PDA

View Full Version : Need Help again I'm afraid :(


touchthesky
10-07-09, 17:25
Dunno whats up with my pc..I havent changed my security settings..this has happened since i downloaded a new anti-virus thingy...which i just deleted from the pc but this is still coming up

http://i28.************/2wmkwua.jpg

For the following sites:
bebo
twitter
myspace
photobucket
amazon.

sorry this is all a bit jumbled.

any idea how to get my twitter back :(

So much is wrong with this PC at the moment..another warning keeps popping up as well..I'll print screen it when its next up

EscondeR
10-07-09, 18:12
Run ARDiag.exe (http://www.tombraiderhub.com/download/ardiag.exe) and post the report. Seems you have downloaded and installed fake antivirus software - i.e. malware itself.

touchthesky
10-07-09, 18:33
Okay thanks its running..it looks like it might take a while though. Edit; it wont work..it keeps just ending and coming up with a blank notepad document?

I managed to get a screengrab of the other problem

http://i27.************/30x7okz.jpg

Oh and when I try to go to my homepage I get this;

Redirect Loop


Redirection limit for this URL exceeded. Unable to load the requested page. This may be caused by cookies that are blocked.

The browser has stopped trying to retrieve the requested item. The site is

redirecting the request in a way that will never complete.




* Have you disabled or blocked cookies required by this site?


* NOTE: If accepting the site's cookies does not resolve the problem, it is probably a server configuration

issue and not your computer.



:(

EscondeR
10-07-09, 18:40
Boot your PC in Safe mode (press F8 at boot then choose from menu), then run ARDiag.exe again. Ensure you have run it As Administrator. Must work this time.

touchthesky
10-07-09, 18:55
Okay thanks, got it;

Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------



Program:
"Dynamic Virus Protection"
Publisher:
"(Verified) Authentium inc"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
dvpapi
Program path & name:
"c:\program files\common files\authentium\antivirus\dvpapi.exe"
Enabled: [V]


Program:
"Manages the event trace messages for all the components of Intel(R) PROSet/Wireless software."
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
EvtEng
Program path & name:
"c:\program files\intel\wireless\bin\evteng.exe"
Enabled: [V]


Program:
N/A
Publisher:
"(Verified) iolo technologies LLC"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ioloFileInfoList
Program path & name:
"c:\program files\iolo\common\lib\ioloservicemanager.exe"
Enabled: [V]


Program:
N/A
Publisher:
"(Verified) iolo technologies LLC"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ioloSystemService
Program path & name:
"c:\program files\iolo\common\lib\ioloservicemanager.exe"
Enabled: [V]


Program:
"MrHealthy Application"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
MrHealthyService
Program path & name:
"c:\program files\norton pc checkup\executables\mrhealthy\mrhealthy.exe"
Enabled: [V]


Program:
"SQL Server Windows NT"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
MSSQL$VAIO_VEDB
Program path & name:
"c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe"
Enabled: [V]


Program:
"Intel(R) PROSet/Wireless Registry Service"
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
RegSrvc
Program path & name:
"c:\program files\intel\wireless\bin\regsrvc.exe"
Enabled: [V]


Program:
"Wireless Management Service for Intel(R) PROSet/Wireless"
Publisher:
"(Not verified) Intel Corporation "
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
S24EventMonitor
Program path & name:
"c:\program files\intel\wireless\bin\s24evmon.exe"
Enabled: [V]


Program:
"Provides the hardware event managing service for VAIO. During termination of this service
Publisher:
some fuctions such as Special button Hotkey and VAIO original powermanagement are limited."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
VAIO Event Service
Program path & name:
"(Not verified) Sony Corporation""c:\program files\sony\vaio event service\vesmgr.exe"
Enabled: [V]


Program:
"Ensures Viewpoint 3D and Rich Media Technologies are up to date"
Publisher:
"(Not verified) Viewpoint Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Viewpoint Manager Service
Program path & name:
"c:\program files\viewpoint\common\viewpointservice.exe"
Enabled: [V]


Program:
"VAIO Entertainment Database Service"
Publisher:
"(Not verified) Sony Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
VzCdbSvc
Program path & name:
"c:\program files\common files\sony shared\vaio entertainment platform\vzcdb\vzcdbsvc.exe"
Enabled: [V]


Program:
"VAIO Entertainment File Import Service"
Publisher:
"(Not verified) Sony Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
VzFw
Program path & name:
"c:\program files\common files\sony shared\vaio entertainment platform\vzcdb\vzfw.exe"
Enabled: [V]


Program:
"AEGIS Protocol (IEEE 802.1x) v3.5.3.0"
Publisher:
"(Not verified) Meetinghouse Data Communications"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AegisP
Program path & name:
"c:\windows\system32\drivers\aegisp.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BT
Program path & name:
File not found: system32\DRIVERS\btnetdrv.sys"
Enabled: [V]


Program:
"Bluetooth HID BUS Driver"
Publisher:
"(Verified) IVT SOFTWARE TECHNOLOGY Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BtHidBus
Program path & name:
"c:\windows\system32\drivers\bthidbus.sys"
Enabled: [V]


Program:
"CSS-DVP"
Publisher:
"(Verified) Authentium inc"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
CSS DVP
Program path & name:
"c:\windows\system32\drivers\css-dvp.sys"
Enabled: [V]


Program:
"Device Driver"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
DRVMCDB
Program path & name:
"c:\windows\system32\drivers\drvmcdb.sys"
Enabled: [V]


Program:
"IVT Bluetooth Bus Device Driver"
Publisher:
"(Verified) IVT SOFTWARE TECHNOLOGY Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IvtBtBUs
Program path & name:
"c:\windows\system32\drivers\ivtbtbus.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
oreans32
Program path & name:
c:\windows\system32\drivers\oreans32.sys"
Enabled: [V]


Program:
"low level access layer for CD/DVD/BD devices"
Publisher:
"(Not verified) VSO Software"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
pcouffin
Program path & name:
"c:\windows\system32\drivers\pcouffin.sys"
Enabled: [V]


