5BAF676A56EAB18EFAC9F21C84E0E4EF6533AD4940451528CF8AAA3FE1626C2D2C7BD3EB8A871EBE6C836C143C504A65DEEAE90D325263890AB4A480618EDCBB92234BB6576E7F6E2D86F023DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D5D575E7D6A3B98088EDD5E5BE2F6E667CA82E73E5B4BE94AA8A07B68961DC591308F4D1916F79C7D2478FE920B44B91A0859FE447D79082A0EB210B103729E781CF65E2F8E0AE1805D5D2770448CAD5C64F26EE4EAF996105F86C5E05F96B89CD75E22202448956008C3440BFAC800503BDC2DDA1028A0F9C14E257FAE1AFE58F13B515F1519A2F8BC876064C6543F6E4DF7B4D67CF2F51B3F9238099B22233BDBDA2958C2F6BB53F35A8774E09F3C5F3CFB04FBE4DFA8D7C02C107073E817096A5B6AE833F055328D404C24A92C0E8090709FE320078FCC19CBBF1AA43A95385633D86210A8A909CA11C45422928FE234B48B99AA94C6C8FCF2DFDD467819F63E28BC0C28543481D27B0BD872FDDCCB78F8531E25492E4C84F70A8A919862222356E31F6DBE37762F00BAF5E6AD5AB50F458663D178E68F2A876161622474CEE92E1F4A744537FA4F71F7696C742DCD117136D2998A59FBD01E8594B8B71943DDF2422EF85A7E50857AE6609539BEF6F82C7AC9097D30B1BB9020CF3B84DBFBA93CA6E1560599718718B1FE1BF73EC3A5F6ED154E5E5B0293845D30B2D08CA8DFF6A8EF915F590A6F9984DB57401D80DBA82E7B3FD48CF26475EBC40BF5402CF6E0A8D44D96537A3DA41302483513A8C1E9DEB4D297BCC01FB000145560CE1EC68F8A8356EE6058D1B113F0918C18EFE2B7A5EAA3F1A6D7975BD116471153CA8D6AB8E1193D9DEA748E3C1A79946C392FE42E40F3C548DC86E91BB9B81F2EB0EBAB9FCAA7EB6CAECFD9CD67EBA910A0F9972747A607E5A488289C5D27B18483E8662E0B3779F155EF0B09B0F6C04BF17A49428943BD85BA1DB51A58B307BE2CECFA5B65237897C1CAE833C6CDE027AFCBC7B5817685F35DA903DBF2A2708744C4A29D8FE80E0A0F349017EC48A5F08EEE343E200F90BE7E77D92C6ADD52CF1CA2E9F2B22A75BA07E7F301D8DE3C3CF7C40519480221B9C5B0525CEEF028CB379B2FDC6EAD7D5EAB83D542B6B26A5F0B178409D36690FC0D67DCBE258DFCF3CD29A6DD"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3432)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rpcnet.exe
c:\windows\System32\snmp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Avira\AntiVir Desktop\avgnt.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\drivers\PhiBtn.exe
c:\windows\System32\drivers\Tray900.exe
c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
c:\program files\Apoint2K\Apoint.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint2K\HidFind.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Completion time: 2010-01-04 18:26:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-05 02:26

Pre-Run: 6,822,232,064 bytes free
Post-Run: 6,785,654,784 bytes free

- - End Of File - - 0BBA041A6A5D93E4B558CCA4CCAD5BA4

Fresh HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:19 PM, on 1/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\WINDOWS\System32\drivers\Tray900.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\notepad.exe
C:\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spywarein...=1?#entry711059
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N4 - Mozilla: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "C:\\Documents and Settings\\Owner\\My Documents");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CSeaMonkey%5Csearchplugins%5Cgoogle.src");
user_pref("browser.search.mode", 1);
user_pref("browser.search.opentabforcontextsearch", true);
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1.16");
user_pref("browser.startup.page", 0);
user_pref("browser.tabs.autoHide", false);
user_pref("browser.tabs.loadGroup", 0);
user_pref("browser.tabs.open
N4 - Mozilla: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "C:\\Documents and Settings\\Owner\\My Documents");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CSeaMonkey%5Csearchplugins%5Cgoogle.src");
user_pref("browser.search.mode", 1);
user_pref("browser.search.opentabforcontextsearch", true);
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1.16");
user_pref("browser.startup.page", 0);
user_pref("browser.tabs.autoHide", false);
user_pref("browser.tabs.loadGroup", 0);
user_pref("browser.tabs.open
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartupFaster] "C:\Program Files\Startup Faster 2004\StrpFstCfg.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: StartupFaster
O4 - Global Startup: StartupFaster
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.co...inAxControl.CAB
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f.../fslauncher.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - https://download.mac...director/sw.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8942.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Avira GmbH - (no file)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8998 bytes


Avira Anti Virus icon has reappeared now.
Running Malwarebytes immediately. And probably will try Spybot S&D soon, let me know if you would like to see those logs also.

6:35 PM 1/4/2010
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.

7:07 PM 1/4/2010
Spybot came back good, just cookies.

Doing a Trend Micro scan now and will rerun Malware Bytes again after.

Still same problems with Chkdsk.

7:13 PM 1/4/2010
No Threats found on Housecall Quick scan, do you recommend I do a full scan now?

7:20 PM 1/4/2010
Malware Bytes Quick scan came back good too. Suggest a Full Scan?

Attempting reboot now for try at Chkdsk on restart.

7:27 PM 1/4/2010
No success on Chkdsk run on restart.

Also looks like my hosts files were wiped out and there wasn't any protection after the Combofix run. Seemed to reset a lot of my Start menu settings.

We shall see it that's the last of it. It was particularly nasty in moving from directory to directory like that trying to hide itself.

Also wondering if there is a safe hostfiles list to block bad sites you know of?

Edited by D_T, 05 January 2010 - 12:57 AM.


