Welcome. Thank you for using Dell Community Forums.
I am reviewing your log. In the meantime, you can help me by addressing the following:
* Have you have posted this issue on another forum? If so, please provide a link to the topic.
* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.
* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE.
* If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE.
* If this computer belongs to someone else, do you have authority to apply the fixes we will use?
* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. It is understood by the trained analysts that once a helper replies to a log, he continues working with you until the issue is resolved.
* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.
* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.
We need to see some additional information about what is happening in your machine.
Download DDS by sUBs from one of the following links. Save it to your desktop.
A small box will open, with an explanation about the tool.
Click Yes at the prompt for Optional Scan.
When done, DDS will open two (2) logs
1. DDS.txt 2. Attach.txt
Save both reports to your desktop.
Copy/paste both logs to your reply on the forum.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.
I look forward to your reply so we can begin cleaning.
Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.
I have not posted this issue on another forum. I have enabled System Restore. No cracked software. No P2P programs used. This computer belongs to me.
DDS.txt:
DDS (Ver_09-12-01.01) - NTFSx86 Run by Lucille at 9:52:40.20 on 22/12/2009 Internet Explorer: 8.0.6001.18865 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.3034.1784 [GMT -5:00]
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume3 Install Date: 29/09/2009 12:31:55 AM System Uptime: 22/12/2009 9:37:49 AM (0 hours ago)
Motherboard: Dell Inc. | | 0K138P Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | Microprocessor | 2100/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 218 GiB total, 164.27 GiB free. D: is FIXED (NTFS) - 15 GiB total, 7.705 GiB free. E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP56: 13/11/2009 8:47:26 PM - Scheduled Checkpoint RP58: 13/11/2009 11:06:03 PM - Installed DirectX RP59: 14/11/2009 7:56:17 PM - Windows Update RP60: 15/11/2009 12:09:01 AM - Windows Update RP61: 15/11/2009 12:58:00 PM - Windows Update RP62: 16/11/2009 4:08:54 PM - Windows Update RP63: 16/11/2009 8:00:09 PM - Windows Update RP64: 20/11/2009 8:32:55 PM - Windows Update RP65: 21/11/2009 1:14:04 PM - Scheduled Checkpoint RP66: 23/11/2009 7:12:45 PM - Windows Update RP67: 24/11/2009 9:39:27 PM - Windows Update RP68: 26/11/2009 10:14:10 PM - Windows Update RP69: 30/11/2009 3:07:10 PM - Windows Update RP70: 03/12/2009 3:12:13 PM - Windows Update RP71: 07/12/2009 3:57:55 PM - Windows Update RP72: 10/12/2009 12:30:58 AM - Windows Update RP73: 10/12/2009 3:17:19 PM - Windows Update RP74: 14/12/2009 3:37:46 PM - Windows Update RP75: 17/12/2009 7:11:02 PM - Windows Update RP76: 21/12/2009 3:37:54 PM - Windows Update RP78: 21/12/2009 4:23:03 PM - Windows Defender Checkpoint RP80: 21/12/2009 6:03:26 PM - Windows Defender Checkpoint RP82: 21/12/2009 6:16:34 PM - Windows Defender Checkpoint RP84: 21/12/2009 7:04:05 PM - Windows Defender Checkpoint RP86: 21/12/2009 8:34:51 PM - Windows Defender Checkpoint RP88: 21/12/2009 8:40:39 PM - Windows Defender Checkpoint RP89: 21/12/2009 8:56:42 PM - Installed HiJackThis RP91: 22/12/2009 9:19:28 AM - Windows Defender Checkpoint RP92: 22/12/2009 9:35:30 AM - Restore Operation RP94: 22/12/2009 9:42:30 AM - Windows Defender Checkpoint
==== Installed Programs ======================
Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9 Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Combined Community Codec Pack 2009-09-09 Compatibility Pack for the 2007 Office system Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell Dock Dell Edoc Viewer Dell Getting Started Guide Dell Support Center (Support Software) Dell Touchpad Dell Wireless WLAN Card Utility GoToAssist 8.0.0.514 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel(R) TV Wizard Java(TM) 6 Update 13 Junk Mail filter update Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Default Manager Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Live Add-in 1.3 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Works MSVCRT NOD32 antivirus system NOD32 FiX PowerDVD DX QuickSet Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB973704) Security Update for Microsoft Office Excel 2007 (KB973593) Security Update for Microsoft Office Outlook 2007 (KB972363) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB969693) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office InfoPath 2007 (KB976416) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 (KB974561) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (kb976884) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer WinRAR archiver
==== Event Viewer Messages From Past Week ========
22/12/2009 9:40:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SupportSoft Sprocket Service (DellSupportCenter) service to connect. 22/12/2009 9:16:50 AM, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s). 21/12/2009 8:37:13 PM, Error: VDS Dynamic Provider [10] - The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505 21/12/2009 6:07:09 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
Let's run a scan with MBAM. * If you are unable to download or install MBAM on your computer, see if you can use a friend's or family member's computer to download MBAM. Use the update link mentioned below to manually update. Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "lookinhere.exe". Copy the installer file and the update file to a CD or flash drive. Transfer the files to the infected computer. Install the "lookinhere.exe" file, then run the update so that you will have the current definitions. After that, run a full system scan and select to have the program REMOVE whatever it finds.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates,
manually download them fromhere and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top.
