Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi. Like many people I seem to have been inflicted with the Google/Yahoo redirect Virus which is making standard searches impossible. Looking at other people's threads, I've searched through my own Device Manager (Hidden) files and not been able to find the one file people advised to turn off.
So I've run the Malware programs as advised and got the logs below - and I'm starting a new thread, also as advised.
Please be aware I am a *total novice* at this so would appreciate idiot-friendly baby-steps advice on how to get rid of this very annoying virus.
Many thanks!
~~~~~~~~~~~~~~~~~~~~
Malwarebytes' Anti-Malware 1.30
Database version: 1433
Windows 6.0.6001 Service Pack 128/11/2008 20:12:48
mbam-log-2008-11-28 (20-12-48).txtScan type: Quick Scan
Objects scanned: 53723
Time elapsed: 4 minute(s), 5 second(s)Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 9
Folders Infected: 5
Files Infected: 3Memory Processes Infected:
(No malicious items detected)Memory Modules Infected:
(No malicious items detected)Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Tribute Service (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.Registry Values Infected:
(No malicious items detected)Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{18e8e4bd-0a28-4264-abb6-0b43cac100d0}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.201;85.255.112.169 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{18e8e4bd-0a28-4264-abb6-0b43cac100d0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.201;85.255.112.169 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7d99ce60-b9dc-43da-8a47-1ad213ccb951}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.201;85.255.112.169 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{18e8e4bd-0a28-4264-abb6-0b43cac100d0}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.201;85.255.112.169 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{18e8e4bd-0a28-4264-abb6-0b43cac100d0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.201;85.255.112.169 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7d99ce60-b9dc-43da-8a47-1ad213ccb951}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.201;85.255.112.169 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{18e8e4bd-0a28-4264-abb6-0b43cac100d0}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.201;85.255.112.169 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{18e8e4bd-0a28-4264-abb6-0b43cac100d0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.201;85.255.112.169 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7d99ce60-b9dc-43da-8a47-1ad213ccb951}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.201;85.255.112.169 -> Quarantined and deleted successfully.Folders Infected:
C:\Program Files\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\PCW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.Files Infected:
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\homeview\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\homeview\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.~~~~~~~~~~~~~~~
The system advised me NOT to post the second log acquired thru Hijack This, but I can if need be.
You are not allowed to post Hijack This log s without a request from a helper, please post your Hijack This log after running the following scan.
Download SDFix.exe and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.1.Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
2. Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
3. Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
4. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt
0 
Hi. All instructions followed until I got to the point where I double-clicked 'RunThis'. That produced a script box which immediately opens then closes before I can type anything in it. Not sure of reasons, but recently removed McAfee as it wasn't working so felt script-disable wouldn't be a problem but are there more 'disable script-blocking' actions I have to take IF this is reaosn for closing or maybe something else?
Many thanks from a novice!
0
All antivirus and antispyware programs must be turned off as they will damage some of the SDFix files. You need to be in safe mode. Delete the C:\SDFix folder and redownload it and try again.
0
Hi. No Anti-Virus stuff on as far as I can tell and I deleted and then reloaded SDFix as suggested... but same result. The script window appears and immediately vanishes. I did click on one of the others in the folder 'CatchMe', I think, and that appears to stay open. I've also tried running SDFix as both normal and administrator and result is the same.
Can't think of anything I'm not doing from instructions. Any ideas? Thanks.
0
Delete the C:\SDFix folder again. On your desktop rename sdfix.exe to john.exe and install it again. Once you get it reinstalled rename runthis.bat to john1.bat and see if it will run.
0
:( Still no luck. However this time I did get a window that came up (when I installed, before I went to Safe Mode) questioning whether the program had installed correctly. This doesn't come up every time I've tried, but did at one point ebfore and I've tried both the 'yes,is fine as is' and 'retry' options. Could this be a general compatibility issue with Vista? The laptop (an ACER 5920) is only a couple of months old. Or is there possibly a program similar but different to SDFix I could try? All VERY frustrating
0
My apologies, its not compatible with Vista we will need to use a slightly different procedure.
Post a Hijack This log please.
