[stylishmonk]

Avast Pro recently detected Viruses(8 of them) in the operating memory of the system. the results are:
1. process 980 memory block 0x04FB0000 infection: BV autorun-E[wrm].
2.process 980 memory block 0x05110000 infection: win32 small -HUF [trj]
and three more viruses... mostly malware and trojans....

i couldnt run avast's boot time scan. because mine is a 64 bit operating system....
I couldnt repair or delete these things... avast could not perform any of the actions because it showed an error saying file name , directory name or volume label syntax is incorrect....
I tried scanning with other software....like superantispyware... but it didnt detect any of the viruses... Is there any way i can get rid of them.... will formatting help to remove the viruses....
I couldnt find the file because according to the log....avast says the virus has infected a process 980....my laptop is a hp one and is pretty new....so if i have to format i will have to practically re install everything from webcam to HP mediasmart software.....is there a way out?

[evilfantasy]

I need the logs from this topic. http://www.computer-juice.com/forums...-posting-7476/

[stylishmonk]

THIS IS LOG OF AVAST ANTIVIRUS


19-10-2009 22:59:22 SYSTEM 1756 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Users\Sudharshan\AppData\Roaming\Hewlett-Packard\HPAdvisor\HPAdvisorToDo.mdb (C:\Users\Sudharshan\AppData\Roaming\Hewlett-Packard\HPAdvisor\HPAdvisorToDo.mdb) returning error, 00000005.
30-10-2009 22:47:18 SYSTEM 1624 Sign of "Win32:Trojan-gen" has been found in "C:\Users\Sudharshan\AppData\Local\Temp\Rar$EX00.1 20\Crack.exe" file.
30-10-2009 22:47:43 Sudharshan 4020 Sign of "Win32:Trojan-gen" has been found in "C:\Users\Sudharshan\Downloads\SETUPS\Mortal Kombat\MK4\~MK-4.CAB\Crack.exe" file.
30-10-2009 22:47:51 Sudharshan 4020 Sign of "Win32:Trojan-gen" has been found in "C:\Users\Sudharshan\Downloads\SETUPS\Mortal Kombat\MK4\~SETUP.CAB\Crack.exe" file.
02-11-2009 19:27:59 SYSTEM 1600 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Users\Sudharshan\AppData\Roaming\Hewlett-Packard\HPAdvisor\HPAdvisorToDo.mdb (C:\Users\Sudharshan\AppData\Roaming\Hewlett-Packard\HPAdvisor\HPAdvisorToDo.mdb) returning error, 00000005.
03-11-2009 10:05:40 Sudharshan 5052 Sign of "BV:AutoRun-E [Wrm]" has been found in "*PROCESS\188\4fb0000\40000" file.
03-11-2009 10:07:48 Sudharshan 5052 Sign of "JS:Agent-AU [Expl]" has been found in "*PROCESS\188\5110000\40000" file.
03-11-2009 10:08:03 Sudharshan 5052 Sign of "Win32:Small-HUF [Trj]" has been found in "*PROCESS\188\5190000\5a000" file.
03-11-2009 10:08:08 Sudharshan 5052 Sign of "Win32:Siveras-B [Expl]" has been found in "*PROCESS\188\51f0000\40000" file.
03-11-2009 10:08:11 Sudharshan 5052 Sign of "Win32:Zbot-AVH [Trj]" has been found in "*PROCESS\188\52e0000\40000" file.
03-11-2009 10:24:26 Sudharshan 5052 Sign of "BV:AutoRun-E [Wrm]" has been found in "*PROCESS\188\4fb0000\40000" file.
