Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Virus? Opening Randon Browser Windows


  • This topic is locked This topic is locked
12 replies to this topic

#1 TerryB92

TerryB92

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 01 November 2007 - 08:40 PM

I have a persistent virus or something that is masquerading as a security program. It keeps changing my Internet Explorer home page, has taken over my desktop a couple times with a huge red picture shouting DANGER - your computer is infected click here etc. It continuously opens browser windows on it's own usually to websites such as pcsecure.com and safenavweb.com. I have downloaded Ad-Aware which got my desktop back to normal but it is still opening the browser windows at random. I downloaded and used Spybot, Spy Doctor, Panda Anti Virus, Bit Defender and McAfee Avert Stinger. How can I get my Internet Explorer back under my control?? PC is running Windows XP. Here is the hijack log (hope I did this right!):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:27 PM, on 11/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\COMMON~1\AOL\119336~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\COMMON~1\AOL\119336~1\EE\AOLServiceHost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\eHome\ehRec.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=T5048A
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=T5048A
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSVPS System - {6EB10F79-5E53-4F76-B146-409EFCDCB957} - C:\WINDOWS\movctrlfqd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: The nssfrch - {DF0ACE0C-4A3F-4A1F-8676-BA16DEB23C70} - C:\WINDOWS\nssfrch.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1193369420\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdwareRemover2007] C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: ocgrep - {68E6B2DC-AF7E-4DE4-84D7-75CC9D3FF849} - C:\WINDOWS\ocgrep.dll
O21 - SSODL: bxsbang - {022938DD-513A-4093-8B2B-DFA0C544CB6F} - C:\WINDOWS\bxsbang.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 12450 bytes


Any help is truly appreciated!! Thanks

BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:10:00 PM

Posted 01 November 2007 - 10:59 PM

Hello TerryB92 and welcome to BC :thumbsup:

My name is SNOWHITE and I will be helping you with your Malware problem.

Please follow the steps below exactly in the order they are written:

Step #1

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
We must disable the Real-Time Protection feature of Windows Defender for it may interfere with the changes we need to make.

To disable Real-Time Protection:
  • Go to "Tools" | "General Settings"
  • Scroll down to "Real-time protection options"
  • Uncheck "Turn on real-time protection (recommended)"
  • Remember to reactivate this feature when we have finished all our work.
Step #2

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

NOTE: If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


NOTE: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Step #3

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
In your next post please include the following reports:
  • SmitfraudFix report
  • dss scan reports main.txt and extra.txt
Let me know how the things went.

Regards,
SNOWHITE
Posted Image

#3 TerryB92

TerryB92
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 02 November 2007 - 09:46 PM

Thanks for looking at my computer problem!
Followed instructions but was unable to run DSS. Every time I tried I got a message a couple of minutes in that DSS experienced a problem and would have to close. It never progressed enough to create any logs. Here is the file created by SmitFraud:

SmitFraudFix v2.246

Scan done at 19:53:11.14, Fri 11/02/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\119336~1\EE\AOLHOS~1.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\bigfix.exe
C:\PROGRA~1\COMMON~1\AOL\119336~1\EE\AOLServiceHost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS

C:\WINDOWS\bxsbang.dll FOUND !
C:\WINDOWS\movctrlfqd.dll FOUND !
C:\WINDOWS\nssfrch.dll FOUND !
C:\WINDOWS\ocgrep.dll FOUND !
C:\WINDOWS\privacy_danger FOUND !

C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\Owner


C:\Documents and Settings\Owner\Application Data


Start Menu


C:\DOCUME~1\Owner\FAVORI~1

C:\DOCUME~1\Owner\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\Owner\FAVORI~1\Privacy Protector.url FOUND !

Desktop

C:\DOCUME~1\Owner\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\Owner\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\Owner\Desktop\Spyware?Malware Protection.url FOUND !

C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Rustock



DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 207.69.188.185
DNS Server Search Order: 207.69.188.186
DNS Server Search Order: 207.69.188.187

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B29BC4B2-507B-48D8-BA98-7916E945ED4C}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B29BC4B2-507B-48D8-BA98-7916E945ED4C}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B29BC4B2-507B-48D8-BA98-7916E945ED4C}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187


Scanning for wininet.dll infection


End

Computer still has the same problem, nothing seems to have changed yet. Random browser windows open continuously directing me to sites that download "security" programs.

#4 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:10:00 PM

Posted 03 November 2007 - 02:03 AM

Hello TerryB92 :thumbsup:

Please follow the steps below exactly in the order they are written:

Step #1

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.


Step #2

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Step #3
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

In your next post please include the following reports:
  • SmitfraudFix report
  • ComboFix report
  • New HijackThis log (run after ComboFix has finished its work.)
  • Uninstall list
Let me know how the things went.

Regards,
SNOWHITE
Posted Image

#5 TerryB92

TerryB92
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 03 November 2007 - 01:09 PM

Now I'm unable to log in to this forum on the infected computer. When I type my user name & password it says it's logging me in but it never really does. Had to copy the log files and sign on from another coputer to post this.

SmitFraudFix Report:

SmitFraudFix v2.246

Scan done at 13:30:30.14, Sat 11/03/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost

Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\WINDOWS\bxsbang.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{022938DD-513A-4093-8B2B-DFA0C544CB6F}]
C:\WINDOWS\movctrlfqd.dll Deleted
C:\WINDOWS\nssfrch.dll Deleted
C:\WINDOWS\ocgrep.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{68E6B2DC-AF7E-4DE4-84D7-75CC9D3FF849}]
C:\WINDOWS\privacy_danger\ Deleted
C:\DOCUME~1\Owner\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\Owner\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\Owner\Desktop\Spyware?Malware Protection.url Deleted
C:\DOCUME~1\Owner\FAVORI~1\Error Cleaner.url Deleted
C:\DOCUME~1\Owner\FAVORI~1\Privacy Protector.url Deleted

DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B29BC4B2-507B-48D8-BA98-7916E945ED4C}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B29BC4B2-507B-48D8-BA98-7916E945ED4C}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B29BC4B2-507B-48D8-BA98-7916E945ED4C}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End



ComboFix Report:

ComboFix 07-11-01.1 - Owner 2007-11-03 13:45:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.377 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Desktop\internet.lnk
C:\WINDOWS\search_res.txt
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))
.

2007-11-03 13:44 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-02 22:27 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\U3
2007-11-02 19:57 <DIR> d-------- C:\Deckard
2007-11-02 19:49 4,486 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-01 19:27 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-31 21:03 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-10-31 19:35 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-31 19:07 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-31 19:05 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2007-10-31 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-31 17:07 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-31 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-31 17:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-30 20:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-10-30 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-30 20:58 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-30 19:03 <DIR> d---s---- C:\Documents and Settings\Owner\UserData
2007-10-30 18:38 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-10-30 18:31 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-10-30 18:17 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-10-30 18:15 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-10-29 21:22 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-29 21:22 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-29 21:22 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-29 21:22 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-29 21:21 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-10-29 21:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2007-10-29 21:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-29 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-29 20:57 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-29 20:39 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-29 20:38 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-29 20:30 <DIR> d-------- C:\WINDOWS\pss
2007-10-26 17:33 <DIR> d-------- C:\mcafee_mcpr
2007-10-26 17:33 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-10-26 17:33 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-10-26 17:33 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-10-26 17:33 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-10-26 17:33 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-10-26 17:33 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-10-26 17:32 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-10-26 00:06 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-10-26 00:05 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2007-10-26 00:05 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2007-10-26 00:05 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2007-10-26 00:05 <DIR> d-------- C:\Documents and Settings\Owner\WINDOWS
2007-10-26 00:05 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver
2007-10-26 00:05 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2007-10-25 23:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-10-25 23:34 332,928 --a--c--- C:\WINDOWS\system32\dllcache\srv.sys
2007-10-25 23:34 181,248 --a--c--- C:\WINDOWS\system32\dllcache\rasmans.dll
2007-10-25 23:34 148,480 --a--c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2007-10-25 23:34 111,616 --a--c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2007-10-25 23:34 94,720 --a--c--- C:\WINDOWS\system32\dllcache\iphlpapi.dll
2007-10-25 23:33 <DIR> d-------- C:\Program Files\McAfee
2007-10-25 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-25 23:32 <DIR> d-------- C:\Program Files\McAfee.com
2007-10-25 23:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-10-25 23:32 741,376 --a------ C:\WINDOWS\system32\BigFixSuppress.exe
2007-10-25 23:32 741,376 --a------ C:\WINDOWS\system32\BigFixShortcutInStartup.exe
2007-10-25 23:32 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-10-25 23:32 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2007-10-25 23:32 80,512 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-10-25 23:32 67,072 --a------ C:\WINDOWS\POWERCFG.EXE
2007-10-25 23:31 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-10-25 23:31 <DIR> d-------- C:\Program Files\QuickTime
2007-10-25 23:31 <DIR> d-------- C:\Program Files\Microsoft Money 2006
2007-10-25 23:31 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2007-10-25 23:31 <DIR> d-------- C:\My Music
2007-10-25 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-10-25 23:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2007-10-25 23:31 173,184 --a------ C:\WINDOWS\system32\ygpss.scr
2007-10-25 23:31 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2007-10-25 23:31 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2007-10-25 23:30 <DIR> d-------- C:\Program Files\Viewpoint
2007-10-25 23:30 <DIR> d-------- C:\Program Files\Real
2007-10-25 23:30 <DIR> d-------- C:\Program Files\Pure Networks
2007-10-25 23:30 <DIR> d-------- C:\Program Files\Common Files\Real
2007-10-25 23:30 <DIR> d-------- C:\Program Files\Common Files\aolshare
2007-10-25 23:30 <DIR> d-------- C:\Program Files\Common Files\AolCoach
2007-10-25 23:30 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-10-25 23:30 <DIR> d-------- C:\Program Files\BigFix
2007-10-25 23:30 <DIR> d-------- C:\Program Files\America Online 9.0
2007-10-25 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-25 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2007-10-25 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-10-25 23:30 118,784 --a------ C:\WINDOWS\system32\Msstdfmt.dll
2007-10-25 23:30 102,400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll
2007-10-25 23:30 10,752 --a------ C:\WINDOWS\system32\aamd532.dll
2007-10-25 23:30 10,280 --a------ C:\WINDOWS\BigFixClientOverride.dll
2007-10-25 23:30 335 --a------ C:\WINDOWS\nsreg.dat
2007-10-25 23:29 <DIR> d-------- C:\Program Files\MSN Encarta Plus
2007-10-25 23:29 <DIR> d-------- C:\Program Files\Microsoft Works
2007-10-25 23:28 <DIR> d-------- C:\Program Files\Napster
2007-10-25 23:28 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2007-10-25 23:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster
2007-10-25 23:28 550,912 --a------ C:\WINDOWS\zHotkey.exe
2007-10-25 23:28 532,544 --a------ C:\WINDOWS\PIC.dll
2007-10-25 23:28 42,040 --a------ C:\WINDOWS\PatchWnd.exe
2007-10-25 23:28 36,864 --a------ C:\WINDOWS\ShowWnd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-29 09:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 07:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 07:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 07:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 07:06 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 06:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 06:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 06:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 06:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 06:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 06:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 06:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 06:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 06:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 06:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 06:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 06:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-09-29 06:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 06:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 06:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 06:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-17 05:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-09-17 05:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-09-17 05:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-09-17 05:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-09-17 05:07 6,853,088 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-17 05:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-09-17 05:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-09-17 05:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-09-17 05:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-09-17 05:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-09-17 05:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-09-17 05:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-09-17 05:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-09-17 05:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-09-17 05:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-09-17 05:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-09-17 05:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-09-17 05:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-09-17 05:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-09-17 05:07 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-09-17 05:07 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-09-17 05:07 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-09-17 05:07 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-09-17 05:07 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-09-17 05:07 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 05:07 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-09-17 05:07 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-09-17 05:07 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-09-17 05:07 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-09-17 05:07 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-25 23:19]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 21:44]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 11:34 C:\WINDOWS\RTHDCPL.exe]
"CHotkey"="zHotkey.exe" [2004-12-08 20:57 C:\WINDOWS\zHotkey.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1193369420\EE\AOLHostManager.exe" [2004-11-03 17:03]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 20:42]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 13:26]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 19:16]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 10:40]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
"nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 17:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-30 18:17]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00]
"AdwareRemover2007"="C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"OOBEDDDemise"=cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2007-10-25 23:30:04]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-29 21:11:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-26 21:32:54 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-10-26 21:32:53 C:\WINDOWS\Tasks\McQcTask.job"
"2007-11-03 17:39:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-03 13:48:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
OOBEDDDemise = cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe??????????????????????C?w????????????????`??????? ???????????????i?wis???????????<???????????????????????????*&?|`????&?|?"-w????????????????????????????????????????????????????T??????????????|?&?|?????&?|B%?|???????????????????|?$?|?????"-wC

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-03 13:49:34
.
--- E O F ---


New HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:49 PM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\COMMON~1\AOL\119336~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\119336~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1193369420\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdwareRemover2007] C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 11506 bytes


Uninstall Log:


Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.0
America Online (Choose which version to remove)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL You've Got Pictures Screensaver
ATI Display Driver
AVG Anti-Rootkit Free
AVG Anti-Spyware 7.5
Bejeweled 2 Deluxe
BigFix
Blackhawk Striker 2
Blasterball 2 Revolution
Browser Address Error Redirector
Digital Media Reader
Diner Dash
DVD Solution
FATE
Gateway Game Console
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914906)
Hotfix for Windows XP (KB935448)
J2SE Runtime Environment 5.0 Update 2
Java™ 6 Update 3
McAfee SecurityCenter
McAfee Uninstall Wizard
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Digital Image Starter Edition 2006
Microsoft Money 2006
Microsoft Office Professional Edition 2003
Microsoft Works
MSXML 4.0 SP2 (KB936181)
Multimedia Keyboard Driver
Napster
Napster Burn Engine
NVIDIA Drivers
Panda ActiveScan
Penguins!
Polar Bowler
Polar Golfer
Power2Go 4.0
PowerDVD
Pure Networks Port Magic
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
SCRABBLE
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Soft Data Fax Modem with SmartCP
Sonic Encoders
Spybot - Search & Destroy
Spyware Doctor 5.1
System Requirements Lab
Tradewinds
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
Windows Defender
Windows Media Format Runtime
Windows XP Hotfix - KB886185
Windows XP Media Center Edition 2005 KB914548



Thanks again for helping with this!

#6 TerryB92

TerryB92
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 05 November 2007 - 10:40 PM

Computer seeme to be improving. The pop ups and random browser windows opening seem to have stopped. However, I'm still having issues signing in to any website that requires a password (including this one!). It either returns me to the log on screen or tells me my password is incorrect. I can log on just fine using a different computer so I know my passwords are correct. What could be causing this? Is this another virus or key logger program on the computer?

#7 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:10:00 PM

Posted 06 November 2007 - 11:05 AM

Hello TerryB92 :thumbsup:

PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATER



Please follow the steps below exactly in the order they are written:

Step #1

Please re-open HiJackThis and click on "Do a system scan only". Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [AdwareRemover2007] C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\AdwareRemover2007 <-- This folder

Close Windows Explorer.

Step #2

Older Java versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

J2SE Runtime Environment 5.0 Update 2

Step #3

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Use your up arrow key to highlight Safe Mode then hit Enter.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
Step #4

It either returns me to the log on screen or tells me my password is incorrect. I can log on just fine using a different computer so I know my passwords are correct....


Check this tutorial http://www.ncsacademy.com/faq/iecookies.cfm and see if resolves the problem.
Try this too, download Firefox and install it, try using it instead of Internet Explorer and let me know if the problem is still present. It looks to me like problem with IE not accepting cookies from forums.. Lets see if you are going to have problems with firefox as well. Let me know how it goes.

In your next post please include the following reports:
  • Dr.Web CureIt report
  • New HijackThis log (run after Dr.Web CureIt has finished its work.)
Let me know how the things went.

Regards,

Edited by SNOWHITE, 06 November 2007 - 11:25 AM.

SNOWHITE
Posted Image

#8 TerryB92

TerryB92
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 06 November 2007 - 10:29 PM

Changed my settings on Internet Explorer to medium which seems to have solved the cookie / password problem. My bad, I had changed the setting to high after I started working on the virus/malware problems!!



Here are the new logs:

Dr.Web CureIt report

RegUBP2b-Owner.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
Process.exe;C:\Documents and Settings\Owner\Desktop\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\Owner\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
GTDownAO_106.ocx;C:\Program Files\Common Files\AolCoach\en_en;Adware.Gdown;Incurable.Moved.;
A0019726.reg;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP14;Trojan.StartPage.1505;Deleted.;
A0019759.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP15;Adware.Adrep;Incurable.Moved.;
A0019762.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP15;Adware.Adrep;Incurable.Moved.;
A0021055.reg;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP19;Trojan.StartPage.1505;Deleted.;



New Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:49 PM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\COMMON~1\AOL\119336~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\119336~1\EE\AOLServiceHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\BigFix\bigfix.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1193369420\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 11613 bytes

#9 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:10:00 PM

Posted 08 November 2007 - 11:03 PM

Hello TerryB92 :thumbsup:

Re-open HiJackThis and click on "Do a system scan only". Check the boxes next to all the entries listed below.

O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Please do an online scan with Kaspersky WebScanner

NOTE: This Scanner will work with Internet Explorer Only!


Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report As... button:
  • Under Save as type select Text file write name for the file and save it to your Desktop.
  • Locate the file at the Desktop, open it, then copy and paste that information in your next post.
Post back with Kaspersky scan report and new Hijackthis report, let me know how is the computer behaving.

Regards,
SNOWHITE
Posted Image

#10 TerryB92

TerryB92
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 12 November 2007 - 09:12 PM

Computer is much better - no current issues. Here are the new logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:13 PM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\119336~1\EE\AOLHOS~1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\bigfix.exe
C:\PROGRA~1\COMMON~1\AOL\119336~1\EE\AOLServiceHost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1193369420\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 12416 bytes






-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, November 12, 2007 9:09:10 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/11/2007
Kaspersky Anti-Virus database records: 457311
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 62208
Number of viruses found: 11
Number of infected objects: 139
Number of suspicious objects: 0
Duration of the scan process: 01:29:50

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BIT102.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.Vapsup.jc skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BIT102.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BIT102.tmp/stream/data0007 Infected: not-a-virus:AdWare.Win32.Vapsup.jd skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BIT102.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BIT102.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BIT102.tmp NSIS: infected - 5 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BIT136.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Vapsup.js skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BIT136.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BIT136.tmp/stream/data0005 Infected: not-a-virus:AdWare.Win32.Vapsup.kl skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BIT136.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BIT136.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BIT136.tmp NSIS: infected - 5 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BIT142.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.Vapsup.jc skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BIT142.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BIT142.tmp/stream/data0007 Infected: not-a-virus:AdWare.Win32.Vapsup.jd skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BIT142.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BIT142.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BIT142.tmp NSIS: infected - 5 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITC7.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Vapsup.ki skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITC7.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITC7.tmp/stream/data0005 Infected: not-a-virus:AdWare.Win32.Vapsup.kl skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITC7.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITC7.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITC7.tmp NSIS: infected - 5 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITCB.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Vapsup.ki skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITCB.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITCB.tmp/stream/data0005 Infected: not-a-virus:AdWare.Win32.Vapsup.kl skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITCB.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITCB.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITCB.tmp NSIS: infected - 5 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITCC.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.Vapsup.jc skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITCC.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITCC.tmp/stream/data0007 Infected: not-a-virus:AdWare.Win32.Vapsup.jd skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITCC.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITCC.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITCC.tmp NSIS: infected - 5 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITCF.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Vapsup.ki skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITCF.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITCF.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITCF.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITCF.tmp NSIS: infected - 4 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITD4.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Vapsup.ki skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITD4.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITD4.tmp/stream/data0005 Infected: not-a-virus:AdWare.Win32.Vapsup.kl skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITD4.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITD4.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITD4.tmp NSIS: infected - 5 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITDF.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Vapsup.ki skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITDF.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITDF.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITDF.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITDF.tmp NSIS: infected - 4 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE1.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.Vapsup.jc skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE1.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE1.tmp/stream/data0007 Infected: not-a-virus:AdWare.Win32.Vapsup.jd skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE1.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE1.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE1.tmp NSIS: infected - 5 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE4.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Vapsup.js skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE4.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE4.tmp/stream/data0005 Infected: not-a-virus:AdWare.Win32.Vapsup.kl skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE4.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE4.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE4.tmp NSIS: infected - 5 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE6.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Vapsup.ki skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE6.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE6.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE6.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE6.tmp NSIS: infected - 4 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE8.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Vapsup.js skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE8.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE8.tmp/stream/data0005 Infected: not-a-virus:AdWare.Win32.Vapsup.kl skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE8.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE8.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITE8.tmp NSIS: infected - 5 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITEA.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.Vapsup.jc skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITEA.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITEA.tmp/stream/data0007 Infected: not-a-virus:AdWare.Win32.Vapsup.jd skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITEA.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITEA.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITEA.tmp NSIS: infected - 5 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITED.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.Vapsup.jc skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITED.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITED.tmp/stream/data0007 Infected: not-a-virus:AdWare.Win32.Vapsup.jd skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITED.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITED.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITED.tmp NSIS: infected - 5 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF1.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Vapsup.js skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF1.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF1.tmp/stream/data0005 Infected: not-a-virus:AdWare.Win32.Vapsup.kl skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF1.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF1.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF1.tmp NSIS: infected - 5 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF3.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Vapsup.js skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF3.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF3.tmp/stream/data0005 Infected: not-a-virus:AdWare.Win32.Vapsup.kl skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF3.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF3.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF3.tmp NSIS: infected - 5 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF5.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Vapsup.js skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF5.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF5.tmp/stream/data0005 Infected: not-a-virus:AdWare.Win32.Vapsup.kl skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF5.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF5.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF5.tmp NSIS: infected - 5 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF7.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Vapsup.ki skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF7.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF7.tmp/stream/data0005 Infected: not-a-virus:AdWare.Win32.Vapsup.kl skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF7.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF7.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF7.tmp NSIS: infected - 5 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF9.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.Vapsup.jc skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF9.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF9.tmp/stream/data0007 Infected: not-a-virus:AdWare.Win32.Vapsup.jd skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF9.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF9.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITF9.tmp NSIS: infected - 5 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITFB.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.Vapsup.jc skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITFB.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITFB.tmp/stream/data0007 Infected: not-a-virus:AdWare.Win32.Vapsup.jd skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITFB.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITFB.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITFB.tmp NSIS: infected - 5 skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITFD.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Vapsup.ki skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITFD.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITFD.tmp/stream/data0005 Infected: not-a-virus:AdWare.Win32.Vapsup.kl skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITFD.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITFD.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Deckard\System Scanner\20071102200436\backup\DOCUME~1\Owner\LOCALS~1\Temp\BITFD.tmp NSIS: infected - 5 skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\dannyrocks2005\MyDB.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\dannyrocks2005\toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\SNMaster.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\CACHE\dannyrocks2000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\dannyrocks2005 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\dannyrocks2005.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\dannyrocks2005.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{A27F8D96-3D06-44F5-9341-3F4C2791697E}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{A596FA39-759F-4BA9-8D0C-3FE4F0DC13F2}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Logs\Filtering.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR34.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-10292007-205731.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_America Online 9.0\IDB\Apps.Lst Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_America Online 9.0\IDB\art.idx Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_America Online 9.0\IDB\sap.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_America Online 9.0\IDB\spool.lst Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_America Online 9.0\IDB\sysnews.lst Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0019759.dll Infected: not-a-virus:AdWare.Win32.Vapsup.iy skipped
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0019762.dll Infected: not-a-virus:AdWare.Win32.Vapsup.ja skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\eMachines_Vista.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\eMachine_Specific.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\General.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Security.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Security_UK.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\UK_Specific.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Urgent.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Welcome.dat Object is locked skipped
C:\Program Files\Common Files\AOL\ACS\US\static Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP15\A0019741.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP15\A0019741.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP15\A0019741.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP15\A0019761.dll Infected: not-a-virus:AdWare.Win32.Agent.sn skipped
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP26\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{39177108-2E1C-4C89-A204-389C5CE212A6}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_47am55WNWOK72rz Object is locked skipped
C:\WINDOWS\Temp\mcafee_bFyNtjS8BcHfLVG Object is locked skipped
C:\WINDOWS\Temp\mcmsc_5ld7koMedrjJ3bG Object is locked skipped
C:\WINDOWS\Temp\mcmsc_gdkeACEqXKreFUM Object is locked skipped
C:\WINDOWS\Temp\mcmsc_GpI0q3nHkIYgONk Object is locked skipped
C:\WINDOWS\Temp\mcmsc_hE8GmXjjpxiKzJz Object is locked skipped
C:\WINDOWS\Temp\mcmsc_xCF3EoazmFsZjwW Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#11 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:10:00 PM

Posted 13 November 2007 - 01:49 PM

Hello TerryB92 :blink:

I will keep your thread open for a couple of days, if the malware problem reappear feel free to post here. Find instructions below for cleaning System Restore, and read my recommendations.

Should you have any questions, please feel free to ask.

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
Next, double click OTMoveIt and you should see a CleanUp! button, press that button, you may get prompt by your firewall that OTMoveIt tries to contact internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes.

NOTE: This will remove some of the tools we used so far, including OTMoveIt.


  • Click start then run, type prefetch then press enter, click edit then select all, (all files will highlight), right click any file, click delete, confirm.

  • Clean your Cache and Cookies in IE:
    • Close all instances of Outlook Express and Internet Explorer
    • Go to Control Panel > Internet Options > General tab
    • Click the "Delete Cookies" button
    • Next to it, Click the "Delete Files" button
    • When prompted, place a check in: "Delete all offline content", click OK
  • Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
    • Go to Tools > Options.
    • Click Privacy in the menu on the left side of the Options window.
    • Click the Clear button located to the right of each option (History, Cookies, Cache).
    • Click OK to close the Options window
      Alternatively, you can clear all information stored while browsing by clicking Clear All.
      A confirmation dialog box will be shown before clearing the information.
  • Clean other Temporary files + Recycle bin
    • Go to start > run and type: cleanmgr and click ok.
    • Let it scan your system for files to remove.
    • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
    • Press OK to remove them.
While both Tea timer and SpyBot are closed
right click this link and choose save as
http://downloads.subratam.org/ResetTeaTimer.bat
Save too your desktop, run ResetTeaTimer.bat.
Since it will not be needed again delete ResetTeaTimer.bat.
Turn Tea timer back on again via SpyBots tools resident page.
  • DISABLE THE VIEWING OF SYSTEM FILES
    From Windows Explorer, go to Tools>Folder Options> View tab.
  • Untick - Show hidden files and folder
  • Tick - Hide file extensions for known types
  • Tick - Hide protected operating system files
Click Yes to confirm & then click OK
  • CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
    Go to Start >> Run - type control sysdm.cpl,,4 & press Enter
  • Tick on the checkbox - Turn off System Restore on all drives
  • Click Apply
Turn it back 'On' by unticking the same checkbox & click OK
  • SECURING INTERNET EXPLORER
    From within Internet Explorer click on the Tools menu and then click on Internet Options.
  • Select the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Select Custom Level .
  • Change 'Download signed ActiveX controls' to Prompt
  • Change 'Download unsigned ActiveX controls' to Disable
  • Change 'Initialize and script ActiveX controls not marked as safe' to Disable
  • Change 'Installation of desktop items' to Prompt
  • Change 'Launching programs and files in an IFRAME' to Prompt
  • Change 'Navigate sub-frames across different domains' to Prompt
  • When all these changes have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
[*] Select OK to exit the Internet Properties page.
[/list]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Secunia Software Inspector
Check for other vulnerable programs running on your PC that are in need of an update.
http://secunia.com/software_inspector
Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see this link:
Understanding and Using Firewalls



SPYWAREBLASTER
SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.

Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here:
http://www.bleepingcomputer.com/forums/tutorial49.html


IE-SPYAD
IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here:
http://www.spywarewarrior.com/uiuc/resource.htm


COMODO BOClean
BOClean runs automatically in the background without interfering with your work and kills malwares INSTANTLY the moment they activate without giving them the chance to invade your machine. A tutorial on installing this product can be found here:
http://www.comodo.com/boclean/boclean.html


WINPATROL
Download and install the free version of Winpatrol. A tutorial for this product is located here:
http://www.winpatrol.com/features.html

A-SQUARED Anti-Dialer
This is a free program that provides defense against Dialers, scans the harddisk and provides a permanent background guard protection against new Dialer infections.

"Dialers are small programs that change the Internet access number of a modem-equipped computer to a much more expensive number"

To understand this threat better read this article The Dialer-Problem in Detail. a-squared Anti-Dialer can be downloaded at the following link:
http://download5.emsisoft.com/a2AntiDialerSetup.exe

A-SQUARED Free
This program is completely free of charge for private use, it removes infections of Trojans, Spyware, Adware, Worms, Keyloggers, Rootkits, Dialers and other malicious programs. It can be downloaded at the following link:
http://www.emsisoft.com/en/software/free

SUPERAntiSpyware Home Edition
Another effective program for helping remove some of the more difficult infections.
http://www.superantispyware.com/downloadfile.html
  • More Secure Browser - Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, and Opera
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.

See these links for more information:

Foistware & How To Avoid It
Browser Hijacking & How to Stop It
Rogue/Suspect Anti-Spyware Products & Web Sites
So how did I get infected in the first place?

Stand Up and Be Counted ---> Posted Image <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.


Happy surfing and stay clean! :thumbsup:



Best regards,
SNOWHITE
Posted Image

#12 TerryB92

TerryB92
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 14 November 2007 - 07:26 PM

Thank you so much for your help. I'm so glad I found this site - you guys are awesome!!!

#13 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:10:00 PM

Posted 19 November 2007 - 05:36 AM

As the problem here seems to be resolved this topic is now closed.
To get it reopened PM a staff member with the address of this thread.
This applies to the topic starter only, everyone else with similar problems start a new topic.

Glad we could help :thumbsup:
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users