Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search-daily.com Overides Google Search Answers


  • This topic is locked This topic is locked
6 replies to this topic

#1 jezwagg

jezwagg

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 10 December 2007 - 11:54 AM

Whenever I click on a google search answer it takes me to search-daily.com. Here's my hijack this log: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:56:06, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\NILaunch.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet

Explorer Provided by Wanadoo
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {41DD69AD-86D0-4933-99CF-9F701D36C52A} -

C:\WINDOWS\system32\avifilenh.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7C7A8947-5935-4430-AC0E-E7D04697414E} - (no file)
O2 - BHO: (no name) - {CB270AB2-99F6-4480-BBFA-1B391277D2D0} -

c:\windows\system32\avifilen.dll
O2 - BHO: (no name) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - (no file)
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} -

C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program

Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch

USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

/logon
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat

7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User

'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User

'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =

C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites -

http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583}

- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -

http://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

http://software-dl.real.com/28238869e6c72e...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v5co...web_site.cab?10

96375419796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B413FC2-6E39-4476-BCBE-A50CC82754F7}: NameServer

= 195.92.195.94 195.92.195.95
O17 - HKLM\System\CS1\Services\Tcpip\..\{3B413FC2-6E39-4476-BCBE-A50CC82754F7}: NameServer

= 195.92.195.94 195.92.195.95
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: blokradt - C:\WINDOWS\SYSTEM32\avifilen.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG

Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program

Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program

Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION -

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program

Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

--
End of file - 9021 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:45 AM

Posted 10 December 2007 - 09:05 PM

Hello jezwagg,

Welcome to Bleeping Computer :thumbsup:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 jezwagg

jezwagg
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 11 December 2007 - 06:25 AM

Hi teacup61 thanks for your quick response in what seems to be a very busy forum.

I run combifix and this is the log:

ComboFix 07-12-10.2 - DAD 2007-12-11 11:10:55.1 - NTFSx86
Running from: C:\Documents and Settings\DAD\Local Settings\Temporary Internet Files\Content.IE5\EAK12RNP\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\avifilen.dll
C:\WINDOWS\system32\avifilenh.dll
C:\WINDOWS\system32\drivers\avnkzpim.dat
C:\WINDOWS\Tasks.\At1.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_POOF
-------\LEGACY_XAAQWQCA
-------\LEGACY_ZPHZERAB
-------\xaaqwqca
-------\zphzerab


((((((((((((((((((((((((( Files Created from 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))
.

2007-12-10 20:55 . 2007-12-04 13:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-10 20:55 . 2004-01-09 09:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-10 20:55 . 2007-12-04 12:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-10 20:55 . 2007-12-04 14:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-10 20:55 . 2007-12-04 14:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-10 20:55 . 2007-12-04 14:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-10 20:55 . 2007-12-04 14:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-10 20:55 . 2007-12-04 14:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-10 20:54 . 2007-12-10 20:54 <DIR> d-------- C:\Program Files\Alwil Software
2007-12-10 20:40 . 2007-12-10 20:40 18,500,624 --a------ C:\Program Files\setupeng.exe
2007-12-10 16:47 . 2007-12-10 16:47 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-10 16:47 . 2007-12-10 16:47 812,344 --a------ C:\Program Files\HJTInstall.exe
2007-12-10 08:49 . 2007-12-10 08:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-10 08:49 . 2007-12-10 08:52 <DIR> d-------- C:\Documents and Settings\DAD\Application Data\AVG7
2007-12-10 08:48 . 2007-12-10 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-10 08:47 . 2007-12-10 08:47 31,768,752 --a------ C:\Program Files\avg75free_503a1205.exe
2007-12-09 20:09 . 2007-12-09 20:16 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-12-09 20:08 . 2007-12-09 20:08 912,224 --a------ C:\Program Files\EFRCSetup.exe
2007-12-09 19:17 . 2007-12-09 19:17 3,240,296 --a------ C:\Program Files\setup.exe
2007-12-08 08:57 . 2007-12-08 08:57 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2007-12-08 08:57 . 2007-12-08 08:57 741,632 --a------ C:\WINDOWS\system32\mxpkzxfl.dat
2007-12-08 08:57 . 2007-12-08 08:57 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2007-12-08 08:57 . 2007-12-08 08:57 119,552 --a------ C:\WINDOWS\system32\juponnuo.dat
2007-12-08 08:57 . 2007-12-08 08:57 42,240 --a------ C:\WINDOWS\system32\cskvhrfd.dat
2007-12-08 08:57 . 2007-12-08 08:57 36,096 --a------ C:\WINDOWS\system32\pzebkgko.dat
2007-12-08 08:57 . 2007-12-08 08:57 35,072 --a------ C:\WINDOWS\system32\sgfahrmu.dat
2007-12-08 08:53 . 2007-12-09 09:04 <DIR> d-------- C:\WINDOWS\system32\AppCert
2007-12-08 08:51 . 2007-12-09 19:00 83,456 --a------ C:\WINDOWS\system32\avifilen.dll.bak
2007-12-06 20:06 . 2007-12-06 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eBay
2007-12-01 17:11 . 2007-12-01 17:11 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-01 17:09 . 2007-12-01 17:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-01 17:09 . 2007-12-01 17:10 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-01 16:33 . 2007-12-01 16:33 2,724,328 --a------ C:\Program Files\ccsetup203.exe
2007-12-01 16:24 . 2007-12-01 16:24 <DIR> d-------- C:\Documents and Settings\DAD\Application Data\MakeitOne
2007-12-01 16:22 . 2007-12-01 16:22 <DIR> d-------- C:\Program Files\MakeitOne
2007-12-01 16:22 . 2007-12-01 16:22 131,584 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-12-01 16:22 . 2007-12-01 16:22 28,898 --a------ C:\WINDOWS\system32\SpoonUninstall-MakeitOne MP3 Album Maker.bmp
2007-12-01 16:22 . 2007-12-01 16:22 664 --a------ C:\WINDOWS\system32\SpoonUninstall-MakeitOne MP3 Album Maker.dat
2007-12-01 16:19 . 2007-12-01 16:21 <DIR> d-------- C:\Documents and Settings\DAD\Application Data\DVD Flick
2007-12-01 16:18 . 2007-12-01 16:19 <DIR> d-------- C:\Program Files\DVD Flick
2007-12-01 16:18 . 2000-05-19 16:56 81,920 --a------ C:\WINDOWS\system32\mbmouse.ocx
2007-12-01 16:18 . 2007-08-31 17:36 36,864 --a------ C:\WINDOWS\system32\trayicon_handler.ocx
2007-11-20 16:30 . 2007-11-20 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-11-20 16:29 . 2007-12-08 11:38 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-11-20 16:28 . 2007-11-20 16:28 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-11-20 16:24 . 2007-11-20 16:24 128,344 --a------ C:\Program Files\audio-cd.exe
2007-11-20 16:17 . 2007-11-20 16:17 1,630,151 --a------ C:\Program Files\Setup_AltoMP3Gold.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-10 16:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-10 16:31 --------- d-----w C:\Program Files\SpywareBlaster
2007-12-10 16:06 32,630 ----a-w C:\Documents and Settings\DAD\Application Data\wklnhst.dat
2007-12-07 13:08 --------- d-----w C:\Documents and Settings\DAD\Application Data\BitTorrent
2007-12-01 17:08 --------- d-----w C:\Program Files\Windows Media Connect
2007-11-23 15:44 --------- d-----w C:\Documents and Settings\DAD\Application Data\Ahead
2007-11-20 16:13 --------- d-----w C:\Program Files\FreeRIP2
2007-11-07 21:26 12,273,453 ----a-w C:\Program Files\dvdflick_setup_1.3.0.0_beta.exe
2007-11-07 21:23 56,774 ----a-w C:\Program Files\CDDBMP3setup.exe
2007-11-07 21:20 169,452 ----a-w C:\Program Files\MakeitOne-MP3AlbumMaker.exe
2007-11-06 19:37 2,725,528 ----a-w C:\Program Files\ccsetup202.exe
2007-11-06 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-06 16:19 881,664 ----a-w C:\Program Files\DigitalLockerAssistant_en.msi
2007-11-01 19:59 7,890,027 ----a-w C:\Program Files\KingJackpotSetupEN.EXE
2007-10-28 19:25 --------- d-----w C:\Program Files\GMF_Partner
2007-10-28 19:25 --------- d-----w C:\Program Files\GMF
2007-10-26 15:38 5,953,024 ----a-w C:\Program Files\VideoPiggy136.msi
2007-10-24 15:36 --------- d-----w C:\Program Files\DK Multimedia
2007-10-24 15:21 --------- d-----w C:\Program Files\QuickTime
2007-10-14 18:26 --------- d-----w C:\Program Files\Google
2007-10-14 18:24 13,411,824 ----a-w C:\Program Files\Google_Earth_BZXD.exe
2007-10-11 19:34 --------- d-----w C:\Program Files\BitTorrent
2007-10-09 10:17 448,232 ----a-w C:\Program Files\rcsetup106.exe
2007-10-04 15:49 2,628,296 ----a-w C:\Program Files\ccsetup201.exe
2007-09-19 18:21 557,564 ----a-w C:\Program Files\CafeUK_Downloader.Exe
2007-09-17 15:48 400,248 ----a-w C:\Program Files\dfsetup100.exe
2007-09-14 17:58 74,672,991 ----a-w C:\Program Files\Office2003Lite-SFX.exe
2007-09-12 10:27 2,614,072 ----a-w C:\Program Files\ccsetup200.exe
2007-09-06 14:09 528,923 ----a-w C:\Program Files\LinerUK_Downloader.exe
2007-08-17 10:39 5,060,191 ----a-w C:\Program Files\MediaMonkey_Setup_2_5_5.exe
2007-08-17 10:29 1,319,800 ----a-w C:\Program Files\frfglppc.exe
2007-07-19 14:21 2,720,456 ----a-w C:\Program Files\ccsetup141.exe
2007-07-04 18:40 814,697 ----a-w C:\Program Files\sscserve.exe
2007-06-25 18:42 1,712,352 ----a-w C:\Program Files\freeripmp3.exe
2007-05-04 09:13 1,957,423 ----a-w C:\Program Files\ffdshow.exe
2007-03-29 20:34 205,000 ----a-w C:\Program Files\rcsetup101.exe
2007-03-05 21:51 29,782,164 ----a-w C:\Program Files\bustamove4.zip
2007-02-12 21:31 4,867,336 ----a-w C:\Program Files\frinstall.exe
2007-01-29 21:40 6,196,681 ----a-w C:\Program Files\BitTorrent-5.0.5.exe
2007-01-19 20:16 190,064 ----a-w C:\Program Files\Morpheus.exe
2006-12-16 11:51 12,474,360 ----a-w C:\Program Files\solsuite.exe
2006-12-07 22:01 10,420,936 ----a-w C:\Program Files\xlviewer.exe
2006-11-30 22:23 6,469,352 ----a-w C:\Program Files\avgas-setup-7.5.0.50.exe
2006-11-09 10:06 17,383,608 ----a-w C:\Program Files\avg75free_430a828.exe
2006-09-28 14:51 2,374,545 ----a-w C:\Program Files\AiRoboForm-infop.exe
2006-07-19 14:05 15,272,744 ----a-w C:\Program Files\Install_Messenger_nous.exe
2006-05-06 18:12 17,323,088 ------w C:\Program Files\setupUK.exe
2006-04-14 15:33 240,507 ------w C:\Program Files\audioscrobbler.wmp.1.1.10.exe
2006-01-05 12:00 2,566,736 ------w C:\Program Files\spywareblastersetup351.exe
2005-12-23 17:11 1,277,023 ----a-w C:\Program Files\secretmakersetup.exe
2005-11-23 18:47 622,736 ------w C:\Program Files\install_easyshare.exe
2005-11-07 20:03 925,184 ------w C:\Program Files\epsetup.exe
2005-11-07 19:55 532,616 ----a-w C:\Program Files\ImageResizerPowertoySetup.exe
2005-11-04 15:33 4,860,993 ------w C:\Program Files\setup_reminder15_en.exe
2005-10-31 22:02 4,111,384 ----a-w C:\Program Files\Bookworm_setup.exe
2005-10-27 19:24 2,987,896 ------w C:\Program Files\leechget.exe
2005-10-13 14:56 2,844,880 ------w C:\Program Files\SFTPMSI.exe
2005-10-12 14:27 2,929,648 ------w C:\Program Files\123freepuzzle.exe
2005-09-22 16:25 9,346,664 ------w C:\Program Files\zlsSetup_60_667_000.exe
2005-07-28 19:52 2,149,327 ------w C:\Program Files\SudokuSetup.exe
2005-07-22 09:01 5,037,072 ------w C:\Program Files\spybotsd14.exe
2005-07-13 16:16 850,657 ------w C:\Program Files\mp3cdconverter.exe
2005-06-19 18:50 1,163,643 ------w C:\Program Files\wrar342.exe
2005-06-18 12:45 6,976,104 ------w C:\Program Files\zlsSetup_55_094_000.exe
2005-06-18 11:31 2,855,080 ------w C:\Program Files\aawsepersonal.exe
2005-05-21 15:05 2,109,895 ------w C:\Program Files\123free.exe
2005-05-20 17:49 1,682,834 ------w C:\Program Files\free_spider.exe
2005-05-20 16:27 23 ----a-w C:\Program Files\sol_fold.dat
2005-05-20 15:57 2,723,840 ----a-w C:\Program Files\123FreeSolitaire.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 10:14]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 16:15]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 22:47 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 C:\WINDOWS\AGRSMMSG.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"CHotkey"="zHotkey.exe" [2004-05-17 17:30 C:\WINDOWS\zHotkey.exe]
"Net-It Launcher"="C:\WINDOWS\system32\NILaunch.exe" [1998-02-05 19:16]
"LWBMOUSE"="C:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE" [2002-05-24 12:54]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 01:10]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 10:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-24 15:21]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2005-07-08 15:57:08]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus Organizer EasyClip.lnk]
backup=C:\WINDOWS\pss\Lotus Organizer EasyClip.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
backup=C:\WINDOWS\pss\Lotus QuickStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SmartCenter.lnk]
backup=C:\WINDOWS\pss\Lotus SmartCenter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SuiteStart.lnk]
backup=C:\WINDOWS\pss\Lotus SuiteStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Streamload Downloader.lnk]
backup=C:\WINDOWS\pss\Streamload Downloader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^DAD^Start Menu^Programs^Startup^Lotus SmartSuite Release 9 Registration.lnk]
backup=C:\WINDOWS\pss\Lotus SmartSuite Release 9 Registration.lnkStartup

R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
S3 CA_LIC_CLNT;CA License Client;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
S3 CA_LIC_SRVR;CA License Server;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{061271ca-5d9f-11da-9588-001109bd4e95}]
\Shell\AutoRun\command - G:\This_is_THUS.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54634638-2747-11d9-ac05-00038a000015}]
\Shell\AutoRun\command - @%systemroot%\explorer.exe /e,.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f23fe678-6484-11d9-9496-00038a000015}]
\Shell\AutoRun\command - @%systemroot%\explorer.exe /e,.

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 11:17:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-11 11:20:14 - machine was rebooted
.
--- E O F --- 2007-12-02 22:52:31

Then I ran a fresh hijack and this is the logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:03, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\NILaunch.exe
C:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/28238869e6c72e...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096375419796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{3B413FC2-6E39-4476-BCBE-A50CC82754F7}: NameServer = 195.92.195.95 195.92.195.94
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

--
End of file - 7893 bytes

I changed my free virus checker to Avast between original post and this one. Reason not connected to this problem. A quick check on my google answer pages suggests that Combifix may well have already done the trick.

jezzyboy

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:45 AM

Posted 11 December 2007 - 11:43 AM

Hello,

Did you remove your other AntiVirus via Add/Remove Programs? I still see it in services.

Your Java is way out of date, which leaves your computer vulnerable.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u3.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/28238869e6c72e...ip/RdxIE601.cab


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

In your reply, please post a new HijackThis log and let me know how it's running, and also about your old AntiVirus. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 jezwagg

jezwagg
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 11 December 2007 - 02:44 PM

Hi tea

I've removed all old java and replaced with latest version. My old virus checker has now been removed (I thought I'd already done it!) and when I ran another hijack log those three entries were still there and they have been fixed. This leaves me with following hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:24, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\NILaunch.exe
C:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096375419796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

--
End of file - 7336 bytes

My computer seems to be running better than ever.
Thanks for your advice and help

jezzyboy

Edited by jezwagg, 11 December 2007 - 02:47 PM.


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:45 AM

Posted 11 December 2007 - 03:13 PM

Hello,

Glad to know it, and you're welcome! Posted Image

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

If there are no further problems:

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

You should definitely maintain a firewall. Some good free firewalls are Kerio, or Outpost. I use Comodo on my own system and really like it. http://comodo.com
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:45 AM

Posted 17 December 2007 - 05:09 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users