03-11-2009 10:25:02 Sudharshan 5052 Sign of "JS:Agent-AU [Expl]" has been found in "*PROCESS\188\5110000\40000" file.
03-11-2009 10:25:11 Sudharshan 5052 Sign of "Win32:Small-HUF [Trj]" has been found in "*PROCESS\188\5190000\5a000" file.
03-11-2009 10:25:12 Sudharshan 5052 Sign of "Win32:Siveras-B [Expl]" has been found in "*PROCESS\188\51f0000\40000" file.
03-11-2009 10:25:13 Sudharshan 5052 Sign of "Win32:Zbot-AVH [Trj]" has been found in "*PROCESS\188\52e0000\40000" file.
03-11-2009 11:14:30 Sudharshan 1180 Sign of "JS:ScriptSH-inf [Trj]" has been found in "*PROCESS\11e4\2640000\140000" file.
03-11-2009 11:14:41 Sudharshan 1180 Sign of "JS:ScriptSH-inf [Trj]" has been found in "*PROCESS\11e4\2e70000\140000" file.
03-11-2009 11:14:52 Sudharshan 1180 Sign of "JS:ScriptSH-inf [Trj]" has been found in "*PROCESS\11e4\35f0000\140000" file.
03-11-2009 11:15:02 Sudharshan 1180 Sign of "Win32:RuPorn [Adw]" has been found in "*PROCESS\188\30c2000\61000" file.
03-11-2009 11:15:09 Sudharshan 1180 Sign of "Win32:Adloader-AC [Trj]" has been found in "*PROCESS\188\4930000\40000" file.
03-11-2009 11:15:13 Sudharshan 1180 Sign of "Win32:FraudLoad-P [Trj]" has been found in "*PROCESS\188\4a70000\40000" file.
03-11-2009 11:15:30 Sudharshan 1180 Sign of "Win32:Agent-SG [Trj]" has been found in "*PROCESS\188\4bd0000\40000" file.
03-11-2009 11:15:32 Sudharshan 1180 Sign of "Win32:PcClient-OD [Trj]" has been found in "*PROCESS\188\4c70000\40000" file.
03-11-2009 11:15:33 Sudharshan 1180 Sign of "Win32:MalWarrior [Tool]" has been found in "*PROCESS\188\4d10000\40000" file.
03-11-2009 11:15:34 Sudharshan 1180 Sign of "Win32:Small-HZH [Trj]" has been found in "*PROCESS\188\4d80000\40000" file.
03-11-2009 11:15:35 Sudharshan 1180 Sign of "Win32:RPCexploit [Trj]" has been found in "*PROCESS\188\4dd0000\40000" file.
03-11-2009 11:15:36 Sudharshan 1180 Sign of "Win32:Banker-CDW [Trj]" has been found in "*PROCESS\188\4e70000\40000" file.
03-11-2009 11:15:37 Sudharshan 1180 Sign of "Win32:Inject-DO [Trj]" has been found in "*PROCESS\188\4ed0000\40000" file.
03-11-2009 11:15:37 Sudharshan 1180 Sign of "Win32:Delf-IZG [Trj]" has been found in "*PROCESS\188\4f30000\40000" file.
03-11-2009 11:15:38 Sudharshan 1180 Sign of "BV:AutoRun-E [Wrm]" has been found in "*PROCESS\188\4fb0000\40000" file.
03-11-2009 11:15:39 Sudharshan 1180 Sign of "JS:Agent-AU [Expl]" has been found in "*PROCESS\188\5110000\40000" file.
03-11-2009 11:15:41 Sudharshan 1180 Sign of "Win32:Small-HUF [Trj]" has been found in "*PROCESS\188\5190000\5a000" file.
03-11-2009 11:15:41 Sudharshan 1180 Sign of "Win32:Siveras-B [Expl]" has been found in "*PROCESS\188\51f0000\40000" file.
03-11-2009 11:15:42 Sudharshan 1180 Sign of "Win32:Zbot-AVH [Trj]" has been found in "*PROCESS\188\52e0000\40000" file.
03-11-2009 11:26:06 Sudharshan 1548 Sign of "BV:AutoRun-E [Wrm]" has been found in "*PROCESS\308\45c0000\40000" file.
03-11-2009 11:26:14 Sudharshan 1548 Sign of "JS:Agent-AU [Expl]" has been found in "*PROCESS\308\4720000\40000" file.
03-11-2009 11:26:15 Sudharshan 1548 Sign of "Win32:Small-HUF [Trj]" has been found in "*PROCESS\308\47a0000\5a000" file.
03-11-2009 11:26:16 Sudharshan 1548 Sign of "Win32:Siveras-B [Expl]" has been found in "*PROCESS\308\4800000\40000" file.
03-11-2009 11:26:16 Sudharshan 1548 Sign of "Win32:Zbot-AVH [Trj]" has been found in "*PROCESS\308\48f0000\40000" file.
03-11-2009 11:49:17 Sudharshan 4492 Sign of "BV:AutoRun-E [Wrm]" has been found in "*PROCESS\164\4fb0000\40000" file.
03-11-2009 11:49:25 Sudharshan 4492 Sign of "JS:Agent-AU [Expl]" has been found in "*PROCESS\164\5110000\40000" file.
03-11-2009 11:49:26 Sudharshan 4492 Sign of "Win32:Small-HUF [Trj]" has been found in "*PROCESS\164\5190000\5a000" file.
03-11-2009 11:49:27 Sudharshan 4492 Sign of "Win32:Siveras-B [Expl]" has been found in "*PROCESS\164\51f0000\40000" file.
03-11-2009 11:49:28 Sudharshan 4492 Sign of "Win32:Zbot-AVH [Trj]" has been found in "*PROCESS\164\52e0000\40000" file.
03-11-2009 12:51:59 Sudharshan 3652 Sign of "BV:AutoRun-E [Wrm]" has been found in "*PROCESS\114\4fb0000\40000" file.
03-11-2009 12:52:05 Sudharshan 3652 Sign of "JS:Agent-AU [Expl]" has been found in "*PROCESS\114\5110000\40000" file.
03-11-2009 12:52:06 Sudharshan 3652 Sign of "Win32:Small-HUF [Trj]" has been found in "*PROCESS\114\5190000\5a000" file.
03-11-2009 12:52:06 Sudharshan 3652 Sign of "Win32:Siveras-B [Expl]" has been found in "*PROCESS\114\51f0000\40000" file.
03-11-2009 12:52:07 Sudharshan 3652 Sign of "Win32:Zbot-AVH [Trj]" has been found in "*PROCESS\114\52e0000\40000" file.
03-11-2009 16:33:02 Sudharshan 2924 Sign of "BV:AutoRun-E [Wrm]" has been found in "*PROCESS\3d4\4fb0000\40000" file.
03-11-2009 16:33:11 Sudharshan 2924 Sign of "JS:Agent-AU [Expl]" has been found in "*PROCESS\3d4\5110000\40000" file.
03-11-2009 16:33:21 Sudharshan 2924 Sign of "Win32:Small-HUF [Trj]" has been found in "*PROCESS\3d4\5190000\5a000" file.
03-11-2009 16:33:37 Sudharshan 2924 Sign of "Win32:Siveras-B [Expl]" has been found in "*PROCESS\3d4\51f0000\40000" file.
03-11-2009 16:33:45 Sudharshan 2924 Sign of "Win32:Zbot-AVH [Trj]" has been found in "*PROCESS\3d4\52e0000\40000" file.
03-11-2009 16:34:36 Sudharshan 2924 Sign of "JS:ScriptSH-inf [Trj]" has been found in "*PROCESS\eac\2590000\140000" file.
03-11-2009 16:34:41 Sudharshan 2924 Sign of "JS:ScriptSH-inf [Trj]" has been found in "*PROCESS\eac\2d10000\140000" file.
03-11-2009 16:34:43 Sudharshan 2924 Sign of "JS:ScriptSH-inf [Trj]" has been found in "*PROCESS\eac\3490000\140000" file.
03-11-2009 16:47:31 Sudharshan 4568 Sign of "BV:AutoRun-E [Wrm]" has been found in "*PROCESS\3d4\4fb0000\40000" file.
03-11-2009 16:47:38 Sudharshan 4568 Sign of "JS:Agent-AU [Expl]" has been found in "*PROCESS\3d4\5110000\40000" file.
03-11-2009 16:47:43 Sudharshan 4568 Sign of "Win32:Small-HUF [Trj]" has been found in "*PROCESS\3d4\5190000\5a000" file.
03-11-2009 16:47:49 Sudharshan 4568 Sign of "Win32:Siveras-B [Expl]" has been found in "*PROCESS\3d4\51f0000\40000" file.
03-11-2009 16:47:50 Sudharshan 4568 Sign of "Win32:Zbot-AVH [Trj]" has been found in "*PROCESS\3d4\52e0000\40000" file.
03-11-2009 16:48:34 Sudharshan 4568 Sign of "JS:ScriptSH-inf [Trj]" has been found in "*PROCESS\eac\2590000\140000" file.
03-11-2009 16:48:39 Sudharshan 4568 Sign of "JS:ScriptSH-inf [Trj]" has been found in "*PROCESS\eac\2d10000\140000" file.
03-11-2009 16:48:40 Sudharshan 4568 Sign of "JS:ScriptSH-inf [Trj]" has been found in "*PROCESS\eac\3490000\140000" file.
03-11-2009 17:34:56 SYSTEM 1516 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Users\Sudharshan\AppData\Local\Mozilla\Firefox\ Profiles\fs1tc15w.default\XUL.mfl (C:\Users\Sudharshan\AppData\Local\Mozilla\Firefox \Profiles\fs1tc15w.default\XUL.mfl) returning error, 00000005.
03-11-2009 19:11:13 SYSTEM 1516 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Users\Sudharshan\AppData\Local\Microsoft\Window s\History\History.IE5\index.dat (C:\Users\Sudharshan\AppData\Local\Microsoft\Windo ws\History\History.IE5\index.dat) returning error, 00000005.
04-11-2009 00:19:09 SYSTEM 1488 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Users\Sudharshan\AppData\Local\Microsoft\Window s\Temporary Internet Files\Content.IE5\index.dat (C:\Users\Sudharshan\AppData\Local\Microsoft\Windo ws\Temporary Internet Files\Content.IE5\index.dat) returning error, 00000005.
04-11-2009 13:02:09 Sudharshan 4844 Sign of "BV:AutoRun-E [Wrm]" has been found in "*PROCESS\3ac\4fb0000\40000" file.
04-11-2009 13:02:16 Sudharshan 4844 Sign of "JS:Agent-AU [Expl]" has been found in "*PROCESS\3ac\5110000\40000" file.
04-11-2009 13:02:20 Sudharshan 4844 Sign of "Win32:Small-HUF [Trj]" has been found in "*PROCESS\3ac\5190000\5a000" file.
04-11-2009 13:02:21 Sudharshan 4844 Sign of "Win32:Siveras-B [Expl]" has been found in "*PROCESS\3ac\51f0000\40000" file.
04-11-2009 13:02:22 Sudharshan 4844 Sign of "Win32:Zbot-AVH [Trj]" has been found in "*PROCESS\3ac\52e0000\40000" file.
04-11-2009 13:03:14 Sudharshan 4844 Sign of "Win32:Mutant-DD [Trj]" has been found in "*PROCESS\f48\16320000\800000" file.
04-11-2009 13:03:19 Sudharshan 4844 Sign of "Win32:Agent-AGMU [Trj]" has been found in "*PROCESS\f48\17af0000\fd0000" file.
04-11-2009 13:03:20 Sudharshan 4844 Sign of "Win32:Tufik" has been found in "*PROCESS\f48\4830000\990000" file.
04-11-2009 14:51:11 SYSTEM 1496 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Users\Sudharshan\AppData\Local\IconCache.db (C:\Users\Sudharshan\AppData\Local\IconCache.db) returning error, 00000005.
04-11-2009 15:30:41 Sudharshan 4848 Sign of "BV:AutoRun-E [Wrm]" has been found in "*PROCESS\3f4\4fb0000\40000" file.
04-11-2009 15:31:12 Sudharshan 4848 Sign of "JS:Agent-AU [Expl]" has been found in "*PROCESS\3f4\5110000\40000" file.
