Sign in to follow this  
Jason86

Followed Instructions Above But...

Recommended Posts

Hey,Jason86

 

Sorry for the delay on this I just got my Cable back :)

let's try it this way.

 

----------------

 

Download SDFix and save it to your Desktop.

 

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

( Don't run just Yet )

 

----------------

 

Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.

 

----------------

 

View hidden files and folders:

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

 

-----------------

 

Run HijackThis

Scan and when it finishes, put a check mark only next to these following items : (if present)

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

 

F3 - REG:win.ini: load=C:\WINDOWS\system32\nsgmgvmq\csrss.exe

F3 - REG:win.ini: run=C:\WINDOWS\system32\nsgmgvmq\csrss.exe

 

O1 - Hosts: 1.1.1.1 f-secure.com

O1 - Hosts: 1.1.1.1 www.f-secure.com

O1 - Hosts: 1.1.1.1 ftp.f-secure.com

O1 - Hosts: 1.1.1.1 ftp.sophos.com

O1 - Hosts: 1.1.1.1 liveupdate.symantec.com

O1 - Hosts: 1.1.1.1 customer.symantec.com

O1 - Hosts: 1.1.1.1 dispatch.mcafee.com

O1 - Hosts: 1.1.1.1 download.mcafee.com

O1 - Hosts: 1.1.1.1 rads.mcafee.com

O1 - Hosts: 1.1.1.1 mast.mcafee.com

O1 - Hosts: 1.1.1.1 my-etrust.com

O1 - Hosts: 1.1.1.1 www.my-etrust.com

O1 - Hosts: 1.1.1.1 nai.com

O1 - Hosts: 1.1.1.1 www.nai.com

O1 - Hosts: 1.1.1.1 networkassociates.com

O1 - Hosts: 1.1.1.1 secure.nai.com

O1 - Hosts: 1.1.1.1 securityresponse.symantec.com

O1 - Hosts: 1.1.1.1 service1.symantec.com

O1 - Hosts: 1.1.1.1 sophos.com

O1 - Hosts: 1.1.1.1 www.sophos.com

O1 - Hosts: 1.1.1.1 support.microsoft.com

O1 - Hosts: 1.1.1.1 symantec.com

O1 - Hosts: 1.1.1.1 www.symantec.com

O1 - Hosts: 1.1.1.1 update.symantec.com

O1 - Hosts: 1.1.1.1 updates.symantec.com

O1 - Hosts: 1.1.1.1 us.mcafee.com

O1 - Hosts: 1.1.1.1 vil.nai.com

O1 - Hosts: 1.1.1.1 viruslist.com

O1 - Hosts: 1.1.1.1 www.viruslist.com

O1 - Hosts: 1.1.1.1 grisoft.com

O1 - Hosts: 1.1.1.1 www.grisoft.com

O1 - Hosts: 1.1.1.1 free.grisoft.com

O1 - Hosts: 1.1.1.1 trendmicro.com

O1 - Hosts: 1.1.1.1 housecall.trendmicro.com

O1 - Hosts: 1.1.1.1 www.trendmicro.com

O1 - Hosts: 1.1.1.1 pandasoftware.com

O1 - Hosts: 1.1.1.1 www.pandasoftware.com

O1 - Hosts: 1.1.1.1 usa.kaspersky.com

O1 - Hosts: 1.1.1.1 ewido.net

O1 - Hosts: 1.1.1.1 www.ewido.net

O1 - Hosts: 1.1.1.1 zonelabs.com

O1 - Hosts: 1.1.1.1 www.zonelabs.com

O1 - Hosts: 1.1.1.1 bitdefender.com

O1 - Hosts: 1.1.1.1 www.bitdefender.com

O1 - Hosts: 1.1.1.1 download.bitdefender.com

O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com

 

O1 - Hosts: 1.1.1.1 merijn.org

O1 - Hosts: 1.1.1.1 www.merijn.org

O1 - Hosts: 1.1.1.1 sysinternals.com

O1 - Hosts: 1.1.1.1 www.sysinternals.com

O1 - Hosts: 1.1.1.1 onguardonline.gov

O1 - Hosts: 1.1.1.1 www.onguardonline.gov

O1 - Hosts: 1.1.1.1 avast.com

O1 - Hosts: 1.1.1.1 www.avast.com

O1 - Hosts: 1.1.1.1 safety.live.com

O1 - Hosts: 1.1.1.1 www.paretologic.com

O1 - Hosts: 1.1.1.1 paretologic.com

O1 - Hosts: 1.1.1.1 virusscan.jotti.org

O1 - Hosts: 1.1.1.1 services.google.com

O1 - Hosts: 1.1.1.1 www.webroot.com

O1 - Hosts: 1.1.1.1 webroot.com

 

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Startup: PowerReg Scheduler.exe

O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe

 

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

 

Close all browsers and any open Windows, making sure that only HijackThis is open

Click Fix Checked

Close HijackThis

 

-------------------

 

Restart your computer in Safe Mode.

  1. If the computer is running, shut down Windows, and then turn off the power.
  2. Wait 30 seconds, and then turn the computer on.
  3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  4. Ensure that the Safe Mode option is selected.
  5. Press Enter. The computer then begins to start in Safe Mode.
  6. Login on your usual account.

If you need further assistance with Safe Mode, see Symantec

 

-------------------

 

Next, please find and delete the following files/folders (if present):

C:\WINDOWS\system32\nsgmgvmq\<---This folder

C:\Program Files\MyWebSearch\<---This folder

C:\Program Files\VBouncer\<---This folder

 

-------------------

 

* Clean your Cache and Cookies in IE:

  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.

* Clean other Temporary files + Recycle bin

  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.

--------------

 

Open the extracted SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.

It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

Press any Key and it will restart the PC.

When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

 

----------------

 

Then come back here with all logfiles.

 

Gogo :)

Share this post


Link to post
Share on other sites

Hey,Jason86

 

No problme I will try and be here. right now my Cable is doing the KILL the Gogo thing :(

 

Gogo ;)

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 3:37:11 PM, on 08/04/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\NMSSvc.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Documents and Settings\Jason\My Documents\Jason's Folder\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-ca\msntb.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-ca\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"

O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: csrss.lnk = ?

O4 - Startup: Epson printer Registration.lnk = D:\titles\ereg\EPSONREG.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYCA

O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=1009

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

 

 

 

SDFix: Version 1.77

 

Run by Jason - 08/04/2007 - 15:21:53.90

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\SDFix

 

Safe Mode:

Checking Services:

 

 

 

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

 

Rebooting...

 

Normal Mode:

Checking Files:

 

Below files will be copied to Backups folder then removed:

 

C:\WINDOWS\system32\drivers\etc\hosts.bho - Deleted

 

 

 

ADS Check:

 

Checking if ADS is attached to system32 Folder

C:\WINDOWS\system32

No streams found.

 

Checking if ADS is attached to svchost.exe

C:\WINDOWS\system32\svchost.exe

No streams found.

 

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Warcraft III\\war3.exe"="C:\\Program Files\\Warcraft III\\war3.exe:*:Disabled:Warcraft III"

"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Disabled:Warcraft III"

"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Disabled:SAgent4"

"C:\\Program Files\\World of Warcraft\\WoW-1.2.4-to-1.3.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.2.4-to-1.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program Files\\World of Warcraft\\WoW-1.3.1.4297-to-1.4.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.3.1.4297-to-1.4.0-enUS-downloader.exe:*:Disabled:Blizzard Downloader"

"C:\\Program Files\\World of Warcraft\\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe:*:Disabled:Blizzard Downloader"

"C:\\Program Files\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe:*:Disabled:Blizzard Downloader"

"C:\\Program Files\\World of Warcraft\\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Documents and Settings\\Jason\\Local Settings\\Temp\\Temporary Directory 1 for Repair[1].zip\\Repair.exe"="C:\\Documents and Settings\\Jason\\Local Settings\\Temp\\Temporary Directory 1 for Repair[1].zip\\Repair.exe:*:Enabled:Blizzard Repair Utility"

"C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Documents and Settings\\Jason\\Local Settings\\Temporary Internet Files\\Content.IE5\\GXWBLDEG\\WoW-1.9.4.5086-to-0.10.0.5140-enUS-downloader[1].exe"="C:\\Documents and Settings\\Jason\\Local Settings\\Temporary Internet Files\\Content.IE5\\GXWBLDEG\\WoW-1.9.4.5086-to-0.10.0.5140-enUS-downloader[1].exe:*:Enabled:Blizzard Downloader"

"C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Documents and Settings\\Jason\\Local Settings\\Temp\\Temporary Directory 1 for Repair.zip\\Repair.exe"="C:\\Documents and Settings\\Jason\\Local Settings\\Temp\\Temporary Directory 1 for Repair.zip\\Repair.exe:*:Enabled:Blizzard Repair Utility"

"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"

"C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Documents and Settings\\Jason\\Local Settings\\Temporary Internet Files\\Content.IE5\\JI0RJT4L\\Flying_Mount_PC_EG-downloader[1].exe"="C:\\Documents and Settings\\Jason\\Local Settings\\Temporary Internet Files\\Content.IE5\\JI0RJT4L\\Flying_Mount_PC_EG-downloader[1].exe:*:Enabled:Blizzard Downloader"

"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"

"C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

 

 

Remaining Files:

---------------

 

Backups Folder: - C:\SDFix\backups\backups.zip

 

Checking For Files with Hidden Attributes:

 

C:\Documents and Settings\Jason\My Documents\MSN File Sharing\[email protected]\My Shared Files\Thumbs.db

C:\Documents and Settings\Jason\NetHood\meeting on www.metropolitan.com\Desktop.ini

C:\Documents and Settings\Jason\NetHood\publications on www.uawdcx.com\Desktop.ini

C:\Documents and Settings\Jason\NetHood\tools on www.toolkit.cch.com\Desktop.ini

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL0003.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL0004.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL0005.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL0006.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL0007.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL0038.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL0270.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL0299.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL0382.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL0444.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL0480.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL0483.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL0766.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL0818.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL1173.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL1239.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL1402.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL1443.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL1494.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL1546.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL1607.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL1608.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL1673.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL1703.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL1834.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL1891.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL1963.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL2121.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL2139.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL2237.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL2353.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL2377.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL2472.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL2574.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL2595.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL2609.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL2615.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL2638.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL2716.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL3125.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL3488.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL3526.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL3581.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL3640.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL3738.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL3741.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL3950.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL3954.tmp

C:\Documents and Settings\Jason\Application Data\Microsoft\Word\~WRL4035.tmp

C:\Documents and Settings\Jason\My Documents\~WRL0365.tmp

C:\Documents and Settings\Jason\My Documents\~WRL0898.tmp

C:\Documents and Settings\Jason\My Documents\~WRL2002.tmp

C:\Documents and Settings\Jason\My Documents\~WRL2423.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL0011.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL0025.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL0045.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL0122.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL0167.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL0423.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL0504.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL0516.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL0532.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL0715.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL0997.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL1060.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL1132.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL1583.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL1597.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL1608.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL1736.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL1842.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL2178.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL2379.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL2416.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL2810.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL2882.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL3056.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL3213.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL3341.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL3358.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL3727.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL3781.tmp

C:\Documents and Settings\Jason\My Documents\My Pictures\Jen's Folder\~WRL4085.tmp

C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\BIT1910.tmp

 

Finished

 

 

*NOTE*

 

C:\WINDOWS\system32\nsgmgvmq\

C:\Program Files\MyWebSearch\

C:\Program Files\VBouncer\

 

*NONE OF THESE FOLDERS COULD BE FOUND TO BE DELETED IN SAFE MODE*

 

Also,

I am also getting a Windows Security Alert that my virus protection status is unknown.

Share this post


Link to post
Share on other sites

Hey,Jason86

 

The logfile looks a lot better now, please have a look at this link here about that warning

you keep getting.just look at page 2 then tell me if it was any help to you.

 

http://forums.techarena.in/showthread.php?t=635241

 

Also could you update your Java

 

You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 6u1 ). Please update and remove the older versions. Do the following:

Go to Start | Control Panel | Add/Remove Programs

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

It should have this icon next to it: javaicon.gif

Select it and click Remove.

Then download and install the newest version from here (scroll down to find it):

Java Runtime Environment (JRE) 6u1.

 

Do a reboot

 

Come back here tell me how PC is doing now.

 

Gogo :angry:

Share this post


Link to post
Share on other sites
Sign in to follow this