Please download and install the latest version of HijackThis v2.0.2:
Download the "HijackThis" Installer from this link:
Hijack This
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
0
Thanks. Had to run it as administrator, but it worked... Here's the log-file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44:34, on 30/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: NormalRunning processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\PCW\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Users\PCW\Desktop\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://theregoestheday.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.exe C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: SETAUDIO.exe
O4 - Global Startup: SETRES.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite...
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.co.uk/Snapfish...
O17 - HKLM\System\CCS\Services\Tcpip\..\{18E8E4BD-0A28-4264-ABB6-0B43CAC100D0}: NameServer = 85.255.112.201;85.255.112.169
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D99CE60-B9DC-43DA-8A47-1AD213CCB951}: NameServer = 85.255.112.201;85.255.112.169
O17 - HKLM\System\CS1\Services\Tcpip\..\{18E8E4BD-0A28-4264-ABB6-0B43CAC100D0}: NameServer = 85.255.112.201;85.255.112.169
O17 - HKLM\System\CS2\Services\Tcpip\..\{18E8E4BD-0A28-4264-ABB6-0B43CAC100D0}: NameServer = 85.255.112.201;85.255.112.169
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe--
End of file - 12877 bytes
0
I don't see an antivirus running. Acer's Empowering Technology doesn't appear to be an Antivirus. You need to install one before you continue.
I use the free version of AVG antivirus, you can download it at this link:
AVG Free AntivirusUpdate it once you get it installed. Please download ComboFix to the desktop from one of the following links:
Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.In your case to run Combofix do the following:
1. Go offline turn off your Antivirus, Windows Defender and any other antispyware that you may have.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.
0
I added AVG as suggested. It loaded but didn't seem able to download an update. However this was the eventual log:
ComboFix 08-11-30.01 - PCW 2008-11-30 16:51:52.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1669 [GMT 0:00]
Running from: c:\users\PCW\Desktop\ComboFix.exe
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:\users\PCW\AppData\Roaming\.#
c:\users\PCW\AppData\Roaming\.#\MBX@175C@362990.###
c:\users\PCW\AppData\Roaming\.#\MBX@175C@3629C0.###
c:\users\PCW\AppData\Roaming\.#\MBX@175C@3629F0.###
c:\windows\system32\x64
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com
G:\Autorun.inf.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))))))
.2008-11-30 16:31 . 2008-11-30 16:31 <DIR> d-------- c:\windows\System32\drivers\Avg
2008-11-30 16:31 . 2008-11-30 16:31 <DIR> d-------- c:\users\All Users\avg8
2008-11-30 16:31 . 2008-11-30 16:31 <DIR> d-------- c:\program files\AVG
2008-11-30 16:31 . 2008-11-30 16:31 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys
2008-11-30 16:31 . 2008-11-30 16:31 69,128 --a------ c:\windows\System32\drivers\avgwfpx.sys
2008-11-30 16:31 . 2008-11-30 16:31 10,520 --a------ c:\windows\System32\avgrsstx.dll
2008-11-30 02:37 . 2008-11-30 02:41 <DIR> d-------- C:\SDFix
2008-11-29 16:33 . 2008-01-24 02:25 172,032 --a------ c:\windows\System32\igfxres.dll
2008-11-28 20:06 . 2008-11-28 20:06 <DIR> d-------- c:\users\PCW\AppData\Roaming\Malwarebytes
2008-11-28 20:06 . 2008-11-28 20:06 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-28 20:06 . 2008-11-28 20:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-28 20:06 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-28 20:06 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-28 18:13 . 2004-08-04 08:00 506,368 --a------ c:\windows\System32\msxml.dll
2008-11-25 23:53 . 2008-11-25 23:53 <DIR> d-------- c:\users\PCW\DoctorWeb
2008-11-20 23:11 . 2008-11-20 23:11 29,192 --a------ c:\windows\System32\drivers\ndisprot.sys
2008-11-20 23:10 . 2008-11-20 23:10 <DIR> d-------- c:\windows\HDTV Player
2008-11-20 23:10 . 2008-11-21 00:40 <DIR> d-------- c:\program files\HDTV Player
2008-11-16 20:35 . 2008-11-16 20:35 <DIR> d-------- c:\windows\Applian FLV Player
2008-11-16 20:35 . 2008-11-16 20:35 <DIR> d-------- c:\program files\FLV Player
2008-11-12 23:31 . 2008-09-05 05:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 22:16 . 2008-09-10 03:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 21:24 . 2008-08-27 01:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-10-29 03:14 . 2008-08-05 09:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-29 03:14 . 2008-08-05 09:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-29 03:14 . 2008-08-05 09:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-29 03:14 . 2008-08-05 09:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-29 03:14 . 2008-08-05 09:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-28 20:06 . 2008-08-12 03:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-28 20:06 . 2008-09-18 04:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-28 20:06 . 2008-09-18 04:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-28 13:31 . 2008-10-28 13:31 <DIR> d-------- c:\users\All Users\Kontiki
2008-10-28 13:31 . 2008-10-28 13:31 <DIR> d-------- c:\program files\Kontiki
2008-10-28 13:31 . 2008-10-28 13:31 <DIR> d-------- c:\program files\Channel4
2008-10-28 13:30 . 2008-10-28 13:30 <DIR> d-------- c:\users\All Users\Channel4
2008-10-15 02:08 . 2008-09-18 05:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-15 02:08 . 2008-09-18 05:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-15 02:08 . 2008-09-18 02:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-15 02:08 . 2008-10-02 03:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-15 02:08 . 2008-08-27 01:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-15 02:07 . 2008-10-02 01:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-10-12 13:00 . 2008-10-12 13:03 48 --a------ C:\doug2.wav
2008-10-12 12:45 . 2008-10-12 12:45 <DIR> d-------- c:\program files\PAS-Products
2008-10-12 12:45 . 2002-08-20 15:40 1,381,376 --a------ c:\windows\System32\vcl70.bpl
2008-10-12 12:45 . 2002-08-20 14:40 778,240 --a------ c:\windows\System32\rtl70.bpl
2008-10-12 12:45 . 1998-02-06 19:37 299,520 --a------ c:\windows\uninst.exe
2008-10-12 12:45 . 2002-08-20 15:40 215,040 --a------ c:\windows\System32\vclx70.bpl
2008-10-09 08:48 . 2008-10-09 08:48 <DIR> d-------- c:\users\All Users\Apple Computer
2008-10-09 08:48 . 2008-10-09 08:48 <DIR> d-------- c:\program files\Common Files\Apple
2008-10-09 08:47 . 2008-10-09 08:47 <DIR> d-------- c:\users\All Users\Apple
2008-10-09 08:47 . 2008-10-09 08:47 <DIR> d-------- c:\program files\Apple Software Update.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 16:54 --------- d-----w c:\users\PCW\AppData\Roaming\Skype
2008-11-30 16:02 --------- d-----w c:\users\PCW\AppData\Roaming\skypePM
2008-11-30 13:42 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-11-28 18:15 --------- d-----w c:\users\PCW\AppData\Roaming\Azureus
2008-11-28 14:33 9,594 ----a-w c:\users\PCW\AppData\Roaming\wklnhst.dat
2008-11-25 12:51 --------- d-----w c:\users\PCW\AppData\Roaming\dvdcss
2008-11-24 00:38 --------- d-----w c:\program files\Vuze
2008-10-16 02:08 --------- d-----w c:\program files\Windows Mail
2008-10-09 08:49 --------- d-----w c:\program files\QuickTime
2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-29 00:22 --------- d-----w c:\users\PCW\AppData\Roaming\Yahoo!
2008-09-06 19:20 2,032 ----a-w c:\windows\CLEANUP.CMD
2008-09-06 02:31 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-09-06 02:31 315,392 ----a-w c:\windows\HideWin.exe
2008-08-02 03:26 36,864 ----a-w c:\windows\System32\cdd.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 09:00 39472 --a------ c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-24 133656]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.exe" [2008-01-02 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.exe" [2007-03-20 1884160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-10-09 413696]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-30 1234712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2008-01-24 c:\windows\SkyTel.exe]c:\users\PCW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-09-08 557568]c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-06 113664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-03-13 535336]
SETAUDIO.EXE [2008-04-04 20480]
SETRES.EXE [2008-04-04 20480][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll[HKLM\~\startupfolder\C:^Users^PCW^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\PCW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{72123FFE-BB08-48F2-B7AF-257B2DDBCA8D}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{33A26CA1-D20E-48B1-8009-39DBF7D59ADC}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{419F4AE7-FEA0-457C-A110-0CCF57166A2E}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{51AE317D-CA38-483D-AC9E-4BDDE83DDAF8}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{E47BB8AF-CC1C-43AE-A5FF-1F405554A95E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B948D066-090D-4853-B422-CA46B337C418}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F214CC9A-F6EB-4E85-82E8-40850B77CD21}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{AFCCDB91-CACE-46D1-B4B1-F923DFC0A6FB}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{8D297F45-E923-4339-A3F2-D52E81791B91}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{91CB6C20-9435-4142-9130-6C3A0F7867CA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{77ADB471-3979-4241-8126-FDCD34B8874C}"= UDP:3703:Adobe Version Cue CS3 Server
"{21F19CC8-BF8A-483C-89B9-070B2B8890E2}"= UDP:3704:Adobe Version Cue CS3 Server
"{46F6657A-6825-4E82-A865-8351786576AD}"= UDP:50900:Adobe Version Cue CS3 Server
"{F544A1E9-8A68-49B3-B5CD-34F841ACE71F}"= UDP:50901:Adobe Version Cue CS3 Server
"{AA050AA5-0F2B-49EF-954A-10F5067CB199}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{F0EFC8BF-F06C-4F6F-8700-00EF4A0DB3B0}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{DDFD0340-0926-4065-8A8E-9C3F2FC29A20}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{2CADD80F-F29C-4B65-A2E7-0833F84F2744}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{C0B73D34-6D15-4C9B-A20F-19896F365BAD}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{C0A31084-8837-4687-956E-767660603EFB}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-30 97928]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};\??\c:\program files\Acer Arcade Deluxe\Play Movie\[u]0[/u]00.fcl [2008-09-06 19:25:14 41456]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-30 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-30 231704]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-11-30 69128]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2008-03-13 43008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-13 179712]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-20 29192][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce026695-7d9d-11dd-8bc4-9358bb26226c}]
\shell\AutoRun\command - F:\Autoplay.exe -auto*Newly Created Service* - AVGLDX86
*Newly Created Service* - AVGMFX86
*Newly Created Service* - AVGWFPX
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-eRecoveryService - (no file)**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 16:54:45
Windows 6.0.6001 Service Pack 1 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\PCW\AppData\Local\Temp\catchme.dll 53248 bytes executablescan completed successfully
hidden files: 1**************************************************************************
.
Completion time: 2008-11-30 16:55:54
ComboFix-quarantined-files.txt 2008-11-30 16:55:52Pre-Run: 11,175,038,976 bytes free
Post-Run: 11,588,235,264 bytes free209 --- E O F --- 2008-11-26 00:29:49
0
You need to empty the restore. Do a google search on how the empty the vista restore folder.
Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Please run Esets online scanner from this link:
1. Note: You will need to use Internet explorer for this scan
2. Tick the box next to YES, I accept the Terms of Use.
3. Click Start
4. When asked, allow the activex control to install
5. Click Start
6. Make sure that the option Remove found threats is unticked ( Iwant to see what is found first), and the option Scan unwanted applications is checked
7. Click Scan
8. Wait for the scan to finish
9. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
10. Copy and paste that log in your next reply.
0
Hi. Couldn't find exact instructions on how to empty Vista Restore Folder ANYWHERE by Googling (maybe being stupid, but could only see variations on this which didn't seem like same thing and didn't want to do something risky to heart of my laptop).
However I have noticed that Google now, after several days of the previous problem, suddenly seems to be working properly again. Could previous instructions have solved main problem and now perhaps I can just start up the Anti-Virus software to run as usual, without doing anything further? Would you advise that and returning here if problem starts again?
0
Go to this link and follow the directions to disable then re-enable Vista system restore.(at the bottom of the page)
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
