WiredWX Hobby Weather ToolsLog in

 


Little annoying problems

3 posters

descriptionLittle annoying problems - Page 2 EmptyRe: Little annoying problems

more_horiz
Well, I'm getting redirected again. I notices the link says clickover.cn every time before it goes to another site, if that helps.


Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not delete file "C:\Windows\System32\drivers\vsfoceicnqwlro.sys"
Deletion of file "C:\Windows\System32\drivers\vsfoceicnqwlro.sys" failed!
Status: 0xc0000156


Error: could not delete file "C:\Windows\System32\drivers\vsfocewrsrpiim.sys"
Deletion of file "C:\Windows\System32\drivers\vsfocewrsrpiim.sys" failed!
Status: 0xc0000156


Error: could not delete file "C:\Windows\System32\vsfoceavmbqomv.dat"
Deletion of file "C:\Windows\System32\vsfoceavmbqomv.dat" failed!
Status: 0xc0000156


Error: could not delete file "C:\Windows\System32\vsfoceionrqtct.dll"
Deletion of file "C:\Windows\System32\vsfoceionrqtct.dll" failed!
Status: 0xc0000156


Error: could not delete file "C:\Windows\System32\vsfocekicdvdsa.dll"
Deletion of file "C:\Windows\System32\vsfocekicdvdsa.dll" failed!
Status: 0xc0000156


Error: could not delete file "C:\Windows\System32\vsfoceokutuses.dll"
Deletion of file "C:\Windows\System32\vsfoceokutuses.dll" failed!
Status: 0xc0000156


Error: could not delete file "C:\Windows\System32\vsfoceqiotvxxo.dat"
Deletion of file "C:\Windows\System32\vsfoceqiotvxxo.dat" failed!
Status: 0xc0000156


Error: could not delete file "C:\Windows\System32\vsfoceqyeuhsgn.dll"
Deletion of file "C:\Windows\System32\vsfoceqyeuhsgn.dll" failed!
Status: 0xc0000156


Completed script processing.

*******************

Finished! Terminate.

descriptionLittle annoying problems - Page 2 EmptyRe: Little annoying problems

more_horiz
Hello.
Please hold tight, I'm talking to someone who's played with this and we might be able to beat it, as the avenger isn't shifting it.

For now, please re-run GMER and post a new log.

descriptionLittle annoying problems - Page 2 EmptyRe: Little annoying problems

more_horiz
I got another bluescreen when trying to run it in normal mode, but it works in safe mode.

GMER 1.0.15.15011 [moomoofarm.exe] - http://www.gmer.net
Rootkit scan 2009-08-05 12:24:06
Windows 6.0.6002 Service Pack 2


---- System - GMER 1.0.15 ----

Code 85FCB398 ZwEnumerateKey
Code 85FCB360 ZwFlushInstructionCache
Code 85FB2516 ZwSaveKey
Code 85FC72E6 ZwSaveKeyEx
Code 85FCA2DD IofCallDriver
Code 85FBF46E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 8268F912 5 Bytes JMP 85FCA2E2
.text ntkrnlpa.exe!IofCompleteRequest 8268F97F 5 Bytes JMP 85FBF473
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 827FAEF5 5 Bytes JMP 85FCB364
PAGE ntkrnlpa.exe!ZwEnumerateKey 828480BA 5 Bytes JMP 85FCB39C
PAGE ntkrnlpa.exe!ZwSaveKey 8289D969 5 Bytes JMP 85FB251A
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8289DB07 5 Bytes JMP 85FC72EA

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\lsm.exe[548] ntdll.dll!LdrLoadDll 77159390 5 Bytes JMP 007E000A
.text C:\Windows\system32\svchost.exe[696] ntdll.dll!LdrLoadDll 77159390 5 Bytes JMP 0025000A
.text C:\Windows\System32\svchost.exe[816] ntdll.dll!LdrLoadDll 77159390 5 Bytes JMP 006D000A
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!LdrLoadDll 77159390 5 Bytes JMP 000E000A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1216] ntdll.dll!LdrLoadDll 77159390 5 Bytes JMP 003C000A
.text ...

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\vsfoceyqcnixtb.sys (*** hidden *** ) [SYSTEM] vsfocebqneokrv <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv@imagepath \systemroot\system32\drivers\vsfoceyqcnixtb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\main@aid 10002
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\main@sid 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\main\injector@* vsfocewsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\modules@vsfocerk.sys \systemroot\system32\drivers\vsfoceyqcnixtb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\modules@vsfoce.dat \systemroot\system32\vsfocetpbcydmi.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\modules@vsfocelog.dat \systemroot\system32\vsfoceiyrvdopr.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\modules@vsfocecmd.dll \systemroot\system32\vsfoceihbjcqxm.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\modules@vsfocewsp.dll \systemroot\system32\vsfocetvpobrha.dll
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv@imagepath \systemroot\system32\drivers\vsfoceyqcnixtb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\main@aid 10002
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\main@sid 1
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\main\injector@* vsfocewsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\modules@vsfocerk.sys \systemroot\system32\drivers\vsfoceyqcnixtb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\modules@vsfoce.dat \systemroot\system32\vsfocetpbcydmi.dat
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\modules@vsfocelog.dat \systemroot\system32\vsfoceiyrvdopr.dat
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\modules@vsfocecmd.dll \systemroot\system32\vsfoceihbjcqxm.dll
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\modules@vsfocewsp.dll \systemroot\system32\vsfocetvpobrha.dll

---- Files - GMER 1.0.15 ----

File C:\Users\andrew\AppData\Local\Temp\vsfoce000 0 bytes
File C:\Windows\System32\drivers\vsfoceicnqwlro.sys 67072 bytes
File C:\Windows\System32\drivers\vsfocevsubmmox.sys 67072 bytes
File C:\Windows\System32\drivers\vsfocewrsrpiim.sys 67072 bytes
File C:\Windows\System32\drivers\vsfoceyqcnixtb.sys 67072 bytes <-- ROOTKIT !!!
File C:\Windows\System32\vsfocekicdvdsa.dll 41472 bytes
File C:\Windows\System32\vsfoceavmbqomv.dat 91 bytes
File C:\Windows\System32\vsfocebxtctfpi.dat 91 bytes
File C:\Windows\System32\vsfocedutbikto.dll 18944 bytes
File C:\Windows\System32\vsfoceebipxxii.dll 18944 bytes
File C:\Windows\System32\vsfoceeeadtedu.dat 762 bytes
File C:\Windows\System32\vsfoceihbjcqxm.dll 41472 bytes
File C:\Windows\System32\vsfoceionrqtct.dll 18944 bytes
File C:\Windows\System32\vsfoceiyrvdopr.dat 18351 bytes
File C:\Windows\System32\vsfoceokutuses.dll 41472 bytes
File C:\Windows\System32\vsfoceprlibcit.dat 11196 bytes
File C:\Windows\System32\vsfoceqiotvxxo.dat 21740 bytes
File C:\Windows\System32\vsfoceqyeuhsgn.dll 18944 bytes
File C:\Windows\System32\vsfocetpbcydmi.dat 91 bytes
File C:\Windows\System32\vsfocetvpobrha.dll 18944 bytes
File C:\Windows\System32\vsfocevmjirnqw.dll 41472 bytes
File C:\Windows\System32\vsfocevymmowtj.dat 402 bytes
File C:\Windows\System32\vsfocexkivgxni.dll 41472 bytes
File C:\Windows\Temp\vsfoceqdkrwyopis.tmp 91 bytes

---- EOF - GMER 1.0.15 ----

descriptionLittle annoying problems - Page 2 EmptyRe: Little annoying problems

more_horiz
Hello.
We've found away around this now. Hooray! We can't delete the files just yet, first, we have to kill them from the inside before deleting them from the outside if you know what I mean.

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


Registry keys to replace with dummy:
HKLM\SYSTEM\ControlSet001\Services\UACd.sys
HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv
HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv

Files to replace with dummy:
C:\Windows\System32\drivers\vsfoceyqcnixtb.sys


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.

descriptionLittle annoying problems - Page 2 EmptyRe: Little annoying problems

more_horiz
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: registry key "\Registry\Machine\SYSTEM\ControlSet001\Services\UACd.sys" not found!
Replacement with dummy of registry key "HKLM\SYSTEM\ControlSet001\Services\UACd.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv" replaced with dummy successfully.
Registry key "HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv" replaced with dummy successfully.

Error: could not delete file "C:\Windows\System32\drivers\vsfoceyqcnixtb.sys"
Replacement with dummy of file "C:\Windows\System32\drivers\vsfoceyqcnixtb.sys" failed!
Status: 0xc0000156


Completed script processing.

*******************

Finished! Terminate.

descriptionLittle annoying problems - Page 2 EmptyRe: Little annoying problems

more_horiz
Hello.
Damn, didn't work. Were gonna have to try this next method manually.

Go to Start and in the little search box, just type "Run", then when it finds the run command, right click and select "Run as administrator"

Now when the run command box opens, copy/paste in the following, do not edit this in any way.

notepad "C:\Windows\System32\drivers\vsfoceyqcnixtb.sys"

When it opens, it will show a bunch of random letter junk, this is normal.
Press ctrl+A to select everything (it will go blue highlight) and press the backspace key so it deletes everything, leaving it blank.

Go to File > Save. Press ok to any warning about overwriting it.

Let me know how that goes.

descriptionLittle annoying problems - Page 2 EmptyRe: Little annoying problems

more_horiz
I did it, as far as I know it stays blank with nothing special happening.

descriptionLittle annoying problems - Page 2 EmptyRe: Little annoying problems

more_horiz
Yes, nothing special is supposed to happen. It worked, I didn't think it would.
Reboot normally.

Now navigate to and see if you can manually delete this file:
C:\Windows\System32\drivers\vsfoceyqcnixtb.sys

Right click > Delete.

Let me know how it goes.

descriptionLittle annoying problems - Page 2 EmptyRe: Little annoying problems

more_horiz
I was able to delete it.

descriptionLittle annoying problems - Page 2 EmptyRe: Little annoying problems

more_horiz
Can you run another GMER scan, I want to make sure there's no leftovers.

descriptionLittle annoying problems - Page 2 EmptyRe: Little annoying problems

more_horiz
GMER 1.0.15.15011 [moomoofarm.exe] - http://www.gmer.net
Rootkit scan 2009-08-06 15:18:23
Windows 6.0.6002 Service Pack 2


---- Services - GMER 1.0.15 ----

Service system32\drivers\vsfoceyqcnixtb.sys (*** hidden *** ) [SYSTEM] vsfocebqneokrv <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv@imagepath \systemroot\system32\drivers\vsfoceyqcnixtb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\main@aid
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\main@sid
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\main@cmddelay 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\main\injector@*
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\modules@vsfocerk.sys \systemroot\system32\drivers\vsfoceyqcnixtb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\modules@vsfoce.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\modules@vsfocelog.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\modules@vsfocecmd.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv\modules@vsfocewsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv@imagepath \systemroot\system32\drivers\vsfoceyqcnixtb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\main@aid
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\main@sid
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\main@cmddelay 0
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\main\injector@*
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\modules@vsfocerk.sys \systemroot\system32\drivers\vsfoceyqcnixtb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\modules@vsfoce.dat
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\modules@vsfocelog.dat
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\modules@vsfocecmd.dll
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv\modules@vsfocewsp.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Counter 5112
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Help 5113

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 60: copy of MBR

---- EOF - GMER 1.0.15 ----

descriptionLittle annoying problems - Page 2 EmptyRe: Little annoying problems

more_horiz
Okay, lets finish this now.

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


Drivers to disable:
vsfocebqneokrv

Drivers to delete:
vsfocebqneokrv

Files to delete:
C:\WINDOWS\system32\drivers\vsfoceyqcnixtb.sys

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv
HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.

descriptionLittle annoying problems - Page 2 EmptyRe: Little annoying problems

more_horiz
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "vsfocebqneokrv" disabled successfully.
Driver "vsfocebqneokrv" deleted successfully.

Error: file "C:\WINDOWS\system32\drivers\vsfoceyqcnixtb.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\vsfoceyqcnixtb.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\vsfocebqneokrv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKLM\SYSTEM\ControlSet003\Services\vsfocebqneokrv" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

descriptionLittle annoying problems - Page 2 EmptyRe: Little annoying problems

more_horiz
Okay, one more scan.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.

descriptionLittle annoying problems - Page 2 EmptyRe: Little annoying problems

more_horiz
DDS (Ver_09-07-30.01) - NTFSx86
Run by andrew at 17:05:31.49 on Fri 08/07/2009
Internet Explorer: 7.0.6002.18005
Microsoft®️ Windows Vista™️ Home Premium 6.0.6002.2.1252.1.1033.18.1918.926 [GMT -7:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\andrew\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page =
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5639E
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptcl.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Spare Backup] "c:\program files\spare backup\SpareBackup.exe" /silent
mRun: [BigFix] c:\program files\bigfix\bigfix.exe /atstartup
mRun: [MskAgentexe] c:\program files\mcafee\msk\MskAgent.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\597hpac1.default\
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

descriptionLittle annoying problems - Page 2 EmptyRe: Little annoying problems

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum