WiredWX Hobby Weather ToolsLog in

 


Vista Home Security 2011

2 posters

descriptionVista Home Security 2011  EmptyVista Home Security 2011

more_horiz
Sirs,

I have a laptop (not the machine I'm contacting you on) using Vista home version. Multiple pop up boxes cover the screen telling me I need to purchase/activate Vista Home Security 2011. Unable to close any boxes.

I attempted to run the Malwarebytes as suggested in your guide but the machine would not allow it to start.
Look forward to your advice.
Regards, Cantrad

descriptionVista Home Security 2011  EmptyRe: Vista Home Security 2011

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionVista Home Security 2011  EmptyRe: Vista Home Security 2011

more_horiz
Unable to download OTL. Get a pop up box saying "OTL has encountered a problem and needs to close. We are sorry for the inconvenience." I'm then given an option to inform Microsoft about the problem. I also tryed to download on a different machine with the same result.
Regards.

descriptionVista Home Security 2011  EmptyRe: Vista Home Security 2011

more_horiz
Hello.
Try this instead.


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.

descriptionVista Home Security 2011  EmptyRe: Vista Home Security 2011

more_horiz
Thanks for your reply. Before I carry out your instructions, could you just clarify that the procedure will be okay to transfer to the infected machine by a memory stick?

