Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Toolbar 7.1


  • This topic is locked This topic is locked
7 replies to this topic

#1 eveyc

eveyc

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 10 August 2007 - 11:09 PM

My computer was initially infested with the Security Toolbar 7.1 but the various antispyware progrms seem to have eliminated the toolbar from the browser. But now every time the internet explorer is launched, pages of pop-ups bombard the screen. Please help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:05 PM, on 8/10/2007
Platform: Windows XP SP2, v.2135 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2135)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Visioneer\PaperPort\pptd40nt.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\__c0024DD0.dat (file missing)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Iomega Drive Icons] d:\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] d:\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [PP8 Reminder] "d:\Program Files\Visioneer\PaperPort\WebEreg\NAVBrowser.exe" -r "d:\Program Files\Visioneer\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\OneTouchMon.exe
O4 - HKLM\..\Run: [PaperPort PTD] d:\Program Files\Visioneer\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] d:\Program Files\Visioneer\PaperPort\IndexSearch.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: IDW Logging Tool.lnk = C:\WINDOWS\SYSTEM32\idwlog.exe
O4 - Global Startup: ZDWlan.lnk = C:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c009DFE0.dat
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe

--
End of file - 5139 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 11 August 2007 - 07:11 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum eveyc :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 eveyc

eveyc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 11 August 2007 - 01:55 PM

ComboFix 07-08-11 - "Ed" 2007-08-11 11:28:31.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.15 [GMT -4:00]


((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))


2007-08-11 10:44 <DIR> d-------- C:\DOCUME~1\Ed\APPLIC~1\Lavasoft
2007-08-11 09:28 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 23:30 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-09 20:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-08-09 19:31 <DIR> d--hs---- C:\FOUND.000
2007-08-09 18:29 1,642 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-08-09 18:27 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-08-09 18:27 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-08-09 18:27 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-08-08 23:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
2007-08-05 18:14 45,056 -ra------ C:\WINDOWS\SYSTEM32\onetUSD.dll
2007-08-05 18:14 15,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
2007-08-05 18:14 15,104 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbscan.sys
2007-08-05 17:01 23,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ppsio2.sys
2007-08-05 16:40 327,168 --a------ C:\WINDOWS\IsUninst.exe
2007-08-05 16:39 <DIR> d-------- C:\DOCUME~1\Ed\WINDOWS
2007-08-05 16:24 <DIR> d-------- C:\Program Files\Visioneer OneTouch
2007-08-03 21:08 <DIR> d-------- C:\DOCUME~1\Ed\APPLIC~1\AdobeUM
2007-08-03 17:34 1,636 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
2007-08-03 17:31 <DIR> d-------- C:\Program Files\Netflix
2007-07-28 00:42 167,424 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\sis163u.sys
2007-07-22 21:20 <DIR> d-------- C:\DOCUME~1\Ed\APPLIC~1\InterVideo
2007-07-22 21:18 26,496 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbstor.sys
2007-07-22 20:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\ScanSoft
2007-07-22 20:49 888,832 --a------ C:\WINDOWS\SYSTEM32\Ltwvc13n.dll
2007-07-22 20:49 437,248 --a------ C:\WINDOWS\SYSTEM32\Ltkrn13n.dll
2007-07-22 20:49 351,744 --a------ C:\WINDOWS\SYSTEM32\LFCMP13n.DLL
2007-07-22 20:49 323,072 --a------ C:\WINDOWS\SYSTEM32\Ltimg13n.dll
2007-07-22 20:49 30,208 --a------ C:\WINDOWS\SYSTEM32\Lfbmp13n.dll
2007-07-22 20:49 258,560 --a------ C:\WINDOWS\SYSTEM32\LTDIS13n.dll
2007-07-22 20:49 205,312 --a------ C:\WINDOWS\SYSTEM32\Ltefx13n.dll
2007-07-22 20:49 138,240 --a------ C:\WINDOWS\SYSTEM32\Ltfil13n.dll
2007-07-22 17:51 17,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ppa3.sys
2007-07-22 17:51 17,664 --a------ C:\WINDOWS\SYSTEM32\dllcache\ppa3.sys
2007-07-22 16:25 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-07-22 14:09 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-07-22 11:43 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-07-22 11:43 348,160 --a------ C:\WINDOWS\SYSTEM32\msvcr71.dll
2007-07-22 11:19 <DIR> d-------- C:\DOCUME~1\Ed\APPLIC~1\Skype
2007-07-22 11:17 <DIR> d-------- C:\Program Files\Skype
2007-07-22 11:17 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-07-22 11:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Skype
2007-07-22 10:43 40,960 --------- C:\WINDOWS\SYSTEM32\pdu_210.exe
2007-07-22 10:43 36,864 --------- C:\WINDOWS\SYSTEM32\tbx_210.exe
2007-07-22 10:43 131,072 --------- C:\WINDOWS\SYSTEM32\APLUn2KU.exe
2007-07-22 10:43 106,496 --------- C:\WINDOWS\SYSTEM32\Search_210.exe
2007-07-22 10:36 <DIR> d---s---- C:\DOCUME~1\Ed\UserData
2007-07-22 10:31 <DIR> d-------- C:\DOCUME~1\Ed\APPLIC~1\MSNInstaller
2007-07-22 10:22 81,920 --a------ C:\WINDOWS\SYSTEM32\ZDPN50.dll
2007-07-22 10:22 81,920 --a------ C:\WINDOWS\SYSTEM32\ZDBRGDLL.dll
2007-07-22 10:22 28,672 --a------ C:\WINDOWS\SYSTEM32\InsDrvZD.dll
2007-07-22 10:22 24,576 --a------ C:\WINDOWS\SYSTEM32\ZyDelReg.exe
2007-07-22 10:22 19,200 --a------ C:\WINDOWS\SYSTEM32\ZDBRGSYS.sys
2007-07-22 10:22 17,151 --a------ C:\WINDOWS\SYSTEM32\ZDPNDIS5.sys
2007-07-22 10:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\BF8051E7-626F-4a11-AF7A-625A7B555862
2007-07-22 10:16 1,310,720 --ah----- C:\DOCUME~1\Ed\NTUSER.DAT
2007-07-22 10:13 262,144 --ah----- C:\DOCUME~1\NETWOR~1.NTA\NTUSER.DAT
2007-07-22 10:13 262,144 --ah----- C:\DOCUME~1\LOCALS~1.NTA\NTUSER.DAT
2007-07-22 10:06 9,216 --a------ C:\WINDOWS\SYSTEM32\dllcache\wamps51.dll
2007-07-22 10:06 86,073 --a------ C:\WINDOWS\SYSTEM32\dllcache\voicesub.dll
2007-07-22 10:06 76,800 --a------ C:\WINDOWS\SYSTEM32\dllcache\wam51.dll
2007-07-22 10:06 73,728 --a------ C:\WINDOWS\SYSTEM32\dllcache\w3ext.dll
2007-07-22 10:06 53,248 --a------ C:\WINDOWS\SYSTEM32\dllcache\wamreg51.dll
2007-07-22 10:06 5,632 --a------ C:\WINDOWS\SYSTEM32\dllcache\w3svapi.dll
2007-07-22 10:06 48,256 --a------ C:\WINDOWS\SYSTEM32\dllcache\w32.dll
2007-07-22 10:06 426,041 --a------ C:\WINDOWS\SYSTEM32\dllcache\voicepad.dll
2007-07-22 10:06 41,600 --a------ C:\WINDOWS\SYSTEM32\dllcache\weitekp9.dll
2007-07-22 10:06 4,608 --a------ C:\WINDOWS\SYSTEM32\dllcache\w3ctrs51.dll
2007-07-22 10:06 363,520 --a------ C:\WINDOWS\SYSTEM32\dllcache\w3svc.dll
2007-07-22 10:06 31,232 --a------ C:\WINDOWS\SYSTEM32\dllcache\weitekp9.sys
2007-07-22 10:05 75,776 --a------ C:\WINDOWS\SYSTEM32\dllcache\uniime.dll
2007-07-22 10:05 455,168 --a------ C:\WINDOWS\SYSTEM32\dllcache\tintsetp.exe
2007-07-22 10:05 44,032 --a------ C:\WINDOWS\SYSTEM32\dllcache\tintlphr.exe
2007-07-22 10:05 31,232 --a------ C:\WINDOWS\SYSTEM32\dllcache\tools.dll
2007-07-22 10:05 21,896 --a------ C:\WINDOWS\SYSTEM32\dllcache\tdipx.sys
2007-07-22 10:05 19,464 --a------ C:\WINDOWS\SYSTEM32\dllcache\tdspx.sys
2007-07-22 10:05 185,344 --a------ C:\WINDOWS\SYSTEM32\dllcache\thawbrkr.dll
2007-07-22 10:05 14,336 --a------ C:\WINDOWS\SYSTEM32\dllcache\tsprof.exe
2007-07-22 10:05 13,192 --a------ C:\WINDOWS\SYSTEM32\dllcache\tdasync.sys
2007-07-22 10:05 103,424 --a------ C:\WINDOWS\SYSTEM32\dllcache\uihelper.dll
2007-07-22 10:05 10,240 --a------ C:\WINDOWS\SYSTEM32\dllcache\tmigrate.dll
2007-07-22 10:04 8,704 --a------ C:\WINDOWS\SYSTEM32\dllcache\snmptrap.exe
2007-07-22 10:04 7,168 --a------ C:\WINDOWS\SYSTEM32\dllcache\EXCH_snprfdll.dll
2007-07-22 10:04 6,144 --a------ C:\WINDOWS\SYSTEM32\dllcache\snmpmib.dll
2007-07-22 10:04 46,592 --a------ C:\WINDOWS\SYSTEM32\dllcache\svcext51.dll
2007-07-22 10:04 46,592 --a------ C:\WINDOWS\SYSTEM32\dllcache\sspifilt.dll
2007-07-22 10:04 456,192 --a------ C:\WINDOWS\SYSTEM32\dllcache\smtpsvc.dll
2007-07-22 10:04 44,544 --a------ C:\WINDOWS\SYSTEM32\dllcache\ssinc51.dll
2007-07-22 10:04 39,936 --a------ C:\WINDOWS\SYSTEM32\dllcache\snmpthrd.dll
2007-07-22 10:04 358,400 --a------ C:\WINDOWS\SYSTEM32\dllcache\snmpincl.dll
2007-07-22 10:04 32,768 --a------ C:\WINDOWS\SYSTEM32\dllcache\snmp.exe
2007-07-22 10:04 258,560 --a------ C:\WINDOWS\SYSTEM32\dllcache\snmpcl.dll
2007-07-22 10:04 188,416 --a------ C:\WINDOWS\SYSTEM32\dllcache\snmpsmir.dll
2007-07-22 10:04 16,896 --a------ C:\WINDOWS\SYSTEM32\dllcache\status.dll
2007-07-22 10:04 143,422 --a------ C:\WINDOWS\SYSTEM32\dllcache\softkey.dll
2007-07-22 10:04 12,288 --a------ C:\WINDOWS\SYSTEM32\dllcache\EXCH_smtpctrs.dll
2007-07-22 10:04 101,376 --a------ C:\WINDOWS\SYSTEM32\dllcache\srusbusd.dll
2007-07-22 10:04 10,240 --a------ C:\WINDOWS\SYSTEM32\dllcache\snmpstup.dll
2007-07-22 10:03 5,632 --a------ C:\WINDOWS\SYSTEM32\dllcache\smimsgif.dll
2007-07-22 10:03 5,632 --a------ C:\WINDOWS\SYSTEM32\dllcache\smierrsy.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-22 12:22 2722 --a------ C:\WINDOWS\pchealth\HELPCTR\PackageStore\SkuStore.bin
2007-07-22 12:10 8972 --a------ C:\WINDOWS\pchealth\HELPCTR\Config\Cntstore.bin
2006-12-02 23:30 212849 --a------ C:\Program Files\hijackthis.zip
2004-08-23 01:11 271 ---hs---- C:\Program Files\desktop.ini
2004-08-23 01:11 23357 ---h----- C:\Program Files\folder.htt


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-08-13 16:44]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-22 11:43]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"Iomega Drive Icons"="d:\DriveIcons\ImgIcon.exe" [2002-08-13 14:30]
"Deskup"="d:\DriveIcons\deskup.exe" [2002-07-16 10:55]
"PP8 Reminder"="d:\Program Files\Visioneer\PaperPort\WebEreg\NAVBrowser.exe" [2002-08-10 15:04]
"OneTouch Monitor"="C:\PROGRA~1\VISION~2\OneTouchMon.exe" []
"PaperPort PTD"="d:\Program Files\Visioneer\PaperPort\pptd40nt.exe" [2002-08-13 13:00]
"IndexSearch"="d:\Program Files\Visioneer\PaperPort\IndexSearch.exe" [2002-08-13 13:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
IDW Logging Tool.lnk - C:\WINDOWS\SYSTEM32\idwlog.exe [2004-05-18 17:19:00]
ZDWlan.lnk - C:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe [2006-11-18 18:51:50]
InterVideo WinCinema Manager.lnk - D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-07-22 22:36:45]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2007-07-28 00:53:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDesktopIniCache"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c009DFE0.dat

R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys
R0 ppa3;Iomega Parallel Port Legacy Filter Driver;C:\WINDOWS\system32\DRIVERS\ppa3.sys
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys
R3 atirage3;atirage3;C:\WINDOWS\system32\DRIVERS\atimpae.sys
R3 cwbmidi_device;Crystal WDM MPU-401 UART Driver;C:\WINDOWS\system32\drivers\cwbmidi.sys
R3 cwbwdm_device;Crystal WDM Audio Codec Driver;C:\WINDOWS\system32\drivers\cwbwdm.sys
R3 EL90X;3Com EtherLink XL 90X Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
R3 pmxscan;Visioneer USB Kernel;C:\WINDOWS\system32\DRIVERS\usbscan.sys
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys
R3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
R3 SISNPF;SIS Netgroup Packet Filter;C:\WINDOWS\system32\drivers\SISNPF.sys
R3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys

*Newly Created Service* - CATCHME
*Newly Created Service* - SISNPF

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 11:33:31
Windows 5.1.2600 Service Pack 2, v.2135 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-11 11:38:36
C:\ComboFix2.txt ... 2007-08-11 10:13
C:\ComboFix-quarantined-files.txt ... 2007-08-11 11:38

--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:32 PM, on 8/11/2007
Platform: Windows XP SP2, v.2135 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2135)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Visioneer\PaperPort\pptd40nt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Iomega Drive Icons] d:\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] d:\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [PP8 Reminder] "d:\Program Files\Visioneer\PaperPort\WebEreg\NAVBrowser.exe" -r "d:\Program Files\Visioneer\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\OneTouchMon.exe
O4 - HKLM\..\Run: [PaperPort PTD] d:\Program Files\Visioneer\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] d:\Program Files\Visioneer\PaperPort\IndexSearch.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: IDW Logging Tool.lnk = C:\WINDOWS\SYSTEM32\idwlog.exe
O4 - Global Startup: ZDWlan.lnk = C:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c009DFE0.dat
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe

--
End of file - 5193 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 11 August 2007 - 02:23 PM

Please disable Spybot S&Dís protection,or it will interfere.
You can enable it after you're clean.
Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Reboot the computer.

If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm

---------------------------------------------------------

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktopPosted Imageand agree to merge the imformation into the registry,then restart your pc.

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-

---------------------------------------------------------

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,on the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#5 eveyc

eveyc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 11 August 2007 - 08:40 PM

Thanks for the advice. The computer seems to be back to normal.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/11/2007 at 07:18 PM

Application Version : 3.9.1008

Core Rules Database Version : 3284
Trace Rules Database Version: 1295

Scan type : Complete Scan
Total Scan Time : 02:45:01

Memory items scanned : 364
Memory threats detected : 0
Registry items scanned : 3398
Registry threats detected : 0
File items scanned : 19792
File threats detected : 15

Adware.Tracking Cookie
C:\Documents and Settings\Ed\Cookies\ed@atdmt[2].txt
C:\Documents and Settings\Ed\Cookies\ed@adserver[1].txt
C:\Documents and Settings\Ed\Cookies\ed@mediaplex[2].txt
C:\Documents and Settings\Ed\Cookies\ed@advertising[2].txt
C:\Documents and Settings\Ed\Cookies\ed@msnportal.112.2o7[1].txt
C:\Documents and Settings\Ed\Cookies\ed@cpvfeed[2].txt
C:\Documents and Settings\Ed\Cookies\ed@fastclick[1].txt
C:\Documents and Settings\Ed\Cookies\ed@adinterax[1].txt
C:\Documents and Settings\Ed\Cookies\ed@zedo[1].txt
C:\Documents and Settings\Ed\Cookies\ed@ad.yieldmanager[2].txt
C:\Documents and Settings\Ed\Cookies\ed@realmedia[2].txt
C:\Documents and Settings\Ed\Cookies\ed@doubleclick[1].txt

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\__C009DFE0.DAT.VIR

Trojan.Smitfraud Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAC290D8-565C-40CD-9720-8857F40950A3}\RP41\A0003119.DLL

Malware.VirusProtectPro
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAC290D8-565C-40CD-9720-8857F40950A3}\RP41\A0003129.EXE


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:22 PM, on 8/11/2007
Platform: Windows XP SP2, v.2135 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2135)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\Program Files\Visioneer\PaperPort\pptd40nt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Iomega Drive Icons] d:\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] d:\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [PP8 Reminder] "d:\Program Files\Visioneer\PaperPort\WebEreg\NAVBrowser.exe" -r "d:\Program Files\Visioneer\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\OneTouchMon.exe
O4 - HKLM\..\Run: [PaperPort PTD] d:\Program Files\Visioneer\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] d:\Program Files\Visioneer\PaperPort\IndexSearch.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: IDW Logging Tool.lnk = C:\WINDOWS\SYSTEM32\idwlog.exe
O4 - Global Startup: ZDWlan.lnk = C:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe

--
End of file - 5341 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 12 August 2007 - 04:40 AM

Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
Combofix
fix.reg

C:\QOOBOX

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.
---------------------------------------------
Enable Spybot S&Dís protection.
---------------------------------------------
Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image

#7 eveyc

eveyc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 12 August 2007 - 09:32 AM

Many thanks for an excellent job! :thumbsup:

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 12 August 2007 - 11:26 AM

You're most welcome :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users