#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,380 posts

Posted 05 January 2010 - 09:50 AM

Chkdsk cannot run because the volume is in use by another
process. Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N) y

This volume will be checked the next time the system restarts.

C:\Documents and Settings\Owner>

Tried via Safe mode with command prompt, same message.

5:46 PM 1/4/2010
Tried via My Computer and C: Drive Right Click, Properties, Tools Tab, Error Checking: Check Now.
Error system popup:
Windows was unable to complete the disk check.


Looks like you still have some malware files that are opened.

Please download GMER from http://www2.gmer.net/tmp/gmer.exe

Close any open programs/windows!

Open the program and click on the Rootkit/Malware tab.

Make sure all the boxes on the right of the screen are checked, apart from 'Show All'.
Posted Image

Click on Scan (1).
Posted Image

When the scan has run click Copy (2) and paste the results (if any) into this thread.

Remind me about the hosts file later.

How you computer performing at the moment?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 D_T

D_T

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 05 January 2010 - 08:27 PM

5:23 PM 1/5/2010
The computer is running a lot better than before. I have been able to keep it on without freezing so often now. It may have frozen once but I don't recall if that was before or after the recent clean outs.

An odd thing that happens is that IE takes a little longer to open now, it's not too long, but noticable.
IE also opens a new window when I ask for a link to be open when before it would just open in the same window in a new tab.
No more background audio playing.
Other than that everything seems fine.
Good startup.
Avira AntiVirus starts up.

Running GMER now and will be back soon after results.

5:37 PM 1/5/2010
Also, don't know if this is important or not, but there is something that tries to install itself right at startup every time.

It's not like a program or anything that tries to install something, but it's a dialog that askes to install some hardware "Found New Hardware Wizard" that it thinks just got installed.
Like one of those plug and play install messages asking for drivers to be installed.

If I say yes install, it comes back with it not being able to find the drivers.
If I say no, cancel, it closes out

After both, either one I choose, there is a message in the taskbar that comes up in the tray and says, "Base System Device" not installed or something like that.
Don't know if that's important, but it always comes up and I tell it to reember not to ask me again but every time I start up it asks me it.

10:15 PM 1/5/2010
Not very funny was a BSOD that locked the computer up. That occured mid GMER scan. And that was after a fresh reboot.
Error was: Something about something being less than something.

The second time for the GMER was the charm, logfile follows:

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2010-01-05 22:13:56
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxrdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xA8445930]
SSDT BAF6F0D6 ZwCreateKey
SSDT BAF6F0CC ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xA8445F20]
SSDT BAF6F0DB ZwDeleteKey
SSDT BAF6F0E5 ZwDeleteValueKey
SSDT BAF6F0EA ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xA8445D70]
SSDT BAF6F0B8 ZwOpenProcess
SSDT BAF6F0BD ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xA8452250]
SSDT BAF6F0F4 ZwReplaceKey
SSDT BAF6F0EF ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xA8446120]
SSDT BAF6F0E0 ZwSetValueKey
SSDT BAF6F0C7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D4C 805045E8 4 Bytes JMP BABAF6F0 \SystemRoot\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation)
? srescan.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000250
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000250@001f6baae0d4 0xEB 0x20 0x72 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBB 0xB3 0xA4 0xCA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x95 0xE5 0x10 0x41 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x33 0xCF 0x51 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001f81000250 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001f81000250@001f6baae0d4 0xEB 0x20 0x72 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBB 0xB3 0xA4 0xCA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x95 0xE5 0x10 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x33 0xCF 0x51 0x88 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBB 0xB3 0xA4 0xCA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x95 0xE5 0x10 0x41 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x33 0xCF 0x51 0x88 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 720155804B0D0FE02814DC31D814A8D42B8C0F5D5C214AF1BB4EDF4913446A62B7337204F4ADAA1D25E406122855711B92C7B92BC5A4531EC1799B0BEEC2470B265209CD325C34C82C09DE5E3E924640DAD87BF965621A5A41BA0EB4F3AC311BAA35B7A1D5C83FC6B6B0F97E8A243E192D657B6EE5795B8BAC55144D288CAA2AA9D6308AE38335FBB62F009B2EC5487BA5BAF676A56EAB18EFAC9F21C84E0E4EF6533AD4940451528CF8AAA3FE1626C2D2C7BD3EB8A871EBE6C836C143C504A65DEEAE90D325263890AB4A480618EDCBB92234BB6576E7F6E2D86F023DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D5D575E7D6A3B98088EDD5E5BE2F6E667CA82E73E5B4BE94AA8A07B68961DC591308F4D1916F79C7D2478FE920B44B91A0859FE447D79082A0EB210B103729E781CF65E2F8E0AE1805D5D2770448CAD5C64F26EE4EAF996105F86C5E05F96B89CD75E22202448956008C3440BFAC800503BDC2DDA1028A0F9C14E257FAE1AFE58F13B515F1519A2F8BC876064C6543F6E4DF7B4D67CF2F51B3F9238099B22233BDBDA2958C2F6BB53F35A8774E09F3C5F3CFB04FBE4DFA8D7C02C107073E817096A5B6AE833F055328D404C24A92C0E8090709FE320078FCC19CBBF1AA43A95385633D
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FFD8A042-8A64-5DF2-A697-CD4EE07F667F}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FFD8A042-8A64-5DF2-A697-CD4EE07F667F}@oaccbokccmlhfdfegpjbhihndlhkaf 0x6A 0x61 0x62 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FFD8A042-8A64-5DF2-A697-CD4EE07F667F}@naiblmimachfpedhjlfnhkbdcfgk 0x6A 0x61 0x68 0x64 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\tabicon_video_off[1].gif 651 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\TableListing[1].css 2714 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\tabReviews_off_v1_m56577569833334540[1].gif 1365 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\tags[1].htm 149 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\talkback_header_background[1].jpg 3791 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\TanAd[1].htm 1774 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\TAN_routines[1].js 296 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\tc_white_shadow_br[1].png 189 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\text-smaller[1].gif 80 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\therm_bkgd_10[1].gif 327 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\thickbox-obf-3.1.1.cache[1].js 9909 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\thumb-no-image._SX60_SY80_[1].jpg 1773 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\thumb1_caefffa601254179843f9b6d1d00d931[1].jpg 2926 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\tickets_traffic[1].gif 795 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\signup-background[1].jpg 184402 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\signUp[1].js 1786 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\signup_arrow_done[1].gif 862 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\site.min[1].css 40126 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\sitetab_www_on[1].gif 1405 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\site_nav_caret_split_default[1].png 115 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\size=160x600;noperf=1;alias=93218231;cfp=1;noaddonpl=y;kvmn=93218231;target=_blank;aduho=420;grp=369822643;misc=369822643[1] 344 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\sliderCircle_on[1].gif 312 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\smalls2_120_107526_sunset[1].jpg 1872 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\smalls2_120_364813_computecbanner[1].jpg 4490 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\smc[1].png 389 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\spacer[1].gif 43 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\spacer[2].gif 43 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\spotAudit[2].htm 3 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\stars[1].gif 1921 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\ur[1].css 3932 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\user_license_hover[1].png 1211 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\Uses_bg[1].gif 73 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\UT[1].png 1675 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\v=ap[1].png 12593 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\v=ap[2].png 14125 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\v=ap[3].png 6357 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\v=ap[4].png 29815 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\v=ap[5].png 1620 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\Versailles__Paris_mini[1].jpg 1319 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\vertical_line[1].jpg 449 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\ve_def_discovery_top[1].htm 333 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\view-full-size[1].gif 1362 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\vote2[1].gif 1696 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\vote_neg[1].png 400 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\webim16_wp[1].gif 267 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\WEBPIC_mini[1].jpg 908 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\portlet-botl[1].gif 196 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\portlet-botr[1].gif 411 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\print[1].css 142 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\print[2].css 2440 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\readingPanel[1].png 238674 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\reddit[1].gif 416 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\redeemCode[1].xml 1172 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\redir[1].xml 309 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\refresh_mlb[1].png 155721 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\remotelogout[1].jpg 357 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\reportabuse_tech[1].gif 214 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\reset-min[1].css 817 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\retbutton_50[1].gif 3149 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\rewardPollSurvey[1].en 659 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\road_house_6859s2[1].jpg 1723 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\tiny_minus[1].gif 60 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\title-popularepisodes-hover[1].gif 764 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\titlebg_profile[1].gif 237 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\tle_rightCol_blank[1].jpg 3970 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\topic_view[1].css 10999 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\topnav_america_off[1].gif 1270 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\topnav_everything_off[1].gif 1232 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\topnav_symposium_off[1].gif 1242 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\traffic[1].htm 0 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\settings_selected[1].png 1919 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\SETUP%20STARTER%20KILL[1].gif 8750 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\share-friends-reset[1].gif 1551 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\share-post-myspace[1].gif 233 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\shop_now[1].png 1238 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\shop_rollover[1].gif 356 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\show_js2[1] 95 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\star_bg_wh_s[1].gif 588 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\star_bg_yellow_s[1].gif 597 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\star_fld[1].gif 565 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\staticLogin.min.200905111329[1].js 3757 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\ste2[1].gif 914 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\stroke-menu-left[1].gif 1124 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\stumbleupon[1].gif 1082 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\style[1].css 44307 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\style[2].css 10239 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\style_icon[1].png 2748 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\subnav-browse-hover[1].gif 2335 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\subnav-spotlight[1].gif 2660 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\su[1].gif 598 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\default[6].jpg 2885 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\default[7].jpg 3924 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\Defensive-Driving-Course[1].htm 8025 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\digg[1].gif 247 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\digg[2].gif 180 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\digg[3].gif 251 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\direct_link[1].gif 78 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\DropDown[1].js 1469 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\DSC00014_-_Copy_normal[1].jpg 966 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\embedmovie[1].js 4911 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\garmin_80x28[1].gif 1649 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\ga[1].js 19385 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\globalcart_bottom[1].gif 523 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\webtrax_off[1].gif 415 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\webtrax_on[1].gif 1217 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\WEBWinLive1033[1].css 5784 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\WindowsLive[1].png 2185 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\wordfilter[1].txt 1872 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\XdCommReceiver[1].js 2825 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\yahooBundle[1].js 102235 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\yahoo[1].gif 89 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\zaggDailyLeftNav_02[1].gif 2292 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\zoom_in_off[1].png 4431 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\zoom_out_off[1].png 4354 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\_math_functions[1].js 3082 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\__utm[1].gif 35 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\masthead[1].css 3074 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\media-api[1].swf 74940 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\menu05_on[1].gif 2404 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\menu08_on[1].gif 2094 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\menu09_on[1].gif 2534 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\menusopts[1].js 12393 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\menu_bg.20081229[1].gif 10094 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\defaultjpg_normal[1].jpg 1179 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\default[1].jpg 3586 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\default[2].jpg 2002 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\default[3].jpg 2931 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0K3A924F\default[4].jpg

Edited by D_T, 06 January 2010 - 02:21 AM.


#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,380 posts

Posted 06 January 2010 - 09:24 AM

IE also opens a new window when I ask for a link to be open when before it would just open in the same window in a new tab.


Check this setting.
Tool > Internet Options > General Tab
Under Browsing Section
Check this line "Reuse Windows For Launching shorcuts..."
How is it now?

Also, don't know if this is important or not, but there is something that tries to install itself right at startup every time.

It's not like a program or anything that tries to install something, but it's a dialog that askes to install some hardware "Found New Hardware Wizard" that it thinks just got installed.
Like one of those plug and play install messages asking for drivers to be installed.

If I say yes install, it comes back with it not being able to find the drivers.
If I say no, cancel, it closes out

After both, either one I choose, there is a message in the taskbar that comes up in the tray and says, "Base System Device" not installed or something like that.
Don't know if that's important, but it always comes up and I tell it to reember not to ask me again but every time I start up it asks me it.