descriptionVista Home Security 2011  EmptyRe: Vista Home Security 2011

more_horiz
Please ignore previous post. Managed obtain both logs, as follows:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Gary at 22:16:53.96 on 27/04/2011
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1518 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Qcudoa.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Users\Gary\AppData\Local\temp\wrw94t6.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Users\Gary\AppData\Local\smo.exe
C:\Users\Gary\AppData\Local\temp\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Gary\AppData\Local\temp\ngnlaq7c.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Users\Gary\AppData\Local\temp\ngnlaq7c.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Users\Gary\AppData\Local\temp\mdm.exe
C:\Users\Gary\AppData\Local\temp\iexplarer.exe
C:\Users\Gary\AppData\Local\temp\wrw94t6.exe
C:\Users\Gary\AppData\Local\temp\system.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\attrib.exe
C:\Users\Gary\AppData\Local\temp\wrw94t6.exe
C:\Windows\login.exe
C:\Users\Gary\AppData\Local\temp\smss.exe
C:\Users\Gary\AppData\Local\temp\ngnlaq7c.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Users\Gary\AppData\Local\temp\ngnlaq7c.exe
C:\Users\Gary\AppData\Local\temp\wrw94t6.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Gary\AppData\Local\Temp\Qjw.exe
C:\Users\Gary\AppData\Local\Temp\Qju.exe
F:\dds.scr
F:\dds.scr
F:\dds.scr
F:\dds.scr
C:\Users\Gary\AppData\Local\temp\system.exe
C:\Users\Gary\AppData\Local\temp\system.exe
C:\Windows\system32\werfault.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\findstr.exe
C:\Windows\system32\findstr.exe
C:\Windows\system32\findstr.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://news.bbc.co.uk/1/hi/business/default.stm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = ;*.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\program files\acvtrwgg\iikgcwmw.exe
BHO: c:\windows\system32\h2y6sb2hgl.dll: {e1b220c3-a500-99bd-a121-04b53a2c8952} - c:\windows\system32\h2y6sb2hgl.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [Google Update] "c:\users\gary\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [D1T2EUR7FZ] c:\users\gary\appdata\local\temp\Qju.exe
uRun: [NtWqIVLZEWZU] c:\users\gary\appdata\local\temp\Qjw.exe
uRun: [dAmLSTWYyWMb] c:\programdata\dAmLSTWYyWMb.exe
uRun: [Oveyunazil] rundll32.exe "c:\users\gary\appdata\local\vcsret.dll",Startup
uRun: [LvdhiejlvFc] c:\users\gary\appdata\local\temp\wrw94t6.exe
uRun: [Mqsrc] c:\windows\login.exe
uRun: [Lvdhiejlrf] c:\users\gary\appdata\local\temp\smss.exe
uRun: [MqrMc] c:\windows\gdi32.exe
uRun: [LvdhiejlsPc] c:\users\gary\appdata\local\temp\nvsvc32.exe
uRun: [Mqva] c:\windows\win.exe
uRun: [Lvdhiejlqc] c:\users\gary\appdata\local\temp\win.exe
uRun: [Mqvpe] c:\windows\winamp.exe
uRun: [Lvdhiejlndb] c:\users\gary\appdata\local\temp\ngnlaq7c.exe
uRun: [LvdhiejlqZ] c:\users\gary\appdata\local\temp\msmgm.exe
uRun: [Mqvre] c:\windows\wininst.exe
uRun: [Lvdhiejlk+] c:\users\gary\appdata\local\temp\gdi32.exe
uRun: [Lvdhiejlotc] c:\users\gary\appdata\local\temp\hexdump.exe
uRun: [Lvdhiejlhb] c:\users\gary\appdata\local\temp\debug.exe
uRun: [Lvdhiejloc] c:\users\gary\appdata\local\temp\avp.exe
uRun: [Lvdhiejlna] c:\users\gary\appdata\local\temp\login.exe
uRun: [Lvdhiejlpsc] c:\users\gary\appdata\local\temp\taskmgr.exe
uRun: [Mqvsc] c:\windows\winlogon.exe
uRun: [Lvdhiejlqvc] c:\users\gary\appdata\local\temp\svchost.exe
uRun: [Lvdhiejlmc] c:\users\gary\appdata\local\temp\mdm.exe
uRun: [MqpSc] c:\windows\avp32.exe
uRun: [Lvdhiejlqe] c:\users\gary\appdata\local\temp\setup.exe
uRun: [MqqZ] c:\windows\cmd.exe
uRun: [MqsZ] c:\windows\mdm.exe
uRun: [Lvdhiejlrxc] c:\users\gary\appdata\local\temp\spoolsv.exe
uRun: [Lvdhiejlupc] c:\users\gary\appdata\local\temp\sysedit.exe
uRun: [Mqrta] c:\windows\install.exe
uRun: [LvdhiejlqW] c:\users\gary\appdata\local\temp\drweb.exe
uRun: [Lvdhiejlq+] c:\users\gary\appdata\local\temp\win32.exe
uRun: [Lvdhiejlqse] c:\users\gary\appdata\local\temp\winlogon.exe
uRun: [Lvdhiejlpe] c:\users\gary\appdata\local\temp\csrss.exe
uRun: [Lvdhiejlqb] c:\users\gary\appdata\local\temp\winamp.exe
uRun: [Mqqoc] c:\windows\debug.exe
uRun: [Mque] c:\windows\user.exe
uRun: [Lvdhiejlqf] c:\users\gary\appdata\local\temp\user.exe
uRun: [2EOETFM3W2] c:\windows\Qcudoa.exe
uRun: [Mqruqc] c:\windows\iexplarer.exe
uRun: [Lvdhiejlo+] c:\users\gary\appdata\local\temp\avp32.exe
uRun: [Lvdhiejlkc] c:\users\gary\appdata\local\temp\cmd.exe
uRun: [Mqrtc] c:\windows\hexdump.exe
uRun: [Lvdhiejlora] c:\users\gary\appdata\local\temp\iexplarer.exe
uRun: [Mqpe] c:\windows\avp.exe
uRun: [Lvdhiejtpe] c:\users\gary\appdata\local\temp\csrss.exe
uRun: [Lvdhiejthb] c:\users\gary\appdata\local\temp\debug.exe
uRun: [Lvdhiejtupc] c:\users\gary\appdata\local\temp\sysedit.exe
uRun: [Lvdhiejtqvc] c:\users\gary\appdata\local\temp\wininst.exe
uRun: [Lvdhiejto+] c:\users\gary\appdata\local\temp\avp32.exe
uRun: [LvdhiejtqW] c:\users\gary\appdata\local\temp\drweb.exe
uRun: [LvdhiejtsPc] c:\users\gary\appdata\local\temp\nvsvc32.exe
uRun: [Lvdhiejtpsc] c:\users\gary\appdata\local\temp\taskmgr.exe
uRun: [LvdhiejtqZ] c:\users\gary\appdata\local\temp\msmgm.exe
uRun: [Lvdhiejtna] c:\users\gary\appdata\local\temp\login.exe
uRun: [Lvdhiejtk+] c:\users\gary\appdata\local\temp\gdi32.exe
uRun: [Lvdhiejtndb] c:\users\gary\appdata\local\temp\ngnlaq7c.exe
uRun: [Lvdhiejtq+] c:\users\gary\appdata\local\temp\win32.exe
uRun: [Lvdhiejtqc] c:\users\gary\appdata\local\temp\win.exe
uRun: [Lvdhiejtrf] c:\users\gary\appdata\local\temp\smss.exe
uRun: [Lvdhiejtqf] c:\users\gary\appdata\local\temp\user.exe
uRun: [Lvdhiejtotc] c:\users\gary\appdata\local\temp\hexdump.exe
uRun: [Lvdhiejtkc] c:\users\gary\appdata\local\temp\cmd.exe
uRun: [Lvdhiejtrxc] c:\users\gary\appdata\local\temp\spoolsv.exe
uRun: [Lvdhiejtoc] c:\users\gary\appdata\local\temp\avp.exe
uRun: [Lvdhiejtqb] c:\users\gary\appdata\local\temp\winamp.exe
uRun: [Lvdhiejtqse] c:\users\gary\appdata\local\temp\winlogon.exe
uRun: [Lvdhiejtora] c:\users\gary\appdata\local\temp\iexplarer.exe
uRun: [Lvdhiejtmc] c:\users\gary\appdata\local\temp\mdm.exe
uRun: [LvdhiejtvFc] c:\users\gary\appdata\local\temp\wrw94t6.exe
uRun: [Lvdhiejtqe] c:\users\gary\appdata\local\temp\setup.exe
uRun: [MqvPc] c:\windows\win16.exe
uRun: [Lvdhiejlub] c:\users\gary\appdata\local\temp\sysmgm.exe
uRun: [Lvdhiejlne] c:\users\gary\appdata\local\temp\lsass.exe
uRun: [Lvdhiejtub] c:\users\gary\appdata\local\temp\sysmgm.exe
uRun: [Lvdhiejtne] c:\users\gary\appdata\local\temp\lsass.exe
uRun: [Lvdhiejlprc] c:\users\gary\appdata\local\temp\install.exe
uRun: [Lvdhiejlppf] c:\users\gary\appdata\local\temp\services.exe
uRun: [Mqqsc] c:\windows\drweb.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Lvdhiejlud] c:\users\gary\appdata\local\temp\system.exe
uRun: [Lvdhiejtppf] c:\users\gary\appdata\local\temp\services.exe
uRun: [Lvdhiejtud] c:\users\gary\appdata\local\temp\system.exe
uRun: [Lvdhiejtprc] c:\users\gary\appdata\local\temp\install.exe
uRun: [Mquvc] c:\windows\setup.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [UCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"
mRun: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [TVAgent] "c:\program files\hewlett-packard\media\tv\TVAgent.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: []
mRun: [LvdhiejlvFc] c:\users\gary\appdata\local\temp\wrw94t6.exe
mRun: [Mqsrc] c:\windows\login.exe
mRun: [Lvdhiejlrf] c:\users\gary\appdata\local\temp\smss.exe
mRun: [MqrMc] c:\windows\gdi32.exe
mRun: [LvdhiejlsPc] c:\users\gary\appdata\local\temp\nvsvc32.exe
mRun: [Mqva] c:\windows\win.exe
mRun: [Lvdhiejlqc] c:\users\gary\appdata\local\temp\win.exe
mRun: [Mqvpe] c:\windows\winamp.exe
mRun: [Lvdhiejlndb] c:\users\gary\appdata\local\temp\ngnlaq7c.exe
mRun: [LvdhiejlqZ] c:\users\gary\appdata\local\temp\msmgm.exe
mRun: [Mqvre] c:\windows\wininst.exe
mRun: [Lvdhiejlk+] c:\users\gary\appdata\local\temp\gdi32.exe
mRun: [Lvdhiejlotc] c:\users\gary\appdata\local\temp\hexdump.exe
mRun: [Lvdhiejlhb] c:\users\gary\appdata\local\temp\debug.exe
mRun: [Lvdhiejloc] c:\users\gary\appdata\local\temp\avp.exe
mRun: [Lvdhiejlna] c:\users\gary\appdata\local\temp\login.exe
mRun: [Lvdhiejlpsc] c:\users\gary\appdata\local\temp\taskmgr.exe
mRun: [Mqvsc] c:\windows\winlogon.exe
mRun: [Lvdhiejlqvc] c:\users\gary\appdata\local\temp\svchost.exe
mRun: [Lvdhiejlmc] c:\users\gary\appdata\local\temp\mdm.exe
mRun: [MqpSc] c:\windows\avp32.exe
