Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Pecompact, Trojans Pekes, Obfuscated, Mostofate, Virtumonde, Monder And More...


  • This topic is locked This topic is locked
17 replies to this topic

#1 bodaccea

bodaccea

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 30 June 2008 - 06:19 AM

[list]
Hi I seem to be under heavy attack. Started a couple of weeks ago, kept getting a warning message about needing to download 'xpantivirus' - which is a mickey mouse application i think. Since then i have been invaded. My AVG prog didnt pick up any of it so i am now using Kaspersky on a one month trial. Kaspersky reported to me all the threats mentioned above and more. It says all threats have been neutralised but they show up again when i restart?? I have used the vundo programme but am not sure if it worked. I have also used LSPFix as there was an unknown winsock entry but that came back as normal. I enc a highjackthis report and my aida32 report (sorry its a big un) I tried to download combofix but it wouldnt work - said files were corrupt.

My problems seem to be amplified by having several people using this machine (all on my a/c) and i really can only tell you what i have done to this machine. I assume my two lodgers have been reckless with it as it is not their computer.

Isnt it amazing when you have a problem with your computer how everyone around you seems to suddenly be computer experts...well i have also had my share of gallant males trying to fix it. Unsuccesfully. (Thankfully the days of chivalry are almost over :thumbsup: ) lol

In the last few days, nobody has been anywhere near this laptop - except me. All banned. I have accepted that its my responsibility to find a solution and i am asking you guys to help if poss, or at least point me the right way

Cheers
Teresa (just hoping you dont say the 'f' word - i would hate to format this as its got loads of important stuff!!!)
:) the aida report is too big let me know if i should send it some other way

ps i should have said this earlier - but i will list below the problems i am getting now
Both IE and Firefox dont work unless via link
Am using something called 'Galaxy' which works apart from clicking a link doesnt work and you have to paste it in browser box
Since using kaspersky i havent been redirected at all but i get loads of messages saying 'something is trying to alter my registry etc'
When computer starts kaspersky lists loads of virus - then it says they have been deleted then that they cant be disinfected.
I got two items in quarantine - i dont know what they are i am too scared to open it
Intermittent task bar - its there one minute and then its gone!
I have a permanent box on screen (cant get rid of it so i have to just move it to edge) it says 'Explorer.exe - Bad Image' and underneath it says 'The application or DLL C:WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll is not a valid windows image. Please check this against your installation diskette.'
In the last 24 hrs only kaspersky keeps popping up to tell me certain files are password protected - i dont have any passwords!

Attached Files



BC AdBot (Login to Remove)

 


#2 bodaccea

bodaccea
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 30 June 2008 - 10:09 AM

i have made the report smaller, hope it works
cheers
teresa

Attached Files



#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:28 PM

Posted 01 July 2008 - 04:38 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 bodaccea

bodaccea
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 02 July 2008 - 04:28 PM

Hi Sam
Good of you to help. Apologies for late reply but there have been some developments. I had a letter from 'virgin' who are my cable company and it said it had some complaints about spam/junk mail coming from my address. they threatened to cut me off. tried to speak to them on phone - just kept me on hold for ever! then they cut me off!!!! So i have had to format for them to unblock my connection. i cant believe it.

so the situation now is i have a newly formatted 'c' drive, i am not sure if threats can stay around or not. i also had an external hard drive which was my drive'f' - this was unplugged during the format - will i be ok to plug in or should i format it too?

Not sure what to do now...i dont know if your previous instructions still relevant so i shall wait for your instruction.

thanks so much
teresa

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:28 PM

Posted 02 July 2008 - 04:37 PM

Personally I wouldn't have formatted anything. It would have been much simpler just to disconnect the modem until you got it cleaned up, but what's done it done. It would be a good idea to run DSS and post it anyways just so I can take a look and make sure you're clean.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 bodaccea

bodaccea
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 02 July 2008 - 06:06 PM

I was not too happy about formatting either but felt obligated by 'virgin' Its not over anyway. Bit defender has found some duplicated files from before the format. Also, a trojan reboot. If they survived the format i dread to think what else lurks!
Here are reports from DSS, as requested:

Deckard's System Scanner v20071014.68
Run by teresa on 2008-07-02 23:50:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
11: 2008-07-02 22:50:59 UTC - RP11 - Deckard's System Scanner Restore Point
10: 2008-07-02 20:50:56 UTC - RP10 - Installed Opera 9.50
9: 2008-07-02 17:10:36 UTC - RP9 - Installed BitDefender Total Security 2008
8: 2008-07-02 15:27:31 UTC - RP8 - Installed Java™ 6 Update 3
7: 2008-07-02 14:56:13 UTC - RP7 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-07-02 12:53:54 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 496 MiB (512 MiB recommended).


-- HijackThis (run as teresa.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:52:33, on 02/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\emMon.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Documents and Settings\teresa\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\teresa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lewisjamesfern.pwp.blueyonder.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcservicecall.co.uk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pcservicecall.co.uk/
R3 - URLSearchHook: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthec.dll
O2 - BHO: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthec.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthec.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [emMonitor] C:\WINDOWS\emMon.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_236/w...OCX/FlashAX.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 5635 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.2.1.0) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.2>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 DCamUSBEMPIA (USB 2750 Camera) - c:\windows\system32\drivers\emdevice.sys <Not Verified; eMPIA Technology, Inc.; USB 28xx Video>
S3 FiltUSBEMPIA (USB Device Lower Filter) - c:\windows\system32\drivers\emfilter.sys <Not Verified; eMPIA Technology Inc.; EM27xx / EM28xx USB Video Convertor>
S3 ScanUSBEMPIA (USB Still Image Capture Device) - c:\windows\system32\drivers\emscan.sys <Not Verified; eMPIA Technology, Inc.; USB 28xx Video>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RegSrvc - c:\windows\system32\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: photosmart 7700 series
Device ID: USB\VID_03F0&PID_B402&MI_01\8&1C9050A5&0&0001
Manufacturer:
Name: photosmart 7700 series
PNP Device ID: USB\VID_03F0&PID_B402&MI_01\8&1C9050A5&0&0001
Service:


-- Files created between 2008-06-02 and 2008-07-02 -----------------------------

2008-07-02 23:52:19 0 d-------- C:\Program Files\Trend Micro
2008-07-02 22:07:26 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-02 22:07:15 0 d-------- C:\Documents and Settings\teresa\Application Data\Mozilla
2008-07-02 21:51:14 0 d-------- C:\Documents and Settings\teresa\Application Data\Opera
2008-07-02 21:50:58 0 d-------- C:\Program Files\Opera
2008-07-02 21:44:04 0 d-------- C:\WINDOWS\I386
2008-07-02 21:34:29 0 dr------- C:\Program Files
2008-07-02 21:34:28 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-02 21:34:28 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-02 21:34:28 0 d--h----- C:\Documents and Settings\Default User\Local Settings
2008-07-02 21:34:28 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-02 21:34:28 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-02 21:34:28 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-02 21:34:27 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-02 21:34:02 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-02 21:33:28 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-02 21:33:16 0 --a------ C:\SMINST
2008-07-02 20:09:54 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-02 18:25:40 0 d-------- C:\Documents and Settings\teresa\Application Data\BitDefender
2008-07-02 18:10:41 0 d-------- C:\Program Files\BitDefender
2008-07-02 18:10:41 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-02 18:09:29 0 d-------- C:\Program Files\Common Files\BitDefender
2008-07-02 16:48:20 0 d-------- C:\WINDOWS\system32\FlashAX
2008-07-02 16:46:36 0 d-------- C:\Documents and Settings\teresa\Application Data\Microgaming
2008-07-02 16:46:23 0 d-------- C:\Microgaming
2008-07-02 16:28:30 0 d-------- C:\WINDOWS\Sun
2008-07-02 16:28:30 0 d-------- C:\Documents and Settings\teresa\Application Data\Sun
2008-07-02 16:27:52 0 d-------- C:\Program Files\Java
2008-07-02 16:27:35 0 d-------- C:\Program Files\Common Files\Java
2008-07-02 16:23:20 0 d-------- C:\Program Files\thechatterbox.cc
2008-07-02 16:23:20 0 d-------- C:\Program Files\Conduit
2008-07-02 15:57:35 0 d-------- C:\Program Files\MSXML 4.0
2008-07-02 14:48:18 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-02 14:46:28 0 d-------- C:\Documents and Settings\teresa\Application Data\Macromedia
2008-07-02 14:45:02 0 d---s---- C:\Documents and Settings\teresa\UserData
2008-07-02 14:40:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-02 14:40:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-02 14:40:48 0 d-------- C:\Documents and Settings\teresa\Application Data\SUPERAntiSpyware.com
2008-07-02 14:40:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-02 14:38:09 0 d-------- C:\Documents and Settings\teresa\Application Data\Malwarebytes
2008-07-02 14:38:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-02 14:38:06 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-02 14:37:39 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-02 14:31:10 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-02 14:14:40 0 d--h----- C:\Documents and Settings\teresa\WLANProfiles
2008-07-02 14:14:25 14037 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.2>
2008-07-02 14:14:20 0 d-------- C:\WINDOWS\system32\LogFiles
2008-07-02 13:58:05 0 d-------- C:\WINDOWS\system32\Tools
2008-07-02 13:55:07 0 d-------- C:\Documents and Settings\teresa\Application Data\Identities
2008-07-02 13:55:07 0 d-------- C:\Documents and Settings\teresa\Application Data\Adobe
2008-07-02 13:55:06 0 d-------- C:\Documents and Settings\teresa\WINDOWS
2008-07-02 13:55:06 0 d--h----- C:\Documents and Settings\teresa\Templates
2008-07-02 13:55:06 0 dr------- C:\Documents and Settings\teresa\Start Menu
2008-07-02 13:55:06 0 dr-h----- C:\Documents and Settings\teresa\SendTo
2008-07-02 13:55:06 0 dr-h----- C:\Documents and Settings\teresa\Recent
2008-07-02 13:55:06 0 d--h----- C:\Documents and Settings\teresa\PrintHood
2008-07-02 13:55:06 0 d--h----- C:\Documents and Settings\teresa\NetHood
2008-07-02 13:55:06 0 dr------- C:\Documents and Settings\teresa\My Documents
2008-07-02 13:55:06 0 d--h----- C:\Documents and Settings\teresa\Local Settings
2008-07-02 13:55:06 0 dr------- C:\Documents and Settings\teresa\Favorites
2008-07-02 13:55:06 0 d-------- C:\Documents and Settings\teresa\Desktop
2008-07-02 13:55:06 0 d---s---- C:\Documents and Settings\teresa\Cookies
2008-07-02 13:55:06 0 dr-h----- C:\Documents and Settings\teresa\Application Data
2008-07-02 13:55:06 0 d-------- C:\Documents and Settings\teresa\Application Data\SampleView
2008-07-02 13:55:05 1048576 --ah----- C:\Documents and Settings\teresa\NTUSER.DAT
2008-07-02 13:53:39 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-07-02 13:53:39 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView
2008-07-02 13:53:39 0 d-------- C:\Documents and Settings\Default User\Application Data\Adobe
2008-07-02 13:46:54 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2008-07-02 21:45:27 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2008-07-02 18:09:29 0 d-------- C:\Program Files\Common Files
2008-07-02 14:19:21 0 d-------- C:\Program Files\EMUSB2.0
2008-07-02 14:14:20 0 d-------- C:\Program Files\Intel


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
24/06/2008 23:17 1569304 --a------ C:\Program Files\thechatterbox.cc\tbthec.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{00B8E20C-5C71-4C2F-85A5-6AD541500DF0}"= C:\Program Files\thechatterbox.cc\tbthec.dll [24/06/2008 23:17 1569304]

[-HKEY_CLASSES_ROOT\CLSID\{00B8E20C-5C71-4C2F-85A5-6AD541500DF0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [28/08/2003 05:20]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [14/09/2002 05:42]
"@"="" []
"AGRSMMSG"="AGRSMMSG.exe" [25/07/2003 11:22 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [10/02/2003 15:59 C:\WINDOWS\SOUNDMAN.EXE]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [20/09/2004 12:02]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [20/09/2004 12:01]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/07/2004 12:02]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/07/2004 11:58]
"emMonitor"="C:\WINDOWS\emMon.exe" [07/01/2005 00:56]
"PRONoMgr.exe"="C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [05/02/2004 16:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09/10/2007 15:46]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [02/07/2008 18:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/07/2008 16:19]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 19:44:06]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [21/07/2005 08:06:11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [02/07/2008 16:19 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 02/07/2008 16:19 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll 03/03/2004 16:48 110592 C:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ace9dc1-dec9-11d9-821f-806d6172696f}]
AutoRun\command- E:\Launch.exe




-- End of Deckard's System Scanner: finished at 2008-07-02 23:54:17 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.60GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 495.36 MiB / 218.45 MiB
Pagefile Memory (total/avail): 1156.7 MiB / 779.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.65 MiB

C: is Fixed (NTFS) - 33.12 GiB total, 27.04 GiB free.
D: is CDROM (CDFS)
E: is Removable (No Media)
F: is Removable (FAT)
G: is Removable (No Media)

\\.\PHYSICALDRIVE0 - HTS541040G9AT00 - 37.26 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 33.12 GiB - C:
\PARTITION1 - Unknown - 4.14 GiB

\\.\PHYSICALDRIVE1 - HP photosmart 7700 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Bitdefender Firewall v8.0 (BitDefender)
AV: Bitdefender Antivirus v8.0 (BitDefender)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\teresa\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MISSTERESABROWN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\teresa
LOGONSERVER=\\MISSTERESABROWN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\teresa\LOCALS~1\Temp
TMP=C:\DOCUME~1\teresa\LOCALS~1\Temp
USERDOMAIN=MISSTERESABROWN
USERNAME=teresa
USERPROFILE=C:\Documents and Settings\teresa
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

teresa (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /I{B5D8CCBF-08D8-46C0-8B04-3BC0CAEDA094}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Actiontec MDC AC'97 Modem v2132D --> agrsmdel
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
BitDefender Total Security 2008 --> MsiExec.exe /I{92098E58-00AD-4F78-AD6E-807BDB323478}
Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Intel® PROSet for Wireless --> MsiExec.exe /I{5380063E-2909-4d72-BFA3-625881F2E78B}
InterVideo Installer --> "C:\Program Files\InterVideo\Installer\IVIUninstaller.exe" "C:\Program Files\InterVideo\Installer"
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinRip --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D32D4182-DE6C-457E-838C-8D7B9CE332BA}\setup.exe" REMOVEALL
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Ladbrokes Poker --> C:\MICROG~1\Poker\LADBRO~1\LADBRO~1\UNWISE.EXE C:\MICROG~1\Poker\LADBRO~1\LADBRO~1\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 AddRemoveCPRun
NTI Backup NOW! 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4E68EAA3-775A-4542-A08A-47DB8E8E74A6} /l1033 BUNText
NTI CD & DVD-Maker Gold --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1033 AnyText
Opera 9.50 --> MsiExec.exe /X{70B96CD0-FDF2-489E-8FA0-0F92ED599368}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\SETUP.EXE" -l0x9 REMOVE
Roxio Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
thechatterbox.cc Toolbar --> C:\PROGRA~1\THECHA~1.CC\UNWISE.EXE C:\PROGRA~1\THECHA~1.CC\INSTALL.LOG
USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT
USB Video/Audio Device Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}\setup.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type72 / Warning
Event Submitted/Written: 07/02/2008 08:06:52 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type512 / Error
Event Submitted/Written: 07/02/2008 09:31:04 PM
Event ID/Source: 14103 / PSched
Event Description:
QoS [Adapter {9D5511D7-527D-40B5-8A84-D109AC3B4064}]:
The netcard driver failed the query for OID_GEN_LINK_SPEED.

Event Record #/Type377 / Error
Event Submitted/Written: 07/02/2008 04:02:44 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB933729).

Event Record #/Type376 / Error
Event Submitted/Written: 07/02/2008 04:02:44 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB920685).

Event Record #/Type375 / Error
Event Submitted/Written: 07/02/2008 04:02:44 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB893756).

Event Record #/Type374 / Error
Event Submitted/Written: 07/02/2008 04:02:44 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB923980).



-- End of Deckard's System Scanner: finished at 2008-07-02 23:54:17 ------------



I am worried about opening my email? anyway i look forward to your next instruction
many thanks
teresa

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:28 PM

Posted 03 July 2008 - 07:59 AM

I see a few issues.


Download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.



You are running an older version of Java. This can be a security risk so let's get you the latest version.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.


Please post a new log from DSS.
If Bitdefender is still picking up on things, post the log so I can see what it's finding.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 bodaccea

bodaccea
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 03 July 2008 - 04:49 PM

hi
i think i done everything - not sure if its correct as there there were two reports from dss but i can only find one this time: main.txt
here it is
Deckard's System Scanner v20071014.68
Run by teresa on 2008-07-03 22:24:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 496 MiB (512 MiB recommended).


-- HijackThis (run as teresa.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:20, on 03/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\emMon.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\teresa\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\teresa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lewisjamesfern.pwp.blueyonder.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pcservicecall.co.uk/
R3 - URLSearchHook: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthec.dll
O2 - BHO: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthec.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthec.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [emMonitor] C:\WINDOWS\emMon.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215042250047
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_236/w...OCX/FlashAX.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7251 bytes

-- Files created between 2008-06-03 and 2008-07-03 -----------------------------

2008-07-03 22:17:24 0 d-------- C:\Program Files\Java
2008-07-03 22:17:21 0 d-------- C:\Program Files\Common Files\Java
2008-07-03 21:52:27 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-07-03 21:52:27 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2008-07-03 21:51:36 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows>
2008-07-03 21:51:36 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows>
2008-07-03 21:51:36 65536 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2008-07-03 21:51:36 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>
2008-07-03 21:51:35 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl>
2008-07-03 21:51:35 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl>
2008-07-03 21:51:35 0 d-------- C:\Program Files\HP
2008-07-03 21:48:34 0 d-------- C:\Program Files\Hewlett-Packard
2008-07-03 21:48:26 4284 -----n--- C:\WINDOWS\hphmdl02.dat
2008-07-03 21:48:26 19791 --a------ C:\WINDOWS\HPHins02.dat
2008-07-03 21:47:42 491520 --a------ C:\WINDOWS\system32\hphmon05.exe <Not Verified; Hewlett-Packard; HP Photosmart>
2008-07-03 21:47:41 364544 --a------ C:\WINDOWS\system32\hphped05.exe <Not Verified; ; GetCounterInfo Application>
2008-07-03 21:47:14 6478 --a------ C:\WINDOWS\system32\hphmon05.dat
2008-07-03 18:17:59 0 drahs---- C:\autorun.inf
2008-07-03 12:10:17 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-03 07:31:43 0 d-------- C:\WINDOWS\network diagnostic
2008-07-02 23:52:19 0 d-------- C:\Program Files\Trend Micro
2008-07-02 22:07:26 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-02 22:07:15 0 d-------- C:\Documents and Settings\teresa\Application Data\Mozilla
2008-07-02 21:51:14 0 d-------- C:\Documents and Settings\teresa\Application Data\Opera
2008-07-02 21:50:58 0 d-------- C:\Program Files\Opera
2008-07-02 21:44:04 0 d-------- C:\WINDOWS\I386
2008-07-02 21:34:29 0 dr------- C:\Program Files
2008-07-02 21:34:28 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-02 21:34:28 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-02 21:34:28 0 d--h----- C:\Documents and Settings\Default User\Local Settings
2008-07-02 21:34:28 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-02 21:34:28 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-02 21:34:28 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-02 21:34:27 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-02 21:34:02 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-02 21:33:28 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-02 21:33:16 0 --a------ C:\SMINST
2008-07-02 20:09:54 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-02 18:25:40 0 d-------- C:\Documents and Settings\teresa\Application Data\BitDefender
2008-07-02 18:10:41 0 d-------- C:\Program Files\BitDefender
2008-07-02 18:10:41 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-02 18:09:29 0 d-------- C:\Program Files\Common Files\BitDefender
2008-07-02 16:48:20 0 d-------- C:\WINDOWS\system32\FlashAX
2008-07-02 16:46:36 0 d-------- C:\Documents and Settings\teresa\Application Data\Microgaming
2008-07-02 16:46:23 0 d-------- C:\Microgaming
2008-07-02 16:28:30 0 d-------- C:\WINDOWS\Sun
2008-07-02 16:28:30 0 d-------- C:\Documents and Settings\teresa\Application Data\Sun
2008-07-02 16:23:20 0 d-------- C:\Program Files\thechatterbox.cc
2008-07-02 16:23:20 0 d-------- C:\Program Files\Conduit
2008-07-02 15:57:35 0 d-------- C:\Program Files\MSXML 4.0
2008-07-02 14:48:18 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-02 14:46:28 0 d-------- C:\Documents and Settings\teresa\Application Data\Macromedia
2008-07-02 14:45:02 0 d---s---- C:\Documents and Settings\teresa\UserData
2008-07-02 14:40:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-02 14:40:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-02 14:40:48 0 d-------- C:\Documents and Settings\teresa\Application Data\SUPERAntiSpyware.com
2008-07-02 14:40:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-02 14:38:09 0 d-------- C:\Documents and Settings\teresa\Application Data\Malwarebytes
2008-07-02 14:38:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-02 14:38:06 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-02 14:37:39 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-02 14:31:10 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-02 14:14:40 0 d--h----- C:\Documents and Settings\teresa\WLANProfiles
2008-07-02 14:14:25 14037 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.2>
2008-07-02 14:14:20 0 d-------- C:\WINDOWS\system32\LogFiles
2008-07-02 13:58:05 0 d-------- C:\WINDOWS\system32\Tools
2008-07-02 13:55:07 0 d-------- C:\Documents and Settings\teresa\Application Data\Identities
2008-07-02 13:55:07 0 d-------- C:\Documents and Settings\teresa\Application Data\Adobe
2008-07-02 13:55:06 0 d-------- C:\Documents and Settings\teresa\WINDOWS
2008-07-02 13:55:06 0 d--h----- C:\Documents and Settings\teresa\Templates
2008-07-02 13:55:06 0 dr------- C:\Documents and Settings\teresa\Start Menu
2008-07-02 13:55:06 0 dr-h----- C:\Documents and Settings\teresa\SendTo
2008-07-02 13:55:06 0 dr-h----- C:\Documents and Settings\teresa\Recent
2008-07-02 13:55:06 0 d--h----- C:\Documents and Settings\teresa\PrintHood
2008-07-02 13:55:06 0 d--h----- C:\Documents and Settings\teresa\NetHood
2008-07-02 13:55:06 0 dr------- C:\Documents and Settings\teresa\My Documents
2008-07-02 13:55:06 0 d--h----- C:\Documents and Settings\teresa\Local Settings
2008-07-02 13:55:06 0 dr------- C:\Documents and Settings\teresa\Favorites
2008-07-02 13:55:06 0 d-------- C:\Documents and Settings\teresa\Desktop
2008-07-02 13:55:06 0 d--hs---- C:\Documents and Settings\teresa\Cookies
2008-07-02 13:55:06 0 dr-h----- C:\Documents and Settings\teresa\Application Data
2008-07-02 13:55:06 0 d-------- C:\Documents and Settings\teresa\Application Data\SampleView
2008-07-02 13:55:05 1572864 --ah----- C:\Documents and Settings\teresa\NTUSER.DAT
2008-07-02 13:53:39 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-07-02 13:53:39 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView
2008-07-02 13:53:39 0 d-------- C:\Documents and Settings\Default User\Application Data\Adobe
2008-07-02 13:46:54 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2008-07-03 22:17:21 0 d-------- C:\Program Files\Common Files
2008-07-02 21:45:27 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2008-07-02 14:19:21 0 d-------- C:\Program Files\EMUSB2.0
2008-07-02 14:14:20 0 d-------- C:\Program Files\Intel


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
24/06/2008 23:17 1569304 --a------ C:\Program Files\thechatterbox.cc\tbthec.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{00B8E20C-5C71-4C2F-85A5-6AD541500DF0}"= C:\Program Files\thechatterbox.cc\tbthec.dll [24/06/2008 23:17 1569304]

[-HKEY_CLASSES_ROOT\CLSID\{00B8E20C-5C71-4C2F-85A5-6AD541500DF0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [28/08/2003 05:20]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [14/09/2002 05:42]
"@"="" []
"AGRSMMSG"="AGRSMMSG.exe" [25/07/2003 11:22 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [10/02/2003 15:59 C:\WINDOWS\SOUNDMAN.EXE]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [20/09/2004 12:02]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [20/09/2004 12:01]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/07/2004 12:02]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/07/2004 11:58]
"emMonitor"="C:\WINDOWS\emMon.exe" [07/01/2005 00:56]
"PRONoMgr.exe"="C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [05/02/2004 16:33]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09/10/2007 15:46]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [02/07/2008 18:56]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [08/07/2005 05:55]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [08/07/2005 05:55]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [22/12/2003 08:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [05/12/2003 15:41]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [08/07/2005 05:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14/10/2004 00:24]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 19:44:06]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [21/07/2005 08:06:11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [02/07/2008 16:19 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 02/07/2008 16:19 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll 03/03/2004 16:48 110592 C:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ace9dc1-dec9-11d9-821f-806d6172696f}]
AutoRun\command- E:\Launch.exe




