FIND PROFESSIONALS
SHOP BY DEPARTMENT
ginnyjj9b

New thread to try to solve computer problem please

ginjj
12 years ago

Hi Guys,

With my computer guru out of town for a few more days, I'd love to be able to "fix" my computer. I have a feeling it is in really bad shape as so many things are going wrong:

Most of the time when I click on links in Google to go to a website, I am sent to an add and the site I want is no where to be found,

50% of the time or more IE and Firefox shut down with their famous message "have to close" or whatever...

In Word, when I go to "file" a new document, instead of the new first sentence or title coming up, an old title shows up.

As you may recall from my earlier post about Go-Daddy, I took my computer in to the man who built it for me, last week. I have no doubt he is a smart man as he builds computers for Stanford University, BUT as soon as I got it home it was apparent it still wasn't fixed. He said he removed a virus from my computer but there must be other things causing these problems. He'll be back in 5 days but with your help, maybe I can fix what's wrong.

Here is the last communication I had with ravencajun:

Posted by ginnyginny (My Page) on Sat, Apr 4, 09 at 13:44

I have run Malwarebytes 3 times now and this morning it showed zero files infected.

IE and Mozilla continue to shut down more often than not.

The error messages I get are

IE --error signature.AppName .iexplore.exe AppVer 6.0.2900.2180 Mod Name: unknown Mod/Ver 0.0.0.0 Offset 1011e39

Mozilla- Error signature AppName: mbam.exe AppVer 1:35.0.0 ModName: unknown Mod ver 0.0.0.0 Offset 18021e39

Here are the reports from the first two scans:

Malwarebytes' Anti-Malware 1.35

Database version: 1904

Windows 5.1.2600 Service Pack 2

4/3/2009 10:17:02 PM

mbam-log-2009-04-03 (22-17-02).txt

Scan type: Full Scan (C:\:D:\:E:\:)

Objects scanned: 159500

Time elapsed: 40 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore"E1F2238F-DDE5-4837-AADE-57AC2D848A08>\RP231\A0022842.exe (Adware.MyWeb) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore"E1F2238F-DDE5-4837-AADE-57AC2D848A08>\RP231\A0022843.exe (Trojan.Flooder) -> Quarantined and deleted successfully.

Thanks much!!

Ginny


--------------------------------------------------------------------------------

RE: Using 'GoDaddy' - how to make it default email Brought to you by

clip this post email this post what is this?

see most clipped and recent clippings

Posted by ravencajun (My Page) on Sat, Apr 4, 09 at 18:54

well good you got rid of that nasty trojan! good job.

try going to the event viewer and looking through the categories there for red flags if you find some right click on the item and get the additional info including the code number.

this is how to get there in xp

Start> control panel> administrative tools> event viewer


--------------------------------------------------------------------------------

RE: Using 'GoDaddy' - how to make it default email Brought to you by

clip this post email this post what is this?

see most clipped and recent clippings

Posted by ginnyginny (My Page) on Sat, Apr 4, 09 at 21:20

Here are the messages I found. If this is as big a project as it seems I'm more than happy to pay my computer guy to fix this. When I tried to send this a minute ago I got the "firefox has to close" or whatever dumb message...

Thanks of course

Ginny

WINDOWS ONE CARE.

Windows One care was installed on April 1. only one red x and it was on April 1

Error Code = 0x8a180109

UNDER "APPLICATION" many red xÂs most titled "application"

Faulting application mbam.exe, version 1.35.0.0, faulting module unknown, version 0.0.0.0, fault address 0x18021e39.

Faulting application firefox.exe, version 1.9.0.3372, faulting module unknown, version 0.0.0.0, fault address 0x10001e39.

Faulting application mbam.exe, version 1.35.0.0, faulting module unknown, version 0.0.0.0, fault address 0x18021e39.

Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x10011e39.

Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d.

Faulting application firefox.exe, version 1.9.0.3306, faulting module mozcrt19.dll, version 8.0.0.0, fault address 0x00006662.

Faulting application waol.exe, version 9.5.0.1, faulting module unknown, version 0.0.0.0, fault address 0x700028e4.

Faulting application winword.exe, version 11.0.8125.0, stamp 45b6910c, faulting module winword.exe, version 11.0.8125.0, stamp 45b6910c, debug? 0, fault address 0x0022d4b2.

Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x0061003e.

UNDER SYSTEM (lots of red xÂs) IÂll start with the date farthest away (march 20th I think)

Your computer has lost the lease to its IP address 192.168.1.101 on the Network Card with network address 000CF1A24E8E.

DCOM got error "The system cannot find the path specified. " attempting to start the service MDM with arguments "" in order to run the server:

(0C0A3666-30C9-11D0-8F20-00805F2CD064)

The Machine Debug Manager service failed to start due to the following error:

The system cannot find the path specified.

DCOM got error "The system cannot find the path specified. " attempting to start the service MDM with arguments "" in order to run the server:

(0C0A3666-30C9-11D0-8F20-00805F2CD064)

If this situation looks too big to solve in this forum please say so and I'll just wait until my computer guy returns. While I would love to be able to solve my computer problems, if it's as complicated as I think it could be, that's way too much for me.

Thanks again!!

Ginny

Comments (35)

  • zep516
    12 years ago
    last modified: 6 years ago

    Malwarebytes' Anti-Malware Version 1.36 updated today run it again

  • zep516
    12 years ago
    last modified: 6 years ago

    Up date the program through it's interface choosing update or reinstall from link below

  • Related Discussions

    Need a new computer - help me with brands please!

    Q

    Comments (15)
    The Toshiba A135 received a Very Good rating from cnet. Cnet doesn't give very many $1000 affordable laptops that high of a rating. I recently bought the A135 2877, I believe is the model, the one with 2 gs of mem. (would recommend 2 gigs minimum for vista, from what I hear. It has a 180g hard drive, actually two seperate hard drives, a 100g plus an 80g. Great for backing up your system. With this much memory and hd space, you could collect a sizeable video and audio library (were talking hundreds of songs and movies). It runs Vista flawlessly. Yes, there are faster systems out there. I would have loved one with the Nvidia graphics card, which would give you a whopping 512m of shared graphics memory. The Intel that comes with the A135 has 256megs, acceptable. For about $1100 at costco online, I thinks it's one of the best deals out there. It was about $300 more than I wanted to spend on a laptop, but I'm just thinking where technology is going today, with streaming video, tv and music becomming more and more prevailant, before too long, anything less that 2 gigs of memory and a harddrive less than 100 gigs will probably be obsolete in the next couple years. I think this will be sufficient for our needs for some years to come. -- john
    ...See More

    Trying to save a thread - Help Please

    Q

    Comments (9)
    After you save it in "My Clippings" and you want to view it later you need to click on the heading of the first post and then the rest of the responses will pop up. I hope I'm being clear. When you go to "My Clippings" it only shows the first post of each one you've saved. That way if you have a lot of clippings (like me), you can scroll down quickly to find the one you're looking for. Hope this helps.
    ...See More

    computer problem.....help please

    Q

    Comments (4)
    I use Firefox daily and never had this problem, I would not quickly attribute it to Firefox. But make sure you have the latest updated version of Firefox! Try clearing the cache on Firefox which should be done regularly anyway. Try Right clicking on the back arrow, that will give you a drop down list of the previous pages you visited, click here on the first selection which should be exactly the same as just hitting the back button once. If this works I think you might have a problem with the actual back button. Do you have any problems with just using the cursor and using it to click on the back arrow on Firefox? I don't think I have ever used the back button on my pc keyboard to go back to the previous page, I strictly use the mouse cursor, my mouse actually has a specific go back button on it but I rarely use it.
    ...See More

    Anybody having problems posting new threads?