mRun: [Lvdhiejlqe] c:\users\gary\appdata\local\temp\setup.exe
mRun: [MqqZ] c:\windows\cmd.exe
mRun: [MqsZ] c:\windows\mdm.exe
mRun: [Lvdhiejlrxc] c:\users\gary\appdata\local\temp\spoolsv.exe
mRun: [Lvdhiejlupc] c:\users\gary\appdata\local\temp\sysedit.exe
mRun: [Mqrta] c:\windows\install.exe
mRun: [LvdhiejlqW] c:\users\gary\appdata\local\temp\drweb.exe
mRun: [Eyedejef] rundll32.exe "c:\users\gary\appdata\local\usucoxicak.dll",Startup
mRun: [Lvdhiejlq+] c:\users\gary\appdata\local\temp\win32.exe
mRun: [Lvdhiejlqse] c:\users\gary\appdata\local\temp\winlogon.exe
mRun: [Lvdhiejlpe] c:\users\gary\appdata\local\temp\csrss.exe
mRun: [Lvdhiejlqb] c:\users\gary\appdata\local\temp\winamp.exe
mRun: [Mqqoc] c:\windows\debug.exe
mRun: [Mque] c:\windows\user.exe
mRun: [Lvdhiejlqf] c:\users\gary\appdata\local\temp\user.exe
mRun: [Mqruqc] c:\windows\iexplarer.exe
mRun: [Lvdhiejlo+] c:\users\gary\appdata\local\temp\avp32.exe
mRun: [Lvdhiejlkc] c:\users\gary\appdata\local\temp\cmd.exe
mRun: [Mqrtc] c:\windows\hexdump.exe
mRun: [Lvdhiejlora] c:\users\gary\appdata\local\temp\iexplarer.exe
mRun: [Mqpe] c:\windows\avp.exe
mRun: [Lvdhiejtpe] c:\users\gary\appdata\local\temp\csrss.exe
mRun: [Lvdhiejthb] c:\users\gary\appdata\local\temp\debug.exe
mRun: [Lvdhiejtupc] c:\users\gary\appdata\local\temp\sysedit.exe
mRun: [Lvdhiejtqvc] c:\users\gary\appdata\local\temp\wininst.exe
mRun: [Lvdhiejto+] c:\users\gary\appdata\local\temp\avp32.exe
mRun: [LvdhiejtqW] c:\users\gary\appdata\local\temp\drweb.exe
mRun: [LvdhiejtsPc] c:\users\gary\appdata\local\temp\nvsvc32.exe
mRun: [Lvdhiejtpsc] c:\users\gary\appdata\local\temp\taskmgr.exe
mRun: [LvdhiejtqZ] c:\users\gary\appdata\local\temp\msmgm.exe
mRun: [Lvdhiejtna] c:\users\gary\appdata\local\temp\login.exe
mRun: [Lvdhiejtk+] c:\users\gary\appdata\local\temp\gdi32.exe
mRun: [Lvdhiejtndb] c:\users\gary\appdata\local\temp\ngnlaq7c.exe
mRun: [Lvdhiejtq+] c:\users\gary\appdata\local\temp\win32.exe
mRun: [Lvdhiejtqc] c:\users\gary\appdata\local\temp\win.exe
mRun: [Lvdhiejtrf] c:\users\gary\appdata\local\temp\smss.exe
mRun: [Lvdhiejtqf] c:\users\gary\appdata\local\temp\user.exe
mRun: [Lvdhiejtotc] c:\users\gary\appdata\local\temp\hexdump.exe
mRun: [Lvdhiejtkc] c:\users\gary\appdata\local\temp\cmd.exe
mRun: [Lvdhiejtrxc] c:\users\gary\appdata\local\temp\spoolsv.exe
mRun: [Lvdhiejtoc] c:\users\gary\appdata\local\temp\avp.exe
mRun: [Lvdhiejtqb] c:\users\gary\appdata\local\temp\winamp.exe
mRun: [Lvdhiejtqse] c:\users\gary\appdata\local\temp\winlogon.exe
mRun: [Lvdhiejtmc] c:\users\gary\appdata\local\temp\mdm.exe
mRun: [Lvdhiejtora] c:\users\gary\appdata\local\temp\iexplarer.exe
mRun: [LvdhiejtvFc] c:\users\gary\appdata\local\temp\wrw94t6.exe
mRun: [Lvdhiejtqe] c:\users\gary\appdata\local\temp\setup.exe
mRun: [MqvPc] c:\windows\win16.exe
mRun: [Lvdhiejlub] c:\users\gary\appdata\local\temp\sysmgm.exe
mRun: [Lvdhiejlne] c:\users\gary\appdata\local\temp\lsass.exe
mRun: [Lvdhiejtub] c:\users\gary\appdata\local\temp\sysmgm.exe
mRun: [Lvdhiejtne] c:\users\gary\appdata\local\temp\lsass.exe
mRun: [Lvdhiejlprc] c:\users\gary\appdata\local\temp\install.exe
mRun: [Lvdhiejlppf] c:\users\gary\appdata\local\temp\services.exe
mRun: [Mqqsc] c:\windows\drweb.exe
mRun: [Lvdhiejlud] c:\users\gary\appdata\local\temp\system.exe
mRun: [Lvdhiejtppf] c:\users\gary\appdata\local\temp\services.exe
mRun: [Lvdhiejtud] c:\users\gary\appdata\local\temp\system.exe
mRun: [Lvdhiejtprc] c:\users\gary\appdata\local\temp\install.exe
mRun: [Mquvc] c:\windows\setup.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-explorer: HideSCAHealth = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxp://email.sjp.co.uk/exchweb/controls/DAX.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://neo3.sjp.co.uk/dana-cached/sc/JuniperSetupClient.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
STS: c:\windows\system32\h2y6sb2hgl.dll: {e1b220c3-a500-99bd-a121-04b53a2c8952} - c:\windows\system32\h2y6sb2hgl.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gary\appdata\roaming\mozilla\firefox\profiles\nwemyndf.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/1/hi/business/default.stm
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\gary\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {793F27D7-D86E-433A-8440-72EA535BA2C0} - c:\users\gary\appdata\local\{793F27D7-D86E-433A-8440-72EA535BA2C0}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R? AntiVirSchedulerService;Avira AntiVir Scheduler
R? AntiVirService;Avira AntiVir Guard
R? avgntflt;avgntflt
R? BBSvc;Bing Bar Update Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? ggflt;SEMC USB Flash Driver Filter
R? JMCR;JMCR
R? McComponentHostService;McAfee Security Scan Component Host Service
R? mferkdet;McAfee Inc. mferkdet
R? Micorsoft Windows Service;Micorsoft Windows Service
R? s0016bus;Sony Ericsson Device 0016 driver (WDM)
R? s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter
R? s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver
R? s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
R? s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
R? s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface
R? s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
R? wlcrasvc;Windows Live Mesh remote connections service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/03/06 09:07:44]
S? AESTFilters;Andrea ST Filters Service
S? avgio;avgio
S? Com4QLBEx;Com4QLBEx
S? enecir;ENE CIR Receiver
S? FontCache;Windows Font Cache Service
S? hpsrv;HP Service
S? McAfeeEngineService;McAfee Engine Service
S? McAfeeFramework;McAfee Framework Service
S? McShield;McAfee McShield
S? McTaskManager;McAfee Task Manager
S? mfeavfk;McAfee Inc. mfeavfk
S? mfebopk;McAfee Inc. mfebopk
S? mfehidk;McAfee Inc. mfehidk
S? mfevtp;McAfee Validation Trust Protection Service
S? Net6IM;Net6
S? nsverctl;Citrix Secure Access Client Service
S? OMSI download service;Sony Ericsson OMSI download service
S? RapportBuka;RapportBuka
S? RapportCerberus_25973;RapportCerberus_25973
S? RapportKELL;RapportKELL
S? RapportPG;RapportPG
S? Recovery Service for Windows;Recovery Service for Windows
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? seehcri;Sony Ericsson seehcri Device Driver
S? TVCapSvc;TV Background Capture Service (TVBCS)
S? TVSched;TV Task Scheduler (TVTS)
S? usbfilter;AMD USB Filter Driver
.
=============== Created Last 30 ================
.
2011-04-23 10:54:06 15968 ---h--w- c:\windows\setup.exe
2011-04-23 08:51:19 192512 --sha-w- c:\windows\system32\o4g8s.dll
2011-04-23 08:51:17 516096 --sha-w- c:\users\gary\appdata\local\smo.exe
2011-04-23 08:36:31 16188 ---h--w- c:\windows\drweb.exe
2011-04-23 01:13:34 16188 ---h--w- c:\windows\win16.exe
2011-04-23 01:12:58 730454 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-04-23 01:06:39 487424 ---ha-w- c:\progra~2\44031752.exe
2011-04-22 23:59:11 15936 ---h--w- c:\windows\hexdump.exe
2011-04-22 23:59:10 15936 ---h--w- c:\windows\avp.exe
2011-04-22 23:59:02 16188 ---h--w- c:\windows\iexplarer.exe
2011-04-22 23:58:25 -------- d--h--w- c:\program files\acvtrwgg
2011-04-22 23:46:08 0 ---ha-w- c:\users\gary\appdata\local\Pzujexamecus.bin
2011-04-22 23:45:59 -------- d--h--w- c:\users\gary\appdata\local\{793F27D7-D86E-433A-8440-72EA535BA2C0}
2011-04-22 23:43:07 15936 ---h--w- c:\windows\user.exe
2011-04-22 23:43:06 16188 ---h--w- c:\windows\debug.exe
2011-04-22 23:37:37 16188 ---h--w- c:\windows\winlogon.exe
2011-04-22 23:37:35 15936 ---h--w- c:\windows\cmd.exe
2011-04-22 23:37:25 15936 ---h--w- c:\windows\install.exe
2011-04-22 23:37:23 15936 ---h--w- c:\windows\avp32.exe
2011-04-22 23:37:22 16188 ---h--w- c:\windows\mdm.exe
2011-04-22 23:37:14 16188 ---h--w- c:\windows\win.exe
2011-04-22 23:37:10 16188 ---h--w- c:\windows\wininst.exe
2011-04-22 23:37:06 15936 ---h--w- c:\windows\gdi32.exe
2011-04-22 23:37:04 16188 ---h--w- c:\windows\winamp.exe
2011-04-22 23:37:03 15968 ---h--w- c:\windows\login.exe
2011-04-22 23:36:43 50000 ---ha-w- c:\windows\system32\h2y6sb2hgl.dll
2011-04-22 23:36:34 -------- d--h--w- c:\users\gary\appdata\roaming\Ufisva
2011-04-22 23:36:34 -------- d--h--w- c:\users\gary\appdata\roaming\Mola
2011-04-22 23:36:23 569344 ---ha-w- c:\progra~2\dAmLSTWYyWMb.exe
2011-04-22 23:36:21 116224 ---ha-w- c:\windows\Qcudoa.exe
2011-04-22 23:36:19 -------- d--h--w- c:\users\gary\appdata\roaming\Voroy
2011-04-22 23:36:19 -------- d--h--w- c:\users\gary\appdata\roaming\Osysu
2011-04-22 23:36:17 -------- d--h--w- c:\users\gary\appdata\roaming\Yhxumo
2011-04-22 23:36:17 -------- d--h--w- c:\users\gary\appdata\roaming\Foux
2011-04-22 23:36:16 50000 ---ha-w- c:\windows\system32\tnp93gtmzj.dll
2011-04-22 23:35:48 106496 --sha-r- c:\windows\system32\hpf3l082R.dll
2011-04-22 23:13:34 -------- d--h--w- c:\users\gary\appdata\local\{7758A47C-C86B-4E2C-83E6-79E58AAEBF9A}
2011-04-22 12:56:36 7071056 ---ha-w- c:\progra~2\microsoft\windows defender\definition updates\{994595f2-d7f2-4230-935a-f2afa5bc8dc8}\mpengine.dll
2011-04-21 06:33:31 -------- d--h--w- c:\users\gary\appdata\local\{3EC1E9C4-A524-42BD-938B-3171D89737EF}
2011-04-16 10:35:25 -------- d--h--w- c:\users\gary\appdata\roaming\eBookPro6
2011-04-15 06:35:46 -------- d--h--w- c:\users\gary\appdata\local\Trusteer
2011-04-14 19:41:50 -------- d--h--w- c:\users\gary\appdata\local\{9FAB8413-801F-4239-896A-4421DA68A31D}
2011-04-14 07:00:34 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 07:00:33 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 07:00:10 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-14 07:00:10 638232 ----a-w- c:\program files\internet explorer\iexplore.exe
2011-04-14 07:00:09 247808 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-04-14 07:00:09 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-14 07:00:08 743424 ----a-w- c:\program files\internet explorer\iedvtool.dll
2011-04-14 07:00:08 385024 ----a-w- c:\windows\system32\html.iec
2011-04-14 07:00:07 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-14 07:00:07 129536 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-04-14 07:00:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-04-14 07:00:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-14 07:00:06 197632 ----a-w- c:\program files\internet explorer\IEShims.dll
2011-04-14 07:00:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-14 07:00:05 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-14 07:00:00 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 06:59:59 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 06:59:59 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-14 06:59:59 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 06:58:58 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 06:58:57 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 06:58:26 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 06:58:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 06:58:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 06:57:54 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 06:57:53 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 06:57:22 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 06:56:49 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 06:56:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-14 06:56:13 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-13 06:36:49 -------- d--h--w- c:\users\gary\appdata\local\{3D0D1CA9-EC5C-4FC5-BF88-8941531D629A}
2011-04-12 06:42:04 -------- d--h--w- c:\users\gary\appdata\local\{401CFF5A-57AB-489C-9687-79DF50A3CE5F}
2011-04-11 16:53:57 -------- d--h--w- c:\users\gary\appdata\local\{2046F1F7-BF64-4BAF-B369-6BB40CC5088C}
2011-04-11 16:53:05 -------- d--h--w- c:\program files\Avanquest update
2011-04-11 16:53:04 -------- d--h--w- c:\progra~2\Avanquest
2011-04-09 07:40:20 -------- d--h--w- c:\users\gary\appdata\local\{31CF7293-F09D-4F7A-AC8A-00AD9AEDA83D}
2011-04-05 07:21:58 -------- d--h--w- c:\users\gary\appdata\local\{BD4D0FD9-1A21-4B76-A336-2198CC08ACBB}
2011-04-04 06:21:49 -------- d--h--w- c:\users\gary\appdata\local\{6FF39C19-0B69-4053-8035-77C0BDE8BB2A}
2011-04-03 09:08:31 -------- d--h--w- c:\windows\Hewlett-Packard
2011-04-03 08:58:11 -------- d--h--w- c:\users\gary\appdata\local\{AF919ACD-E643-46DD-BD62-B841B8BF3439}
2011-04-02 07:47:45 -------- d--h--w- c:\users\gary\appdata\local\{0299F461-CBAB-48BA-B34B-76DA633D2DFF}
2011-04-01 17:30:59 -------- d--h--w- c:\users\gary\appdata\roaming\HpUpdate
2011-03-30 09:08:23 -------- d--h--w- c:\users\gary\appdata\local\{376AA7A2-EF79-4739-A3F3-CAF7B0C18E79}
.
==================== Find3M ====================
.
2011-04-11 17:03:25 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-02 17:11:20 222080 ---h--w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 22:26:26.49 ===============

