Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"blackster"


  • This topic is locked This topic is locked
2 replies to this topic

#1 redkearney

redkearney

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 22 June 2008 - 12:31 PM

"Blackster" has infected my PC. I deleted the file, restored my PC back to the original factory settings, but the spyware is still hiding somewhere. At 1st "Blackster" took away my admin controls, and I thought that I got them back but I think another user may be lurking. When I try to delete C:\Documents and Settings\LocalService\Local Settings\Temp, I receive an error message "CANNOT Delete index.dat. It is being used by another person or program." I have checked task manager and there is no programs running, and there is no other person logged on. Please Help :) ! Thanks :thumbsup: !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:25 AM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\BigFix\bigfix.exe
C:\PROGRA~1\COMMON~1\AOL\121409~1\EE\AOLHOS~1.EXE
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\COMMON~1\AOL\121409~1\EE\AOLServiceHost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T3516
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T3516
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1214092206\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS


DSS scan
Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-23 01:10:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:46 AM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\BigFix\bigfix.exe
C:\PROGRA~1\COMMON~1\AOL\121409~1\EE\AOLHOS~1.EXE
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\COMMON~1\AOL\121409~1\EE\AOLServiceHost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T3516
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T3516
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1214092206\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 8733 bytes

-- Files created between 2008-05-23 and 2008-06-23 -----------------------------

2008-06-23 00:08:27 0 d-------- C:\WINDOWS\Sun
2008-06-23 00:08:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2008-06-23 00:08:19 0 d-------- C:\Program Files\Sun
2008-06-22 23:24:58 0 d-------- C:\Program Files\Trend Micro
2008-06-22 12:21:08 0 d-------- C:\Program Files\LimeWire
2008-06-22 03:00:44 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-22 01:12:35 0 d-------- C:\Documents and Settings\Rich\Application Data\Adobe
2008-06-22 01:11:53 0 d-------- C:\Documents and Settings\Rich\Application Data\McAfee.com Personal Firewall
2008-06-22 01:10:59 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-06-22 01:04:42 0 d-------- C:\WINDOWS\system32\mclsphlr
2008-06-22 01:04:32 90112 --a------ C:\WINDOWS\system32\mcrtl32.dll <Not Verified; McAfee, Inc.; McAfee Privacy Service>
2008-06-22 01:04:31 131072 --a------ C:\WINDOWS\system32\mclsp.dll <Not Verified; McAfee, Inc.; McAfee Privacy Service>
2008-06-22 01:04:30 11264 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-06-22 01:04:30 32768 --a------ C:\WINDOWS\system32\instlsp.exe
2008-06-22 01:00:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2008-06-22 01:00:20 0 d-------- C:\Documents and Settings\Owner\Application Data\McAfee.com Personal Firewall
2008-06-22 00:59:20 0 d-------- C:\Documents and Settings\Rich\Application Data\Macromedia
2008-06-22 00:51:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-22 00:51:03 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-22 00:31:57 0 d-------- C:\Program Files\Avira
2008-06-22 00:31:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-22 00:20:37 0 d-------- C:\Documents and Settings\Rich\Application Data\LimeWire
2008-06-22 00:12:22 0 d-------- C:\Documents and Settings\Rich\Application Data\Google
2008-06-22 00:12:01 0 d-------- C:\Documents and Settings\Rich\WINDOWS
2008-06-22 00:12:01 0 d--h----- C:\Documents and Settings\Rich\Templates
2008-06-22 00:12:01 0 dr------- C:\Documents and Settings\Rich\Start Menu
2008-06-22 00:12:01 0 dr-h----- C:\Documents and Settings\Rich\SendTo
2008-06-22 00:12:01 0 dr-h----- C:\Documents and Settings\Rich\Recent
2008-06-22 00:12:01 0 d--h----- C:\Documents and Settings\Rich\PrintHood
2008-06-22 00:12:01 0 d--h----- C:\Documents and Settings\Rich\NetHood
2008-06-22 00:12:01 0 dr------- C:\Documents and Settings\Rich\My Documents
2008-06-22 00:12:01 0 d--h----- C:\Documents and Settings\Rich\Local Settings
2008-06-22 00:12:01 0 dr------- C:\Documents and Settings\Rich\Favorites
2008-06-22 00:12:01 0 d-------- C:\Documents and Settings\Rich\Desktop
2008-06-22 00:12:01 0 d---s---- C:\Documents and Settings\Rich\Cookies
2008-06-22 00:12:01 0 d--h----- C:\Documents and Settings\Rich\Application Data
2008-06-22 00:12:01 0 d-------- C:\Documents and Settings\Rich\Application Data\You've Got Pictures Screensaver
2008-06-22 00:12:01 0 d-------- C:\Documents and Settings\Rich\Application Data\SampleView
2008-06-22 00:12:01 0 d---s---- C:\Documents and Settings\Rich\Application Data\Microsoft
2008-06-22 00:12:01 0 d-------- C:\Documents and Settings\Rich\Application Data\Identities
2008-06-22 00:12:00 1310720 --ah----- C:\Documents and Settings\Rich\NTUSER.DAT
2008-06-21 21:46:41 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-06-21 21:21:12 0 d-------- C:\WINDOWS\Internet Logs
2008-06-21 21:10:40 0 d---s---- C:\Documents and Settings\Owner\UserData
2008-06-21 21:06:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-06-21 20:57:44 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-06-21 20:56:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-06-21 20:48:03 0 d-------- C:\WINDOWS\system32\Lang
2008-06-21 20:46:54 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-06-21 20:46:54 0 d-------- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
2008-06-21 20:46:54 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView
2008-06-21 20:46:54 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2008-06-21 20:44:01 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-21 19:59:57 0 d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2008-06-21 19:53:56 0 d-------- C:\Program Files\McAfee
2008-06-21 19:53:56 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-21 19:53:47 9216 --a------ C:\WINDOWS\system32\MpfApi.dll <Not Verified; McAfee; McAfee Personal Firewall>
2008-06-21 19:53:47 80640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
2008-06-21 19:53:40 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-06-21 19:53:04 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-21 19:52:50 0 d-------- C:\Program Files\McAfee.com
2008-06-21 19:52:44 0 d-------- C:\Program Files\gtw_logo
2008-06-21 19:52:34 67072 --a------ C:\WINDOWS\POWERCFG.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-21 19:51:37 0 d-------- C:\Program Files\Microsoft Money 2006
2008-06-21 19:51:20 0 d-------- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver
2008-06-21 19:51:19 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-06-21 19:51:06 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2008-06-21 19:51:00 0 d-------- C:\WINDOWS\system32\QuickTime
2008-06-21 19:51:00 0 d-------- C:\Program Files\QuickTime
2008-06-21 19:51:00 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-21 19:50:56 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-06-21 19:50:56 0 d-------- C:\My Music
2008-06-21 19:50:52 0 d-------- C:\Program Files\Real
2008-06-21 19:50:52 0 d-------- C:\Program Files\Common Files\Real
2008-06-21 19:50:41 102400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll <Not Verified; 4Developers LLC; SimpleRegistry Control>
2008-06-21 19:50:41 10752 --a------ C:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL>
2008-06-21 19:50:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-21 19:50:37 0 d-------- C:\Program Files\Viewpoint
2008-06-21 19:50:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-06-21 19:50:34 0 d-------- C:\Program Files\Pure Networks
2008-06-21 19:50:27 0 d-------- C:\Program Files\Common Files\AolCoach
2008-06-21 19:50:04 0 d-------- C:\Program Files\Common Files\aolshare
2008-06-21 19:50:04 0 d-------- C:\Program Files\America Online 9.0
2008-06-21 19:50:04 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-06-21 19:49:58 335 --a------ C:\WINDOWS\nsreg.dat
2008-06-21 19:49:58 0 d-------- C:\Program Files\Common Files\AOL
2008-06-21 19:49:51 0 d-------- C:\Program Files\BigFix
2008-06-21 19:49:47 0 d-------- C:\Program Files\Microsoft Works
2008-06-21 19:49:27 0 d-------- C:\Program Files\MSN Encarta Plus
2008-06-21 19:49:17 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-06-21 19:49:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Napster
2008-06-21 19:49:03 0 d-------- C:\Program Files\Napster
2008-06-21 19:48:50 4 --a------ C:\WINDOWS\Pix11.dat
2008-06-21 19:48:24 0 d-------- C:\Program Files\Microsoft Digital Image 2006
2008-06-21 19:47:59 40960 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-06-21 19:47:41 0 d-------- C:\WINDOWS\system32\RTCOM
2008-06-21 19:47:00 0 d-------- C:\Program Files\Realtek
2008-06-21 19:46:55 487424 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-21 19:45:24 0 d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-06-21 19:45:20 0 d-------- C:\WINDOWS\wt
2008-06-21 19:45:19 0 d-------- C:\Program Files\WildTangent
2008-06-21 19:45:13 0 d-------- C:\Program Files\Gateway Games
2008-06-21 19:44:53 520192 --a------ C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-06-21 19:44:19 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-21 19:43:53 20480 --a------ C:\WINDOWS\system32\Marker32.exe <Not Verified; Gateway; Marker32>
2008-06-21 19:43:21 0 d-------- C:\Program Files\Java
2008-06-21 19:43:21 0 d-------- C:\Program Files\Common Files\Java
2008-06-21 19:43:13 94208 --a------ C:\WINDOWS\system32\bae.dll <Not Verified; Gateway Inc.; Browser Address Error Redirector>
2008-06-21 19:42:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 19:42:38 0 d-------- C:\Program Files\CyberLink
2008-06-21 19:42:36 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-21 19:41:24 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-21 19:41:07 0 d-------- C:\WINDOWS\SHELLNEW
2008-06-21 19:40:52 0 d-------- C:\Program Files\Microsoft.NET
2008-06-21 19:40:20 0 dr-h----- C:\MSOCache
2008-06-21 19:38:39 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-06-21 19:38:29 0 d-------- C:\Program Files\Google
2008-06-21 19:32:15 2 -r-hs---- C:\USER
2008-06-21 19:29:56 0 d-------- C:\Program Files\CONEXANT
2008-06-21 19:27:25 0 d--hs---- C:\System Volume Information
2008-06-21 19:19:46 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2008-06-21 19:19:43 0 d-------- C:\WINDOWS\creator
2008-06-21 19:18:25 0 d-------- C:\WINDOWS\SMINST
2008-06-21 19:18:22 0 d-------- C:\WINDOWS\I386


-- Find3M Report ---------------------------------------------------------------

2008-06-22 00:51:03 0 d-------- C:\Program Files\Common Files
2008-06-21 19:18:22 0 d-------- C:\Program Files\Windows NT
2008-06-21 19:18:19 0 d-------- C:\Program Files\Movie Maker
2008-06-21 19:18:17 0 d-------- C:\Program Files\Messenger
2008-06-21 19:14:37 0 d-------- C:\Program Files\Online Services
2008-06-21 19:14:37 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-21 19:14:37 0 d-------- C:\Program Files\microsoft frontpage
2008-06-21 19:14:37 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-21 19:14:37 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-21 19:14:37 0 d-------- C:\Program Files\Common Files\New Boundary
2008-06-21 19:14:36 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-21 19:14:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [06/21/2008 07:38 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [01/12/2005 06:01 AM]
"RTHDCPL"="RTHDCPL.EXE" [04/04/2006 08:44 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 09:43 PM C:\WINDOWS\Alcmtr.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1214092206\EE\AOLHostManager.exe" [11/03/2004 05:03 PM]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [10/18/2004 08:42 PM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 09:18 PM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/12/2005 01:02 AM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [07/01/2005 10:22 PM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [08/26/2005 02:26 PM]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [09/26/2005 01:26 PM]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [08/12/2005 07:16 PM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [08/10/2005 03:49 PM]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [09/27/2005 08:17 PM]
"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [09/28/2005 04:28 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/22/2008 01:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [6/21/2008 7:49:51 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75200243-3fee-11dd-9ce2-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480




-- End of Deckard's System Scanner: finished at 2008-06-23 01:11:20 ------------


--
End of file - 8700 bytes

Edited by redkearney, 22 June 2008 - 12:59 PM.


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:50 AM

Posted 15 July 2008 - 09:43 PM

Hello, redkearney.
index.dat is an internal file used by windows explorer. Most of the time you can't delete it without the use of special tools.

:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
Please run Deckard's System Scanner again, this time using these instructions:
(In the event you lost your copy, you can download a new one from here: Deckard's System Scanner)
  • Click on Start, click on Run
  • Copy and paste the following in the open window and then click OK:
    "%userprofile%\desktop\dss.exe" /config
  • This will open up DSS configuration
  • Click on Check All.
  • Click Scan.
    DSS will now run again.
  • Please post back both logs that open in notepad.
    Main.txt and Extra.txt
In your next reply, please include the following:
  • DSS's Main.txt
  • DSS's Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:50 AM

Posted 18 July 2008 - 08:25 AM

Hello, redkearney.
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users