Program:
"Padus(R) ASPI Shell"
Publisher:
"(Not verified) Padus Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
pfc
Program path & name:
"c:\windows\system32\drivers\pfc.sys"
Enabled: [V]


Program:
"Px Engine Device Driver for Windows 2000/XP"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PxHelp20
Program path & name:
"c:\windows\system32\drivers\pxhelp20.sys"
Enabled: [V]


Program:
"WLAN Transport"
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
s24trans
Program path & name:
"c:\windows\system32\drivers\s24trans.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SCREAMINGBDRIVER
Program path & name:
File not found: system32\drivers\ScreamingBAudio.sys"
Enabled: [V]


Program:
"Universal Serial Bus Camera Driver"
Publisher:
"(Not verified) Service & Quality Technology."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SQTECH905C
Program path & name:
"c:\windows\system32\drivers\capt905c.sys"
Enabled: [V]


Program:
"Symantec Core Component"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
symlcbrd
Program path & name:
"c:\windows\system32\drivers\symlcbrd.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
VComm
Program path & name:
File not found: system32\DRIVERS\VComm.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
VcommMgr
Program path & name:
File not found: System32\Drivers\VcommMgr.sys"
Enabled: [V]


Program:
"iolo Firewall Kernel Module"
Publisher:
"(Not verified) iolo technologies LLC"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
XPacket
Program path & name:
"c:\windows\system32\xpacket.sys"
Enabled: [V]


Program:
"VAIO Event Service (Winlogon Notification Module)"
Publisher:
"(Not verified) Sony Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
VESWinlogon
Program path & name:
"c:\windows\system32\veswinlogon.dll"
Enabled: [V]


Program:
"VAIO Original Screen Saver MFC Application"
Publisher:
"(Not verified) Sony Corporation"
Entry path:
HKCU\Control Panel\Desktop\Scrnsave.exe
Entry name:
C:\WINDOWS\System32\vaiomov.scr
Program path & name:
"c:\windows\system32\vaiomov.scr"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
VSockets Library over [MSAFD Tcpip [TCP/IP]]
Program path & name:
c:\windows\system32\winhelper.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
iolo AntiVirus LSP over [MSAFD Tcpip [TCP/IP]]
Program path & name:
c:\windows\system32\iavlsp.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
iolo AntiVirus LSP over [MSAFD Tcpip [UDP/IP]]
Program path & name:
c:\windows\system32\iavlsp.dll"
Enabled: [V]


Program:
"Winsock Hook Module"
Publisher:
"(Not verified) iolo technologies LLC"
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
MSAFD Tcpip [TCP/IP]
Program path & name:
"c:\program files\iolo\common\firewall\ifw_xfilter.dll"
Enabled: [V]


Program:
"Winsock Hook Module"
Publisher:
"(Not verified) iolo technologies LLC"
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
MSAFD Tcpip [UDP/IP]
Program path & name:
"c:\program files\iolo\common\firewall\ifw_xfilter.dll"
Enabled: [V]


Program:
"Winsock Hook Module"
Publisher:
"(Not verified) iolo technologies LLC"
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
MSAFD Tcpip [RAW/IP]
Program path & name:
"c:\program files\iolo\common\firewall\ifw_xfilter.dll"
Enabled: [V]


Program:
"Winsock Hook Module"
Publisher:
"(Not verified) iolo technologies LLC"
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
RSVP UDP Service Provider
Program path & name:
"c:\program files\iolo\common\firewall\ifw_xfilter.dll"
Enabled: [V]


Program:
"Winsock Hook Module"
Publisher:
"(Not verified) iolo technologies LLC"
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
RSVP TCP Service Provider
Program path & name:
"c:\program files\iolo\common\firewall\ifw_xfilter.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
iolo AntiVirus LSP
Program path & name:
c:\windows\system32\iavlsp.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
VSockets Library
Program path & name:
c:\windows\system32\winhelper.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Entry name:
C:\WINDOWS\system32\win32avs.exe
Program path & name:
c:\windows\system32\win32avs.exe"
Enabled: [V]


Program:
"Azalia Mixer Selector"
Publisher:
"(Not verified) Realtek Semiconductor Corp."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AzMixerSel
Program path & name:
"c:\program files\realtek\installshield\azmixersel.exe"
Enabled: [V]


Program:
"SPM Module"
Publisher:
"(Not verified) Sony Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SonyPowerCfg
Program path & name:
"c:\program files\sony\vaio power management\spmgr.exe"
Enabled: [V]


Program:
N/A
Publisher:
"(Not verified) Sony Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
ISBMgr.exe
Program path & name:
"c:\program files\sony\isb utility\isbmgr.exe"
Enabled: [V]


Program:
"Wireless Switch Setting Utility"
Publisher:
"(Not verified) Sony Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Switcher.exe
Program path & name:
"c:\program files\sony\wireless switch setting utility\switcher.exe"
Enabled: [V]


Program:
"VAIO Update"
Publisher:
"(Verified) Sony Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
VAIO Update 3
Program path & name:
"c:\program files\sony\vaio update 3\vaioupdt.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Microsoft Works Update Detection
Program path & name:
File not found: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
Enabled: [V]


Program:
"Drive Letter Access Component"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
DLA
Program path & name:
"c:\windows\system32\dla\dlactrlw.exe"
Enabled: [V]


Program:
"Prepare your VAIO"
Publisher:
"(Not verified) Sony Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
PrepareYourVAIO
Program path & name:
"c:\program files\sony\prepare your vaio\pyvalert.exe"
Enabled: [V]


Program:
N/A
Publisher:
"(Verified) iolo technologies LLC"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
iolo AntiVirus
Program path & name:
"c:\program files\iolo\system mechanic professional\antivirus\ioloav.exe"
Enabled: [V]


Program:
"NeroCheck"
Publisher:
"(Not verified) Ahead Software Gmbh"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NeroCheck
Program path & name:
"c:\windows\system32\nerocheck.exe"
Enabled: [V]


Program:
N/A
Publisher:
"(Verified) iolo technologies LLC"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
iolo Personal Firewall
Program path & name:
"c:\program files\iolo\system mechanic professional\personal firewall\iolofw.exe"
Enabled: [V]