04-11-2009 15:31:15 Sudharshan 4848 Sign of "Win32:Small-HUF [Trj]" has been found in "*PROCESS\3f4\5190000\5a000" file.
04-11-2009 15:31:16 Sudharshan 4848 Sign of "Win32:Siveras-B [Expl]" has been found in "*PROCESS\3f4\51f0000\40000" file.
04-11-2009 15:31:17 Sudharshan 4848 Sign of "Win32:Zbot-AVH [Trj]" has been found in "*PROCESS\3f4\52e0000\40000" file.
04-11-2009 15:32:09 Sudharshan 4848 Sign of "Win32:Banker-FYB [Trj]" has been found in "*PROCESS\e24\4960000\990000" file.
04-11-2009 15:32:13 Sudharshan 4848 Sign of "Win32:Agent-AHBJ [Rtk]" has been found in "*PROCESS\e24\5790000\100000" file.
05-11-2009 10:07:45 Sudharshan 4772 Sign of "BV:AutoRun-E [Wrm]" has been found in "*PROCESS\3ec\4fb0000\40000" file.
05-11-2009 10:07:56 Sudharshan 4772 Sign of "JS:Agent-AU [Expl]" has been found in "*PROCESS\3ec\5110000\40000" file.
05-11-2009 10:07:58 Sudharshan 4772 Sign of "Win32:Small-HUF [Trj]" has been found in "*PROCESS\3ec\5190000\5a000" file.
05-11-2009 10:07:59 Sudharshan 4772 Sign of "Win32:Siveras-B [Expl]" has been found in "*PROCESS\3ec\51f0000\40000" file.
05-11-2009 10:08:00 Sudharshan 4772 Sign of "Win32:Zbot-AVH [Trj]" has been found in "*PROCESS\3ec\52e0000\40000" file.
05-11-2009 10:08:34 Sudharshan 4772 Sign of "Win32:Bredolab-AT [Trj]" has been found in "*PROCESS\c3c\59c0000\200000" file.
05-11-2009 10:08:39 Sudharshan 4772 Sign of "Win32:Bredolab-AP [Trj]" has been found in "*PROCESS\c3c\5f0000\100000" file.
05-11-2009 10:08:40 Sudharshan 4772 Sign of "Win32:Bredolab-AP [Trj]" has been found in "*PROCESS\c3c\63c8000\3f8000" file.
05-11-2009 10:08:41 Sudharshan 4772 Sign of "Win32:Small-MRC [Trj]" has been found in "*PROCESS\c3c\6b86000\f1000" file.
05-11-2009 10:08:44 Sudharshan 4772 Sign of "Win32:BHO-XO [Trj]" has been found in "*PROCESS\c3c\6d8a000\23e000" file.
05-11-2009 10:08:45 Sudharshan 4772 Sign of "Win32:BredoLab-K [Trj]" has been found in "*PROCESS\c3c\704b000\670000" file.
05-11-2009 10:08:47 Sudharshan 4772 Sign of "Win32:Bredolab-AP [Trj]" has been found in "*PROCESS\c3c\8c33000\14000" file.
05-11-2009 10:38:54 SYSTEM 1576 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Users\Sudharshan\AppData\Local\Microsoft\Window s\Temporary Internet Files\Content.IE5\index.dat (C:\Users\Sudharshan\AppData\Local\Microsoft\Windo ws\Temporary Internet Files\Content.IE5\index.dat) returning error, 00000005.
05-11-2009 11:46:39 SYSTEM 1664 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Users\Sudharshan\AppData\Local\Microsoft\Window s\History\History.IE5\index.dat (C:\Users\Sudharshan\AppData\Local\Microsoft\Windo ws\History\History.IE5\index.dat) returning error, 00000005.
05-11-2009 19:47:19 SYSTEM 1564 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Users\Sudharshan\AppData\Local\Microsoft\Window s\Temporary Internet Files\Content.IE5\index.dat (C:\Users\Sudharshan\AppData\Local\Microsoft\Windo ws\Temporary Internet Files\Content.IE5\index.dat) returning error, 00000005.