    Q

    Comments (8)
    I just had problems with not being able to post new threads, finally was able to find out how to send a message to Houzz. They said to refresh my browser, cache [whatever that is] and cookies. I asked the question on Google - it sounded easy, but couldn't find what they were talking about, then they said push Control/Shift/Delete. At first it did nothing then I just kept tapping it - and voila! A box came on, asked if I wanted to delete my browsing history - I clicked yes, and now I can post! Hope this helps, I am hopeless with a computer. Still trying to figure out how to post photos from my IPhone....... Judith
    ...See More
  • ginjj
    Original Author
    12 years ago
    last modified: 6 years ago

    I did the reinstall because the update wouldn't go through - got kicked off Firefox. It seems like it did the trick as I just went to a few websites and did not get sent to an ad! Hopefully as I'm online tonight the drop offs I've been experiencing will also end.

    Can you offer a possible explanation for this? I have Spybot on my computer but that's the only malware/spyware program I have been using (and probably not daily at that.)

    The computer man installed "Windows Live One Care" and said it has spyware in it. I believe I can have several spyware programs on my computer. I will definitely keep malwarebytes and possibly pay for it since it may have saved me from another trip and fee to my computer guy.

    Here are the 3 logs from my scan with updated Malwarebytes.

    Thanks so much!!

    Ginny

    Malwarebytes' Anti-Malware 1.35
    Database version: 1904
    Windows 5.1.2600 Service Pack 2

    4/7/2009 5:06:26 PM
    mbam-log-2009-04-07 (17-06-26).txt

    Scan type: Quick Scan
    Objects scanned: 1
    Time elapsed: 3 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  • zep516
    12 years ago
    last modified: 6 years ago

    Click Here to download HJTInstall.exe
    Save HJTInstall.exe to your desktop.
    Doubleclick on the HJTInstall.exe icon on your desktop.
    By default it will install to C:\Program Files\Trend Micro\HijackThis .
    Click on Install.
    It will create a HijackThis icon on the desktop.
    Once installed, it will launch Hijackthis.
    Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log (no attachments) into your next post.
    DO NOT use the AnalyzeThis button, its findings are dangerous if misinterpreted.
    DO NOT have Hijackthis fix anything yet. Most of what HJT lists will be harmless or even required by your Operating System, a spyware fighter will guide you.

  • zep516
    12 years ago
    last modified: 6 years ago

    By the way still wrong version of Malwarebytes Anti-Malware

    Malwarebytes' Anti-Malware 1.35Database version: 1904
    Windows 5.1.2600 Service Pack 2

    Don't worry about for now follow the hijackthis instruction above an I will look at it an make a decision of what to do.

  • padd_y
    12 years ago
    last modified: 6 years ago

    Also make sure and do a full system scan with Malwarebytes ..

    ( Scan type: Quick Scan
    Objects scanned: 1
    Time elapsed: 3 second(s)


    Paddy...

  • ginjj
    Original Author
    12 years ago
    last modified: 6 years ago

    Thanks for your help!!

    Ginny

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:32:14 PM, on 4/7/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    c:\windows\explorer.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F2 - REG:system.ini: Shell=c:\windows\explorer.exe
    F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
    O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O3 - Toolbar: &Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x (6AF90EF6-F7F9-466C-99F4-1774826FBB40) /qn REBOOT=ReallySuppress (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x (6AF90EF6-F7F9-466C-99F4-1774826FBB40) /qn REBOOT=ReallySuppress (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - (36ECAF82-3300-8F84-092E-AFF36D6C7040) - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - (36ECAF82-3300-8F84-092E-AFF36D6C7040) - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: ComcastHSI - (669B269B-0D4E-41FB-A3D8-FD67CA94F646) - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - (8828075D-D097-4055-AA02-2DBFA9D85E8A) - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Help - (97809617-3937-4F84-B335-9BB05EF1A8D4) - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Ebates - (6685509E-B47B-4f47-8E16-9A5F3A62F683) - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O16 - DPF: (01118400-3E00-11D2-8470-0060089874ED) (SdcNetCheckCtl Class) - http://activex.microsoft.com/objects/ocget.dll
    O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: (2253F320-AB68-4A07-917D-4F12D8884A06) (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: (231B1C6E-F934-42A2-92B6-C2FEFEC24276) (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: (6F750200-1362-4815-A476-88533DE61D0C) (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
    O16 - DPF: (88D969C0-F192-11D4-A65F-0040963251E5) (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
    O16 - DPF: (AD5AE604-34F2-4C7C-AEBB-14D424294A76) - http://www.interoagent.com/SyncInstaller/ReportGenerator/ReportGenerator.cab
    O16 - DPF: (B9191F79-5613-4C76-AA2A-398534BB8999) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Documents and Settings\Ginny\My Documents\Jen\bin\iPodService.exe
    O23 - Service: Machine Debug Manager (MDM) - Logitech, Inc. - (no file)
    O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

    --
    End of file - 8850 bytes

  • zep516
    12 years ago
    last modified: 6 years ago

    Do this again sorry,

    Please download Malwarebytes' Anti-Malware to your desktop. Click here
    Double Click mbam-setup.exe to install the application.
    Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    If an update is found, it will download and install the latest version.
    Once the program has loaded, select "Perform Full Scan", then click Scan.
    The scan may take some time to finish,so please be patient.
    When the scan is complete, click OK, then Show Results to view the results.
    Make sure that everything is checked, and click Remove Selected.
    When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • ginjj
    Original Author
    12 years ago
    last modified: 6 years ago

    When I followed your instructions to download HJT I didn't see a place/choice to "download to my desktop." I just followed the instructions on the site. Hopefully that's ok. Will try and "download to desktop" when following your instructions regarding Malewarebytes but we'll see..
    Ginny

  • zep516
    12 years ago
    last modified: 6 years ago

    Please RUN this tool in the link to remove left over Norton files.

    Are you on dial up?

  • zep516
    12 years ago
    last modified: 6 years ago

    By the way you will be going to malware removal forum.

    I will clean up here a bit Antivirus, Java, an then off you go we will give you instructions for that.

  • ginjj
    Original Author
    12 years ago
    last modified: 6 years ago

    My last antivirus was AVG. I haven't had Norton in a long time. Here's the log.

    Malwarebytes' Anti-Malware 1.36
    Database version: 1949
    Windows 5.1.2600 Service Pack 2

    4/7/2009 7:57:37 PM
    mbam-log-2009-04-07 (19-57-37).txt

    Scan type: Full Scan (C:\:D:\:E:\:)
    Objects scanned: 161556
    Time elapsed: 44 minute(s), 53 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  • ginjj
    Original Author
    12 years ago
    last modified: 6 years ago

    Forgot to say, I am on Comcast Cable. I'll wait to hear from you about going to the Norton link??
    Ginny

  • zep516
    12 years ago
    last modified: 6 years ago

    Go do the Norton now you probably forgot what version let me know.

  • ginjj
    Original Author
    12 years ago
    last modified: 6 years ago

    I had Norton 2005 and ran the removal tool.
    Ginny

  • zep516
    12 years ago
    last modified: 6 years ago

    Double click the hijackthis Icon on the Desktop, Scroll down to Open the Misc Tools section" Click it at the bottom under System tools click "Open Uninstall Manager"over to the right click "Save List" Save it to your Desktop so you may find it, copy and paste it in your next reply..

  • ginjj
    Original Author
    12 years ago
    last modified: 6 years ago

    Acronis True Image Home
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Flash Player ActiveX
    Adobe Help Center 2.1
    Adobe Photoshop Album 2.0 Starter Edition
    Adobe Photoshop Elements 5.0
    Adobe Reader 8.1.3
    Adobe Shockwave Player
    AgentAchieve Report Generator
    AgentAchieve Report Generator
    AMP Font Viewer
    Apple Mobile Device Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    Avery Wizard 3.0
    Bonjour
    Calendar Magic
    Carbonite
    CCleaner (remove only)
    Comcast High-Speed Internet Install Wizard
    ComcastSUPPORT
    DesignPro 5.0 Limited Edition
    Desktop Doctor
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    Easy CD & DVD Creator 6
    eFax Messenger Plus
    EPSON ESPR220 Reference Guide
    EPSON Print CD
    EPSON Printer Software
    Google Earth
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Google Updater
    GTOneCare
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HijackThis 2.0.2
    Hotfix for Windows XP (KB952287)
    Intel(R) PRO Network Adapters and Drivers
    IsoBuster 2.0
    iTunes
    J2SE Runtime Environment 5.0 Update 11
    Malwarebytes' Anti-Malware
    Memorex exPressit Label Design Studio
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft Data Access Components KB870669
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Location Finder
    Microsoft Office Basic Edition 2003
    Microsoft Protection Service
    Microsoft Streets & Trips 2006
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows Live OneCare Resources v2.5.2900.24
    Microsoft Windows OneCare Live AntiSpyware and AntiVirus
    Microsoft Windows OneCare Live v2.5.2900.24
    Microsoft Windows OneCare Live v2.5.2900.24 Idcrl Install
    Mozilla Firefox (3.0.8)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    Ofoto Easy Upload ActiveX Control
    OrderReminder hp LaserJet 101x
    Photo Story 3 for Windows
    Picasa 3
    PowerDVD
    PX Engine
    QuickTime
    Quintessential Player
    RealPlayer
    SBC Yahoo! DSL Activation
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944533)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    SoundMAX
    Spybot - Search & Destroy
    SUPERAntiSpyware Free Edition
    Symantec Network Driver Update
    SyncToy
    Uninstall AOL Emergency Connect Utility 1.0
    Update for Windows XP (KB914882)
    Update for Windows XP (KB923845)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    USDA-HealtheTech Search SR-20
    Viewpoint Media Player
    Windows Defender Signatures
    Windows Genuine Advantage v1.3.0254.0
    Windows Live OneCare
    Windows Media Connect
    Windows Media Connect
    Windows Media Format Runtime
    Windows Media Player 10
    WINForms 2000
    WinHTTrack Website Copier 3.40-2
    WinZip

  • zep516
    12 years ago
    last modified: 6 years ago

    Remove the old Java version from this from the add/remove list,

    J2SE Runtime Environment 5.0 Update 11Then:
    Install new Java from link below way down where it says "here is a link that might be useful",pay attention and uncheck any toolbars or additional software that wants to be included.

    Then run SuperAntiSpyware copy the link into you browser http://www.superantispyware.com/

    Then do this.

    Download ATF Cleaner by Atribune to your Desktop.


    Note: Vista users must use Run As Administrator
    Under Main: Select Files to Delete choose: [b]Select All.
    Click the Empty Selected button.
    If you use Firefox browser click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    If you would like to keep your saved passwords click No at the prompt.
    If you use Opera browserclick Opera at the top and choose: Select All
    Click the Empty Selected button.
    If you would like to keep your saved passwords click] No at the prompt.
    Click Exit on the Main menu to close the program.

    Then update your adobe reader from here http://www.adobe.com/products/reader/

    Lots of progress very well done.

    Can we catch up tomorrow around 3pm or later

    You need to up date IE6 TO IE7 We can talk about that later.

  • ginjj
    Original Author
    12 years ago
    last modified: 6 years ago

    I will follow those steps and talk tomorrow afternoon.
    Ginny

  • zep516
    12 years ago
    last modified: 6 years ago

    Download DDS from the link below and "save" it to your Desktop.

    "Alternate DDS download link" from here http://www.forospyware.com/sUBs/dds

    Vista users right click on ddsand select Run as administrator (you will receive a UAC prompt, please allow it)

    * XP users Double click on dds to run it.
    * If your antivirus or firewall try to block DDS then please allow it to run.
    * When finished DDS will open two (2) logs:

    1) DDS.txt
    2) Attach.txt

    * Save both logs to your desktop.
    * Please include the entire contents of both logs in your next reply.

    And Post a fresh hijackthis log also.

    Will look at later.

  • ravencajun Zone 8b TX
    12 years ago
    last modified: 6 years ago

    zep let me know if I need to help move her over to LzD

    sorry ginny I did not get back to you, I am in the process of packing up my house to put on the market and move so I am not on as often as I would like to be.

  • ginjj
    Original Author
    12 years ago
    last modified: 6 years ago

    Hi guys,
    Ravencajun don't feel bad about being busy. I can't believe how much you guys help us. Hopefully some day I can repay the kindness. Good luck with your move - my daughers are real estate agents; a very interesting field.

    Zep I've been following the steps you outlined.

    When I ran SuperAntiSpyware I did a re-boot before I copied the log, but this was the problem - "Trojan.DNS Changer-Codec." I also remember it had a 4 after Trojan on the report.

    I am confused with updating adobe reader.I currently have 8.1.3 on my computer. Part of my confusion was following their webpage and knowing which to click on and the other was the part about separate instructions for Firefox; when do I do that.

    I will now start on your 7:59 post. Wanted to let you know I'm busy working here.

    Ginny

  • ginjj
    Original Author
    12 years ago
    last modified: 6 years ago

    When I'm downloading these programs I don't see a place to "save to desktop." What happens is it goes into my download page and from there I right click and hit "open." I then follow the instructions for installing etc. I hope this is ok.
    Ginny

  • zep516
    12 years ago
    last modified: 6 years ago

    Does not matter as long as you can find the program you download your ok

  • ginjj
    Original Author
    12 years ago
    last modified: 6 years ago

    DDS (Ver_09-03-16.01) - NTFSx86
    Run by Ginny at 15:21:40.37 on Wed 04/08/2009
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.528 [GMT -7:00]

    AV: Windows Live OneCare *On-access scanning enabled* (Updated)
    FW: Windows Live OneCare Firewall *enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\windows\explorer.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Download\dds.pif

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/webhp?hl=en
    uSearch Page = hxxp://www.google.com
    uWindow Title = Windows Internet Explorer provided by Comcast
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Page =
    mStart Page = hxxp://www.comcast.net/
    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    mWinlogon: Shell=c:\windows\explorer.exe
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: (02478D38-C3F9-4efb-9B51-7695ECA05670) - No File
    BHO: Adobe PDF Reader Link Helper: (06849e9f-c8d7-4d59-b87d-784b7d6be0b3) - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: (3ca2f312-6f6e-4b53-a66e-4e65e497c8c0) - c:\program files\avg\avg8\avgssie.dll
    BHO: Spybot-S&D IE Protection: (53707962-6f74-2d53-2644-206d7942484f) - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Google Toolbar Helper: (aa58ed58-01dd-4d91-8333-cf10577473f7) - c:\program files\google\googletoolbar1.dll
    BHO: Google Toolbar Notifier BHO: (af69de43-7d58-4638-b6fa-ce66b5ad205d) - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: (dbc80044-a445-435b-bc74-9c25c1c588a9) - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: (e7e6f031-17ce-4c07-bc86-eabfe594f69c) - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Google: (2318c2b1-4965-11d4-9b18-009027a5cd4f) - c:\program files\google\googletoolbar1.dll
    TB: (42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6) - No File
    TB: (EF99BD32-C1FB-11D2-892F-0090271D4F88) - No File
    TB: (A057A204-BACC-4D26-9990-79A187E2698E) - No File
    EB: (4528BBE0-4E08-11D5-AD55-00010333D0AD) - No File
    EB: Real.com: (fe54fa40-d68c-11d2-98fa-00c0f0318afe) - c:\windows\system32\Shdocvw.dll
    EB: (32683183-48a0-441b-a342-7c2a440a9478) - No File
    EB: &Discuss: (bdeade7f-c265-11d0-bced-00a0c90ab50f) - shdocvw.dll
    EB: &Research: (ff059e31-cc5a-4e2e-bf3b-96e929d65503) - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
    mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    dRun: [Symantec Network Driver Update Warning] c:\progra~1\symantec\liveup~1\SNDWarn.EXE
    dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe
    dRunOnce: [SRUUninstall] "c:\windows\system32\msiexec.exe" /x (6AF90EF6-F7F9-466C-99F4-1774826FBB40) /qn REBOOT=ReallySuppress
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: (669B269B-0D4E-41FB-A3D8-FD67CA94F646) - http://www.comcast.net/
    IE: (8828075D-D097-4055-AA02-2DBFA9D85E8A) - http://www.comcastsupport.com/
    IE: (97809617-3937-4F84-B335-9BB05EF1A8D4) - http://online.comcast.net/help/
    IE: (FB5F1910-F110-11d2-BB9E-00C04F795683) - c:\program files\messenger\msmsgs.exe
    IE: (36ECAF82-3300-8F84-092E-AFF36D6C7040) - (86529161-034E-4F8A-88D2-3C625E612E04) - c:\program files\winhttrack\WinHTTrackIEBar.dll
    IE: (92780B25-18CC-41C8-B9BE-3C9C571A8263) - (FF059E31-CC5A-4E2E-BF3B-96E929D65503) - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - (FE54FA40-D68C-11d2-98FA-00C0F0318AFE) - c:\windows\system32\Shdocvw.dll
    IE: (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - (53707962-6F74-2D53-2644-206D7942484F) - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: microsoft.com\windowsupdate
    DPF: (01118400-3E00-11D2-8470-0060089874ED) - hxxp://activex.microsoft.com/objects/ocget.dll
    DPF: (166B1BCA-3F9C-11CF-8075-444553540000) - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: (17492023-C23A-453E-A040-C7C580BBF700) - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: (2253F320-AB68-4A07-917D-4F12D8884A06) - hxxp://www.streamaudio.com/download/ccpm_0237.cab
    DPF: (231B1C6E-F934-42A2-92B6-C2FEFEC24276) - c:\program files\yahoo!\common\yucconfig.dll
    DPF: (6F750200-1362-4815-A476-88533DE61D0C) - hxxp://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
    DPF: (88D969C0-F192-11D4-A65F-0040963251E5) - file://c:\tempei4\ei40_\msxml4.cab
    DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: (9F1C11AA-197B-4942-BA54-47A8489BB47F) - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38048.4876273148
    DPF: (A8658086-E6AC-4957-BC8E-7D54A7E8A78E) - hxxp://www.microsoft.com/security/controls/SassCln.CAB
    DPF: (AD5AE604-34F2-4C7C-AEBB-14D424294A76) - hxxp://www.interoagent.com/SyncInstaller/ReportGenerator/ReportGenerator.cab
    DPF: (B9191F79-5613-4C76-AA2A-398534BB8999) - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    DPF: (C7DB51B4-BCF7-4923-8874-7F1A0DC92277) - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: (CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA) - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: (CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA) - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SEH: SABShellExecuteHook Class: (5ae067d3-9afb-48e0-853a-ebb7f4a000da) - c:\program files\superantispyware\SASSEH.DLL
    LSA: Authentication Packages = msv1_0 relog_ap

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\ginny\applic~1\mozilla\firefox\profiles\1jn2vn69.default\
    FF - prefs.js: browser.search.selectedEngine - AOL Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint_03050024.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

    ============= SERVICES / DRIVERS ===============

    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
    R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-3-22 24936]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]

    =============== Created Last 30 ================

    2009-04-08 13:57

    • --d----- c:\program files\common files\Wise Installation Wizard
      2009-04-08 13:49 410,984 a------- c:\windows\system32\deploytk.dll
      2009-04-08 13:49 73,728 a------- c:\windows\system32\javacpl.cpl
      2009-04-07 20:34
      • --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
        2009-04-07 20:19
        • --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
          2009-04-07 19:09 208,744 a------- c:\windows\system32\muweb.dll
          2009-04-07 19:09 27,496 a------- c:\windows\system32\mucltui.dll.mui
          2009-04-07 19:09 268,648 a------- c:\windows\system32\mucltui.dll
          2009-04-07 18:31
          • --d----- c:\program files\Trend Micro
            2009-04-03 20:24
            • --d----- c:\docume~1\ginny\applic~1\Malwarebytes
              2009-04-03 20:24 15,504 a------- c:\windows\system32\drivers\mbam.sys
              2009-04-03 20:24 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
              2009-04-03 20:24
              • --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
                2009-04-03 20:24
                • --d----- c:\program files\Malwarebytes' Anti-Malware
                  2009-04-01 17:30 14,848 ac------ c:\windows\system32\dllcache\kbdhid.sys
                  2009-04-01 17:30 14,848 a------- c:\windows\system32\drivers\kbdhid.sys
                  2009-04-01 16:11 577,536 a------- c:\windows\system32\OLD9.tmp
                  2009-04-01 14:57 40,960 -c------ c:\windows\system32\dllcache\mf3216.dll
                  2009-04-01 12:26 91,328 a------- c:\windows\system32\drivers\msfwdrv.sys
                  2009-04-01 12:26 116,416 a------- c:\windows\system32\drivers\msfwhlpr.sys
                  2009-04-01 12:25 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
                  2009-04-01 12:22 18,944 -c------ c:\windows\system32\dllcache\qmgrprxy.dll
                  2009-04-01 12:22 8,192 -c------ c:\windows\system32\dllcache\bitsprx2.dll
                  2009-04-01 12:22 7,168 -c------ c:\windows\system32\dllcache\bitsprx4.dll
                  2009-04-01 12:22 7,168 -c------ c:\windows\system32\dllcache\bitsprx3.dll
                  2009-04-01 12:22 7,168 -------- c:\windows\system32\bitsprx4.dll
                  2009-04-01 12:22 409,600 -c------ c:\windows\system32\dllcache\qmgr.dll
                  2009-04-01 12:08
                  • --d----- c:\program files\Microsoft Windows OneCare Live
                    2009-04-01 11:05
                    • --d----- c:\program files\AVG
                      2009-03-29 10:12
                      • --d----- c:\program files\Carbonite
                        2009-03-29 10:12
                        • --d----- c:\docume~1\alluse~1\applic~1\Carbonite

    ==================== Find3M ====================

    2009-02-09 03:19 1,846,272 a------- c:\windows\system32\win32k.sys

    ============= FINISH: 15:22:06.31 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-03-16.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/2/2004 11:24:35 AM
    System Uptime: 4/8/2009 2:38:58 PM (1 hours ago)

    Motherboard: Intel Corporation : : D865PERL
    Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz : J2E1 : 3192/200mhz
    Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz : J2E1 : 3192/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 59 GiB total, 6.111 GiB free.
    D: is FIXED (NTFS) - 16 GiB total, 15.843 GiB free.
    E: is FIXED (NTFS) - 19 GiB total, 2.072 GiB free.
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP155: 1/17/2009 8:36:39 PM - System Checkpoint
    RP156: 1/18/2009 8:51:54 PM - System Checkpoint
    RP157: 1/19/2009 9:23:37 PM - System Checkpoint
    RP158: 1/20/2009 10:57:08 PM - System Checkpoint
    RP159: 1/22/2009 6:25:29 AM - System Checkpoint
    RP160: 1/23/2009 8:19:33 AM - System Checkpoint
    RP161: 1/24/2009 5:37:16 PM - System Checkpoint
    RP162: 1/25/2009 6:18:46 PM - System Checkpoint
    RP163: 1/26/2009 6:34:14 PM - System Checkpoint
    RP164: 1/27/2009 8:31:50 PM - System Checkpoint
    RP165: 1/29/2009 8:02:20 PM - System Checkpoint
    RP166: 1/30/2009 9:07:45 PM - System Checkpoint
    RP167: 1/31/2009 10:47:51 PM - System Checkpoint
    RP168: 2/2/2009 12:15:40 AM - System Checkpoint
    RP169: 2/3/2009 9:12:06 AM - Avg8 Update
    RP170: 2/4/2009 2:55:24 PM - System Checkpoint
    RP171: 2/5/2009 2:57:29 PM - System Checkpoint
    RP172: 2/6/2009 6:57:22 PM - System Checkpoint
    RP173: 2/7/2009 5:57:21 AM - Avg8 Update
    RP174: 2/8/2009 12:59:06 PM - System Checkpoint
    RP175: 2/9/2009 6:03:04 PM - System Checkpoint
    RP176: 2/10/2009 9:08:34 AM - Avg8 Update
    RP177: 2/11/2009 5:47:01 PM - System Checkpoint
    RP178: 2/12/2009 9:39:55 AM - Avg8 Update
    RP179: 2/13/2009 9:37:29 PM - System Checkpoint
    RP180: 2/14/2009 11:25:45 PM - System Checkpoint
    RP181: 2/16/2009 10:05:08 AM - System Checkpoint
    RP182: 2/17/2009 6:02:20 PM - System Checkpoint
    RP183: 2/18/2009 6:53:15 PM - System Checkpoint
    RP184: 2/20/2009 11:36:52 AM - System Checkpoint
    RP185: 2/21/2009 12:09:18 PM - System Checkpoint
    RP186: 2/22/2009 5:17:00 PM - System Checkpoint
    RP187: 2/23/2009 8:38:21 PM - System Checkpoint
    RP188: 2/25/2009 12:53:23 AM - System Checkpoint
    RP189: 2/26/2009 1:00:43 AM - System Checkpoint
    RP190: 2/27/2009 7:43:35 PM - System Checkpoint
    RP191: 3/1/2009 9:16:58 PM - System Checkpoint
    RP192: 3/2/2009 6:33:29 AM - Software Distribution Service 3.0
    RP193: 3/3/2009 12:08:02 PM - System Checkpoint
    RP194: 3/4/2009 9:02:31 AM - Avg8 Update
    RP195: 3/5/2009 9:40:36 AM - System Checkpoint
    RP196: 3/6/2009 10:35:07 AM - System Checkpoint
    RP197: 3/8/2009 11:00:33 AM - System Checkpoint
    RP198: 3/9/2009 11:35:50 AM - System Checkpoint
    RP199: 3/10/2009 12:17:17 PM - System Checkpoint
    RP200: 3/11/2009 12:24:59 PM - System Checkpoint
    RP201: 3/12/2009 12:51:39 PM - System Checkpoint
    RP202: 3/13/2009 1:01:41 PM - System Checkpoint
    RP203: 3/14/2009 3:12:32 PM - System Checkpoint
    RP204: 3/15/2009 5:55:42 PM - System Checkpoint
    RP205: 3/16/2009 6:41:49 PM - System Checkpoint
    RP206: 3/17/2009 9:09:11 AM - Avg8 Update
    RP207: 3/18/2009 9:54:33 AM - System Checkpoint
    RP208: 3/19/2009 11:34:32 AM - System Checkpoint
    RP209: 3/20/2009 12:22:32 PM - System Checkpoint
    RP210: 3/21/2009 12:23:37 PM - System Checkpoint
    RP211: 3/22/2009 5:03:08 PM - System Checkpoint
    RP212: 3/23/2009 6:02:51 PM - System Checkpoint
    RP213: 3/24/2009 6:58:24 PM - System Checkpoint
    RP214: 3/25/2009 7:10:34 PM - System Checkpoint
    RP215: 3/26/2009 8:23:59 PM - System Checkpoint
    RP216: 3/27/2009 8:14:30 AM - Avg8 Update
    RP217: 3/28/2009 10:17:42 AM - System Checkpoint
    RP218: 3/29/2009 9:15:24 AM - Software Distribution Service 3.0
    RP219: 3/30/2009 10:02:46 AM - System Checkpoint
    RP220: 3/31/2009 11:08:07 AM - Software Distribution Service 3.0
    RP221: 4/1/2009 10:44:04 AM - Removed AVG 8.0
    RP222: 4/1/2009 10:45:07 AM - Installed AVG 8.0
    RP223: 4/1/2009 11:04:58 AM - Installed AVG Free 8.5
    RP224: 4/1/2009 12:22:19 PM - Installed Windows XP KB914882.
    RP225: 4/1/2009 12:24:29 PM - Installed Windows XP KB923845.
    RP226: 4/1/2009 12:29:58 PM - Removed AVG Free 8.5
    RP227: 4/1/2009 12:30:50 PM - Installed AVG Free 8.5
    RP228: 4/1/2009 12:36:48 PM - Microsoft OneCare Protection Checkpoint
    RP229: 4/1/2009 2:56:41 PM - Microsoft OneCare Protection Checkpoint
    RP230: 4/1/2009 4:10:58 PM - Microsoft OneCare Protection Checkpoint
    RP231: 4/2/2009 7:45:49 PM - System Checkpoint
    RP232: 4/4/2009 8:25:57 AM - System Checkpoint
    RP233: 4/5/2009 5:59:20 PM - System Checkpoint
    RP234: 4/6/2009 11:40:53 PM - System Checkpoint
    RP235: 4/7/2009 8:28:52 PM - Software Distribution Service 3.0
    RP236: 4/8/2009 1:45:10 PM - Removed J2SE Runtime Environment 5.0 Update 11
    RP237: 4/8/2009 1:49:03 PM - Installed Java(TM) 6 Update 13
    RP238: 4/8/2009 1:57:13 PM - Removed SUPERAntiSpyware Free Edition
    RP239: 4/8/2009 1:58:16 PM - Installed SUPERAntiSpyware Free Edition

    ==== Installed Programs ======================

    Acronis True Image Home
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Flash Player ActiveX
    Adobe Help Center 2.1
    Adobe Photoshop Album 2.0 Starter Edition
    Adobe Photoshop Elements 5.0
    Adobe Reader 8.1.3
    Adobe Shockwave Player
    AgentAchieve Report Generator
    AMP Font Viewer
    Apple Mobile Device Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    Avery Wizard 3.0
    Bonjour
    Calendar Magic
    Carbonite
    CCleaner (remove only)
    Comcast High-Speed Internet Install Wizard
    ComcastSUPPORT
    DesignPro 5.0 Limited Edition
    Desktop Doctor
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    Easy CD & DVD Creator 6
    eFax Messenger Plus
    EPSON ESPR220 Reference Guide
    EPSON Print CD
    EPSON Printer Software
    Google Earth
    Google Toolbar for Internet Explorer
    Google Updater
    GTOneCare
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HijackThis 2.0.2
    Hotfix for Windows XP (KB952287)
    Intel(R) PRO Network Adapters and Drivers
    IsoBuster 2.0
    iTunes
    Java(TM) 6 Update 13
    Malwarebytes' Anti-Malware
    Memorex exPressit Label Design Studio
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft Application Error Reporting
    Microsoft Data Access Components KB870669
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Location Finder
    Microsoft Office Basic Edition 2003
    Microsoft Protection Service
    Microsoft Streets & Trips 2006
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows Live OneCare Resources v2.5.2900.24
    Microsoft Windows OneCare Live AntiSpyware and AntiVirus
    Microsoft Windows OneCare Live v2.5.2900.24
    Microsoft Windows OneCare Live v2.5.2900.24 Idcrl Install
    Mozilla Firefox (3.0.8)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    Ofoto Easy Upload ActiveX Control
    OrderReminder hp LaserJet 101x
    Photo Story 3 for Windows
    Picasa 3
    PowerDVD
    PX Engine
    QuickTime
    Quintessential Player
    RealPlayer
    SBC Yahoo! DSL Activation
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944533)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    SoundMAX
    Spybot - Search & Destroy
    SUPERAntiSpyware Free Edition
    Symantec Network Driver Update
    SyncToy
    Uninstall AOL Emergency Connect Utility 1.0
    Update for Windows XP (KB914882)
    Update for Windows XP (KB923845)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    USDA-HealtheTech Search SR-20
    Viewpoint Media Player
    WebFldrs XP
    Windows Defender Signatures
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Live OneCare
    Windows Media Connect
    Windows Media Format Runtime
    Windows Media Player 10
    WINForms 2000
    WinHTTrack Website Copier 3.40-2
    WinZip

    ==== Event Viewer Messages From Past Week ========

    4/1/2009 6:55:01 PM, error: Service Control Manager [7000] - The WMDM PMSP Service service failed to start due to the following error: The system cannot find the path specified.
    4/1/2009 6:55:01 PM, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The system cannot find the path specified.
    4/1/2009 6:54:38 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 000CF1A24E8E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    4/1/2009 5:45:48 PM, error: DCOM [10005] - DCOM got error "%3" attempting to start the service MDM with arguments "" in order to run the server: (0C0A3666-30C9-11D0-8F20-00805F2CD064)
    4/1/2009 5:21:13 PM, error: DCOM [10005] - DCOM got error "%3" attempting to start the service MDM with arguments "" in order to run the server: (943B6A75-BB5E-41A7-A6D3-A1A5E892B33B)
    4/1/2009 4:59:10 PM, error: OneCareMP [1008] - Windows OneCare Live has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Mariofev.A&threatid=2147617110 Scan ID: (3C04591A-6DA5-4236-9A7D-04CA111755A5) Scan Type: AntiMalware User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Mariofev.A ID: 2147617110 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508024 Error description: To finish removing spyware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support.
    4/1/2009 4:59:10 PM, error: OneCareMP [1008] - Windows OneCare Live has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Mariofev.A&threatid=2147617110 Scan ID: (3C04591A-6DA5-4236-9A7D-04CA111755A5) Scan Type: AntiMalware User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Mariofev.A ID: 2147617110 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508024 Error description: To finish removing spyware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support.
    4/1/2009 4:12:15 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Mariofev.A&threatid=2147617110 Scan ID: (E24F80C7-E07E-4980-A37F-72A90DEAF8EE) User: GINNY-XP\Ginny Name: Virus:Win32/Mariofev.A ID: 2147617110 Severity: Severe Category: Virus Path: Alert Type: Action: Clean Error Code: 0x80508024 Error description: To finish removing spyware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support.
    4/1/2009 4:11:48 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Mariofev.A&threatid=2147617110 Scan ID: (25744E63-87B9-4C29-93FF-17D9C3E4FC95) User: GINNY-XP\Ginny Name: Virus:Win32/Mariofev.A ID: 2147617110 Severity: Severe Category: Virus Path: Alert Type: Action: Remove Error Code: 0x80508024 Error description: To finish removing spyware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support.
    4/1/2009 4:11:01 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Mariofev.A&threatid=2147617110 Scan ID: (37E0B901-64A0-43DF-AF84-51EA678C3D7F) User: GINNY-XP\Ginny Name: Virus:Win32/Mariofev.A ID: 2147617110 Severity: Severe Category: Virus Path: Alert Type: Action: Quarantine Error Code: 0x80508024 Error description: To finish removing spyware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support.
    4/1/2009 4:05:17 PM, error: OneCareMP [1008] - Windows OneCare Live has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Mariofev.A&threatid=2147617110 Scan ID: (628ED6AA-1428-423B-94D4-A6415B146945) Scan Type: AntiMalware User: GINNY-XP\Ginny Name: Virus:Win32/Mariofev.A ID: 2147617110 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508024 Error description: To finish removing spyware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support.
    4/1/2009 4:05:17 PM, error: OneCareMP [1008] - Windows OneCare Live has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Mariofev.A&threatid=2147617110 Scan ID: (628ED6AA-1428-423B-94D4-A6415B146945) Scan Type: AntiMalware User: GINNY-XP\Ginny Name: Virus:Win32/Mariofev.A ID: 2147617110 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508024 Error description: To finish removing spyware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support.
    4/1/2009 4:05:17 PM, error: OneCareMP [1008] - Windows OneCare Live has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Mariofev.A&threatid=2147607909 Scan ID: (628ED6AA-1428-423B-94D4-A6415B146945) Scan Type: AntiMalware User: GINNY-XP\Ginny Name: TrojanDropper:Win32/Mariofev.A ID: 2147607909 Severity: Severe Category: Trojan Dropper Path: Action: Remove Error Code: 0x80508024 Error description: To finish removing spyware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support.
    4/1/2009 3:06:04 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Mariofev.A&threatid=2147617110 Scan ID: (F504141E-B800-4516-978E-6B64F5B2762B) User: GINNY-XP\Ginny Name: Virus:Win32/Mariofev.A ID: 2147617110 Severity: Severe Category: Virus Path: Alert Type: Action: Clean Error Code: 0x80508024 Error description: To finish removing spyware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support.
    4/1/2009 3:05:43 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Mariofev.A&threatid=2147617110 Scan ID: (7E3F6E9B-8C2A-4C33-91A4-C12D4F854824) User: GINNY-XP\Ginny Name: Virus:Win32/Mariofev.A ID: 2147617110 Severity: Severe Category: Virus Path: Alert Type: Action: Clean Error Code: 0x80508024 Error description: To finish removing spyware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support.
    4/1/2009 2:58:09 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Mariofev.A&threatid=2147617110 Scan ID: (D6463872-81F6-4128-8046-588E485D40BF) User: GINNY-XP\Ginny Name: Virus:Win32/Mariofev.A ID: 2147617110 Severity: Severe Category: Virus Path: Alert Type: Action: Clean Error Code: 0x80508024 Error description: To finish removing spyware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support.
    4/1/2009 2:57:51 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Mariofev.A&threatid=2147617110 Scan ID: (D8FF7F72-6E1B-4B59-B9AD-80FDD89C419B) User: GINNY-XP\Ginny Name: Virus:Win32/Mariofev.A ID: 2147617110 Severity: Severe Category: Virus Path: Alert Type: Action: Remove Error Code: 0x80508024 Error description: To finish removing spyware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support.
    4/1/2009 2:56:41 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Mariofev.A&threatid=2147617110 Scan ID: (C196D672-FA69-4F6C-B43D-4448A93B2770) User: GINNY-XP\Ginny Name: Virus:Win32/Mariofev.A ID: 2147617110 Severity: Severe Category: Virus Path: Alert Type: Action: Clean Error Code: 0x80508024 Error description: To finish removing spyware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support.
    4/1/2009 2:44:11 PM, error: MSFWDrv [9] - The device, , did not respond within the timeout period.
    4/1/2009 1:09:04 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service VSS with arguments "" in order to run the server: (E579AB5F-1CC4-44B4-BED9-DE0991FF0623)
    4/1/2009 12:57:04 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Mariofev.A&threatid=2147617110 Scan ID: (DAC855F4-0A6B-4221-A499-50C2722F77C1) User: GINNY-XP\Ginny Name: Virus:Win32/Mariofev.A ID: 2147617110 Severity: Severe Category: Virus Path: Alert Type: Action: Clean Error Code: 0x80508024 Error description: To finish removing spyware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support.
    4/1/2009 12:36:48 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Mariofev.A&threatid=2147617110 Scan ID: (7C907D15-D4B9-4758-91B1-8EC0FE4F7853) User: GINNY-XP\Ginny Name: Virus:Win32/Mariofev.A ID: 2147617110 Severity: Severe Category: Virus Path: Alert Type: Action: Clean Error Code: 0x80508024 Error description: To finish removing spyware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support.
    4/1/2009 11:57:34 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 000CF1A24E8E has been denied by the DHCP server 192.168.1.2 (The DHCP Server sent a DHCPNACK message).
    4/8/2009 1:57:14 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
    4/8/2009 3:21:42 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
    4/1/2009 4:11:55 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file user32.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.

    ==== End Of File ===========================

    Hijackthis coming in another posting

    Ginny

  • ginjj
    Original Author
    12 years ago
    last modified: 6 years ago

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:28:15 PM, on 4/8/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\windows\explorer.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F2 - REG:system.ini: Shell=c:\windows\explorer.exe
    F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
    O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x (6AF90EF6-F7F9-466C-99F4-1774826FBB40) /qn REBOOT=ReallySuppress (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x (6AF90EF6-F7F9-466C-99F4-1774826FBB40) /qn REBOOT=ReallySuppress (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Run WinHTTrack - (36ECAF82-3300-8F84-092E-AFF36D6C7040) - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - (36ECAF82-3300-8F84-092E-AFF36D6C7040) - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: ComcastHSI - (669B269B-0D4E-41FB-A3D8-FD67CA94F646) - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - (8828075D-D097-4055-AA02-2DBFA9D85E8A) - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Help - (97809617-3937-4F84-B335-9BB05EF1A8D4) - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Ebates - (6685509E-B47B-4f47-8E16-9A5F3A62F683) - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O16 - DPF: (01118400-3E00-11D2-8470-0060089874ED) (SdcNetCheckCtl Class) - http://activex.microsoft.com/objects/ocget.dll
    O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: (2253F320-AB68-4A07-917D-4F12D8884A06) (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: (231B1C6E-F934-42A2-92B6-C2FEFEC24276) (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: (6F750200-1362-4815-A476-88533DE61D0C) (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
    O16 - DPF: (88D969C0-F192-11D4-A65F-0040963251E5) (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
    O16 - DPF: (AD5AE604-34F2-4C7C-AEBB-14D424294A76) - http://www.interoagent.com/SyncInstaller/ReportGenerator/ReportGenerator.cab
    O16 - DPF: (B9191F79-5613-4C76-AA2A-398534BB8999) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Documents and Settings\Ginny\My Documents\Jen\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

    --
    End of file - 9200 bytes

  • zep516
    12 years ago
    last modified: 6 years ago

    Hijackthis log is still showing Norton Anti Virus files,

    O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')

    O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')

    And they are running at boot up everytime so the Norton removal failed.

    Lets try this tool in the link below, when you get the web page download ---->symnrt.exeRun the tool an I will need to see another Hijackthis log. to make sure those entries are gone.

    Norton does not want to leave your computer lol.

  • ginjj
    Original Author
    12 years ago
    last modified: 6 years ago

    I should mention that I just took AOL off my computer after 8 years. I understand AOL leaves bits of itself all over as well.

    When I followed your instructions I ran into a snag but tried to continue on. Hopefully Norton is gone.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:17:56 PM, on 4/8/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\windows\explorer.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F2 - REG:system.ini: Shell=c:\windows\explorer.exe
    F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
    O2 - BHO: (no name) - "02478D38-C3F9-4efb-9B51-7695ECA05670> - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - "06849E9F-C8D7-4D59-B87D-784B7D6BE0B3> - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - "3CA2F312-6F6E-4B53-A66E-4E65E497C8C0> - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - "53707962-6F74-2D53-2644-206D7942484F> - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - "AA58ED58-01DD-4d91-8333-CF10577473F7> - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - "AF69DE43-7D58-4638-B6FA-CE66B5AD205D> - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - "DBC80044-A445-435b-BC74-9C25C1C588A9> - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - "E7E6F031-17CE-4C07-BC86-EABFE594F69C> - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - "2318C2B1-4965-11d4-9B18-009027A5CD4F> - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x "6AF90EF6-F7F9-466C-99F4-1774826FBB40> /qn REBOOT=ReallySuppress (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x "6AF90EF6-F7F9-466C-99F4-1774826FBB40> /qn REBOOT=ReallySuppress (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Run WinHTTrack - "36ECAF82-3300-8F84-092E-AFF36D6C7040> - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - "36ECAF82-3300-8F84-092E-AFF36D6C7040> - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: ComcastHSI - "669B269B-0D4E-41FB-A3D8-FD67CA94F646> - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - "8828075D-D097-4055-AA02-2DBFA9D85E8A> - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Research - "92780B25-18CC-41C8-B9BE-3C9C571A8263> - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Help - "97809617-3937-4F84-B335-9BB05EF1A8D4> - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: Real.com - "CD67F990-D8E9-11d2-98FE-00C0F0318AFE> - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - "DFB852A3-47F8-48C4-A200-58CAB36FD2A2> - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - "DFB852A3-47F8-48C4-A200-58CAB36FD2A2> - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - "FB5F1910-F110-11d2-BB9E-00C04F795683> - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - "FB5F1910-F110-11d2-BB9E-00C04F795683> - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Ebates - "6685509E-B47B-4f47-8E16-9A5F3A62F683> - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O16 - DPF: "01118400-3E00-11D2-8470-0060089874ED> (SdcNetCheckCtl Class) - http://activex.microsoft.com/objects/ocget.dll
    O16 - DPF: "17492023-C23A-453E-A040-C7C580BBF700> (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: "2253F320-AB68-4A07-917D-4F12D8884A06> (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: "231B1C6E-F934-42A2-92B6-C2FEFEC24276> (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: "6F750200-1362-4815-A476-88533DE61D0C> (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
    O16 - DPF: "88D969C0-F192-11D4-A65F-0040963251E5> (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
    O16 - DPF: "AD5AE604-34F2-4C7C-AEBB-14D424294A76> - http://www.interoagent.com/SyncInstaller/ReportGenerator/ReportGenerator.cab
    O16 - DPF: "B9191F79-5613-4C76-AA2A-398534BB8999> - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Documents and Settings\Ginny\My Documents\Jen\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

    --
    End of file - 9201 bytes

  • padd_y
    12 years ago
    last modified: 6 years ago

    Zep, Mate send them over to LdZ theres some issues with the logs I can see at a quick glance Traces of Vundo ..

    Also link back to this thread Please ...

    Paddy...

  • zep516
    12 years ago
    last modified: 6 years ago

    Ginny

    Where going to move you to another forum please go to the forum in the link below an register at the forum, please provide a link to this thread as well. Just start a (new topic) in the (hijack log section) you can post a log there and they will sort this out.

    See intructions for hijackthis logs on that forum

  • ginjj
    Original Author
    12 years ago
    last modified: 6 years ago

    Thank you Zep, Ravencajun and others, for helping me get my computer running as it should. I really appreciate you taking the time to run me through this process.

    Am I correct in deducing that although my computer man removed a virus, the reason my computer continued to do a variety of bad things was because I was loaded with malware?

    It's interesting that someone like me, who loves her computer, takes classes, listens to computer radio programs and podcasts, experienced such a big problem as I just did. I am on my computer a lot but I feel I visit innocent sites like GW, cooking sites, computer sites etc. I also thought my anti-virus was protecting me (which I neglected to check every day to see that it was - which it wasn't,) and I really can't remember if I had anything other than Spybot watching for spyware. I guess you could say I wasn't paying attention.

    I look forward to learning alot about spyware and malware on that site you've sent me to. I have a meeting tonight and work the next two days so won't log onto that site until Saturday.

    Thanks again and if you could tell me, in a few words, what you think caused my problems I'd really appreciate it.

    Ginny

  • zep516
    12 years ago
    last modified: 6 years ago

    It looks like one problem led to another, the Norton Anti Virus was never removed, the Java was out of date that's an infection risk. ect

    Anti Virus programs can only do so much, it's a matter of keeping all programs updated, that was one of the reasons I mentioned IE6 and consider updating to ie7.

    More will be relieved on the other forum.

    I always try to do as much as I can here before I send anyone there, that may change I will send users directly to the forum from now on this is not the place for all the logs ect so I'm rethinking it.

    zep

    Don't make any changes to the computer as in download or uninstalling programs, all this information will be reviewed by ldz.

  • ravencajun Zone 8b TX
    12 years ago
    last modified: 6 years ago

    Ginny I will go ahead and create the thread for you over on the other forum, you will need to register there then just go to the link I provide for your thread and the team will lead you through the steps, please at any time you have a question ask us and if you run into problems let the team know exactly what is happening. Here is the link to your thread there.
    Thread for GinnyGinny

    be patient and you will get taken care of.

  • ravencajun Zone 8b TX
    12 years ago
    last modified: 6 years ago

    Ginny from now on you should get and use the secunia tool which tells you of any programs on your pc that need updating these are big security risks and the route of much infection today so it is a must to keep that stuff updated, not just the windows updates. You really should have malwarebytes which you do now, so use it weekly from now on but always be sure you update it prior to running the FULL scan and let it clean what it finds, I also recommend Superantispyware it is also free and must be updated prior to running the scans, and if you do not have spywareblaster get that, you update it once a week and enable all protection no scans to do. The team will help you out with some of that also.
    SUPERAntiSpyware Free Edition
    Secunia Online Software Inspector
    that link has the online version and if you want the one you install on your pc the link is there to it also PSI.

    SpywareBlaster

    as to your question of saving to the desktop, you should get a box asking where you want to save things to, when you click the browse button you would select desktop as the location for saving to the desktop. If you have a default set up to send everything to a specific location that would be why you do not see the normal options that is something that you can change in your settings.

  • mdadmit
    11 years ago
    last modified: 6 years ago

    Medical School Secondary Application and Medical School Secondary Essay with MDadmit Admissions Consulting, Medical School Secondary Application and Medical School Secondary Essay and Mock Interview Services.