Program:
"YAMAHA MidRadio Control"
Publisher:
"(Not verified) YAMAHA CORPORATION"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
text/x-mrml
Program path & name:
"c:\program files\common files\a&w\midradio.ocx"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
0
Program path & name:
File not found: About:Home"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad
Entry name:
WPDShServiceObj
Program path & name:
File not found: CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32"
Enabled: [V]


Program:
"Norton PC Checkup Application"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
Task Scheduler
Entry name:
Norton PC Checkup Weekday Scanner.job
Program path & name:
"c:\program files\norton pc checkup\pc_checkup.exe"
Enabled: [V]


Program:
"Norton PC Checkup Application"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
Task Scheduler
Entry name:
Norton PC Checkup Weekend Scanner.job
Program path & name:
"c:\program files\norton pc checkup\pc_checkup.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
Task Scheduler
Entry name:
{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
Program path & name:
c:\windows\temp\tempo-3819281.tmp"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
Task Scheduler
Entry name:
{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
Program path & name:
c:\documents and settings\doug\local settings\temp\b.exe"
Enabled: [V]


Program:
"Adobe Acrobat IE Helper Version 7.0 for ActiveX"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
AcroIEHlprObj Class
Program path & name:
"c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll"
Enabled: [V]


Program:
"SBSD IE Protection"
Publisher:
"(Verified) Safer Networking Ltd."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Spybot-S&D IE Protection
Program path & name:
"c:\program files\spybot - search & destroy\sdhelper.dll"
Enabled: [V]


Program:
"Drive Letter Access Component"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
DriveLetterAccess
Program path & name:
"c:\windows\system32\dla\dlashx_w.dll"
Enabled: [V]


Program:
"Java(TM) 2 Platform Standard Edition binary"
Publisher:
"(Not verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SSVHelper Class
Program path & name:
"c:\program files\java\jre1.5.0_06\bin\ssv.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Display Panning CPL Extension
Program path & name:
File not found: deskpan.dll"
Enabled: [V]


Program:
"SPM Panel"
Publisher:
"(Not verified) Sony Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Sony Power Management Extensiond
Program path & name:
"c:\program files\sony\vaio power management\spmpanel.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinRAR shell extension
Program path & name:
c:\program files\winrar\rarext.dll"
Enabled: [V]


Program:
"Drive Letter Access Component"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
DriveLetterAccess
Program path & name:
"c:\windows\system32\dla\dlashx_w.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Haali Column Provider
Program path & name:
c:\windows\system32\mmfinfo.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Haali Matroska Shell Property Page
Program path & name:
c:\windows\system32\mmfinfo.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Haali Matroska Thumbnail Exctractor
Program path & name:
c:\windows\system32\mmfinfo.dll"
Enabled: [V]


Program:
"Nero Digital Shell Extension"
Publisher:
"(Not verified) Nero AG"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
NeroDigitalIconHandler
Program path & name:
"c:\program files\common files\ahead\lib\nerodigitalext.dll"
Enabled: [V]


Program:
"Nero Digital Shell Extension"
Publisher:
"(Not verified) Nero AG"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
NeroDigitalPropSheetHandler
Program path & name:
"c:\program files\common files\ahead\lib\nerodigitalext.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
Haali Column Provider
Program path & name:
c:\windows\system32\mmfinfo.dll"
Enabled: [V]


Program:
"Nero Digital Shell Extension"
Publisher:
"(Not verified) Nero AG"
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
NeroDigitalColumnHandler Class
Program path & name:
"c:\program files\common files\ahead\lib\nerodigitalext.dll"
Enabled: [V]


Program:
"PDF Shell Extension"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll"
Enabled: [V]

EscondeR
10-07-09, 19:37
1. Download Autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx).

2. Reboot in Sfae mode again.

3. Run Autoruns, let it finish scanning. Then completely delete the following entries:


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BT
Program path & name:
File not found: system32\DRIVERS\btnetdrv.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
oreans32
Program path & name:
c:\windows\system32\drivers\oreans32.sys"
Enabled: [V] - TROJAN VIRUS!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SCREAMINGBDRIVER
Program path & name:
File not found: system32\drivers\ScreamingBAudio.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
VComm
Program path & name:
File not found: system32\DRIVERS\VComm.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
VcommMgr
Program path & name:
File not found: System32\Drivers\VcommMgr.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Entry name:
C:\WINDOWS\system32\win32avs.exe
Program path & name:
c:\windows\system32\win32avs.exe"
Enabled: [V] - VIRUS!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Microsoft Works Update Detection
Program path & name:
File not found: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
Enabled: [V]


Program:
"NeroCheck"
Publisher:
"(Not verified) Ahead Software Gmbh"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NeroCheck
Program path & name:
"c:\windows\system32\nerocheck.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad
Entry name:
WPDShServiceObj
Program path & name:
File not found: CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32"
Enabled: [V]


Program:
"Norton PC Checkup Application"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
Task Scheduler
Entry name:
Norton PC Checkup Weekday Scanner.job
Program path & name:
"c:\program files\norton pc checkup\pc_checkup.exe"
Enabled: [V]


Program:
"Norton PC Checkup Application"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
Task Scheduler
Entry name:
Norton PC Checkup Weekend Scanner.job
Program path & name:
"c:\program files\norton pc checkup\pc_checkup.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
Task Scheduler
Entry name:
{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
Program path & name:
c:\windows\temp\tempo-3819281.tmp"
Enabled: [V] - VIRUS!


Program:
N/A
Publisher:
N/A
Entry path:
Task Scheduler
Entry name:
{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
Program path & name:
c:\documents and settings\doug\local settings\temp\b.exe" - VIRUS!
Enabled: [V]


4. Reboot in Normal mode.

5. Completely uninstall all Norton/Symantec, Iolo, Authentium crap, as this so called software only clogs your resources, protects you not.

6. Install Zone Alarm (http://www.zonealarm.com/security/en-us/home.htm) firewall and some decent antivirus - I recommend Kaspersky Antivirus 2009 (or at least free alternative AVZ, AVG or Avast!).

touchthesky
11-07-09, 10:21
Okay I've done everything you said, thanks :).

Unfortunately, the sites are still coming up as restricted? Do I need to change my security settings on firefox?

dox online
11-07-09, 18:27
What 'antivirus' was this?
Try running a scan with Spyware doctor (http://www.pctools.com/spyware-doctor/) and SUPERAntiSpyware (http://superantispyware.com/) Then post the results.
Also use Avira (http://www.free-av.com) for the future, the free version is good but the paid version is also good value as it is very cheap.

EscondeR
12-07-09, 15:46
Do I need to change my security settings on firefox?

Try setting FF preferences to Default values. Deactivate FF addons you have installed.

@ dox online: Please, read the thread before posting. The virus was located and supposingly eliminated (all necessary info privided), no need to install even more resource consuming software.
As for Avira/Avast/etc of that kind - they are futile dealing even with Confiker worm, won't be of any good, if one can afford Kaspersky or at least Dr.Web.

touchthesky
12-07-09, 15:52
Sorry to be a pest here..I've disabled the addons but how do I set it to default :o?

dox online
12-07-09, 15:57
@ dox online: Please, read the thread before posting. The virus was located and supposingly eliminated (all necessary info privided), no need to install even more resource consuming software.
As for Avira/Avast/etc of that kind - they are futile dealing even with Confiker worm, won't be of any good, if one can afford Kaspersky or at least Dr.Web.Avira is better than AVG or avast!, both of which are very poor products.

Sorry to be a pest here..I've disabled the addons but how do I set it to default :o?
I wouldn't rely on disabling the addons, they almost always come back for more.

EscondeR
12-07-09, 16:05
What exactrly addons, extensions and plugins do you have?

touchthesky
12-07-09, 17:31
Downthemall!
Personas for firefox!
Yahoo! Toolbar.

EscondeR
13-07-09, 05:43
Please rerun ARDiag.exe (http://www.tombraiderhub.com/download/ardiag.exe) and post the new report. Let's see if you have got rid of the pests successfully :)

touchthesky
14-07-09, 09:38
Heres the report;

Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------



Program:
"Dynamic Virus Protection"
Publisher:
"(Verified) Authentium inc"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
dvpapi
Program path & name:
"c:\program files\common files\authentium\antivirus\dvpapi.exe"
Enabled: [V]


Program:
"Manages the event trace messages for all the components of Intel(R) PROSet/Wireless software."
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
EvtEng
Program path & name:
"c:\program files\intel\wireless\bin\evteng.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ioloFileInfoList
Program path & name:
File not found: C:\Program Files\iolo\common\lib\ioloServiceManager.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ioloSystemService
Program path & name:
File not found: C:\Program Files\iolo\common\lib\ioloServiceManager.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ITGrdEngine
Program path & name:
c:\documents and settings\doug\local settings\application data\microsoft\windows\services.exe"
Enabled: [V]


Program:
"SQL Server Windows NT"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
MSSQL$VAIO_VEDB
Program path & name:
"c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe"
Enabled: [V]


Program:
"Intel(R) PROSet/Wireless Registry Service"
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
RegSrvc
Program path & name:
"c:\program files\intel\wireless\bin\regsrvc.exe"
Enabled: [V]


Program:
"Wireless Management Service for Intel(R) PROSet/Wireless"
Publisher:
"(Not verified) Intel Corporation "
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
S24EventMonitor
Program path & name:
"c:\program files\intel\wireless\bin\s24evmon.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
sfx
Program path & name:
c:\program files\sfx\sfx.dll"
Enabled: [V]


Program:
"Provides the hardware event managing service for VAIO. During termination of this service
Publisher:
some fuctions such as Special button Hotkey and VAIO original powermanagement are limited."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
VAIO Event Service
Program path & name:
"(Not verified) Sony Corporation""c:\program files\sony\vaio event service\vesmgr.exe"
Enabled: [V]


Program:
"Ensures Viewpoint 3D and Rich Media Technologies are up to date"
Publisher:
"(Not verified) Viewpoint Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Viewpoint Manager Service
Program path & name:
"c:\program files\viewpoint\common\viewpointservice.exe"
Enabled: [V]


Program:
"VAIO Entertainment Database Service"
Publisher:
"(Not verified) Sony Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
VzCdbSvc
Program path & name:
"c:\program files\common files\sony shared\vaio entertainment platform\vzcdb\vzcdbsvc.exe"
Enabled: [V]


Program:
"VAIO Entertainment File Import Service"
Publisher:
"(Not verified) Sony Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
VzFw
Program path & name:
"c:\program files\common files\sony shared\vaio entertainment platform\vzcdb\vzfw.exe"
Enabled: [V]


Program:
"AEGIS Protocol (IEEE 802.1x) v3.5.3.0"
Publisher:
"(Not verified) Meetinghouse Data Communications"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AegisP
Program path & name:
"c:\windows\system32\drivers\aegisp.sys"
Enabled: [V]


Program:
"Bluetooth HID BUS Driver"
Publisher:
"(Verified) IVT SOFTWARE TECHNOLOGY Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BtHidBus
Program path & name:
"c:\windows\system32\drivers\bthidbus.sys"
Enabled: [V]


Program:
"CSS-DVP"
Publisher:
"(Verified) Authentium inc"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
CSS DVP
Program path & name:
"c:\windows\system32\drivers\css-dvp.sys"
Enabled: [V]


Program:
"Device Driver"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
DRVMCDB
Program path & name:
"c:\windows\system32\drivers\drvmcdb.sys"
Enabled: [V]


Program:
"IVT Bluetooth Bus Device Driver"
Publisher:
"(Verified) IVT SOFTWARE TECHNOLOGY Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IvtBtBUs
Program path & name:
"c:\windows\system32\drivers\ivtbtbus.sys"
Enabled: [V]


Program:
"low level access layer for CD/DVD/BD devices"
Publisher:
"(Not verified) VSO Software"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
pcouffin
Program path & name:
"c:\windows\system32\drivers\pcouffin.sys"
Enabled: [V]