[evilfantasy]

I don't need that.

Quote:

Originally Posted by evilfantasy

I need the logs from this topic. http://www.computer-juice.com/forums...-posting-7476/

[stylishmonk]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/06/2009 at 00:34 AM

Application Version : 4.29.1004

Core Rules Database Version : 4162
Trace Rules Database Version: 2127

Scan type : Complete Scan
Total Scan Time : 01:03:09

Memory items scanned : 395
Memory threats detected : 0
Registry items scanned : 7193
Registry threats detected : 0
File items scanned : 49128
File threats detected : 4

Adware.Tracking Cookie
C:\Users\Sudharshan\AppData\Roaming\Microsoft\Wind ows\Cookies\Low\sudharshan@bs.serving-sys[2].txt
C:\Users\Sudharshan\AppData\Roaming\Microsoft\Wind ows\Cookies\Low\sudharshan@msnportal.112.2o7[1].txt
C:\Users\Sudharshan\AppData\Roaming\Microsoft\Wind ows\Cookies\Low\sudharshan@revsci[2].txt
C:\Users\Sudharshan\AppData\Roaming\Microsoft\Wind ows\Cookies\Low\sudharshan@serving-sys[1].txt

[stylishmonk]

Malwarebytes' Anti-Malware 1.41
Database version: 3103
Windows 6.0.6002 Service Pack 2

06-11-2009 15:22:31
mbam-log-2009-11-06 (15-22-31).txt

Scan type: Quick Scan
Objects scanned: 89938
Time elapsed: 2 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[stylishmonk]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:40:13, on 06-11-2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\McAfee Security Scan\1.0.150\McUICnt.exe
C:\Program Files (x86)\Trend Micro\HijackThis\JUICE.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 144.16.192.245:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMen u.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStart Menu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99A38EE9-40F6-4F54-A3A4-80944AABE7F0}: NameServer = 144.16.192.2,144.16.192.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{99A38EE9-40F6-4F54-A3A4-80944AABE7F0}: NameServer = 144.16.192.2,144.16.192.55
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_58be29c0\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_58be29c0\STacSV64.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15300 bytes

[evilfantasy]

It looks like you hav etwo antivirus installed. Pick one and uninstall the other.

Also uninstall Ask Toolbar


Right click HijackThis and choose Run as Administrator

Next select Do a system scan only

Place a check mark next to the following entries: (if found)

• O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
• O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

Restart the computer to register the changes.

----------

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

[stylishmonk]

ESET tells me that i have norton internet security installed...but i actually uninstalled norton myself a couple of months back......i found 3 folders related to norton in program files.......is norton gone completely if i delete them?

[evilfantasy]

To completely remove Norton/Symantec go to add remove programs and uninstall anything with Norton, Symantec or Live Update in the name.

Download the Norton Removal Tool (SymNRT) to your desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

* Go to your desktop and double click on the 'Norton_Removal_Tool' and then click Setup.
* Once open Click Next
* Accept the license agreement and click Next
* Type in the letters/numbers that you see into the text box then click Next.
* Then click Next and the tool will start running.
* Once finished restart the PC.
* Delete the 'Norton_Removal_Tool' from your desktop.

----------