You probably have the wrong version of a driver.
What hardware did you install last?

Google these strings

"Base System Device"
"Found New Hardware Wizard"

See what you can find. If you need help let me know.
===

Also wondering if there is a safe hostfiles list to block bad sites you know of?


I have been using this hosts for for the last 5 years.
http://www.mvps.org/...p2002/hosts.htm

Unfortunately the current version has a bad line causing the browsing to be very slow.

You can download and install it using this tool. (Which I suggest)

Download HostsXpert

Tutorial, go here:
http://i28.photobuck...HostsXpert4.jpg
  • Unzip HostsXpert to it's own folder.
  • Run HostsXpert.exe
  • Click: Make Writable? in the upper left corner.
  • Click: Download
  • Click: MVPs Hosts
  • Click: Replace
  • Click: OK
  • Click: Make ReadOnly
  • Close HostsXpert.
Note: If a custom Hosts file was in place, also edit those entries back in.
*/*

If you decide to install this hosts file the you will have to modify it.

Open the file in bold with NotePad.
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS ( no extension ) locate this line.

[Internet Media][AS12008][204.69.234.0 - 204.69.234.255] and modify it this way.

# [Internet Media][AS12008][204.69.234.0 - 204.69.234.255]

Makes sure you have a space after the # sign.

Save the file ( DO NOT USE SAVE AS) use Save.

I have contacted the owner and it should be corrected soon.
===

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall
===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#11 D_T

D_T

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 06 January 2010 - 04:33 PM

1:16 PM 1/6/2010
Tried in IE. Have no Browsing Section , but I do a Tabs section.

Already was selected when I opened it up:
Open links from other programs in: > A new tab in the current window.

Also tried to select what ir was doing and hitting okay twice and then going back to select what I wanted it to do, didn't work your way or mine either.

1:19 PM 1/6/2010
About the driver install, the first time that started happening was when I was in a Kinko's Public Laptop Terminal. It was a bad install, and somehow it thinks I'm always connected I guess.

1:26 PM 1/6/2010
http://www.google.co...ie=utf8&oe=utf8
It's a lot of convoluted information, but I think of all the things I read through and found, it might have been due to plugging in the usb at Kinkos into a different port than the original one.

It's a PITA, but I may have to go back to install on all ports so it can uninstall itself properly.

Not 100% sure if that's the reason though. But if you're sure it's not virus related then cool.

The main issue I'm wondering about is when you said that when Chkdsk will not run that you thought that

"Looks like you still have some malware files that are opened."

Chkdsk cannot run because the volume is in use by another
process. Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N) y

This volume will be checked the next time the system restarts.

C:\Documents and Settings\Owner>

Tried via Safe mode with command prompt, same message.

5:46 PM 1/4/2010
Tried via My Computer and C: Drive Right Click, Properties, Tools Tab, Error Checking: Check Now.
Error system popup:
Windows was unable to complete the disk check.


Looks like you still have some malware files that are opened.




Do you see any in the GMER scans?

And how can that Chkdsk be resolved and is it due to Malware that is stopping the chkdsk process from running?

1:56 PM 1/6/2010
Hosts file done, combofix done.

Edited by D_T, 06 January 2010 - 04:56 PM.


#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,380 posts

Posted 07 January 2010 - 09:34 AM

Tried in IE. Have no Browsing Section , but I do a Tabs section.

Already was selected when I opened it up:
Open links from other programs in: > A new tab in the current window.

Also tried to select what ir was doing and hitting okay twice and then going back to select what I wanted it to do, didn't work your way or mine either.


My previous instructions were not correct look in the Advanced TAB

Check this setting.
Tool > Internet Options > Advance Tab
Under Browsing Section
Check this line "Reuse Windows For Launching shorcuts..."
How is it now?
===

About the driver install, the first time that started happening was when I was in a Kinko's Public Laptop Terminal. It was a bad install, and somehow it thinks I'm always connected I guess.

1:26 PM 1/6/2010
http://www.google.co...ie=utf8&oe=utf8
It's a lot of convoluted information, but I think of all the things I read through and found, it might have been due to plugging in the usb at Kinkos into a different port than the original one.

It's a PITA, but I may have to go back to install on all ports so it can uninstall itself properly.

Not 100% sure if that's the reason though.


This is a quote from this link. Read the link and try the suggestion.
http://www.adamduvan...-almost-perfect

"I am a reasonably techy and can not believe that Kinko’s does this. They should go out of business or face a class action suit. Basically, when you use Kinkos, a program called Lapnet is installed. It disables your wireless network and your printer settings and enables it own. If everything works smoothely and you completely follow the directions, it reverses the process when you log out. The problem occurs when you log out incorrectly or you shut down or encounter an error message, lose battery power, etc. Then it leaves your settings disabled and the software running.
I went to a large Fedex Kinkos and no one was helpful (in more than the technical sense) but they did give me the employees tech hotline (1-800-546-5674) which I called. They though I was an employee and kept saying “make the customer do this so they won’t blame you.” Anyway, I could gone on but here’s my info….
I went to c:\documents and settings\all users\start menu\programs\startup and deleted a file called LapLink.exe which at least the process keeps the process from starting. But upon rebooting, it still didn’t let me get wireless, so next step for a PC.
Right click on MY COMPUTER icon, select MANAGE, Choose DEVICE MANAGER, Click the next to NETWORK ADAPTERS if it is there so that it will show you the list of network adapters. Your wireless card should be shown with a red X to its left (may be hard to tell it is an X). Right click on that item and choose enable. Your wireless should now work. You may need to right click on the wireless icon on the task bar and refresh the list, but that is the easy part.
My reco - NEVER use your PC at a Kinkos."
===

The main issue I'm wondering about is when you said that when Chkdsk will not run that you thought that


If you have the XP installation disk try this fix by Anonymous as described in his post of 06-05-2005
http://www.tomshardw...proper-shutdown

If you do not have the XP Installation disk.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:



    :regfind
    autochk


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

p.s.
Please when replying us this Posted Image Add Reply button. I do not need to see my previous instructions.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#13 D_T

D_T

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 07 January 2010 - 03:42 PM

12:26 PM 1/7/2010
"Reuse Windows For Launching shortcuts..." was already selected. but I unselected hit apply and selected again and hit okay.

But no, still same problem.

12:39 PM 1/7/2010
I looked at that thread and although it all makes sense, I have experienced those things he mentioned, however there is no disabling of and wireless devices, just a yellow exclamation mark on one the wireless device. And LapLink is notin the Startup folder nor on the HD after a search was performed.

I don't have the installation disk, the computer was preinstalled with it. SystemLook log follows:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 12:39 on 07/01/2010 by Owner (Administrator - Elevation successful)

========== regfind ==========

Searching for "autochk"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\autochk.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * OODBS pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * OODBS pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * OODBS pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * OODBS pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Autochk]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swwd\Parameters]
"ExceptionTasks"="autochk.exe chkdsk.exe autoconv.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\autochk.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * OODBS pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * OODBS pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * OODBS pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Autochk]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\swwd\Parameters]
"ExceptionTasks"="autochk.exe chkdsk.exe autoconv.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\autochk.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * OODBS pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * OODBS pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * OODBS pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * OODBS pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Autochk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swwd\Parameters]
"ExceptionTasks"="autochk.exe chkdsk.exe autoconv.exe"

-=End Of File=-

Edited by D_T, 07 January 2010 - 03:44 PM.


#14 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,380 posts

Posted 08 January 2010 - 10:33 AM

just a yellow exclamation mark on one the wireless device

That's what is probably causing the error.

Can you remove this bad entry. Right Click the item and see if you can either disable it or remove it.
It's probably the bad item you got at the Kinko's Public Laptop Terminal
===

I think a 3rd party software was used or is in use for defragmenting your Hard Disk.
That may be the reason you have problems using chkdsk.
Can you confirm this?

From this link.
http://help.wugnet.c...pict562747.html

Partition Magic also at times puts entries in there and the one you had,
OODBS, belongs to O&O Defragmenter. Like PageDefrag above, it would
also probably be used to defragment files that cannot be defragmented
when Windows is running.


===

I do not see this item in your last registry search.
Hkey_local_machine\System\CurrentControlSet\Control\Session Manager\ BootExecute:REG_MULTI_SZ: autocheck autochk *

Please run the SystemLook tool and using this command.

:regfind
BootExecute


For your New Windows problem search for this string.

:regfind
NoNewWindows


Do not forget the : in front of regfind.

Post the results.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#15 D_T

D_T

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 10 January 2010 - 07:51 AM

So. Removed a Base System Device Entry and rebooted and it came back. (Install New "Hardware" request of nonexistant new hardware.)
Disabled it and rebooted, still came back.
Removed ABG wireless adapter, and Install New Hardware dialog still comes back and now I am unable to connect to wireless networks.

Immediately went into system restore to reverse removal of wireless device drivers but they are gone.

Cannot find the built in wireless adapter with Add New Hardware from Control Panel. Now laptop is restricted to ethernet.

---Very important, really need now to know how to reinstall wireless drivers. Will try to Google to see how to get wireless back.---

===

3rd party software was used in the past called O&O Defrag.

4:50 AM 1/10/2010
Attempting
Regfind Bootexecute now.

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 04:52 on 10/01/2010 by Owner (Administrator - Elevation successful)

========== regfind ==========

Searching for "BootExecute"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * OODBS pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * OODBS pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * OODBS pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * pgdfgsvc C 1 lsdelete"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"="autocheck autochk /p \??\C: autocheck autochk * pgdfgsvc C 1 lsdelete"

-=End Of File=-

About the new issue about not opening tabs in the same windows:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 04:54 on 10/01/2010 by Owner (Administrator - Elevation successful)

========== regfind ==========

Searching for "NoNewWindows"
No data found.

-=End Of File=-

5:07 AM 1/10/2010
Luckily was able to come across the "Intel® Driver Update Utility" and was able to reinstall wireless again and the wireless icon is now back in the system tray.

Edited by D_T, 10 January 2010 - 08:08 AM.


#16 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,380 posts

Posted 10 January 2010 - 10:43 AM

Removed ABG wireless adapter, and Install New Hardware dialog still comes back and now I am unable to connect to wireless networks.


Good work reinstalling it.
===

Sysinternals PageDefrag

The default for the "BootExecute" is usually autocheck autochk *. It appears that Lavasoft's Ad-Aware 2007 adds the extra parameter lsdelete (that’s LSDELETE not ISDELETE as you indicated). I have this parameter in my "BootExecute".

You also are using Sysinternals PageDefrag.
If you read the first link you will find out that restoring your Chkdsk requires more than I can do.

http://forum.sysinte...ts.asp?TID=9418

http://technet.micro...s/bb897426.aspx

May I suggest you open a ticket at http://forum.sysinternals.com/ and get help from the experts.
===

I think I was on the wrong path concerning your Tab issues. Can this link be any help?
http://webtrickz.com...problem-in-ie8/
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#17 D_T

D_T

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 10 January 2010 - 06:32 PM

Yep thanks for the virus help. I'll be donating.

My boot execute says:

autocheck autochk /p \??\C:
autocheck autochk *
pgdfgsvc C 1
lsdelete

I didn't say ISDELETE, the capital I looks just like a lowercase l in that font.

Is Sysinternals the only forum you recommend who can help with that kind of stuff/are there others you use?

regsvr32 mshtml.dll won't register

Did we get pretty much everything though?

Edited by D_T, 10 January 2010 - 06:41 PM.


#18 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,380 posts

Posted 11 January 2010 - 08:56 AM

lsdelete the l is a lower case L.
This is set by AdAware, ir you remove the tool via the Add/Remove programs list it should be removed also.

I notice that you have Spybot's TeaTimer running. it may be interfering. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
Then, Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
In Windows Vista Right click on the ResetTeaTimer.bat and select Run As Administrator.
Please don't forget this step to disable teatimer.

With both programs disable or remove try to run chkdsk.
Hope it works. Not sure.
---

Is Sysinternals the only forum you recommend who can help with that kind of stuff/are there others you use?

I know it's a respectable site. When I check the suggestions I make sure that nothing will damage your system. Other wise I will not give you the link.

regsvr32 mshtml.dll won't register

That's OK.

Did we get pretty much everything though?
In all how is the computer performing.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#19 D_T

D_T

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 11 January 2010 - 09:51 AM

6:39 AM 1/11/2010
Hmm, odd, the box for Tea Timer is already unchecked, but the SD Helper is checked, the IE Bad download blocker. I want to keep that, I think it doesn't have anything to so with the system and it blocks me from bad sites.

ResetTeaTimer.bat is not loading right now for me. If you can check to see if it's outdated or if there's a mirror, that would be great.

I did have Tea Timer installed in a former install of the S S&D program, so I think you are right about the file leaving orphaned settings.

Can I just remove lsdelete from Bootexecute to see if chkdsk works? I really would like to not uninstall both Adaware and Spybot if I can, they are a pain to do.

In all, the computer seems to be free of viruses, I hope you agree. Although that BSOD (bluescreen of death) that happened earlier at one of the scans worries me.
The Internet Explorer now doesn't have the previously closed list on new tabs anymore, and all the accelerators I had up i.e. Map with Google Maps, Search with Google. Send with Gmail are not up anymore. The new tabs now just come up empty.
So those fixes did not work it seemed and now my new tabs are less convenient. Can you tell me how to get that back up?

#20 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,380 posts

Posted 11 January 2010 - 01:47 PM

HijackThis reports that you have the Version 8 of I.E.
MSIE: Internet Explorer v8.00 (8.00.6001.18702)


The ComboFix reports version 6 and did not find a version 8.
------- Sigcheck -------

[-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-11-24 22:08 . 2519DF50405AFCDE47302C80708C6AFC . 1478612 . . [1.0.0.0] . . c:\windows\system32\updater\explorer.exe
[-] 2007-07-01 . 46057846DDF9CF274A40FCD72F162105 . 974336 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

Lets check the versions of Explorer.exe and IExplore.exe on your computer.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    Explorer.exe


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Repeat the search for


:filefind
IExplore.exe



Please post the results.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#21 D_T

D_T

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 12 January 2010 - 03:32 AM

You seem to forget that we already have downloaded system look but here are the results. Maybe you don't refresh what we already did. That's why I quoted you before so you don't have to reread the past posts, but that's okay.

I also have had some websites that my IE version was outdated even though I've installed IE 8. However I can try to do an uninstall and reinstall.

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 00:27 on 12/01/2010 by Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "Explorer.exe"
C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe --a--- 1033216 bytes [11:26 13/06/2007] [11:26 13/06/2007] 7712DF0CDDE3A5AC89843E61CD5B3658
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe -----c 1033216 bytes [11:23 30/08/2008] [10:23 13/06/2007] 97BD6515465659FF8F3B7BE375B2EA87
C:\WINDOWS\$NtUninstallKB938828$\explorer.exe -----c 974336 bytes [21:29 14/08/2007] [02:27 01/07/2007] 46057846DDF9CF274A40FCD72F162105
C:\WINDOWS\explorer.exe --a--- 975872 bytes [17:21 22/05/2006] [00:12 14/04/2008] 561A50497324F378E30F55D09B4E1258
C:\WINDOWS\ServicePackFiles\i386\explorer.exe --a--- 975872 bytes [04:30 26/08/2008] [00:12 14/04/2008] 561A50497324F378E30F55D09B4E1258
C:\WINDOWS\system32\updater\explorer.exe --a--- 1478612 bytes [10:53 18/12/2007] [22:08 24/11/2007] 2519DF50405AFCDE47302C80708C6AFC

-=End Of File=-



SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 00:31 on 12/01/2010 by Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "IExplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe --a--c 638816 bytes [18:01 22/05/2006] [21:09 08/03/2009] B60DDDD2D63CE41CB8C487FCFBB6419E
C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\iexplore.exe --a--c 625152 bytes [08:22 18/05/2007] [06:51 28/02/2007] D321092F8529CDAE843D6E24E3CAC6CB
C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\iexplore.exe --a--c 625152 bytes [14:20 24/04/2007] [14:20 24/04/2007] 9B3516C1F30DA17ADD3818573047D63C
C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\iexplore.exe --a--c 625152 bytes [09:16 27/06/2007] [09:16 27/06/2007] BD8502DFD53FC24FB8D6929DC46B8C2C
C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe --a--c 625152 bytes [10:12 17/08/2007] [10:12 17/08/2007] 5577D0E3AC2F9F035ACD81B44AF5F511
C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe --a--c 625664 bytes [08:16 10/10/2007] [08:16 10/10/2007] 632BDE0179847234433CA50945442ACB
C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe --a--c 625664 bytes [08:34 06/12/2007] [08:34 06/12/2007] 809D17D8FA0FDAEE07778CD821CAFFDE
C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe --a--c 625664 bytes [20:26 08/04/2008] [09:40 22/02/2008] 6E0888626E0CAC79F57149814E22DB4D
C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe --a--c 625664 bytes [04:45 11/06/2008] [08:02 22/04/2008] 197B7E4030CFBD8D2979D375E1787AA2
C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe --a--c 625664 bytes [19:25 12/08/2008] [08:23 23/06/2008] C52A9EF571E91535EB78DB4B8B95EA07
C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe --a--c 635848 bytes [05:56 23/08/2008] [05:56 23/08/2008] E8305C30D35E85D6657ED3E9934CB302
C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe --a--c 633632 bytes [01:42 12/12/2008] [06:34 15/10/2008] 056C927CF7207857E8B34F7A8FFD9B9E
C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe --a--c 634024 bytes [19:26 11/02/2009] [05:25 19/12/2008] 15E8A89499741D5CF59A9CF6463A4339
C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe --a--c 636088 bytes [04:54 28/02/2009] [04:54 28/02/2009] BCD8E48709BE4A79606F0B6E8E9A6162
C:\WINDOWS\ie7updates\KB931768-IE7\iexplore.exe -----c 622080 bytes [08:23 18/05/2007] [19:04 17/10/2006] 5334D4461AA92A7B008755FE6D13C5F2
C:\WINDOWS\ie7updates\KB933566-IE7\iexplore.exe -----c 623616 bytes [07:59 13/06/2007] [08:00 21/02/2007] 683DDE71BCF03B501B912D20CB93B549
C:\WINDOWS\ie7updates\KB937143-IE7\iexplore.exe -----c 625152 bytes [21:26 14/08/2007] [14:26 24/04/2007] 10BDB55982586A432A3951EB19A26009
C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe -----c 625152 bytes [02:05 10/10/2007] [08:27 27/06/2007] 275CEE268B9E5D82474C43D5D249D111
C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe -----c 625152 bytes [02:59 12/12/2007] [10:21 17/08/2007] 3AC2BC667DA0AF2C968E96E1630F5AB5
C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe -----c 625152 bytes [11:01 13/02/2008] [10:59 10/10/2007] E854D02E4231F704D9BE782A424E6D8B
C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe -----c 625664 bytes [10:07 09/04/2008] [11:01 06/12/2007] 2703D940A62B731AA220529DD7331A78
C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe -----c 625664 bytes [04:53 11/06/2008] [08:55 29/02/2008] 2D0E5592AB5A46C27DAF7CCAFF4F5B59
C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe -----c 625664 bytes [10:02 13/08/2008] [07:40 22/04/2008] 232B22817B90AE0AFF2D189E3E3735AC
C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe -----c 625664 bytes [06:19 15/10/2008] [09:20 23/06/2008] 64E376A47763DAEABCDA14BD5B6EA286
C:\WINDOWS\ie7updates\KB958215-IE7\iexplore.exe -----c 635848 bytes [11:09 12/12/2008] [05:56 23/08/2008] 1F03216084447F990AE797317D0A6E70
C:\WINDOWS\ie7updates\KB961260-IE7\iexplore.exe -----c 633632 bytes [08:04 12/02/2009] [07:06 15/10/2008] 9D3DB9ADFABD2F0BC778EC03250A3ABB
C:\WINDOWS\ie7updates\KB963027-IE7\iexplore.exe -----c 634024 bytes [18:08 15/04/2009] [05:25 19/12/2008] 030D78FE84A086ED376EFCBD2D72C522
C:\WINDOWS\ie7\iexplore.exe --a--c 93184 bytes [08:09 18/05/2007] [12:00 04/08/2004] E7484514C0464642BE7B4DC2689354C8
C:\WINDOWS\ie8\iexplore.exe --a--c 636072 bytes [08:25 28/05/2009] [04:54 28/02/2009] A251068640DDB69FD7805B57D89D7FF7
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe -----c 93184 bytes [04:30 26/08/2008] [00:12 14/04/2008] 55794B97A7FAABD2910873C85274F409
C:\WINDOWS\system32\dllcache\iexplore.exe --a--c 638816 bytes [18:01 22/05/2006] [21:09 08/03/2009] B60DDDD2D63CE41CB8C487FCFBB6419E

-=End Of File=-




3:41 AM 1/12/2010
After uninstalling IE and reinstalling via Microsoft's install program on it's IE website, here are updated systemlooks:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 03:36 on 12/01/2010 by Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "Explorer.exe"
C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe --a--- 1033216 bytes [11:26 13/06/2007] [11:26 13/06/2007] 7712DF0CDDE3A5AC89843E61CD5B3658
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe -----c 1033216 bytes [11:23 30/08/2008] [10:23 13/06/2007] 97BD6515465659FF8F3B7BE375B2EA87
C:\WINDOWS\$NtUninstallKB938828$\explorer.exe -----c 974336 bytes [21:29 14/08/2007] [02:27 01/07/2007] 46057846DDF9CF274A40FCD72F162105
C:\WINDOWS\explorer.exe --a--- 975872 bytes [17:21 22/05/2006] [00:12 14/04/2008] 561A50497324F378E30F55D09B4E1258
C:\WINDOWS\ServicePackFiles\i386\explorer.exe --a--- 975872 bytes [04:30 26/08/2008] [00:12 14/04/2008] 561A50497324F378E30F55D09B4E1258
C:\WINDOWS\system32\updater\explorer.exe --a--- 1478612 bytes [10:53 18/12/2007] [22:08 24/11/2007] 2519DF50405AFCDE47302C80708C6AFC