-- End of Deckard's System Scanner: finished at 2008-07-03 22:26:01 ------------





also
bitdefender below
<?xml version="1.0" encoding="UTF-8" ?>
- <eventlog version="1.1">
- <event source="Firewall" timestamp="1215019556" type="critical">
<subject>Initialization failed</subject>
<message>Firewall initialization failed! Error code: 2.</message>
<action>Exit</action>
</event>
- <event source="Update" timestamp="1215019663" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 985302, Engine Version: 7.17864|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215019663" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: Plugins/adsntfs.xmd Plugins/alz.xmd Plugins/aspy_emu.cvd Plugins/bach.xmd Plugins/boot.xmd Plugins/cab.xmd Plugins/ceva_dll.cvd Plugins/ceva_emu.cvd Plugins/ceva_vfs.cvd Plugins/ceva_vfs.ivd Plugins/cevakrnl.cvd Plugins/cevakrnl.ivd Plugins/cevakrnl.rvd Plugins/cevakrnl.xmd Plugins/cookie.cvd Plugins/cookie.xmd Plugins/cpio.xmd Plugins/cran.cvd Plugins/cran.ivd Plugins/dbx.xmd Plugins/docfile.xmd Plugins/e_spyw.i01 Plugins/e_spyw.i02 Plugins/e_spyw.i03 Plugins/e_spyw.i04 Plugins/e_spyw.i05 Plugins/e_spyw.i06 Plugins/e_spyw.i07 Plugins/e_spyw.i08 Plugins/e_spyw.i09 Plugins/e_spyw.i10 Plugins/e_spyw.i11 Plugins/e_spyw.i12 Plugins/e_spyw.i13 Plugins/e_spyw.i14 Plugins/e_spyw.i15 Plugins/e_spyw.i16 Plugins/e_spyw.i17 Plugins/e_spyw.i18 Plugins/e_spyw.i19 Plugins/e_spyw.i20 Plugins/e_spyw.i21 Plugins/e_spyw.i22 Plugins/e_spyw.i23 Plugins/e_spyw.i24 Plugins/e_spyw.i25 Plugins/e_spyw.i26 Plugins/e_spyw.i27 Plugins/e_spyw.i28 Plugins/e_spyw.i29 Plugins/e_spyw.i30 Plugins/e_spyw.i31 Plugins/e_spyw.i32 Plugins/e_spyw.i33 Plugins/e_spyw.i34 Plugins/e_spyw.i35 Plugins/e_spyw.i36 Plugins/e_spyw.i37 Plugins/e_spyw.i38 Plugins/e_spyw.i39 Plugins/e_spyw.i40 Plugins/e_spyw.i41 Plugins/e_spyw.i42 Plugins/e_spyw.i43 Plugins/e_spyw.i44 Plugins/e_spyw.i45 Plugins/e_spyw.i46 Plugins/e_spyw.i47 Plugins/e_spyw.i48 Plugins/e_spyw.i49 Plugins/e_spyw.ivd Plugins/emalware.001 Plugins/emalware.002 Plugins/emalware.003 Plugins/emalware.004 Plugins/emalware.005 Plugins/emalware.006 Plugins/emalware.007 Plugins/emalware.008 Plugins/emalware.009 Plugins/emalware.010 Plugins/emalware.011 Plugins/emalware.012 Plugins/emalware.013 Plugins/emalware.014 Plugins/emalware.015 Plugins/emalware.016 Plugins/emalware.017 Plugins/emalware.018 Plugins/emalware.019 Plugins/emalware.020 Plugins/emalware.021 Plugins/emalware.022 Plugins/emalware.023 Plugins/emalware.024 Plugins/emalware.025 Plugins/emalware.026 Plugins/emalware.027 Plugins/emalware.028 Plugins/emalware.029 Plugins/emalware.030 Plugins/emalware.031 Plugins/emalware.032 Plugins/emalware.033 Plugins/emalware.034 Plugins/emalware.035 Plugins/emalware.036 Plugins/emalware.037 Plugins/emalware.038 Plugins/emalware.039 Plugins/emalware.040 Plugins/emalware.041 Plugins/emalware.042 Plugins/emalware.043 Plugins/emalware.044 Plugins/emalware.045 Plugins/emalware.046 Plugins/emalware.047 Plugins/emalware.048 Plugins/emalware.049 Plugins/emalware.050 Plugins/emalware.051 Plugins/emalware.052 Plugins/emalware.053 Plugins/emalware.054 Plugins/emalware.055 Plugins/emalware.056 Plugins/emalware.057 Plugins/emalware.058 Plugins/emalware.059 Plugins/emalware.060 Plugins/emalware.061 Plugins/emalware.062 Plugins/emalware.063 Plugins/emalware.064 Plugins/emalware.065 Plugins/emalware.066 Plugins/emalware.067 Plugins/emalware.068 Plugins/emalware.069 Plugins/emalware.070 Plugins/emalware.071 Plugins/emalware.072 Plugins/emalware.073 Plugins/emalware.074 Plugins/emalware.075 Plugins/emalware.076 Plugins/emalware.077 Plugins/emalware.078 Plugins/emalware.079 Plugins/emalware.080 Plugins/emalware.081 Plugins/emalware.082 Plugins/emalware.083 Plugins/emalware.084 Plugins/emalware.085 Plugins/emalware.086 Plugins/emalware.087 Plugins/emalware.088 Plugins/emalware.089 Plugins/emalware.090 Plugins/emalware.091 Plugins/emalware.092 Plugins/emalware.093 Plugins/emalware.094 Plugins/emalware.095 Plugins/emalware.096 Plugins/emalware.097 Plugins/emalware.098 Plugins/emalware.099 Plugins/emalware.100 Plugins/emalware.101 Plugins/emalware.102 Plugins/emalware.103 Plugins/emalware.104 Plugins/emalware.105 Plugins/emalware.106 Plugins/emalware.107 Plugins/emalware.108 Plugins/emalware.109 Plugins/emalware.110 Plugins/emalware.111 Plugins/emalware.112 Plugins/emalware.113 Plugins/emalware.114 Plugins/emalware.115 Plugins/emalware.116 Plugins/emalware.117 Plugins/emalware.118 Plugins/emalware.119 Plugins/emalware.120 Plugins/emalware.121 Plugins/emalware.122 Plugins/emalware.123 Plugins/emalware.124 Plugins/emalware.125 Plugins/emalware.126 Plugins/emalware.127 Plugins/emalware.128 Plugins/emalware.129 Plugins/emalware.130 Plugins/emalware.131 Plugins/emalware.132 Plugins/emalware.133 Plugins/emalware.134 Plugins/emalware.135 Plugins/emalware.136 Plugins/emalware.137 Plugins/emalware.138 Plugins/emalware.139 Plugins/emalware.140 Plugins/emalware.141 Plugins/emalware.142 Plugins/emalware.143 Plugins/emalware.144 Plugins/emalware.145 Plugins/emalware.146 Plugins/emalware.147 Plugins/emalware.148 Plugins/emalware.149 Plugins/emalware.150 Plugins/emalware.151 Plugins/emalware.152 Plugins/emalware.153 Plugins/emalware.154 Plugins/emalware.155 Plugins/emalware.156 Plugins/emalware.157 Plugins/emalware.158 Plugins/emalware.159 Plugins/emalware.160 Plugins/emalware.161 Plugins/emalware.162 Plugins/emalware.163 Plugins/emalware.164 Plugins/emalware.165 Plugins/emalware.166 Plugins/emalware.167 Plugins/emalware.168 Plugins/emalware.169 Plugins/emalware.i01 Plugins/emalware.i03 Plugins/emalware.i11 Plugins/emalware.i14 Plugins/emalware.i16 Plugins/emalware.i19 Plugins/emalware.i20 Plugins/emalware.i27 Plugins/emalware.i28 Plugins/emalware.i42 Plugins/emalware.i44 Plugins/emalware.i45 Plugins/emalware.i46 Plugins/emalware.i49 Plugins/emalware.i60 Plugins/emalware.i63 Plugins/emalware.i66 Plugins/emalware.i67 Plugins/emalware.i68 Plugins/emalware.i69 Plugins/emalware.i70 Plugins/emalware.i71 Plugins/emalware.i73 Plugins/emalware.i76 Plugins/emalware.i79 Plugins/emalware.i80 Plugins/emalware.i81 Plugins/emalware.i83 Plugins/emalware.i84 Plugins/emalware.i85 Plugins/emalware.i86 Plugins/emalware.i88 Plugins/emalware.i89 Plugins/emalware.i95 Plugins/emalware.i96 Plugins/emalware.i97 Plugins/emalware.i98 Plugins/emalware.i99 Plugins/emalware.ivd Plugins/gvmscripts.cvd Plugins/ha.xmd Plugins/hqx.xmd Plugins/imp.xmd Plugins/inno.xmd Plugins/instyler.xmd Plugins/iso.xmd Plugins/java.cvd Plugins/java.xmd Plugins/jpeg.xmd Plugins/lha.xmd Plugins/mbx.xmd Plugins/mdx.xmd Plugins/mdx_97.ivd Plugins/mobmalware.xmd Plugins/nelf.cvd Plugins/nelf.xmd Plugins/objd.xmd Plugins/orice.rvd Plugins/pdf.xmd Plugins/proc.xmd Plugins/pst.xmd Plugins/rar.xmd Plugins/regarch.xmd Plugins/rpm.xmd Plugins/rtf.xmd Plugins/rup.xmd Plugins/sdx.cvd Plugins/sdx.ivd Plugins/sfx.xmd Plugins/swf.xmd Plugins/tar.xmd Plugins/td0.xmd Plugins/thebat.xmd Plugins/tnef.xmd Plugins/uif.xmd Plugins/unpack.cvd Plugins/unpack.ivd Plugins/unpack.xmd Plugins/update.txt Plugins/ve.xmd Plugins/xishield.xmd Plugins/xlmrd.cvd Plugins/xlmrd.ivd Plugins/zoo.xmd avxdisk.dll bdcore.dll as2himgdb.dat as2urldbc.dat as2sign.slf as2nn.slf as2std.slf as2wl.slf as2more.slf as2urldbi.dat aphblack.cas aphblack.ias aphwhite.ias prlblk.cas prlwht.cas spoofcsf.dat as2_adg.slf as2_fun.slf as2_ipx.slf as2_nmd.slf as2_vda.slf as2_mdo.slf as2_adn.slf as2_bgu.slf asversion.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Update" timestamp="1215021386" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1318625, Engine Version: 7.19820|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215021386" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: scan.dll smartscn.dll as2_vda.slf asversion.txt About.exe ENU/About.ui ENU/backup.ui ENU/seccenter.ui ENU/tuneup.ui ENU/uiscan.ui History.exe Ini/Default/bdsubwiz.ini Ini/Default/gmode.ini Ini/Default/vshield.ini Lang/l_hist.ini Lang/l_nag.ini Lang/l_popup.ini Lang/l_privintf.ini Lang/l_vshld.ini Lang/l_vsserv.ini Lang/l_wiz_welc.ini Lang/l_wizards.ini NAG/Close2Exp/bgd_gas.jpg NAG/Close2Exp/btn_black.png NAG/Close2Exp/btn_red.png NAG/Close2Exp/check.gif NAG/Close2Exp/close2exp.html NAG/Close2Exp/main_bgd.png NAG/Close2Exp/restricted.gif NAG/Close2Exp/style2.css NAG/Expired/bgd_expired.jpg NAG/Expired/btn_black.png NAG/Expired/btn_red.png NAG/Expired/check.gif NAG/Expired/expired.html NAG/Expired/main_bgd.png NAG/Expired/restricted.gif NAG/Expired/style2.css NAG/Invalid/bgd_invalid.jpg NAG/Invalid/btn_black.png NAG/Invalid/btn_red.png NAG/Invalid/check.gif NAG/Invalid/invalid.html NAG/Invalid/main_bgd.png NAG/Invalid/restricted.gif NAG/Invalid/style2.css NAG/Trial/bgd_expired.jpg NAG/Trial/bgd_gas.jpg NAG/Trial/bgd_ts.jpg NAG/Trial/box_ts.png NAG/Trial/btn_black.png NAG/Trial/btn_red.png NAG/Trial/check.gif NAG/Trial/expired_trial.html NAG/Trial/main_bgd.png NAG/Trial/restricted.gif NAG/Trial/style2.css NAG/Trial/trial.html NAG/Trial/trial_d1.html NAG/Trial/trial_d23_d30.html NAG/Trial/trial_d2_d22.html Skin/Default/skin.xml agentreg.dll antivirus.dll as2core/as2core.dll as2core/asemlbr.mdl as2core/asemldsp.mdl as2core/asemlf.mdl as2core/asemlimg.mdl as2core/asemlnn2.mdl as2core/asemlrtr.mdl as2core/asemlsgn.mdl as2core/ashttpbr.mdl as2core/ashttpdsp.mdl as2core/ashttpf.mdl as2core/ashttpph.mdl as2core/asregex.dll as2core/mimepack.dll backup.dll bdagent.exe bdch.dll bdfdrvi.dll bdfltlib.dll bdo.dll bdreinit.exe bdsmtpp.dll bdsubwiz.exe bdsubwiz.ini bdwizreg.exe build.reg dbokf.db excmgr.dll gmode.ini httproxy.dll live.dll nag.xml npcomm.dll popup.dll privintf.dll privscan.dll proxymgr.dll proxymgrui.dll quarcore.dll quarmgr.dll quarui.dll scan_od.reg seccenter.exe tuneup.dll uiscan.exe vscan.dll vshield.dll vshield.ini vsserv.exe wizards.dll system/drivers/bdfndisf.sys bdch.dll bdsubwiz.exe livesrv.exe upgrepl.exe abapi.dll abapicom.dll backup.exe jobmgm.dll |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Firewall" timestamp="1215021418" type="critical">
<subject>Initialization failed</subject>
<message>Firewall initialization failed! Error code: 2.</message>
<action>Exit</action>
</event>
- <event source="Update" timestamp="1215021473" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1318625, Engine Version: 7.19820|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215024944" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1318625, Engine Version: 7.19820|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215025077" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1318625, Engine Version: 7.19820|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215025077" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: Plugins/cevakrnl.ivd Plugins/cran.ivd Plugins/e_spyw.i28 Plugins/emalware.103 Plugins/emalware.131 Plugins/sdx.ivd Plugins/update.txt asversion.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Update" timestamp="1215025500" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1318625, Engine Version: 7.19820|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215025500" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: Plugins/update.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Firewall" timestamp="1215025776" type="information">
<subject>New profile created</subject>
<message>Profile name: Default internet 11. Current networks: 92.236.184.0/22.</message>
<action>Create</action>
</event>
- <event source="Update" timestamp="1215025822" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1318625, Engine Version: 7.19820|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215025822" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: Plugins/update.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Firewall" timestamp="1215026062" type="information">
<subject>Network access detected</subject>
<message>The process c:\program files\java\jre1.6.0_03\bin\jusched.exe is trying to access the network.</message>
<action>Allow</action>
</event>
- <event source="TuneUp" timestamp="1215026083" type="information">
<subject>Clean Registry</subject>
<message>Cleans registry</message>
<action>Task finished succesfully</action>
</event>
- <event source="TuneUp" timestamp="1215026139" type="information">
<subject>Clean Internet Files</subject>
<message>Deletes cookies and temporary internet files</message>
<action>Task finished succesfully</action>
</event>
- <event source="TuneUp" timestamp="1215026166" type="warning">
<subject>Find Duplicate Files</subject>
<message>Finds identical files</message>
<action>Task aborted</action>
</event>
- <event source="TuneUp" timestamp="1215027186" type="information">
<subject>Defrag Disks</subject>
<message>Opens Operating System defrag module</message>
<action>Task finished succesfully</action>
</event>
- <event source="Update" timestamp="1215027529" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1319460, Engine Version: 7.19821|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215027529" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: Plugins/e_spyw.i28 Plugins/emalware.131 Plugins/sdx.ivd Plugins/update.txt as2_mdo.slf as2_adn.slf asversion.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Parental Control" timestamp="1215028120" type="information">
<subject>Parental Control</subject>
<message>ferny|To prevent your children from accessing inappropriate websites, we recommend keeping Parental Control enabled!</message>
<action>Enabled</action>
</event>
- <event source="Backup" timestamp="1215028177" type="information">
<subject>Backup Wizard</subject>
<message>BitDefender Backup Wizard started</message>
<action>Started</action>
</event>
- <event source="Firewall" timestamp="1215028186" type="information">
<subject>Network access detected</subject>
<message>The process c:\program files\internet explorer\iexplore.exe is trying to access the network.</message>
<action>Allow</action>
</event>
- <event source="TuneUp" timestamp="1215031061" type="information">
<subject>Find Duplicate Files</subject>
<message>Finds identical files</message>
<action>Task finished succesfully</action>
</event>
- <event source="TuneUp" timestamp="1215031102" type="information">
<subject>Find Duplicate Files</subject>
<message>Finds identical files</message>
<action>Task finished succesfully</action>
</event>
- <event source="Update" timestamp="1215031131" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1319854, Engine Version: 7.19822|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215031131" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: as2_ipx.slf as2_nmd.slf as2_adn.slf as2_bgu.slf asversion.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Firewall" timestamp="1215031885" type="information">
<subject>Network access detected</subject>
<message>The process c:\program files\opera\opera.exe is trying to access the network.</message>
<action>Allow</action>
</event>
- <event source="Firewall" timestamp="1215032882" type="information">
<subject>Network access detected</subject>
<message>The process c:\program files\mozilla firefox\firefox.exe is trying to access the network.</message>
<action>Allow</action>
</event>
- <event source="Update" timestamp="1215034717" type="critical">
<subject>Update Error</subject>
<message>An error occurred during the update (Invalid server or proxy settings). If the problem persists, please contact BitDefender support (contact information available in About section)</message>
<action>Blocked</action>
</event>
- <event source="Antivirus" timestamp="1215038589" type="critical">
<subject>Spyware.Tool.Reboot.E detected</subject>
<message>File [utf8]C:\Documents and Settings\teresa\Start Menu\Programs\Startup\Reboot.exe[/utf8] infected with Spyware.Tool.Reboot.E</message>
<action>Deleted</action>
</event>
- <event source="Update" timestamp="1215038591" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1319854, Engine Version: 7.19822|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215038591" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: Plugins/cevakrnl.ivd Plugins/cran.ivd Plugins/e_spyw.i28 Plugins/emalware.130 Plugins/emalware.131 Plugins/sdx.ivd Plugins/update.txt as2_ipx.slf asversion.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Firewall" timestamp="1215038635" type="information">
<subject>Network access detected</subject>
<message>The process c:\documents and settings\teresa\local settings\temp\ssupdate.exe is trying to access the network.</message>
<action>Allow</action>
</event>
- <event source="Firewall" timestamp="1215039102" type="information">
<subject>Network access detected</subject>
<message>The process c:\documents and settings\teresa\desktop\dss.exe is trying to access the network.</message>
<action>Allow</action>
</event>
- <event source="Update" timestamp="1215040309" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1320646, Engine Version: 7.19824|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215040309" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: Plugins/cevakrnl.ivd Plugins/cran.ivd Plugins/emalware.131 Plugins/update.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Firewall" timestamp="1215041941" type="information">
<subject>Network access detected</subject>
<message>The process c:\windows\system32\dwwin.exe is trying to access the network.</message>
<action>Allow</action>
</event>
- <event source="Firewall" timestamp="1215043633" type="information">
<subject>Network access detected</subject>
<message>The process c:\program files\malwarebytes' anti-malware\mbam.exe is trying to access the network.</message>
<action>Allow</action>
</event>
- <event source="Firewall" timestamp="1215043670" type="information">
<subject>Network access detected</subject>
<message>The process c:\microgaming\poker\ladbrokesmpp\mppoker.exe is trying to access the network.</message>
<action>Allow</action>
</event>
- <event source="Update" timestamp="1215043916" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1321040, Engine Version: 7.19825|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215043916" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: asversion.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Antivirus" timestamp="1215045245" type="critical">
<subject>Spyware.Tool.Reboot.E detected</subject>
<message>File [utf8]C:\System Volume Information\_restore{3F58DC67-3F10-4BAF-9ECB-B87F7480821A}\RP10\A0000860.exe[/utf8] infected with Spyware.Tool.Reboot.E</message>
<action>Deleted</action>
</event>
- <event source="Update" timestamp="1215047497" type="critical">
<subject>Update Error</subject>
<message>Update cancelled. Stop the running scan process and try again.</message>
<action>Blocked</action>
</event>
- <event source="Update" timestamp="1215057141" type="critical">
<subject>Update Error</subject>
<message>Update cancelled. Stop the running scan process and try again.</message>
<action>Blocked</action>
</event>
- <event source="Firewall" timestamp="1215057757" type="information">
<subject>Network configuration changed</subject>
<message>Profile changed from Default internet 11 to no network.</message>
<action>Change</action>
</event>
- <event source="Firewall" timestamp="1215057762" type="information">
<subject>Network configuration changed</subject>
<message>Profile changed from no network to Default internet 11.</message>
<action>Change</action>
</event>
- <event source="Firewall" timestamp="1215057959" type="information">
<subject>Network configuration changed</subject>
<message>Profile changed from Default internet 11 to no network.</message>
<action>Change</action>
</event>
- <event source="Firewall" timestamp="1215057963" type="information">
<subject>Network configuration changed</subject>
<message>Profile changed from no network to Default internet 11.</message>
<action>Change</action>
</event>
- <event source="Update" timestamp="1215066413" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1321040, Engine Version: 7.19825|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215066413" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: Plugins/cevakrnl.ivd Plugins/cran.ivd Plugins/e_spyw.i28 Plugins/emalware.132 Plugins/sdx.ivd Plugins/update.txt asversion.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Update" timestamp="1215068119" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1323542, Engine Version: 7.19830|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215068119" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: as2_fun.slf asversion.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Update" timestamp="1215069469" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1323542, Engine Version: 7.19830|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Firewall" timestamp="1215069563" type="information">
<subject>Network access detected</subject>
<message>The process c:\program files\superantispyware\superantispyware.exe is trying to access the network.</message>
<action>Allow</action>
</event>
- <event source="Firewall" timestamp="1215071089" type="warning">
<subject>Process changed</subject>
<message>The process c:\program files\internet explorer\iexplore.exe has changed since the last time it accessed the network.</message>
<action>Allow</action>
</event>
- <event source="Firewall" timestamp="1215071111" type="information">
<subject>Network access detected</subject>
<message>The process c:\windows\network diagnostic\xpnetdiag.exe is trying to access the network.</message>
<action>Allow</action>
</event>
- <event source="Update" timestamp="1215071207" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1323542, Engine Version: 7.19830|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215071207" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: Plugins/e_spyw.i28 Plugins/emalware.132 Plugins/sdx.ivd Plugins/update.txt as2_fun.slf asversion.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Update" timestamp="1215072513" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1324202, Engine Version: 7.19831|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Antivirus" timestamp="1215072807" type="critical">
<subject>Spyware.Tool.Reboot.E detected</subject>
<message>File [utf8]D:\Install\Reboot.exe[/utf8] infected with Spyware.Tool.Reboot.E</message>
<action>Blocked</action>
</event>
- <event source="Update" timestamp="1215074247" type="critical">
<subject>Update Error</subject>
<message>Update cancelled. Stop the running scan process and try again.</message>
<action>Blocked</action>
</event>
- <event source="OnDemand" timestamp="1215075156" type="critical">
<subject>Scan finished.</subject>
<message>not scheduled|Some of the threats found during scan are still active!|C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1215075156_1_02.xml</message>
<action>Deep System Scan</action>
</event>
- <event source="Update" timestamp="1215077871" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1324202, Engine Version: 7.19831|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215077871" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: Plugins/e_spyw.i28 Plugins/emalware.133 Plugins/sdx.ivd Plugins/update.txt as2_fun.slf as2_mdo.slf asversion.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Firewall" timestamp="1215078547" type="information">
<subject>Network configuration changed</subject>
<message>Profile changed from Default internet 11 to no network.</message>
<action>Change</action>
</event>
- <event source="Firewall" timestamp="1215078551" type="information">
<subject>New profile created</subject>
<message>Profile name: Default internet 21. Current networks: 92.236.184.0/22.</message>
<action>Create</action>
</event>
- <event source="Firewall" timestamp="1215078551" type="information">
<subject>Network configuration changed</subject>
<message>Profile changed from no network to Default internet 21.</message>
<action>Change</action>
</event>
- <event source="Firewall" timestamp="1215078553" type="information">
<subject>Network configuration changed</subject>
<message>Profile changed from Default internet 21 to Default internet 11.</message>
<action>Change</action>
</event>
- <event source="Firewall" timestamp="1215079390" type="information">
<subject>Network access detected</subject>
<message>The process c:\program files\outlook express\msimn.exe is trying to access the network.</message>
<action>Allow</action>
</event>
- <event source="Firewall" timestamp="1215079908" type="information">
<subject>Network configuration changed</subject>
<message>Profile changed from Default internet 11 to no network.</message>
<action>Change</action>
</event>
- <event source="Firewall" timestamp="1215079910" type="information">
<subject>Network configuration changed</subject>
<message>Profile changed from no network to Default internet 21.</message>
<action>Change</action>
</event>
- <event source="Firewall" timestamp="1215079912" type="information">
<subject>Network configuration changed</subject>
<message>Profile changed from Default internet 21 to Default internet 11.</message>
<action>Change</action>
</event>
- <event source="Update" timestamp="1215080834" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1324873, Engine Version: 7.19832|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215082581" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1324873, Engine Version: 7.19832|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215086191" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1324873, Engine Version: 7.19832|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215086191" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: Plugins/e_spyw.i28 Plugins/emalware.133 Plugins/sdx.ivd Plugins/update.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Update" timestamp="1215089798" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1325581, Engine Version: 7.19833|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215089798" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: Plugins/cevakrnl.ivd Plugins/cran.ivd Plugins/emalware.133 Plugins/update.txt as2_vda.slf as2_adn.slf as2_bgu.slf asversion.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Update" timestamp="1215090940" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1326385, Engine Version: 7.19834|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215092677" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1326385, Engine Version: 7.19834|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215092678" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: as2more.slf as2_fun.slf as2_nmd.slf as2_adn.slf asversion.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Update" timestamp="1215096276" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1326385, Engine Version: 7.19834|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215096276" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: Plugins/e_spyw.i28 Plugins/emalware.133 Plugins/sdx.ivd Plugins/update.txt as2sign.slf as2_mdo.slf as2_bgu.slf asversion.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Firewall" timestamp="1215099308" type="information">
<subject>Network configuration changed</subject>
<message>Profile changed from Default internet 11 to no network.</message>
<action>Change</action>
</event>
- <event source="Firewall" timestamp="1215099309" type="information">
<subject>Network configuration changed</subject>
<message>Profile changed from no network to Default internet 21.</message>
<action>Change</action>
</event>
- <event source="Firewall" timestamp="1215099311" type="information">
<subject>Network configuration changed</subject>
<message>Profile changed from Default internet 21 to Default internet 11.</message>
<action>Change</action>
</event>
- <event source="Firewall" timestamp="1215099313" type="information">
<subject>Network configuration changed</subject>
<message>Profile changed from Default internet 11 to no network.</message>
<action>Change</action>
</event>
- <event source="Update" timestamp="1215099873" type="critical">
<subject>Update Error</subject>
<message>An error occurred during the update (Invalid server or proxy settings). If the problem persists, please contact BitDefender support (contact information available in About section)</message>
<action>Blocked</action>
</event>
- <event source="Update" timestamp="1215103474" type="critical">
<subject>Update Error</subject>
<message>An error occurred during the update (Invalid server or proxy settings). If the problem persists, please contact BitDefender support (contact information available in About section)</message>
<action>Blocked</action>
</event>
- <event source="Update" timestamp="1215106951" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1327121, Engine Version: 7.19835|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215106951" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: Plugins/emalware.134 Plugins/update.txt as2sign.slf as2std.slf as2_adg.slf as2_fun.slf as2_ipx.slf as2_nmd.slf as2_vda.slf as2_mdo.slf as2_adn.slf as2_bgu.slf asversion.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Update" timestamp="1215108697" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1327837, Engine Version: 7.19836|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215108698" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: Plugins/cevakrnl.ivd Plugins/cran.ivd Plugins/e_spyw.i28 Plugins/emalware.134 Plugins/update.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Firewall" timestamp="1215109550" type="information">
<subject>Network configuration changed</subject>
<message>Profile changed from Default internet 11 to no network.</message>
<action>Change</action>
</event>
- <event source="Firewall" timestamp="1215109552" type="information">
<subject>Network configuration changed</subject>
<message>Profile changed from no network to Default internet 21.</message>
<action>Change</action>
</event>
- <event source="Firewall" timestamp="1215109554" type="information">
<subject>Network configuration changed</subject>
<message>Profile changed from Default internet 21 to Default internet 11.</message>
<action>Change</action>
</event>
- <event source="Update" timestamp="1215112297" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1328593, Engine Version: 7.19837|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215112297" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: as2_fun.slf as2_nmd.slf as2_adn.slf as2_bgu.slf asversion.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Update" timestamp="1215115912" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1328593, Engine Version: 7.19837|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215115912" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: Plugins/emalware.132 Plugins/emalware.134 Plugins/sdx.ivd Plugins/update.txt as2_adn.slf asversion.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Update" timestamp="1215119513" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1329337, Engine Version: 7.19838|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215119513" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: Plugins/cran.ivd asversion.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Firewall" timestamp="1215119518" type="information">
<subject>Network configuration changed</subject>
<message>Profile changed from Default internet 11 to no network.</message>
<action>Change</action>
</event>
- <event source="Firewall" timestamp="1215119541" type="information">
<subject>Network configuration changed</subject>
<message>Profile changed from no network to Default internet 11.</message>
<action>Change</action>
</event>
- <event source="Update" timestamp="1215119770" type="information">
<subject>Update Success</subject>
<message>Virus Signatures: 1329337, Engine Version: 7.19838|It is critical to keep Automatic Update enabled, otherwise you will not be protected against the newest malware!</message>
<action>Engine & Signatures</action>
</event>
- <event source="Update" timestamp="1215119770" type="information">
<subject>Downloaded Files</subject>
<message>The following files were downloaded: asversion.txt |It is critical to keep Automatic Update enabled. Otherwise you will not be protected against the newest malware!</message>
<action>Update files</action>
</event>
- <event source="Firewall" timestamp="1215119784" type="information">
<subject>Network access detected</subject>
<message>The process c:\documents and settings\teresa\desktop\jre-6u6-windows-i586-p.exe is trying to access the network.</message>
<action>Allow</action>
</event>
- <event source="Firewall" timestamp="1215119955" type="information">
<subject>Network access detected</subject>
<message>The process c:\windows\system32\msiexec.exe is trying to access the network.</message>
<action>Allow</action>
</event>
- <event source="OnDemand" timestamp="1215120951" type="information">
<subject>Scan stopped by user.</subject>
<message>not scheduled|No threats were found during scan!|C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1215120951_3_00.xml</message>
<action>Deep System Scan</action>
</event>
</eventlog>

