WiredWX Hobby Weather ToolsLog in

 


Suspicious files in my document folder

2 posters

descriptionSuspicious files in my document folder EmptySuspicious files in my document folder

more_horiz
I ran Malwarebytes AV which deleted 2 of those files, though there is still one file in there, by the name of "h9phcwpt41.exe". Also, I'm unable to turn on windows security automatic updates. I will post the MBAM log in the next post.

descriptionSuspicious files in my document folder EmptyRe: Suspicious files in my document folder

more_horiz
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.02.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19190
Lou :: LOU-PC [administrator]

Protection: Disabled

02/03/2012 21:47:45
mbam-log-2012-03-02 (21-47-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194816
Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Detected: 2
C:\Users\Lou\ogkyuu6grr.exe (Trojan.Agent) -> 3636 -> Delete on reboot.
C:\Users\Lou\1rxzhicpme.exe (Trojan.Agent) -> 4128 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ogkyuu6grr (Trojan.Agent) -> Data: C:\Users\Lou\ogkyuu6grr.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|1rxzhicpme (Trojan.Agent) -> Data: C:\Users\Lou\1rxzhicpme.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{D4A15A75-574C-AD7D-A4E8-B6B78D5195AA} (Spyware.Zeus) -> Data: C:\Users\Lou\AppData\Roaming\Onxe\isad.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Time (Trojan.Passwords) -> Data: rundll32.exe "C:\ProgramData\ImwurkImpokn.dll",EntryPoint -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\Users\Lou\ogkyuu6grr.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Lou\1rxzhicpme.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Lou\AppData\Roaming\Onxe\isad.exe (Spyware.Zeus) -> Quarantined and deleted successfully.
C:\ProgramData\ImwurkImpokn.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
C:\Users\Lou\AppData\Local\temp\4174898.exe (Spyware.Zeus) -> Quarantined and deleted successfully.
C:\Users\Lou\AppData\Local\temp\tmp91ca5a18\loaderl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Lou\AppData\Local\temp\tmp9bdea2db\loaders.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Lou\AppData\Local\temp\tmpeed4c4fc\loaderl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\temp\ogkD434.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

descriptionSuspicious files in my document folder EmptyRe: Suspicious files in my document folder

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
****************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

Suspicious files in my document folder DDS

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

descriptionSuspicious files in my document folder EmptyRe: Suspicious files in my document folder

more_horiz
Hello Dave. Thanks for taking the time and effort to help me out!
---------------------------------------------------------------------------------
I followed your instructions on the SAS scan but it didn't detect anything, so I don't have a log. The "h9phcwpt41.exe" program is still in C:\Users\Lou\ though.

I will post the contents of checkup.txt from Security Check by screen317 in the post below.

descriptionSuspicious files in my document folder EmptyRe: Suspicious files in my document folder