It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully.
Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report along with a fresh Hijackthis log into your next reply and exit MBAM.
Note:-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes.
**If you need to re-install MBAM but encounter issue in re-installing, try using the MBAM Cleanup Utility by downloading it from HERE
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version Java components and update.
Scroll down to where it says Java SE Runtime Environment (JRE) 6 Update 17 .
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
NOTE: As always during installations, beware of any pre-checked option to install a toolbar. If you do not want it, UNcheck it.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each of the Java versions. Close Add/Remove.
* In Windows Explorer, navigate to C:\Program Files\Java =this folder. Delete any subfolders. * Do NOT delete C:\Program Files\ JavaVM =this folder, if found!
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u17-windows-i586.exe to install the newest version.
Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
To disable the JQS service if you don't want to use it:
* Go to Start-->Control Panel-->Java-->Advanced-->Miscellaneous and uncheck the box for Java Quick Starter.
* Click Ok and reboot your computer.
Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.
If you have used Malwarebytes' Anti-Malware as part of your cleaning procedures, keep it updated and use it to scan every so often for malware, or upgrade to the paid version for realtime scanning and auto updating.
The following suggestions are general prevention and are not customized for your computer. You may have already taken some of these steps, and depending on your current security, you may not need to implement all of these:
1. Visit Microsoft Update: Make sure that you have all the Critical Updates recommended for your operating system, Office, and IE. The first defense against infection is a properly patched OS from Microsoft Update at update.microsoft.com. More info HERE.
2. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.
4. Do not use file sharing. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.
6. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/ ** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.
7.Web Of Trust , uses colored alerts to warn about risky websites warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Red for Warning = STOP
Yellow for Use Caution
Green for Safe
Grey for Unknown
There is a Web Of Trust version for Firefox as well.
8. You might consider installing SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html It will: Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software. Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox. Restrict the actions of potentially unwanted sites in Internet Explorer. Tutorial here:http://www.bleepingcomputer.com/forums/tutorial49.html Periodically check for updates
NOTE: The issue has been resolved, so this thread is now closed. Everyone else who is having a similar issue, please begin a New Message at the top of the forum.
Bugbatter
3 Apprentice
•
20.5K Posts
0
December 22nd, 2009 04:00
Welcome. Thank you for using Dell Community Forums.
I am reviewing your log. In the meantime, you can help me by addressing the following:
* Have you have posted this issue on another forum? If so, please provide a link to the topic.
* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.
* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE.
* If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE.
* If this computer belongs to someone else, do you have authority to apply the fixes we will use?
* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. It is understood by the trained analysts that once a helper replies to a log, he continues working with you until the issue is resolved.
* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.
* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.
We need to see some additional information about what is happening in your machine.
1. DDS.txt
2. Attach.txt
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.
I look forward to your reply so we can begin cleaning.
Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.
lkim
3 Posts
0
December 22nd, 2009 07:00
I have not posted this issue on another forum.
I have enabled System Restore.
No cracked software.
No P2P programs used.
This computer belongs to me.
DDS.txt:
DDS (Ver_09-12-01.01) - NTFSx86
Run by Lucille at 9:52:40.20 on 22/12/2009
Internet Explorer: 8.0.6001.18865
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.3034.1784 [GMT -5:00]
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Windows\system32\conime.exe
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\vssvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Users\Lucille\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.ca/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [LosAlamos] rundll32.exe c:\windows\system32\sshnas.dll,NvTaskbarInit
uRun: [Zeldar] c:\users\lucille\appdata\local\temp\c.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [41298731] c:\programdata\41298731\41298731.exe
mRun: [62060620] c:\programdata\62060620\62060620.exe
mRunOnce: [Launcher] c:\program files\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\runhstart.bat"
StartupFolder: c:\users\lucille\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
============= SERVICES / DRIVERS ===============
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-10-6 15424]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-9-29 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-10-6 552064]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-9-29 648432]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
=============== Created Last 30 ================
2009-12-22 02:14:51 0 d-----w- c:\users\lucille\appdata\roaming\Malwarebytes
2009-12-22 02:14:44 0 d-----w- c:\programdata\Malwarebytes
2009-12-22 02:14:42 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-22 01:56:50 0 d-----w- c:\program files\TrendMicro
2009-12-21 21:22:27 0 d-----w- c:\programdata\62060620
2009-12-21 21:21:42 0 d-----w- c:\programdata\41298731
2009-12-17 02:35:21 0 d-----w- c:\programdata\CyberLink
2009-12-17 02:34:13 0 d-----w- c:\programdata\Roxio
2009-12-09 03:50:54 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 03:50:54 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 03:50:54 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 03:50:32 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-08 21:51:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-25 02:39:58 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 00:11:10 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 00:11:10 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 00:11:05 714240 ----a-w- c:\windows\system32\timedate.cpl
==================== Find3M ====================
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 01:33:52 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 01:33:52 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-17 01:33:51 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-17 01:33:51 143360 ----a-w- c:\windows\inf\infstor.dat
2009-11-17 01:33:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-26 19:54:34 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-08 21:08:01 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08:01 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07:59 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-06 23:03:57 298104 ----a-w- c:\windows\system32\imon.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-29 12:23:08 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-09-29 12:22:47 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-09-29 12:22:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-09-29 12:22:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-09-29 12:22:47 23552 ----a-w- c:\windows\system32\lpk.dll
2009-09-29 12:22:47 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-09-29 12:22:47 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-09-29 12:18:20 623616 ----a-w- c:\windows\system32\localspl.dll
2009-09-29 12:17:19 8704 ----a-w- c:\windows\system32\hccoin.dll
2009-09-29 12:17:19 15872 ----a-w- c:\windows\system32\hcrstco.dll
2009-09-29 09:45:12 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 9:53:29.48 ===============
Attached.txt:
DDS (Ver_09-12-01.01)
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 29/09/2009 12:31:55 AM
System Uptime: 22/12/2009 9:37:49 AM (0 hours ago)
Motherboard: Dell Inc. | | 0K138P
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | Microprocessor | 2100/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 218 GiB total, 164.27 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 7.705 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP56: 13/11/2009 8:47:26 PM - Scheduled Checkpoint
RP58: 13/11/2009 11:06:03 PM - Installed DirectX
RP59: 14/11/2009 7:56:17 PM - Windows Update
RP60: 15/11/2009 12:09:01 AM - Windows Update
RP61: 15/11/2009 12:58:00 PM - Windows Update
RP62: 16/11/2009 4:08:54 PM - Windows Update
RP63: 16/11/2009 8:00:09 PM - Windows Update
RP64: 20/11/2009 8:32:55 PM - Windows Update
RP65: 21/11/2009 1:14:04 PM - Scheduled Checkpoint
RP66: 23/11/2009 7:12:45 PM - Windows Update
RP67: 24/11/2009 9:39:27 PM - Windows Update
RP68: 26/11/2009 10:14:10 PM - Windows Update
RP69: 30/11/2009 3:07:10 PM - Windows Update
RP70: 03/12/2009 3:12:13 PM - Windows Update
RP71: 07/12/2009 3:57:55 PM - Windows Update
RP72: 10/12/2009 12:30:58 AM - Windows Update
RP73: 10/12/2009 3:17:19 PM - Windows Update
RP74: 14/12/2009 3:37:46 PM - Windows Update
RP75: 17/12/2009 7:11:02 PM - Windows Update
RP76: 21/12/2009 3:37:54 PM - Windows Update
RP78: 21/12/2009 4:23:03 PM - Windows Defender Checkpoint
RP80: 21/12/2009 6:03:26 PM - Windows Defender Checkpoint
RP82: 21/12/2009 6:16:34 PM - Windows Defender Checkpoint
RP84: 21/12/2009 7:04:05 PM - Windows Defender Checkpoint
RP86: 21/12/2009 8:34:51 PM - Windows Defender Checkpoint
RP88: 21/12/2009 8:40:39 PM - Windows Defender Checkpoint
RP89: 21/12/2009 8:56:42 PM - Installed HiJackThis
RP91: 22/12/2009 9:19:28 AM - Windows Defender Checkpoint
RP92: 22/12/2009 9:35:30 AM - Restore Operation
RP94: 22/12/2009 9:42:30 AM - Windows Defender Checkpoint
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Combined Community Codec Pack 2009-09-09
Compatibility Pack for the 2007 Office system
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card Utility
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) TV Wizard
Java(TM) 6 Update 13
Junk Mail filter update
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSVCRT
NOD32 antivirus system
NOD32 FiX
PowerDVD DX
QuickSet
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb976884)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
==== Event Viewer Messages From Past Week ========
22/12/2009 9:40:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SupportSoft Sprocket Service (DellSupportCenter) service to connect.
22/12/2009 9:16:50 AM, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s).
21/12/2009 8:37:13 PM, Error: VDS Dynamic Provider [10] - The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505
21/12/2009 6:07:09 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
==== End Of File ===========================
Bugbatter
3 Apprentice
•
20.5K Posts
0
December 22nd, 2009 13:00
Let's run a scan with MBAM. * If you are unable to download or install MBAM on your computer, see if you can use a friend's or family member's computer to download MBAM. Use the update link mentioned below to manually update. Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "lookinhere.exe". Copy the installer file and the update file to a CD or flash drive. Transfer the files to the infected computer. Install the "lookinhere.exe" file, then run the update so that you will have the current definitions. After that, run a full system scan and select to have the program REMOVE whatever it finds.
alternate download link 1
alternate download link 2
MBAM will automatically start and you will be asked to update the program before performing a scan.
and just double-click on mbam-rules.exe to install.
Alternatively, you can update through MBAM's interface from a clean computer,
copy the definitions (rules.ref) located in
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes'
Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
Back at the main Scanner screen:
Note:-- If MBAM encounters a file that is difficult to remove,
you may be asked to reboot your computer so it can proceed with the disinfection process.
Regardless if prompted to restart the computer or not, please do so immediately.
Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
-- MBAM may make changes to your registry as part of its disinfection routine.
If you're using other security programs that detect registry changes (like Spybot's Teatimer),
they may interfere with the fix or alert you after scanning with MBAM.
Please disable such programs until disinfection is complete or permit them to allow the changes.
**If you need to re-install MBAM but encounter issue in re-installing, try using the MBAM Cleanup Utility by downloading it from HERE
lkim
3 Posts
0
December 22nd, 2009 15:00
I have removed all viruses/infections on my laptop with the help of my brother, but thanks for all of the help!
Bugbatter
3 Apprentice
•
20.5K Posts
0
December 22nd, 2009 16:00
Glad to hear that you removed all of them.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version Java components and update.
Close Add/Remove.
* In Windows Explorer, navigate to C:\Program Files\Java =this folder. Delete any subfolders.
* Do NOT delete C:\Program Files\ JavaVM =this folder, if found!
Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
To disable the JQS service if you don't want to use it:
* Go to Start-->Control Panel-->Java-->Advanced-->Miscellaneous and uncheck the box for Java Quick Starter.
* Click Ok and reboot your computer.
Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.
If you have used Malwarebytes' Anti-Malware as part of your cleaning procedures, keep it updated and use it to scan every so often for malware, or upgrade to the paid version for realtime scanning and auto updating.
The following suggestions are general prevention and are not customized for your computer. You may have already taken some of these steps, and depending on your current security, you may not need to implement all of these:
1. Visit Microsoft Update: Make sure that you have all the Critical Updates recommended for your operating system, Office, and IE. The first defense against infection is a properly patched OS from Microsoft Update at update.microsoft.com. More info HERE.
2. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.
3.You might consider installing Mozilla / Firefox.
http://www.mozilla.com/en-US/
4. Do not use file sharing. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.
5. Before using or purchasing any Spyware/Malware protection/removal program, always check the following Rogue/Suspect Spyware Lists. http://www.spywarewarrior.com/rogue_anti-spyware.htm http://www.malwarebytes.org/database.php
6. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/ ** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.
7.Web Of Trust , uses colored alerts to warn about risky websites warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
There is a Web Of Trust version for Firefox as well.
8. You might consider installing SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
It will:
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
Restrict the actions of potentially unwanted sites in Internet Explorer.
Tutorial here:http://www.bleepingcomputer.com/forums/tutorial49.html
Periodically check for updates
9. Here are some helpful articles:
"How did I get infected?"
http://www.bleepingcomputer.com/forums/topic2520.html
"I'm not pulling your leg, honest"
by Sandi Hardmeier
http://www.microsoft.com/windows/IE/community/columns/pulling.mspx
NOTE: The issue has been resolved, so this thread is now closed.
Everyone else who is having a similar issue, please begin a New Message at the top of the forum.