descriptionVista Home Security 2011  EmptyRe: Vista Home Security 2011

more_horiz
Second log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 06/03/2009 16:20:59
System Uptime: 27/04/2011 21:50:34 (1 hours ago)
.
Motherboard: Compal | | 30FD
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-74 | Socket M2/S1G1 | 1100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 144.29 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.855 GiB free.
E: is CDROM ()
F: is Removable
H: is NetworkDisk (NTFS) - 71 GiB total, 35.328 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e979-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\PRINTER\0000
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
8500A909_eDocs
8500A909_Help
8500A909g
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Adobe Shockwave Player
Adobe Shockwave Player 11.5
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
AMD USB Audio Driver Filter
AOL Toolbar 5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Assureweb New Business
Atheros Driver Installation Program
ATI Catalyst Install Manager
Avanquest update
Bing Bar
BlackBerry® Media Sync
Bonjour
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix Access Gateway Plug-in
Citrix Presentation Server Client
Compatibility Pack for the 2007 Office system
Copy
CyberLink DVD Suite
D3DX10
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Disc2Phone
DocMgr
DocProc
ESU for Microsoft Vista
F300
F300_Help
F300Trb
Fax
Feedback Tool
FileHippo.com Update Checker
FinePix Studio
FinePixViewer Resource
FinePixViewer Ver.5.4
Google Chrome
GPBaseService2
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Common Access Service Library
HP Customer Experience Enhancements
HP Customer Participation Program 12.0
HP Doc Viewer
HP Document Manager 2.0
HP Help and Support
HP Imaging Device Functions 12.0
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart TV
HP MediaSmart Webcam
HP MULTIPLE MODEM INSTALLER for VISTA
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Quick Launch Buttons 6.40 L1
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0129
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
HPSSupply
IDT Audio
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) 6 Update 7
JMicron JMB38X Flash Media Controller
Juniper Networks Network Connect 5.5.0
Juniper Networks Setup Client
Junk Mail filter update
LabelPrint
Malwarebytes' Anti-Malware
MarketResearch
McAfee Agent
McAfee Security Scan Plus
McAfee VirusScan Enterprise
Mesh Runtime
Messageware AttachView Add-in for Saving Files x64
Messageware Plus Pack Base Component
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.16)
Mozilla Firefox 4.0b6 (x86 en-US)
MPM
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
Network
OCR Software by I.R.I.S. 12.0
Officejet Pro 8500 A909 Series
OGA Notifier 2.0.0048.0
Pdf995
PhotoNow!
Power2Go
PowerDirector
ProductContext
ProtectSmart Hard Drive Protection
QuickTime
Rapport
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Shop for HP Supplies
Sid Meier's Pirates!
Skins
Skype™ 5.2
SmartWebPrinting
SolutionCenter
Sony Ericsson Media Manager 1.2
Sony Ericsson PC Suite 6.011.00
SPORE Creature Creator Trial Edition
Status
SUPERAntiSpyware
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Update Service
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================
Look forward to your advice.

descriptionVista Home Security 2011  EmptyRe: Vista Home Security 2011

more_horiz
Attention: Your computer is severely infected with Win32\Rammnit what is now called, a cocktail infection. This is an infection that is comprised of many different types of viruses and other malware, to damage your computer, and use it as a zombie for its backdoor network. In other words, your computer is under control of a hacker, and regaining control is now next to impossible.

The first component is a backdoor trojan, which is a type of trojan that communicates with a hacker: to transfer personal information about you, use your computer to help perform a denial-of-service attack, redirect your internet searches in order to make money off of your browsing habits, and can be a keylogger to steal personal identifiable information to help rob your identity.

The second component is a rootkit, which is a type of malware to take control over your computer at administrator access, having full permission to modify all of your device drivers, and allowing itself to hide all the malware on the system. In other words, it is a hackers way of taking control of your computer, and hiding in the dark at the same time. This is a prime initiative of hackers to help keep access to your computer, robbing all of your personal information, and using your computer to send spam across the internet.

The third component is a file infector, which is a type of virus to purposely damage as many files as possible, in order to keep control of your system, so you have as little access as possible.

Not only has your system been compromised severely, it is also highly damaged, and if you do not commit to my suggested removal method below, then your computer may not function anymore.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:


  • How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
  • What Should I Do If I've Become A Victim Of Identity Theft?
  • Identity Theft Victims Guide - What to do



Removal method:

It is recommended to do a reformat and reinstall of your operating system. The experts in the Advanced Malware Analysts security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety.

I recommend the following articles to read:


  • When should I re-format? How should I reinstall?
  • Help: I Got Hacked. Now What Do I Do?
  • Help: I Got Hacked. Now What Do I Do? Part II
  • Where to draw the line? When to recommend a format and reinstall?

Guides for format and reinstall:

How to reformat and reinstall your Operating System

How to reformat and reinstall your Operating System - the easy way

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.

descriptionVista Home Security 2011  EmptyRe: Vista Home Security 2011

more_horiz
Wow. What a nightmare. I have 2 other machines as part of a home network and I guess the first thing is to see if they have been compromised. Both machines appear to be working okay. Could you suggest a suitable scan so that you could check to see if they're okay?

descriptionVista Home Security 2011  EmptyRe: Vista Home Security 2011

more_horiz
I don't think they will have, Rammnit doesn't have network code written into it.

ESET online scan can detect Rammnit, use these instructions.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionVista Home Security 2011  EmptyRe: Vista Home Security 2011

more_horiz
Here is the log for the laptop although there doesn't seem to be much on it?

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

second machine is still scanning after over 4.5hrs.

descriptionVista Home Security 2011  EmptyRe: Vista Home Security 2011

more_horiz
Here is the log from the desktop:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=2a29393e7c46834d9378a187650b0e44
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-29 12:33:37
# local_time=2011-04-29 01:33:38 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 79873868 79873868 0 0
# compatibility_mode=8192 67108863 100 0 633 633 0 0
# scanned=102630
# found=3
# cleaned=3
# scan_time=19631
C:\Documents and Settings\Gary Mallett\Application Data\Sun\Java\Deployment\cache\6.0\19\47052ed3-278e36f8 Java/Agent.AO trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Gary Mallett\Application Data\Sun\Java\Deployment\cache\6.0\35\6738e363-26e86cb8 probably a variant of Java/TrojanDownloader.Agent.AB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Gary Mallett\Application Data\Sun\Java\Deployment\cache\6.0\39\cf425a7-600bb6c5 Java/TrojanDownloader.Agent.NCM trojan (deleted - quarantined) 00000000000000000000000000000000 C
Look forward to hearing from you. Regards.

descriptionVista Home Security 2011  EmptyRe: Vista Home Security 2011

more_horiz
Both machines are fine.

The second log shows infected Java cache, so the machine need be in need of a Java update.

descriptionVista Home Security 2011  EmptyRe: Vista Home Security 2011

more_horiz
I will take your advice and carry out a reformat and reinstall. I've ordered a recovery kit from HP for the machine. When it arrives I will post again. Many thanks so far.

descriptionVista Home Security 2011  EmptyRe: Vista Home Security 2011

more_horiz
3 DVD's have arrived:
Windows Vista Home Premium SP1 System recovery dvd 1&2
Application and Driver Recovery CD
Are there any issues or tips you can suggest prior to starting the reformat and reinstall?
Thanks.

descriptionVista Home Security 2011  EmptyRe: Vista Home Security 2011

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum