Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After A Fairly Short Thread With Grinler, I Was Directed To Post Here


  • This topic is locked This topic is locked
3 replies to this topic

#1 BonaDea2008

BonaDea2008

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 25 May 2008 - 12:06 PM

First, let me say, profuse thanks in advance for any assistance provided!

My logs follow this "prolog" (no pun intended). Here, I've provided all the information I could possibly find. If, from here-on-out, you'd prefer I play a more "passive" role and simply follow given instructions, I'm more than happy to do that.

The last time I went through something like this, right at the last step of the clean-up process, Avast told me a couple of viruses downloaded and directed me to send it to the chest. I'd like to stop this from happening. Avast, on a fairly regular basis, catches something slipping through and directs me to send it to the chest. Later, I delete it from the chest. (maybe this isn't a good idea?) The reason I'm writing this up-front is because I'd like to know if there are some security measures I should take BEFORE we get started on this process so something doesn't download mid-process again. Also, I'm not so sure about AVAST. Should I change my anti-virus? I have several anti-spyware programs loaded: SpywareBlaster, SpywareGuard, SpybotS&D, SuperAntiSpyware. These were loaded at the suggestion of the last person who helped me, after the process was done, which is what leads me to believe I ended up with the present problems from the virus down-loads that occurred near the end of the last clean-up process.

Why I'm here: I was doing the HJT tutorial and found a strange file in my HJT log: smsn.exe. I couldn't find any information about it on any english-speaking sites. (Since then, more information is available:)

I posted a note to the system start up forum since I couldn't find the file anywhere, Grinler identified it as malware and asked for a copy of the file. While looking for the file I ran into a number of problems. You can read the thread here, if you like: http://www.bleepingcomputer.com/forums/t/147276/smsnexe/
Grinler seems to think I have more than one infection. Kaspersky seems to concur, but the strange thing about smsn.exe is that, at least to my untrained eye, it seems to toggle back and forth between smsn.exe and smsa.exe. They share the same owner and file path. When smsn.exe is running as a process (process manager) smsa is not and vice-versa (They also toggle back and forth in my HJT scans). The online information I can find about smsn.exe puts it in the recycle folder, the online information I can find about smsa.exe does not, yet, on my scans, as I said before, they both have the same owner and path which puts them in the recycle folder. Here's a search result for smsa.exe:

Enough background, here are my scan logs. By the way, DSS is only generating one log: main.txt. Again, much thanks, in advance, to anyone willing to help.


DSS Log:

Deckard's System Scanner v20071014.68
Run by Jo Ann Christinese on 2008-05-25 10:22:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 255 MiB (256 MiB recommended).


-- HijackThis (run as Jo Ann Christinese.exe) ----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23, on 2008-05-25
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32svchost.exe
C:WINNTsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
c:Recyclesmsa.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINNTSystem32svchost.exe
C:WINNTsystem32lxczcoms.exe
C:WINNTsystem32regsvc.exe
C:WINNTsystem32MSTask.exe
C:WINNTsystem32stisvc.exe
C:program filesinternet explorerIEXPLORE.EXE
C:WINNTSystem32WBEMWinMgmt.exe
C:WINNTsystem32svchost.exe
C:WINNTsystem32svchost.exe
C:WINNTsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:WINNTsystem32calc.exe
C:WINNTExplorer.EXE
C:WINNTsystem32infsvchosts.exe
C:WINNTsm56hlpr.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesPeoplePCISP6500BrowserBartshel.exe
C:Program FilesMax Registry CleanerMaxRCSystemTray.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:PROGRA~1PeoplePCISP6500BrowserPPShared.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesSpywareGuardsgmain.exe
C:Program FilesSpywareGuardsgbhp.exe
C:Program FilesPeoplePCISP6500BrowserBartshel.exe
C:WINNTsystem32wuauclt.exe
C:Program FilesPeoplePC AcceleratedPeoplePC.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesTrend MicroHijackThisdss.exe
C:PROGRA~1TRENDM~1HIJACK~1JOANNC~1.EXE

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://home.peoplepc.com/search
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://home.peoplepc.com/websearch
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=localhost:8080
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:Program FilesPeoplePCToolbarScamGrd.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:Program FilesPeoplePCToolbarScamGrd.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:program filespeoplepctoolbarPPCToolbar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTSystem32msdxm.ocx
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:program filespeoplepctoolbarPPCToolbar.dll
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM..Run: [Bart Station] C:Program FilesPeoplePCISP6500BINPPCOLink.exe -STATION
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [RCAutoLiveUpdate] C:Program FilesMax Registry CleanerMaxLiveUpdateRC.exe -AUTO
O4 - HKLM..Run: [RCSystemTray] C:Program FilesMax Registry CleanerMaxRCSystemTray.exe
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKLM..PoliciesExplorerRun: [nyuserinit] C:WINNTsystem32infsvchosts.exe C:WINNTsystem32lwfdfia16_080514.dll tanlt88
O4 - HKUS.DEFAULT..RunOnce: [^SetupICWDesktop] C:Program FilesInternet ExplorerConnection Wizardicwconn1.exe /desktop (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:Program FilesERUNTAUTOBACK.EXE
O4 - Startup: SpywareGuard.lnk = C:Program FilesSpywareGuardsgmain.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O12 - Plugin for .pdf: C:Program FilesInternet ExplorerPLUGINSnppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207048643546
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLMSystemCCSServicesTcpip..{CCEE0E6D-41E2-4091-892A-314B23E8F5C6}: NameServer = 209.244.0.3 209.244.0.4
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Windows Audio Server (Audios) - Unknown owner - c:Recyclesmsa.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:WINNTSystem32dmadmin.exe
O23 - Service: lxcz_device - - C:WINNTsystem32lxczcoms.exe
O23 - Service: Windows_rejoice2008_401 - Unknown owner - C:Program FilesCommon FilesMicrosoft SharedMSINFOrejoice082.exe

--
End of file - 5933 bytes

-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-05-25 08:18:15 16384 --a-----t C:WINNTsystem32Perflib_Perfdata_200.dat
2008-05-23 21:26:08 335277 ---hs---- C:WINNTsystem32_rejoice082.exe
2008-05-23 21:22:59 0 d-------- C:Documents and SettingsDefault UserApplication DataMacromedia
2008-05-23 21:22:58 0 d-------- C:Documents and SettingsDefault UserApplication DataAdobe
2008-05-23 21:21:43 0 d-------- C:Documents and SettingsDefault UserApplication DataScamBlocker
2008-05-23 21:21:22 556544 --a------ C:WINNTsystem32mdccasys32_080514.dll
2008-05-23 21:21:22 31232 --a------ C:WINNTsystem32lwfdfia16_080514.dll
2008-05-23 21:21:19 255544 --a------ C:WINNTsystemsgcxcxxaspf080514.exe
2008-05-23 21:21:17 0 d-------- C:WINNTsystem32inf
2008-05-21 11:51:02 16384 --a-----t C:WINNTsystem32Perflib_Perfdata_208.dat
2008-05-18 13:30:22 0 d-a------ C:Documents and SettingsAll UsersApplication DataSpybot - Search & Destroy
2008-05-16 08:44:50 1445888 --a------ C:Documents and SettingsJo Ann ChristineseNTUSER.DAT
2008-05-15 13:47:13 48128 -r-hs---- C:WINNTsystem32ctfmon.dll
2008-05-15 12:27:16 48128 -r-hs---- C:WINNTsystem32wmoptimizer.dll
2008-05-15 12:26:56 3072 --a------ C:WINNTsystem32oky.exe
2008-05-13 12:40:07 0 d-------- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2008-05-13 12:40:05 0 d-------- C:WINNTsystem32Kaspersky Lab
2008-05-13 10:56:27 0 d-------- C:Recycle
2008-05-13 10:03:56 0 d-------- C:Documents and SettingsAll UsersApplication DataSUPERAntiSpyware.com
2008-05-13 10:03:38 0 d-------- C:Program FilesSUPERAntiSpyware
2008-05-13 10:03:38 0 d-------- C:Documents and SettingsJo Ann ChristineseApplication DataSUPERAntiSpyware.com
2008-05-13 10:02:58 0 d-------- C:Program FilesCommon FilesWise Installation Wizard
2008-05-13 09:30:22 0 d-------- C:Documents and SettingsJo Ann ChristineseApplication DataMalwarebytes
2008-05-13 09:30:13 0 d-------- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2008-05-13 09:30:11 0 d-------- C:Program FilesMalwarebytes' Anti-Malware
2008-05-13 09:29:21 0 d-------- C:Program FilesCommon FilesDownload Manager
2008-05-13 08:59:33 16384 --a-----t C:WINNTsystem32Perflib_Perfdata_1f0.dat
2008-05-12 17:19:46 0 d-------- C:Program FilesSpywareDetector
2008-05-10 19:57:06 0 d-------- C:WINNTMaxSecureBackup
2008-05-10 19:55:58 123 --a------ C:WINNTsystemSYSRegC.dll
2008-05-10 19:55:52 143360 --a------ C:WINNTsystem32GetHardDiskNo.dll
2008-05-10 19:55:50 0 d-------- C:Program FilesMax Registry Cleaner


-- Find3M Report ---------------------------------------------------------------

2008-05-24 13:07:03 920894 ---h----- C:WINNTShellIconCache
2008-05-24 12:58:47 0 d-------- C:Documents and SettingsJo Ann ChristineseApplication DataU3
2008-05-24 10:30:34 0 d-------- C:Program FilesComputer Clean Up Tools
2008-05-23 18:05:56 510 --a------ C:WINNTrun2.vbs
2008-05-23 18:05:56 1069 --a------ C:WINNTrun.vbs
2008-05-21 11:57:56 0 d-a------ C:Program FilesCommon Files
2008-05-18 10:52:58 0 d-------- C:Program FilesSpywareGuard
2008-05-18 10:32:17 0 d-------- C:Program FilesSpywareBlaster
2008-05-14 10:28:00 64438 --a------ C:WINNTIireFoxUpdater.exe
2008-05-13 12:06:10 2566 --a------ C:WINNTmozver.dat
2008-04-16 21:21:23 0 d-------- C:Documents and SettingsJo Ann ChristineseApplication DataAdobeUM
2008-04-11 23:21:42 3 --a------ C:WINNTsystem32iphy.dll
2008-04-11 22:48:06 434176 --a------ C:WINNTsystem32IPHOST.dll
2008-04-07 21:53:19 0 --a------ C:WINNTsystem32fiplock.dll
2008-04-06 10:04:04 0 d-------- C:Documents and SettingsJo Ann ChristineseApplication DataFaxCtr
2008-04-05 16:27:33 0 d-------- C:Program FilesLexmark 1200 Series
2008-04-05 16:27:22 0 d-------- C:Program FilesLexmark Fax Solutions
2008-04-05 16:25:52 0 d-------- C:Program FilesAbbyy FineReader 6.0 Sprint
2008-04-04 16:41:19 0 d-------- C:Documents and SettingsJo Ann ChristineseApplication DataTalkback
2008-04-04 16:40:48 0 --a------ C:WINNTnsreg.dat
2008-04-04 16:40:42 0 d-------- C:Documents and SettingsJo Ann ChristineseApplication DataMozilla
2008-04-03 16:05:06 0 d-------- C:Program FilesTrend Micro
2008-04-03 12:48:56 16384 --a-----t C:WINNTsystem32Perflib_Perfdata_1f8.dat
2008-04-01 21:17:01 0 d-------- C:Documents and SettingsJo Ann ChristineseApplication DataHelp
2008-04-01 20:20:39 0 d-------- C:Program FilesAlwil Software
2008-04-01 17:33:21 0 d-------- C:Documents and SettingsJo Ann ChristineseApplication DataMacromedia
2008-04-01 17:19:42 0 d-------- C:Program FilesPeoplePC Accelerated
2008-04-01 17:04:01 0 d-------- C:Documents and SettingsJo Ann ChristineseApplication DataScamBlocker
2008-04-01 17:00:15 0 d-------- C:Program FilesPeoplePC
2008-04-01 16:59:52 0 d-------- C:Program FilesCommon FilesPeoplePC
2008-04-01 07:07:18 57344 --a------ C:WINNTuneng.exe
2008-04-01 07:07:18 0 d-------- C:Program FilesCommon FilesAdaptec Shared
2008-04-01 05:41:56 0 d-------- C:Program FilesWindows NT
2008-04-01 05:04:39 0 d-------- C:Documents and SettingsJo Ann ChristineseApplication DataIdentities
2008-04-01 04:48:47 0 d-------- C:Program Filesmicrosoft frontpage
2008-04-01 04:47:51 0 -rahs---- C:MSDOS.SYS
2008-04-01 04:47:51 0 -rahs---- C:IO.SYS
2008-04-01 04:47:51 0 ---h----- C:CONFIG.SYS
2008-04-01 04:47:51 0 ---h----- C:AUTOEXEC.BAT
2008-04-01 04:45:55 15012 --a------ C:WINNTsystem32emptyregdb.dat
2008-04-01 04:45:05 0 d-ah----- C:Program FilesWindowsUpdate
2008-04-01 04:44:36 0 d-------- C:Program FilesAccessories
2008-03-31 21:04:29 0 d-a------ C:Program FilesCommon FilesODBC


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE~Browser Helper Objects{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
08-05-23 21:22 198656 --a------ c:program filespeoplepctoolbarPPCToolbar.dll

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
"{A8FB8EB3-183B-4598-924D-86F0E5E37085}"= c:program filespeoplepctoolbarPPCToolbar.dll [08-05-23 21:22 198656]

[-HKEY_CLASSES_ROOTCLSID{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
[HKEY_CLASSES_ROOTPeoplePC.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{994D628D-4D22-4DB9-B6DB-F7D9F1635817}]
[HKEY_CLASSES_ROOTPeoplePC.Toolbar]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"Synchronization Manager"="mobsync.exe" [03-06-19 13:05 C:WINNTsystem32mobsync.exe]
"SMSERIAL"="sm56hlpr.exe" [03-10-07 20:15 C:WINNTsm56hlpr.exe]
"Bart Station"="C:Program FilesPeoplePCISP6500BINPPCOLink.exe" [07-03-12 16:11 ]
"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [08-05-15 17:19 ]
"RCAutoLiveUpdate"="C:Program FilesMax Registry CleanerMaxLiveUpdateRC.exe" [08-01-02 12:25 ]
"RCSystemTray"="C:Program FilesMax Registry CleanerMaxRCSystemTray.exe" [08-01-02 12:25 ]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"SUPERAntiSpyware"="C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe" [08-05-20 14:05 ]
"SpybotSD TeaTimer"="C:Program FilesSpybot - Search & DestroyTeaTimer.exe" [08-01-28 11:43 ]

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrunonce]
"^SetupICWDesktop"=C:Program FilesInternet ExplorerConnection Wizardicwconn1.exe /desktop

C:Documents and SettingsJo Ann ChristineseStart MenuProgramsStartup
ERUNT AutoBackup.lnk - C:Program FilesERUNTAUTOBACK.EXE [2005-10-20 13:04:08]
SpywareGuard.lnk - C:Program FilesSpywareGuardsgmain.exe [2003-08-29 20:05:35]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorerrun]
"nyuserinit"=C:WINNTsystem32infsvchosts.exe C:WINNTsystem32lwfdfia16_080514.dll tanlt88

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
"StartMenuLogOff"=1 (0x1)

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:Program FilesSUPERAntiSpywareSASSEH.DLL [08-05-20 14:05 77824]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
C:Program FilesSUPERAntiSpywareSASWINLO.DLL 08-05-15 16:52 294912 C:Program FilesSUPERAntiSpywareSASWINLO.DLL

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaltga.sys]
@="Driver"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
wmosvr WMOptimizer




-- End of Deckard's System Scanner: finished at 2008-05-25 10:24:44 ------------



Kaspersky Log:

2008-05-25 10:11
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/05/2008
Kaspersky Anti-Virus database records: 800188
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:
C:
D:
Scan Statistics
Total number of scanned objects 15538
Number of viruses found 9
Number of infected objects 12
Number of suspicious objects 0
Duration of the scan process 00:30:00

Infected Object Name Virus Name Last Action
C:Documents and SettingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat Object is locked skipped
C:Documents and SettingsDefault UserCookiesindex.dat Object is locked skipped
C:Documents and SettingsDefault UserLocal SettingsHistoryHistory.IE5index.dat Object is locked skipped
C:Documents and SettingsDefault UserLocal SettingsTemporary Internet FilesContent.IE5index.dat Object is locked skipped
C:Documents and SettingsJo Ann ChristineseApplication DataMozillaFirefoxProfilesspulu7g9.defaultcert8.db Object is locked skipped
C:Documents and SettingsJo Ann ChristineseApplication DataMozillaFirefoxProfilesspulu7g9.defaultformhistory.dat Object is locked skipped
C:Documents and SettingsJo Ann ChristineseApplication DataMozillaFirefoxProfilesspulu7g9.defaulthistory.dat Object is locked skipped
C:Documents and SettingsJo Ann ChristineseApplication DataMozillaFirefoxProfilesspulu7g9.defaultkey3.db Object is locked skipped
C:Documents and SettingsJo Ann ChristineseApplication DataMozillaFirefoxProfilesspulu7g9.defaultparent.lock Object is locked skipped
C:Documents and SettingsJo Ann ChristineseApplication DataMozillaFirefoxProfilesspulu7g9.defaultsearch.sqlite Object is locked skipped
C:Documents and SettingsJo Ann ChristineseApplication DataMozillaFirefoxProfilesspulu7g9.defaulturlclassifier2.sqlite Object is locked skipped
C:Documents and SettingsJo Ann ChristineseApplication DataSUPERAntiSpyware.comSUPERAntiSpywareAppLogsSUPERANTISPYWARE-5-25-2008( 8-19-2 ).LOG Object is locked skipped
C:Documents and SettingsJo Ann ChristineseCookiesindex.dat Object is locked skipped
C:Documents and SettingsJo Ann ChristineseLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat Object is locked skipped
C:Documents and SettingsJo Ann ChristineseLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat.LOG Object is locked skipped
C:Documents and SettingsJo Ann ChristineseLocal SettingsApplication DataMozillaFirefoxProfilesspulu7g9.defaultCache_CACHE_001_ Object is locked skipped
C:Documents and SettingsJo Ann ChristineseLocal SettingsApplication DataMozillaFirefoxProfilesspulu7g9.defaultCache_CACHE_002_ Object is locked skipped
C:Documents and SettingsJo Ann ChristineseLocal SettingsApplication DataMozillaFirefoxProfilesspulu7g9.defaultCache_CACHE_003_ Object is locked skipped
C:Documents and SettingsJo Ann ChristineseLocal SettingsApplication DataMozillaFirefoxProfilesspulu7g9.defaultCache_CACHE_MAP_ Object is locked skipped
C:Documents and SettingsJo Ann ChristineseLocal SettingsHistoryHistory.IE5index.dat Object is locked skipped
C:Documents and SettingsJo Ann ChristineseLocal SettingsHistoryHistory.IE5MSHist012008052520080526index.dat Object is locked skipped
C:Documents and SettingsJo Ann ChristineseLocal SettingsTemp~DF40D9.tmp Object is locked skipped
C:Documents and SettingsJo Ann ChristineseLocal SettingsTemp~DF6FFB.tmp Object is locked skipped
C:Documents and SettingsJo Ann ChristineseLocal SettingsTemp~DF97F9.tmp Object is locked skipped
C:Documents and SettingsJo Ann ChristineseLocal SettingsTemporary Internet FilesContent.IE5index.dat Object is locked skipped
C:Documents and SettingsJo Ann ChristineseNTUSER.DAT Object is locked skipped
C:Documents and SettingsJo Ann Christinesentuser.dat.LOG Object is locked skipped
C:Program FilesAlwil SoftwareAvast4DATAaswResp.dat Object is locked skipped
C:Program FilesAlwil SoftwareAvast4DATAAvast4.db Object is locked skipped
C:Program FilesAlwil SoftwareAvast4DATAintegavast.int Object is locked skipped
C:Program FilesAlwil SoftwareAvast4DATAlogAshWebSv.ws Object is locked skipped
C:Program FilesAlwil SoftwareAvast4DATAlogaswMaiSv.log Object is locked skipped
C:Program FilesAlwil SoftwareAvast4DATAlognshield.log Object is locked skipped
C:Program FilesAlwil SoftwareAvast4DATAlogselfdef.log Object is locked skipped
C:Program FilesAlwil SoftwareAvast4DATAreportResident protection.txt Object is locked skipped
C:Program FilesPeoplePCToolbarPPCToolbar.dll Infected: not-a-virus:AdWare.Win32.Agent.ac skipped
C:Program FilesPeoplePC Acceleratedlogsoutput_Jo Ann Christinese.log Object is locked skipped
C:Program FilesPeoplePC AcceleratedTEMPbenchmark.dat Object is locked skipped
C:Program FilesPeoplePC AcceleratedTEMPcodescache20fe20 Object is locked skipped
C:Program FilesPeoplePC AcceleratedTEMPcodescache6cfb6c Object is locked skipped
C:Program FilesPeoplePC AcceleratedTEMPcodescache745674 Object is locked skipped
C:Program FilesPeoplePC AcceleratedTEMPcodescacheab5aab Object is locked skipped
C:Program FilesPeoplePC AcceleratedTEMPcodescacheactiveDomains Object is locked skipped
C:Program FilesPeoplePC AcceleratedTEMPcodescachenonactiveDomains Object is locked skipped
C:Program FilesPeoplePC AcceleratedTEMPhttp_cacheHEADERS_0000_1 Object is locked skipped
C:Program FilesPeoplePC AcceleratedTEMPhttp_cacheHEADERS_0000_2 Object is locked skipped
C:Program FilesPeoplePC AcceleratedTEMPhttp_cache_0000_1 Object is locked skipped
C:Program FilesPeoplePC AcceleratedTEMPhttp_cache_0000_2 Object is locked skipped
C:Recyclesmsa.exe Infected: Trojan-Downloader.Win32.Delf.hyl skipped
C:Recyclesmsn.exe Infected: Trojan.Win32.Delf.bzy skipped
C:WINNTCSC00000001 Object is locked skipped
C:WINNTDebugipsecpa.log Object is locked skipped
C:WINNTDebugoakley.log Object is locked skipped
C:WINNTDebugPASSWD.LOG Object is locked skipped
C:WINNTModemLog_Motorola SM56 Speakerphone Modem.txt Object is locked skipped
C:WINNTrun.vbs Infected: Trojan-Downloader.VBS.Small.gg skipped
C:WINNTSchedLgU.Txt Object is locked skipped
C:WINNTSoftwareDistributionReportingEvents.log Object is locked skipped
C:WINNTSti_Trace.log Object is locked skipped
C:WINNTsystemsgcxcxxaspf080514.exe Infected: Trojan-Spy.Win32.Pophot.aye skipped
C:WINNTsystem32CatRootSYSMAST.cbd Object is locked skipped
C:WINNTsystem32CatRootSYSMAST.cbk Object is locked skipped
C:WINNTsystem32CatRoot{127D0A1D-4EF2-11D1-8608-00C04FC295EE}CATMAST.cbd Object is locked skipped
C:WINNTsystem32CatRoot{127D0A1D-4EF2-11D1-8608-00C04FC295EE}CATMAST.cbk Object is locked skipped
C:WINNTsystem32configAntivirus.Evt Object is locked skipped
C:WINNTsystem32configAppEvent.Evt Object is locked skipped
C:WINNTsystem32configdefault Object is locked skipped
C:WINNTsystem32configdefault.LOG Object is locked skipped
C:WINNTsystem32configSAM Object is locked skipped
C:WINNTsystem32configSAM.LOG Object is locked skipped
C:WINNTsystem32configSecEvent.Evt Object is locked skipped
C:WINNTsystem32configSECURITY Object is locked skipped
C:WINNTsystem32configSECURITY.LOG Object is locked skipped
C:WINNTsystem32configsoftware Object is locked skipped
C:WINNTsystem32configsoftware.LOG Object is locked skipped
C:WINNTsystem32configSysEvent.Evt Object is locked skipped
C:WINNTsystem32configsystem Object is locked skipped
C:WINNTsystem32configSYSTEM.ALT Object is locked skipped
C:WINNTsystem32ddd.exe/_main.pl Infected: DoS.Perl.BBDoS.c skipped
C:WINNTsystem32ddd.exe Perl2Exe: infected - 1 skipped
C:WINNTsystem32infscsys16_080514.dll Infected: Trojan-Spy.Win32.Pophot.ayf skipped
C:WINNTsystem32infsppdcrs080514.scr Infected: Trojan-Spy.Win32.Pophot.aye skipped
C:WINNTsystem32lwfdfia16_080514.dll Infected: Trojan-Spy.Win32.Pophot.ayf skipped
C:WINNTsystem32mdccasys32_080514.dll Infected: Trojan-Spy.Win32.Agent.cli skipped
C:WINNTsystem32Perflib_Perfdata_200.dat Object is locked skipped
C:WINNTsystem32psexec.exe Infected: not-a-virus:RiskTool.Win32.PsExec.c skipped
C:WINNTTemp_avast4_Webshlock.txt Object is locked skipped
C:WINNTWindowsUpdate.log Object is locked skipped
Scan process completed.

Fix code tags and deactivate links just in case. ~ OB
----------
New Virus since post, should I do a new log? Maybe not, but AVAST found a virus and I directed it to delete and delete files on reboot. Maybe this is enough? I'm not so sure since I'm not sure AVAST is really doing it's job. Anyway, thanks.

No, please do not post any additional logs or make any changes to the computer until instructed to do so. Please be patient, the team is EXTREMELY busy. ~ OB

Merge posts and add comment. ~ OB

Edited by Orange Blossom, 25 May 2008 - 08:09 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:25 PM

Posted 25 June 2008 - 11:21 AM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 BonaDea2008

BonaDea2008
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 27 June 2008 - 06:03 PM

SueBaby, thank you so much for responding. I actually got so fed up with the malware mess that I'm on another site training to be a helper. Since my post I have figured out how to resolve my computer issues. Sorry, I guess I should have posted a message to that effect. Thanks again for responding.

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:25 PM

Posted 28 June 2008 - 03:33 PM

I am glad that you are training to be a helper; we need all the helpers we can get. That is how I got started. I had a virus on my computer and decided that I wanted to know how to fix it. Thanks for responding.

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users