-=End Of File=-

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 03:42 on 12/01/2010 by Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "IExplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe --a--- 638816 bytes [18:01 22/05/2006] [22:09 08/03/2009] B60DDDD2D63CE41CB8C487FCFBB6419E
C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\iexplore.exe --a--c 625152 bytes [08:22 18/05/2007] [06:51 28/02/2007] D321092F8529CDAE843D6E24E3CAC6CB
C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\iexplore.exe --a--c 625152 bytes [14:20 24/04/2007] [14:20 24/04/2007] 9B3516C1F30DA17ADD3818573047D63C
C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\iexplore.exe --a--c 625152 bytes [09:16 27/06/2007] [09:16 27/06/2007] BD8502DFD53FC24FB8D6929DC46B8C2C
C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe --a--c 625152 bytes [10:12 17/08/2007] [10:12 17/08/2007] 5577D0E3AC2F9F035ACD81B44AF5F511
C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe --a--c 625664 bytes [08:16 10/10/2007] [08:16 10/10/2007] 632BDE0179847234433CA50945442ACB
C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe --a--c 625664 bytes [08:34 06/12/2007] [08:34 06/12/2007] 809D17D8FA0FDAEE07778CD821CAFFDE
C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe --a--c 625664 bytes [20:26 08/04/2008] [09:40 22/02/2008] 6E0888626E0CAC79F57149814E22DB4D
C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe --a--c 625664 bytes [04:45 11/06/2008] [08:02 22/04/2008] 197B7E4030CFBD8D2979D375E1787AA2
C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe --a--c 625664 bytes [19:25 12/08/2008] [08:23 23/06/2008] C52A9EF571E91535EB78DB4B8B95EA07
C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe --a--c 635848 bytes [05:56 23/08/2008] [05:56 23/08/2008] E8305C30D35E85D6657ED3E9934CB302
C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe --a--c 633632 bytes [01:42 12/12/2008] [06:34 15/10/2008] 056C927CF7207857E8B34F7A8FFD9B9E
C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe --a--c 634024 bytes [19:26 11/02/2009] [05:25 19/12/2008] 15E8A89499741D5CF59A9CF6463A4339
C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe --a--c 636088 bytes [04:54 28/02/2009] [04:54 28/02/2009] BCD8E48709BE4A79606F0B6E8E9A6162
C:\WINDOWS\ie7updates\KB931768-IE7\iexplore.exe -----c 622080 bytes [08:23 18/05/2007] [19:04 17/10/2006] 5334D4461AA92A7B008755FE6D13C5F2
C:\WINDOWS\ie7updates\KB933566-IE7\iexplore.exe -----c 623616 bytes [07:59 13/06/2007] [08:00 21/02/2007] 683DDE71BCF03B501B912D20CB93B549
C:\WINDOWS\ie7updates\KB937143-IE7\iexplore.exe -----c 625152 bytes [21:26 14/08/2007] [14:26 24/04/2007] 10BDB55982586A432A3951EB19A26009
C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe -----c 625152 bytes [02:05 10/10/2007] [08:27 27/06/2007] 275CEE268B9E5D82474C43D5D249D111
C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe -----c 625152 bytes [02:59 12/12/2007] [10:21 17/08/2007] 3AC2BC667DA0AF2C968E96E1630F5AB5
C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe -----c 625152 bytes [11:01 13/02/2008] [10:59 10/10/2007] E854D02E4231F704D9BE782A424E6D8B
C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe -----c 625664 bytes [10:07 09/04/2008] [11:01 06/12/2007] 2703D940A62B731AA220529DD7331A78
C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe -----c 625664 bytes [04:53 11/06/2008] [08:55 29/02/2008] 2D0E5592AB5A46C27DAF7CCAFF4F5B59
C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe -----c 625664 bytes [10:02 13/08/2008] [07:40 22/04/2008] 232B22817B90AE0AFF2D189E3E3735AC
C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe -----c 625664 bytes [06:19 15/10/2008] [09:20 23/06/2008] 64E376A47763DAEABCDA14BD5B6EA286
C:\WINDOWS\ie7updates\KB958215-IE7\iexplore.exe -----c 635848 bytes [11:09 12/12/2008] [05:56 23/08/2008] 1F03216084447F990AE797317D0A6E70
C:\WINDOWS\ie7updates\KB961260-IE7\iexplore.exe -----c 633632 bytes [08:04 12/02/2009] [07:06 15/10/2008] 9D3DB9ADFABD2F0BC778EC03250A3ABB
C:\WINDOWS\ie7updates\KB963027-IE7\iexplore.exe -----c 634024 bytes [18:08 15/04/2009] [05:25 19/12/2008] 030D78FE84A086ED376EFCBD2D72C522
C:\WINDOWS\ie7\iexplore.exe --a--c 93184 bytes [08:09 18/05/2007] [12:00 04/08/2004] E7484514C0464642BE7B4DC2689354C8
C:\WINDOWS\ie8\iexplore.exe --a--c 636072 bytes [09:16 12/01/2010] [04:54 28/02/2009] A251068640DDB69FD7805B57D89D7FF7
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe -----c 93184 bytes [04:30 26/08/2008] [00:12 14/04/2008] 55794B97A7FAABD2910873C85274F409
C:\WINDOWS\system32\dllcache\iexplore.exe --a--c 638816 bytes [18:01 22/05/2006] [22:09 08/03/2009] B60DDDD2D63CE41CB8C487FCFBB6419E

-=End Of File=-

Edited by D_T, 12 January 2010 - 06:43 AM.


#22 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,380 posts

Posted 12 January 2010 - 10:01 AM

I also have had some websites that my IE version was outdated even though I've installed IE 8. However I can try to do an uninstall and reinstall.



You are currently using this iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe --a--- 638816 bytes [18:01 22/05/2006] [22:09 08/03/2009] B60DDDD2D63CE41CB8C487FCFBB6419E


The latest version for IE 8 can be found in the c:\Windows\ie8\ folder.

C:\WINDOWS\ie8\iexplore.exe --a--c 636072 bytes [09:16 12/01/2010] [04:54 28/02/2009] A251068640DDB69FD7805B57D89D7FF7

Close all open windows and run the version in the ie8 folder.
Any difficulties?

I think it could be a good idea to return to IE7 or 6 if that was your previous version.
Close all windows and protections software and re install the IE8.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#23 D_T

D_T

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 12 January 2010 - 05:25 PM

Hey it's alright man, thanks for the help, but I'm going to stop while I'm ahead. I had already just reinstalled IE so that is why there we two sets of system looks. So thanks again. I think I'll just give up for now. Your time is better spent helping another person to at least be ble to use their computers by removing viruses as opposed to trying to fix all the problems my viruses caused me. There is still a long way to go, but I have to move on and go it alone Thanks again.

BTW, letting IE uninstall and reinstall the system fixed the open in new tab problem and the no shortcut accelerator links appearing on the new tab page.

Edited by D_T, 13 January 2010 - 05:04 AM.


#24 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,380 posts

Posted 26 January 2010 - 09:42 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button