Program:
"Padus(R) ASPI Shell"
Publisher:
"(Not verified) Padus Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
pfc
Program path & name:
"c:\windows\system32\drivers\pfc.sys"
Enabled: [V]


Program:
"Px Engine Device Driver for Windows 2000/XP"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PxHelp20
Program path & name:
"c:\windows\system32\drivers\pxhelp20.sys"
Enabled: [V]


Program:
"WLAN Transport"
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
s24trans
Program path & name:
"c:\windows\system32\drivers\s24trans.sys"
Enabled: [V]


Program:
"Universal Serial Bus Camera Driver"
Publisher:
"(Not verified) Service & Quality Technology."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SQTECH905C
Program path & name:
"c:\windows\system32\drivers\capt905c.sys"
Enabled: [V]


Program:
"Symantec Core Component"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
symlcbrd
Program path & name:
"c:\windows\system32\drivers\symlcbrd.sys"
Enabled: [V]


Program:
"VAIO Event Service (Winlogon Notification Module)"
Publisher:
"(Not verified) Sony Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
VESWinlogon
Program path & name:
"c:\windows\system32\veswinlogon.dll"
Enabled: [V]


Program:
"VAIO Original Screen Saver MFC Application"
Publisher:
"(Not verified) Sony Corporation"
Entry path:
HKCU\Control Panel\Desktop\Scrnsave.exe
Entry name:
C:\WINDOWS\System32\vaiomov.scr
Program path & name:
"c:\windows\system32\vaiomov.scr"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
VSockets Library over [MSAFD Tcpip [TCP/IP]]
Program path & name:
c:\windows\system32\winhelper.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
iolo AntiVirus LSP over [MSAFD Tcpip [TCP/IP]]
Program path & name:
c:\windows\system32\iavlsp.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
iolo AntiVirus LSP over [MSAFD Tcpip [UDP/IP]]
Program path & name:
c:\windows\system32\iavlsp.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
iolo AntiVirus LSP
Program path & name:
c:\windows\system32\iavlsp.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
VSockets Library
Program path & name:
c:\windows\system32\winhelper.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Entry name:
C:\WINDOWS\system32\win32avs.exe
Program path & name:
c:\windows\system32\win32avs.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Entry name:
C:\WINDOWS\system32\twext.exe
Program path & name:
c:\windows\system32\twext.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Entry name:
C:\WINDOWS\system32\sdra64.exe
Program path & name:
c:\windows\system32\sdra64.exe"
Enabled: [V]


Program:
"Azalia Mixer Selector"
Publisher:
"(Not verified) Realtek Semiconductor Corp."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AzMixerSel
Program path & name:
"c:\program files\realtek\installshield\azmixersel.exe"
Enabled: [V]


Program:
"SPM Module"
Publisher:
"(Not verified) Sony Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SonyPowerCfg
Program path & name:
"c:\program files\sony\vaio power management\spmgr.exe"
Enabled: [V]


Program:
N/A
Publisher:
"(Not verified) Sony Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
ISBMgr.exe
Program path & name:
"c:\program files\sony\isb utility\isbmgr.exe"
Enabled: [V]


Program:
"Wireless Switch Setting Utility"
Publisher:
"(Not verified) Sony Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Switcher.exe
Program path & name:
"c:\program files\sony\wireless switch setting utility\switcher.exe"
Enabled: [V]


Program:
"VAIO Update"
Publisher:
"(Verified) Sony Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
VAIO Update 3
Program path & name:
"c:\program files\sony\vaio update 3\vaioupdt.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Microsoft Works Update Detection
Program path & name:
File not found: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
Enabled: [V]


Program:
"Drive Letter Access Component"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
DLA
Program path & name:
"c:\windows\system32\dla\dlactrlw.exe"
Enabled: [V]


Program:
"Prepare your VAIO"
Publisher:
"(Not verified) Sony Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
PrepareYourVAIO
Program path & name:
"c:\program files\sony\prepare your vaio\pyvalert.exe"
Enabled: [V]


Program:
"NeroCheck"
Publisher:
"(Not verified) Ahead Software Gmbh"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NeroCheck
Program path & name:
"c:\windows\system32\nerocheck.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
iolo AntiVirus
Program path & name:
File not found: C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
iolo Personal Firewall
Program path & name:
File not found: C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
brastia
Program path & name:
c:\windows\system32\brastia.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
sysldtray
Program path & name:
c:\windows\ld12.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
pp
Program path & name:
c:\windows\pp10.exe"
Enabled: [V]


Program:
"YAMAHA MidRadio Control"
Publisher:
"(Not verified) YAMAHA CORPORATION"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
text/x-mrml
Program path & name:
"c:\program files\common files\a&w\midradio.ocx"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
0
Program path & name:
File not found: About:Home"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad
Entry name:
WPDShServiceObj
Program path & name:
File not found: CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
Task Scheduler
Entry name:
{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
Program path & name:
c:\windows\temp\tempo-3819281.tmp"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
Task Scheduler
Entry name:
{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
Program path & name:
c:\documents and settings\doug\local settings\temp\b.exe"
Enabled: [V]


Program:
"Adobe Acrobat IE Helper Version 7.0 for ActiveX"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
AcroIEHlprObj Class
Program path & name:
"c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll"
Enabled: [V]


Program:
"Drive Letter Access Component"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
DriveLetterAccess
Program path & name:
"c:\windows\system32\dla\dlashx_w.dll"
Enabled: [V]


Program:
"Java(TM) 2 Platform Standard Edition binary"
Publisher:
"(Not verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SSVHelper Class
Program path & name:
"c:\program files\java\jre1.5.0_06\bin\ssv.dll"
Enabled: [V]


Program:
"IE addon"
Publisher:
"(Not verified) EuroGroup"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
MSN helper
Program path & name:
"c:\windows\system32\spnmld.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Display Panning CPL Extension
Program path & name:
File not found: deskpan.dll"
Enabled: [V]


Program:
"SPM Panel"
Publisher:
"(Not verified) Sony Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Sony Power Management Extensiond
Program path & name:
"c:\program files\sony\vaio power management\spmpanel.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinRAR shell extension
Program path & name:
c:\program files\winrar\rarext.dll"
Enabled: [V]


Program:
"Drive Letter Access Component"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
DriveLetterAccess
Program path & name:
"c:\windows\system32\dla\dlashx_w.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Haali Column Provider
Program path & name:
c:\windows\system32\mmfinfo.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Haali Matroska Shell Property Page
Program path & name:
c:\windows\system32\mmfinfo.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Haali Matroska Thumbnail Exctractor
Program path & name:
c:\windows\system32\mmfinfo.dll"
Enabled: [V]


Program:
"Nero Digital Shell Extension"
Publisher:
"(Not verified) Nero AG"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
NeroDigitalIconHandler
Program path & name:
"c:\program files\common files\ahead\lib\nerodigitalext.dll"
Enabled: [V]


Program:
"Nero Digital Shell Extension"
Publisher:
"(Not verified) Nero AG"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
NeroDigitalPropSheetHandler
Program path & name:
"c:\program files\common files\ahead\lib\nerodigitalext.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
Haali Column Provider
Program path & name:
c:\windows\system32\mmfinfo.dll"
Enabled: [V]


Program:
"Nero Digital Shell Extension"
Publisher:
"(Not verified) Nero AG"
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
NeroDigitalColumnHandler Class
Program path & name:
"c:\program files\common files\ahead\lib\nerodigitalext.dll"
Enabled: [V]


Program:
"PDF Shell Extension"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll"
Enabled: [V]




Unfortnately, the PC has become even more goosed since then...An antivirus thing downloaded itself and keeps disabling the internet/not allowing me onto firefox, and random noises about cooking keep coming from the speakers.

I really hope this can be sorted. :(

Thanks for all your help so far.

scremanie
14-07-09, 09:53
what's Avira? I have Avast and its pure awesomeness :D

sorry I cant help you :( I fail at computer stuff..


please don't smite me EscondeR.. I just wanted to see what Avira was :o

EscondeR
14-07-09, 10:18
Okay I've done everything you said, thanks :).


Yet really?!!

What about those:

Program:
"Dynamic Virus Protection"
Publisher:
"(Verified) Authentium inc"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
dvpapi
Program path & name:
"c:\program files\common files\authentium\antivirus\dvpapi.exe"
Enabled: [V] - CRAPWARE!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ioloFileInfoList
Program path & name:
File not found: C:\Program Files\iolo\common\lib\ioloServiceManager.exe"
Enabled: [V] - CRAPWARE!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ioloSystemService
Program path & name:
File not found: C:\Program Files\iolo\common\lib\ioloServiceManager.exe"
Enabled: [V] - CRAPWARE!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ITGrdEngine
Program path & name:
c:\documents and settings\doug\local settings\application data\microsoft\windows\services.exe"
Enabled: [V] - VIRUS!!!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
sfx
Program path & name:
c:\program files\sfx\sfx.dll"
Enabled: [V] - VIRUS!!!


Program:
"CSS-DVP"
Publisher:
"(Verified) Authentium inc"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
CSS DVP
Program path & name:
"c:\windows\system32\drivers\css-dvp.sys"
Enabled: [V] - CRAPWARE!


Program:
"Symantec Core Component"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
symlcbrd
Program path & name:
"c:\windows\system32\drivers\symlcbrd.sys"
Enabled: [V] - CRAPWARE!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
VSockets Library over [MSAFD Tcpip [TCP/IP]]
Program path & name:
c:\windows\system32\winhelper.dll"
Enabled: [V] - CRAPWARE!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
iolo AntiVirus LSP over [MSAFD Tcpip [TCP/IP]]
Program path & name:
c:\windows\system32\iavlsp.dll"
Enabled: [V] - CRAPWARE!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
iolo AntiVirus LSP over [MSAFD Tcpip [UDP/IP]]
Program path & name:
c:\windows\system32\iavlsp.dll"
Enabled: [V] - CRAPWARE!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
iolo AntiVirus LSP
Program path & name:
c:\windows\system32\iavlsp.dll"
Enabled: [V] - CRAPWARE!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
VSockets Library
Program path & name:
c:\windows\system32\winhelper.dll"
Enabled: [V] - CRAPWARE!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Entry name:
C:\WINDOWS\system32\win32avs.exe
Program path & name:
c:\windows\system32\win32avs.exe"
Enabled: [V] - VIRUS!!!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Entry name:
C:\WINDOWS\system32\twext.exe
Program path & name:
c:\windows\system32\twext.exe"
Enabled: [V] - VIRUS!!!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Entry name:
C:\WINDOWS\system32\sdra64.exe
Program path & name:
c:\windows\system32\sdra64.exe"
Enabled: [V] - VIRUS!!!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
brastia
Program path & name:
c:\windows\system32\brastia.exe"
Enabled: [V] - VIRUS!!!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
sysldtray
Program path & name:
c:\windows\ld12.exe"
Enabled: [V] - VIRUS!!!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
pp
Program path & name:
c:\windows\pp10.exe"
Enabled: [V] - VIRUS!!!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad
Entry name:
WPDShServiceObj
Program path & name:
File not found: CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
Task Scheduler
Entry name:
{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
Program path & name:
c:\windows\temp\tempo-3819281.tmp"
Enabled: [V] - VIRUS!!!


Program:
N/A
Publisher:
N/A
Entry path:
Task Scheduler
Entry name:
{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
Program path & name:
c:\documents and settings\doug\local settings\temp\b.exe"
Enabled: [V] - VIRUS!!!


Program:
"IE addon"
Publisher:
"(Not verified) EuroGroup"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
MSN helper
Program path & name:
"c:\windows\system32\spnmld.dll"
Enabled: [V] - CRAPWARE!


You need to follow all my instructions to get rid of those.

1. Download Autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx).

2. Reboot in Safe mode again.

3. Run Autoruns, let it finish scanning. Then completely delete the entries I listed above.

4. Reboot in Normal mode.

5. Completely uninstall all Norton/Symantec, Iolo, Authentium crap, as this so called software only clogs your resources, protects you not.

6. Install Zone Alarm (http://www.zonealarm.com/security/en-us/home.htm) firewall and some decent antivirus - I recommend Kaspersky Antivirus 2009.


------

what's Avira? I have Avast and its pure awesomeness :D


Avast is not that safe as you think. As for Avira - CLICKY (http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html) :)

touchthesky
14-07-09, 10:48
Autoruns wont open in safemode, I tried through Admin and my own login...Any way to sort this?

I am being a pest, I'm sorry.

EscondeR
14-07-09, 11:01
You can do the following:

1. Print the list of crap to remove.

2. Boot from Vista Live CD or Linux distribution.

3. Kill the files mentioned in the list from the drive physically - delete.

4. Reboot normally and perform pos 5 and 6 from the post above.

touchthesky
14-07-09, 11:06
I dont think we have Linux distribution or Vista live CD? Also, no working printer in the house. :/

this is absolutely useless, I know.

Would it be possible to delete the files from normal mode?

EscondeR
14-07-09, 11:19
You can't kill the virus entities while there is a running copy of the virus in your system. Therefore I suggest Safe mode.

Looks like in your case only booting from external safe media can help you, as the virus has Winlogon entries.

Or you can backup your personal data and then reinstall your OS (need to boot from Windows XP installation CD for that and format the whole system drive in process of installation).

touchthesky
14-07-09, 11:21
I think there must be something preventing it opening, because I did try and open it in normal mode and it would not open..

I am really quite computer illiterate, what does

Looks like in your case only booting from external safe media can help you, as the virus has Winlogon entries.

this mean?

EscondeR
14-07-09, 11:32
Try this way:

1. Boot from your XP Installation CD.

2. Choose Clean Install, but don't format the drive - leave it as is (this way you personal data is safe).

3. After the installation is over, DO NOT open any files from your drive.

4. Go right to www.kaspersky.com and download Kaspersky Antivirus 2009.

5. Install it and choose trial license, update the bases.

6. Run full system antivirus scan.

7. When the scan is finished, run ARDiag.exe again and post the new report here.

8. Obviously you will need to reinstall the majority of programs after Clean install of OS.

N.B.: This "trial" version of KAV is valid for 1 month (without further bases updates), if you like the product you can buy full featured license.

touchthesky
15-07-09, 12:41
Thanks Esc, unfortunately we can't find the XP disc, so I think we are just going to give up.

Once we've been to London we are gonna look into buying a new laptop.

Thanks again.

I apologise if it feels like I've wasted your time.

EscondeR
15-07-09, 12:44
Once we've been to London we are gonna look into buying a new laptop.


:eek: Because of the virus... Don't tell me you're serious...

Better look for XP (or Vista at last) distribution.

touchthesky
15-07-09, 13:01
:eek: Because of the virus... Don't tell me you're serious...

Better look for XP (or Vista at last) distribution.

Its not just the Virus. The keys are messed up (the bottom corner pops out at random), the disc drive doesn't work so we have a really ugly external drive for discs, anddd theres barely any memory.

EscondeR
15-07-09, 18:18
Oh... Well then it's a reason :)

Hawke1000
15-07-09, 19:17
Alright Im probably the best person you can find for virus solutions, the most effective solution all viruses/spyware out there, AVIRA Premium Security Suite, I'll provide you with the download link as well as a link from where you can get a free promotional key for a full 3 months, here are the download links:

Avira Premium Security Suite:

http://www.avira.com/en/downloads/avira_premium_security_suite.html

Free Key:

http://www.antivir.com.tr/khas/security/

NOTE: This free key resource is in turkish, don't worry, its a very simple form, the first slot is for "Mr/Mrs", put your surname/last name in the boxes below the first one respectively; enter your e-mail ID in the last box, your key will be sent to you once you've filled the form and clicked the button below the form.

Alright after you've downloaded AVIRA PSS, here's what you do:

1) Install AVIRA (have your key with you), when it prompts for any licence, click, I have the key and browse your key to apply licence, then continue installation.

2)After installation, open AVIRA, click the Configuration button at the top-right corner of the control panel, after the configuration options appear, check the expert mode at the top-left corner.

3)Before clicking anything else, check the "Scan All files" which is right in front of you as soon as you enter the configuration wizard.

4)After that, expand the scanner settings by click the "+" sign besides the scanner option, click scan and set "Scanner Priority" to High, this will let AVIRA scan your computer at the maximum ate (But your processor usage will be high).

5)After that, check the scan for rootkits option at the right of the same screen and uncheck Ignore offline files.

6)Now, expand the scan option and you'll get a list of more options, click Action for concerning files, check Automatic and select quarantine as your primary action (your secondary will be disabled automatically), Im telling you to do this because "Interactive" alarms can be very annoying, with these settings it'll flush out all the "pests" in there and crush them down to nothing in a flash! ;)

7)Thats it, your done, hit Apply and then OK.

8)Scan your ENTIRE SYSTEM (preferably in SAFE MODE, so that all the archives are accessible to AVIRA), do this by clicking Scan system now on the control panel.

Once you've scanned, I gurantee you, there will be NO Viruses or "pests" in your computer! ;)

NOTE: Don't forget to UPDATE AVIRA premium security suite before scanning!

Just for the sake of information and your satisfaction, AVIRA has proven itself as the best AV software in my opnion, I've used almost all AVs out there including: AVG, AVAST!, Kaspersky, NOD32, Norton Anti Virus, Bit Defender, McAfee, Inoculate IT etc, none of them is as good as AVIRA, in terms of atleast the important things, including heuristsics, detection rate etc, AVIRA has also been declared as the BEST ANti Virus of the year 2008, I've read detailed summaries on AVs and have done a lot of research on them, if you need any detailed information, visit www.av-comparatives.org , I hope this helps.

Good Luck! ;)

EscondeR
15-07-09, 21:10
Just for the sake of information and your satisfaction, AVIRA has proven itself as the best AV software in my opnion, I've used almost all AVs out there including: AVG, AVAST!, Kaspersky, NOD32, Norton Anti Virus, Bit Defender, McAfee, Inoculate IT etc, none of them is as good as AVIRA, in terms of atleast the important things, including heuristsics, detection rate etc, AVIRA has also been declared as the BEST ANti Virus of the year 2008, I've read detailed summaries on AVs and have done a lot of research on them, if you need any detailed information, visit www.av-comparatives.org , I hope this helps.


FYI: ^ very questionable source.

Hawke1000
15-07-09, 21:28
FYI: ^ very questionable source.

Might be, its still the most reliable source from what I've seen, you can never be sure about your security with these software, they have their boons and drawbacks, so there really isn't any "source" which cannot be questioned.....

EscondeR
15-07-09, 21:35
Fair enough, BTW any security software is futile, if human factor takes over ;)

Hawke1000
15-07-09, 21:58
Fair enough, BTW any security software is futile, if human factor takes over ;)

Agreed! ;)

touchthesky
16-07-09, 13:02
This is gonna sound like an absolute joke but Hawke neither the product itself OR the key will open.

Something has downloaded itself onto the PC calle internet antivirus pro...:(

I love you, Laptop.

EscondeR
16-07-09, 13:07
^ You mean something has been downloaded when you followed Hawke links???

My advice still - stick to Kaspersky :tmb:

Johnnay
16-07-09, 13:16
Try and use Spybot search and destroy

very good software

touchthesky
16-07-09, 13:22
Try and use Spybot search and destroy

very good software
We had that, and it still allowed this stuff on lol
^ You mean something has been downloaded when you followed Hawke links???

My advice still - stick to Kaspersky :tmb:
No it was before..noticed it yesterday.

I am in shambles.

I'll go to kasperspy.

dox online
16-07-09, 14:56
Try the Dr. Web live cd (http://freedrweb.com/livecd/?lng=en) and the avira bootable antimalware CD (http://dl1.pro.antivir.de/package/rescue_system/common/en/rescue_system-common-en.exe). Dr. Web is in iso format and the avira one is a self unpacking executable.

Hawke1000
16-07-09, 17:30
This is gonna sound like an absolute joke but Hawke neither the product itself OR the key will open.

Something has downloaded itself onto the PC calle internet antivirus pro...:(

I love you, Laptop.

Dang! Alright, try opening it in safe mode, it might work there, you just need to get it installed somehow, once its in there, it'll do its job, if it doesn't work, let me know, once again, once you get it installed, its on par with kaspersky or any other anti-malware out there.

Hawke1000
16-07-09, 17:31
^ You mean something has been downloaded when you followed Hawke links???

My advice still - stick to Kaspersky :tmb:

No, the virus/viruses already present in his computer are causing that, they're preventing him from even opening the package, I've been through this before too.

EscondeR
16-07-09, 17:47
^ That case was mentioned already
You can do the following:

1. Print the list of crap to remove.

2. Boot from Vista Live CD or Linux distribution.

3. Kill the files mentioned in the list from the drive physically - delete.

4. Reboot normally and perform pos 5 and 6 from the post above.

But he said he couldn't find any Live distribution necessary.

Though trying Dr.Web Live CD seems reasonable. Just burn the image on clean machine :)



And... Folks, don't forget to use your Edit button :mis:

touchthesky
26-07-09, 10:47
Right, so, we dont have an xp disc apparently.

The virus problem has gotten completely out of hand.

I can't open anything, pop-ups with porn links are coming up, it keeps turning off and on, it won't let me open it in safe mode, it changes our desktop background each time we log on.

*sigh*

From research, it seems like its a virus called Spools. Ive tried deleting it but it wont let me, and as I said it wont let me open the PC in safe mode.

I guess we're just done for.

dox online
26-07-09, 10:55
Time for some serious action I think.
Download and install Threatfire (http://www.threatfire.com/) then wait to see if it displays any alerts, if it does, post a screenshot of the alert here.

EscondeR
26-07-09, 11:04
Best and simpliest solution (as installing software on infected system can be futile):
1. Download Mandriva 2009 One Spring ISO image from www2.mandriva.com or Vista Live CD distribution, burn it to CD (on some clean PC).
2. Boot your infected system from this CD, browse to your C:\WINDOWS\System32 folder and delete file spools.exe there.
3. Reboot from your HDD now, run Regedit and kill the following entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run - branch
Spools Service Controller - key (delete that key)
%SYSTEM%\spools.exe - value

touchthesky
26-07-09, 11:10
Am trying the threadfire thing but dont hold your breath as it might not open :(.


I wont have access to a clean PC until my boyfriend gets home from work so Ill ask him to download it for me, Esc.

Thanks for everyones help, by the way..I really thought I'd gotten rid of this yesterday, I managed to search for and delete al the files mentioned in this thread apart from Spools and a virus called b.exe, and the pc worked fine all day..then i turned it on today and its 10xworse.

EscondeR
26-07-09, 11:16
^ You just need to clean your PC from those pests, then install Kaspersky Antivirus 2009 or Server version immediately to avoid further virus related problems.

touchthesky
26-07-09, 11:27
As predicted, threatfire wont open.

Is there anyway to turn the pc on to safe mode without starting it up and usin f8?

EscondeR
26-07-09, 12:34
Stick to this please, if you don't want to perform format/reinstall or have any personal unrecoverable data (even if it involves waiting for your BF, better do this way):

Best and simpliest solution (as installing software on infected system can be futile):
1. Download Mandriva 2009 One Spring ISO image from www2.mandriva.com or Vista Live CD distribution, burn it to CD (on some clean PC).
2. Boot your infected system from this CD, browse to your C:\WINDOWS\System32 folder and delete file spools.exe there.
3. Reboot from your HDD now, run Regedit and kill the following entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run - branch
Spools Service Controller - key (delete that key)
%SYSTEM%\spools.exe - value

dox online
26-07-09, 14:49
Could this (http://remove-malware.com/malware/malware-warnings/worst-worm/) help you?