more_horiz
Results of screen317's Security Check version 0.99.31
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
SUPERAntiSpyware
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java version out of date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (10.0.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
Windows Defender MSASCui.exe
``````````End of Log````````````

descriptionSuspicious files in my document folder EmptyRe: Suspicious files in my document folder

more_horiz
The contents of DDS.txt from DDS are below

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_13
Run by Lou at 1:16:33 on 2012-03-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.1147 [GMT 8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Users\Lou\h9phcwpt41.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\conime.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5

descriptionSuspicious files in my document folder EmptyRe: Suspicious files in my document folder

more_horiz
The contents of Attach.txt from DDS are below

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 16/01/2008 18:21:28
System Uptime: 05/03/2012 17:35:32 (8 hours ago)
.
Motherboard: Hewlett-Packard | | 30D9
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | CPU | 1667/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 67.81 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 2.082 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware 2007
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player
Adobe Shockwave Player 11
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Atheros USB WLAN Installer
Bonjour
Brother HL-2035
Chinese Traditional Fonts Support For Adobe Reader 8
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Cute Knight Kingdom Fyrrion
CyberLink YouCam
D3DX10
Dev-C++ 5 beta 9 release (4.9.9.2)
DHTML Editing Component
DivX Setup
DVD Suite
EA Link
ESU for Microsoft Vista
FIFA 2000 Demo
FileOpen Client
Futuremark SystemInfo
Game Maker 8.0
GIMP 2.6.7
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.8.0.723
GTK DBF Editor (remove only)
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.6
HP Easy Setup - Frontend
HP Help and Support
HP Quick Launch Buttons 6.30 E2
HP Total Care Advisor
HP Update
HP User Guides 0093
HP Wireless Assistant
Intel(R) Matrix Storage Manager
Intel(R) TV Wizard
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Junk Mail filter update
LabelPrint
LiveUpdate (Symantec Corporation)
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MiKTeX 2.8
MobileMe Control Panel
Mozilla Firefox 10.0.2 (x86 en-GB)
MSCU for Microsoft Vista
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
NetWaiting
Norton Security Scan
OGA Notifier 2.0.0048.0
Opera 10.61
PageBreeze Free HTML Editor
PDF-Viewer
Pdf995
PdfEdit995
Point Position 1.0
Power2Go
PowerDirector
QuickTime
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Riva FLV Encoder 2.0
Safari
Secrets of the Masters Trading Game
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Segoe UI
Simpo PDF Merge & Split 2.2.1.0
Skype Toolbars
Skype™ 5.3
Smart Menus (Windows Live Toolbar)
Spelling Dictionaries Support For Adobe Reader 8
SUPER © Version 2008.bld.30 (Mar 22, 2008)
SUPERAntiSpyware
SWF & FLV Toolbox 3.5 (build 3.5.20.286)
TC2000 v11
thinkorswim
TickInvest 1.0.5
Tomb Raider - The Last Revelation
Touch Pad Driver
Tunatic
Unity Web Player
Universal Document Converter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
Veoh Web Player
Version 1.55
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
WinShell
Wolfram Mathematica 7 (M-WIN-L 7.0.0 1148351)
Wolfram Notebook Indexer 2.0
.
==== Event Viewer Messages From Past Week ========
.
29/02/2012 21:00:22, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001F3A1C0F47 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
05/03/2012 16:15:00, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: A device attached to the system is not functioning.
05/03/2012 16:15:00, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: A device attached to the system is not functioning.
05/03/2012 16:13:38, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
05/03/2012 03:13:29, Error: Service Control Manager [7000] - The SASKUTIL service failed to start due to the following error: A device attached to the system is not functioning.
04/03/2012 23:15:20, Error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: A device attached to the system is not functioning.
01/03/2012 16:59:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
01/03/2012 16:59:52, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

descriptionSuspicious files in my document folder EmptyRe: Suspicious files in my document folder

more_horiz
Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!

1) Avast! Home Edition
2) Avira AntiVir Personal
3) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
3-a) Microsoft Security Essentials for Windows XP
4) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
5) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
***************************************************
The "h9phcwpt41.exe" program is still in C:\Users\Lou\ though.

That is the exe file for VeohWebPlayer. You can see it here:C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Users\Lou\h9phcwpt41.exe. If you don't want it you will have to uninstall VeohWebPlayer. Is that the only thing that was bothering you about the computer?


Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer

descriptionSuspicious files in my document folder EmptyRe: Suspicious files in my document folder

more_horiz
Just installed Comodo as AntiVirus and downloaded the latest Java and everything else like you instructed.
If you don't want it you will have to uninstall VeohWebPlayer. Is that the only thing that was bothering you about the computer?

I just uninstalled VeohWebPlayer. But I can't turn on automatic updates in Windows Security Center though. It will give me the message:
Security Center can't change your automatic updating settings.

descriptionSuspicious files in my document folder EmptyRe: Suspicious files in my document folder

more_horiz
But I can't turn on automatic updates in Windows Security Center though. It will give me the message:

Security Center can't change your automatic updating settings..

This should help with that problem. Please let me know.

descriptionSuspicious files in my document folder EmptyRe: Suspicious files in my document folder

more_horiz
When I ran regsvr32 wuaueng.dll, I got the message
The module "wuaueng.dll" was loaded but the call to DllRegisterServer failed with error code 0x80070005.

And when I tried to run regsvr32 wucltui.dll it said
The module "wucltui.dll" failed to load.

Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependant .DLL files.

The specified module could not be found.


The others work fine though.

descriptionSuspicious files in my document folder EmptyRe: Suspicious files in my document folder

more_horiz
Can you now turn on Updates?

descriptionSuspicious files in my document folder EmptyRe: Suspicious files in my document folder

more_horiz
Nope, I can't. I still keep getting the "Security Center can't change your automatic updating settings" error, and when I tried to run the modules in here, it just gives me the error messages in post 11.

descriptionSuspicious files in my document folder EmptyRe: Suspicious files in my document folder

more_horiz
1. Download this diagnostics tool MGADiag.ext and save this to your Desktop.
2. Double-click on MGADiag.exe and click Continue
3. When the program has finished, click on Copy
4. Post the results in your next reply.
*************************************************
Open Notepad and create a file with the following contents:

Code:

@echo off
regsvr32 /s wuapi.dll
regsvr32 /s wuaueng.dll
regsvr32 /s wups.dll
regsvr32 /s wups2.dll
regsvr32 /s wuwebv.dll
regsvr32 /s wucltux.dll
regsvr32 /s wudriver.dll


  • Save it as "fix.bat" (include the quotes) on your desktop.
  • Double click it to run. A black DOS windows will open and close - this is normal.
  • If this went well, delete fix.bat and restart your computer.

descriptionSuspicious files in my document folder EmptyRe: Suspicious files in my document folder

more_horiz
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-27HYQ-XTKW2-WQD8Q
Windows Product Key Hash: U8YEZzymoD4DMyaMb32rPrNIS90=
Windows Product ID: 89578-OEM-7332157-00061
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {F677D1CA-696A-4F27-B6E2-E4C660498E69}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.111025-0338
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: ~[Filtered]~

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500061-02-2057-6000.0000-0942008
Installation ID: 003623670156145974760833202945443424779670226016037732
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: WQD8Q
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
N/A, hr = 0x8007000d

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-MPC
FACP HP SPARTAN
HPET HPQOEM SLIC-MPC
BOOT HPQOEM SLIC-MPC
MCFG HPQOEM SLIC-MPC
ASF! HPQOEM SLIC-MPC
SLIC HPQOEM SLIC-MPC
SSDT PmRef CpuPm


descriptionSuspicious files in my document folder EmptyRe: Suspicious files in my document folder

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum