Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vist Antivirus2008


  • This topic is locked This topic is locked
2 replies to this topic

#1 jlh123

jlh123

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 22 June 2008 - 01:09 PM

vista antivirus2008 installed itself on my computer it keeps showing pop-ups
saying my computer is infected i've tried add remove programs
on control panel but its not on the list i followed all the steps on here nothing seems to
work please help




Deckard's System Scanner v20071014.68
Run by user on 2008-06-22 13:14:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 88% (more than 75%).
Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-22 13:15:29
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\Sys84.exe
C:\WINDOWS\Sys86.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\RPS.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Local Settings\Temp\jkos-user\binaries\ScanningProcess.exe
C:\Documents and Settings\user\desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Ad Annihilator Kernel - {15BB258F-B477-4DF6-A4E7-65EA4B016CB0} - C:\Program Files\Ad Annihilator\AdAnnihilator.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (Gaming)2 - {971F630E-AD68-4d6e-B0C3-1C627AAC80F1} - C:\Program Files\GamingSquared\Gaming2\G2IE_v1042.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: (no name) - SITEguard - (no file)
O3 - Toolbar: &Ad Annihilator - {A1C18A7B-55E9-4DA3-A880-D112C791A9D8} - C:\Program Files\Ad Annihilator\AdAnnihilator.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Ad Annihilator Options - {6715FB17-6DC8-4ff8-8CED-9BEFC28E2704} - C:\Program Files\Ad Annihilator\AdAnnihilator.dll
O9 - Extra 'Tools' menuitem: Ad Annihilator Options - {6715FB17-6DC8-4ff8-8CED-9BEFC28E2704} - C:\Program Files\Ad Annihilator\AdAnnihilator.dll
O9 - Extra button: (no name) - {BB15D76F-6189-4c89-A9F8-CED4F9D01328} - C:\Program Files\Ad Annihilator\AdAnnihilator.dll
O9 - Extra 'Tools' menuitem: Ad Annihilator Toolbar - {BB15D76F-6189-4c89-A9F8-CED4F9D01328} - C:\Program Files\Ad Annihilator\AdAnnihilator.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O16 - DPF: RaptisoftGameLoader () - http://www.gamehouse.com/realarcade-webgam...tgameloader.cab
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macromedia.com/pub/shockwa...are/awswaxf.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-los...bGameLoader.cab
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/0/A...01F/wmvadvd.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://games.bellsouth.net/Gh/Tumblebugs/axhost.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/famil.../familyfeud.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: dvpapi - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - Unknown owner - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterr.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 11972 bytes

-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2098-12-31 20:22:29 0 d--hs---- C:\WINDOWS\Installer
2098-12-31 20:22:28 0 d-------- C:\Program Files\Common Files\ODBC
2098-12-31 20:22:25 0 dr------- C:\Program Files
2098-12-31 20:22:25 0 d-------- C:\Program Files\Common Files
2098-12-31 20:22:25 0 d-------- C:\Program Files\Common Files\SpeechEngines
2098-12-31 20:21:58 0 d--h----- C:\Documents and Settings\Default User\Templates
2098-12-31 20:21:58 0 dr------- C:\Documents and Settings\Default User\Start Menu
2098-12-31 20:21:58 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2098-12-31 20:21:58 0 d--h----- C:\Documents and Settings\Default User\Recent
2098-12-31 20:21:58 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2098-12-31 20:21:58 0 d--h----- C:\Documents and Settings\Default User\NetHood
2098-12-31 20:21:58 0 d-------- C:\Documents and Settings\Default User\My Documents
2098-12-31 20:21:58 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2098-12-31 20:21:58 0 d-------- C:\Documents and Settings\Default User\Favorites
2098-12-31 20:21:58 0 d-------- C:\Documents and Settings\Default User\Desktop
2098-12-31 20:21:58 0 d--hs---- C:\Documents and Settings\Default User\Cookies
2098-12-31 20:21:58 0 d--h----- C:\Documents and Settings\All Users\Templates
2098-12-31 20:21:58 0 dr------- C:\Documents and Settings\All Users\Start Menu
2098-12-31 20:21:58 0 d-------- C:\Documents and Settings\All Users\Favorites
2098-12-31 20:21:58 0 dr------- C:\Documents and Settings\All Users\Documents
2098-12-31 20:21:58 0 d-------- C:\Documents and Settings\All Users\Desktop
2098-12-31 20:21:43 0 d-------- C:\WINDOWS\system32\CatRoot2
2098-12-31 20:21:43 0 d-------- C:\WINDOWS\system32\CatRoot
2098-12-31 20:21:38 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2098-12-31 20:21:38 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2098-12-31 20:21:38 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2098-12-31 20:21:38 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2098-12-31 20:21:14 0 d-------- C:\Documents and Settings
2098-12-31 19:43:39 0 d--hs---- C:\System Volume Information
2098-12-31 19:30:46 0 d-------- C:\WINDOWS
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\WinSxS
2098-12-31 19:30:46 0 dr------- C:\WINDOWS\Web
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\twain_32
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\wins
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\wbem
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\usmt
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\spool
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\ShellExt
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\Setup
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\ras
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\oobe
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\npp
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\mui
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\inetsrv
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\IME
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\icsxml
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\ias
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\export
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\drivers
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\drivers\etc
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\drivers\disdn
2098-12-31 19:30:46 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\dhcp
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\config
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\3com_dmi
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\3076
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\2052
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\1054
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\1042
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\1041
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\1037
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\1033
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\1031
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\1028
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system32\1025
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\system
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\security
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\Resources
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\repair
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\Provisioning
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\PeerNet
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\pchealth
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\mui
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\msapps
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\msagent
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\Media
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\java
2098-12-31 19:30:46 0 d--h----- C:\WINDOWS\inf
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\ime
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\Help
2098-12-31 19:30:46 0 dr--s---- C:\WINDOWS\Fonts
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\Driver Cache
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\Debug
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\Cursors
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\Connection Wizard
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\Config
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\AppPatch
2098-12-31 19:30:46 0 d-------- C:\WINDOWS\addins
2008-06-22 04:10:01 0 d-------- C:\Program Files\Enigma Software Group
2008-06-22 03:29:48 0 d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-06-22 03:29:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-22 03:29:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-22 03:29:12 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-22 01:37:11 30208 --a------ C:\WINDOWS\Sys3.exe
2008-06-22 01:37:10 32256 --a------ C:\WINDOWS\Sys1.exe
2008-06-21 22:22:45 30208 --a------ C:\WINDOWS\Sys86.exe
2008-06-21 22:22:43 32256 --a------ C:\WINDOWS\Sys84.exe
2008-06-20 11:03:33 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-17 21:22:40 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-17 21:21:13 0 d-------- C:\Program Files\Windows Live
2008-05-31 18:04:01 0 d-------- C:\Program Files\Super Smash Flash EXE
2008-05-27 21:26:03 0 d-------- C:\Put a directory on PYTHONPATH here
2008-05-25 12:14:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater


-- Find3M Report ---------------------------------------------------------------

2098-12-31 20:21:58 62 --ahs---- C:\Documents and Settings\user\Application Data\desktop.ini
2008-06-22 04:37:46 0 d-------- C:\Program Files\RogueRemover FREE
2008-06-22 03:45:23 0 d-------- C:\Program Files\Freeze.com Toolbar
2008-06-22 03:20:06 0 d-------- C:\Program Files\Lx_cats
2008-06-22 01:33:31 0 d-------- C:\Documents and Settings\user\Application Data\Macromedia
2008-06-22 01:30:15 0 d-------- C:\Program Files\Blubster
2008-06-17 22:41:23 0 d-------- C:\Program Files\Zumie
2008-06-10 08:12:29 0 d-------- C:\Program Files\Fish Tycoon
2008-05-29 16:00:19 0 d-------- C:\Program Files\San Andreas Mod Installer
2008-05-25 12:20:32 0 d-------- C:\Documents and Settings\user\Application Data\Google
2008-05-25 12:17:11 0 d-------- C:\Program Files\Google
2008-05-24 17:04:14 0 d-------- C:\Program Files\Cashfiesta
2008-05-21 16:19:37 0 d-------- C:\Documents and Settings\user\Application Data\Cashfiesta
2008-05-12 21:01:39 0 d-------- C:\Documents and Settings\user\Application Data\Zango
2008-05-12 07:36:21 0 d-------- C:\Program Files\Cheat Engine
2008-05-08 07:37:21 0 d-------- C:\Documents and Settings\user\Application Data\gtk-2.0
2008-05-08 07:05:00 0 d-------- C:\Program Files\GIMP-2.0
2008-05-08 06:10:26 0 d-------- C:\Documents and Settings\user\Application Data\Adobe
2008-05-08 06:10:00 0 d-------- C:\Program Files\Adobe Media Player
2008-05-08 06:09:47 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-05-08 02:14:55 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-03 15:04:38 0 d-------- C:\Program Files\iTunes
2008-05-03 15:03:42 0 d-------- C:\Program Files\iPod
2008-05-03 14:56:34 0 d-------- C:\Program Files\QuickTime
2008-05-03 14:39:11 0 d-------- C:\Program Files\Apple Software Update
2008-05-01 10:36:08 0 d-------- C:\Program Files\Ofb1
2008-05-01 10:15:11 0 d-------- C:\Program Files\Alwil Software
2008-04-24 17:21:23 0 d-------- C:\Program Files\filesubmit
2008-04-16 12:23:04 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-14 20:39:33 1291 --a------ C:\WINDOWS\mozver.dat
2008-04-12 07:59:45 82 --a------ C:\Documents and Settings\user\Application Data\Ad Annihilator.aap


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971F630E-AD68-4d6e-B0C3-1C627AAC80F1}]
03/03/2008 07:26 PM 635392 --a------ C:\Program Files\GamingSquared\Gaming2\G2IE_v1042.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 07:19 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 08:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Resume Picaboo Installation.lnk]
backup=C:\WINDOWS\pss\Resume Picaboo Installation.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Scheduler.lnk]
backup=C:\WINDOWS\pss\Scheduler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot]
"C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Antivirus]
C:\Program Files\Antivirus 2008\Antvrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Internet Security Suite]
"C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\G2]
"C:\Program Files\GamingSquared\Gaming2\G2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW.exe]
"C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]
"C:\Program Files\Zango\bin\10.3.37.0\Weather.exe" -auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
"C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
C:\Program Files\Zango\bin\10.3.37.0\OEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
"C:\Program Files\Zango\bin\10.3.37.0\ZangoSA.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Zumie Search Service"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"szserver"=2 (0x2)
"RP_FWS"=2 (0x2)
"RPSUpdaterR"=3 (0x3)
"PDEngine"=3 (0x3)
"PDAgent"=2 (0x2)
"ose"=3 (0x3)
"lxdd_device"=2 (0x2)
"lxddCATSCustConnectService"=2 (0x2)
"LXCFCustomerConnect"=2 (0x2)
"ITMRTSVC"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"dvpapi"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Blubster"=C:\Program Files\Blubster\Blubster.exe SILENT


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cc99fc1-be88-1242-a6a5-806d6172696f}]
AutoRun\command- D:\Install.exe

*Newly Created Service* - MCHINJDRV



-- End of Deckard's System Scanner: finished at 2008-06-22 13:19:17 ------------


C:\Program Files\Zumie\zopt.exe <html><a href='http://www.viruslist.com/en/find?search_mode=virus&words=not-a-virus:AdWare.Win32.OneStep.c'>not-a-virus:AdWare.Win32.OneStep.c</a></html> 1

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:34 PM

Posted 06 July 2008 - 01:00 PM

Hello jlh123,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:34 PM

Posted 20 July 2008 - 03:20 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users