hope i have done it correct. please let me know if i need to repeat
many thanks
teresa

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:28 PM

Posted 03 July 2008 - 05:02 PM

Little tough to read, but I think I got it sorted out. Nothing critical from BitDefender, but there are a couple files we can delete.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    D:\Install\Reboot.exe
    C:\Documents and Settings\teresa\Start Menu\Programs\Startup\Reboot.exe
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


How is your computer behaving?
Any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 bodaccea

bodaccea
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 03 July 2008 - 06:26 PM

i will be doing it next, i am waiting for bitdefender to complete scanning. just to answer q about how comp is behaving? - well better than before! i am highly suspicious about it. IE mde a few hangups, so am now usin firefox. It has frozen twice. The mouse has been erratic - its maybe just paranoia. I still havent checked my email yet, too worried about what the cable company said. no pop ups. It is a lot quicker. I think we are on the right road. thankyou. couple of hrs and i will report on old timer!!

thanks
teresa

#11 bodaccea

bodaccea
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 04 July 2008 - 01:26 AM

ok here it is
File/Folder D:\Install\Reboot.exe not found.
File/Folder C:\Documents and Settings\teresa\Start Menu\Programs\Startup\Reboot.exe not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z\\ deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07042008_072157
hope this is ok
cheers
teresa

#12 bodaccea

bodaccea
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 04 July 2008 - 04:49 AM

hi

i am posting another log - its only short. It superantispyware and im posting it as it found something
What do you think?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/04/2008 at 09:01 AM

Application Version : 4.15.1000

Core Rules Database Version : 3496
Trace Rules Database Version: 1487

Scan type : Complete Scan
Total Scan Time : 00:51:27

Memory items scanned : 378
Memory threats detected : 0
Registry items scanned : 4452
Registry threats detected : 0
File items scanned : 37827
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\teresa\Cookies\teresa@ads.sun[1].txt



thanks
teresa

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:28 PM

Posted 04 July 2008 - 10:15 AM

That's just a cookie. Perfectly normal to have and nearly unavoidable to prevent if you do anything on the internet.
Please post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 bodaccea

bodaccea
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 04 July 2008 - 11:38 AM

here is log

Deckard's System Scanner v20071014.68
Run by teresa on 2008-07-04 17:33:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 496 MiB (512 MiB recommended).


-- HijackThis (run as teresa.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:33:47, on 04/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\emMon.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\BitDefender\BitDefender 2008\seccenter.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\teresa\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\teresa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lewisjamesfern.pwp.blueyonder.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pcservicecall.co.uk/
R3 - URLSearchHook: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthec.dll
O2 - BHO: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthec.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthec.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [emMonitor] C:\WINDOWS\emMon.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215042250047
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_236/w...OCX/FlashAX.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7467 bytes

-- Files created between 2008-06-04 and 2008-07-04 -----------------------------

2008-07-03 22:52:47 0 d-------- C:\Documents and Settings\teresa\Application Data\AdobeUM
2008-07-03 22:17:24 0 d-------- C:\Program Files\Java
2008-07-03 22:17:21 0 d-------- C:\Program Files\Common Files\Java
2008-07-03 21:52:27 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-07-03 21:52:27 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2008-07-03 21:51:36 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows>
2008-07-03 21:51:36 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows>
2008-07-03 21:51:36 65536 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2008-07-03 21:51:36 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>
2008-07-03 21:51:35 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl>
2008-07-03 21:51:35 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl>
2008-07-03 21:51:35 0 d-------- C:\Program Files\HP
2008-07-03 21:48:34 0 d-------- C:\Program Files\Hewlett-Packard
2008-07-03 21:48:26 4284 -----n--- C:\WINDOWS\hphmdl02.dat
2008-07-03 21:48:26 19791 --a------ C:\WINDOWS\HPHins02.dat
2008-07-03 21:47:42 491520 --a------ C:\WINDOWS\system32\hphmon05.exe <Not Verified; Hewlett-Packard; HP Photosmart>
2008-07-03 21:47:41 364544 --a------ C:\WINDOWS\system32\hphped05.exe <Not Verified; ; GetCounterInfo Application>
2008-07-03 21:47:14 6478 --a------ C:\WINDOWS\system32\hphmon05.dat
2008-07-03 18:17:59 0 drahs---- C:\autorun.inf
2008-07-03 12:10:17 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-03 07:31:43 0 d-------- C:\WINDOWS\network diagnostic
2008-07-02 23:52:19 0 d-------- C:\Program Files\Trend Micro
2008-07-02 22:07:26 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-02 22:07:15 0 d-------- C:\Documents and Settings\teresa\Application Data\Mozilla
2008-07-02 21:51:14 0 d-------- C:\Documents and Settings\teresa\Application Data\Opera
2008-07-02 21:50:58 0 d-------- C:\Program Files\Opera
2008-07-02 21:44:04 0 d-------- C:\WINDOWS\I386
2008-07-02 21:34:29 0 dr------- C:\Program Files
2008-07-02 21:34:28 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-02 21:34:28 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-02 21:34:28 0 d--h----- C:\Documents and Settings\Default User\Local Settings
2008-07-02 21:34:28 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-02 21:34:28 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-02 21:34:28 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-02 21:34:27 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-02 21:34:02 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-02 21:33:28 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-02 21:33:16 0 --a------ C:\SMINST
2008-07-02 20:09:54 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-02 18:25:40 0 d-------- C:\Documents and Settings\teresa\Application Data\BitDefender
2008-07-02 18:10:41 0 d-------- C:\Program Files\BitDefender
2008-07-02 18:10:41 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-02 18:09:29 0 d-------- C:\Program Files\Common Files\BitDefender
2008-07-02 16:48:20 0 d-------- C:\WINDOWS\system32\FlashAX
2008-07-02 16:46:36 0 d-------- C:\Documents and Settings\teresa\Application Data\Microgaming
2008-07-02 16:46:23 0 d-------- C:\Microgaming
2008-07-02 16:28:30 0 d-------- C:\WINDOWS\Sun
2008-07-02 16:28:30 0 d-------- C:\Documents and Settings\teresa\Application Data\Sun
2008-07-02 16:23:20 0 d-------- C:\Program Files\thechatterbox.cc
2008-07-02 16:23:20 0 d-------- C:\Program Files\Conduit
2008-07-02 15:57:35 0 d-------- C:\Program Files\MSXML 4.0
2008-07-02 14:48:18 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-02 14:46:28 0 d-------- C:\Documents and Settings\teresa\Application Data\Macromedia
2008-07-02 14:45:02 0 d---s---- C:\Documents and Settings\teresa\UserData
2008-07-02 14:40:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-02 14:40:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-02 14:40:48 0 d-------- C:\Documents and Settings\teresa\Application Data\SUPERAntiSpyware.com
2008-07-02 14:40:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-02 14:38:09 0 d-------- C:\Documents and Settings\teresa\Application Data\Malwarebytes
2008-07-02 14:38:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-02 14:38:06 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-02 14:37:39 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-02 14:31:10 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-02 14:14:40 0 d--h----- C:\Documents and Settings\teresa\WLANProfiles
2008-07-02 14:14:25 14037 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.2>
2008-07-02 14:14:20 0 d-------- C:\WINDOWS\system32\LogFiles
2008-07-02 13:58:05 0 d-------- C:\WINDOWS\system32\Tools
2008-07-02 13:55:07 0 d-------- C:\Documents and Settings\teresa\Application Data\Identities
2008-07-02 13:55:07 0 d-------- C:\Documents and Settings\teresa\Application Data\Adobe
2008-07-02 13:55:06 0 d-------- C:\Documents and Settings\teresa\WINDOWS
2008-07-02 13:55:06 0 d--h----- C:\Documents and Settings\teresa\Templates
2008-07-02 13:55:06 0 dr------- C:\Documents and Settings\teresa\Start Menu
2008-07-02 13:55:06 0 dr-h----- C:\Documents and Settings\teresa\SendTo
2008-07-02 13:55:06 0 dr-h----- C:\Documents and Settings\teresa\Recent
2008-07-02 13:55:06 0 d--h----- C:\Documents and Settings\teresa\PrintHood
2008-07-02 13:55:06 0 d--h----- C:\Documents and Settings\teresa\NetHood
2008-07-02 13:55:06 0 dr------- C:\Documents and Settings\teresa\My Documents
2008-07-02 13:55:06 0 d--h----- C:\Documents and Settings\teresa\Local Settings
2008-07-02 13:55:06 0 dr------- C:\Documents and Settings\teresa\Favorites
2008-07-02 13:55:06 0 d-------- C:\Documents and Settings\teresa\Desktop
2008-07-02 13:55:06 0 d--hs---- C:\Documents and Settings\teresa\Cookies
2008-07-02 13:55:06 0 dr-h----- C:\Documents and Settings\teresa\Application Data
2008-07-02 13:55:06 0 d-------- C:\Documents and Settings\teresa\Application Data\SampleView
2008-07-02 13:55:05 1572864 --ah----- C:\Documents and Settings\teresa\NTUSER.DAT
2008-07-02 13:53:39 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-07-02 13:53:39 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView
2008-07-02 13:53:39 0 d-------- C:\Documents and Settings\Default User\Application Data\Adobe
2008-07-02 13:46:54 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2008-07-03 22:17:21 0 d-------- C:\Program Files\Common Files
2008-07-02 21:45:27 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2008-07-02 14:19:21 0 d-------- C:\Program Files\EMUSB2.0
2008-07-02 14:14:20 0 d-------- C:\Program Files\Intel


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
24/06/2008 23:17 1569304 --a------ C:\Program Files\thechatterbox.cc\tbthec.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{00B8E20C-5C71-4C2F-85A5-6AD541500DF0}"= C:\Program Files\thechatterbox.cc\tbthec.dll [24/06/2008 23:17 1569304]

[-HKEY_CLASSES_ROOT\CLSID\{00B8E20C-5C71-4C2F-85A5-6AD541500DF0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [28/08/2003 05:20]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [14/09/2002 05:42]
"@"="" []
"AGRSMMSG"="AGRSMMSG.exe" [25/07/2003 11:22 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [10/02/2003 15:59 C:\WINDOWS\SOUNDMAN.EXE]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [20/09/2004 12:02]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [20/09/2004 12:01]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/07/2004 12:02]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/07/2004 11:58]
"emMonitor"="C:\WINDOWS\emMon.exe" [07/01/2005 00:56]
"PRONoMgr.exe"="C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [05/02/2004 16:33]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09/10/2007 15:46]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [02/07/2008 18:56]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [08/07/2005 05:55]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [08/07/2005 05:55]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [22/12/2003 08:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [05/12/2003 15:41]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [08/07/2005 05:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14/10/2004 00:24]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 19:44:06]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [21/07/2005 08:06:11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [02/07/2008 16:19 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 02/07/2008 16:19 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll 03/03/2004 16:48 110592 C:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ace9dc1-dec9-11d9-821f-806d6172696f}]
AutoRun\command- E:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d67aa0a2-4834-11dd-acaa-806d6172696f}]
AutoRun\command- D:\Autorun.EXE

*Newly Created Service* - 5B51C581
*Newly Created Service* - 6D5C7925



-- End of Deckard's System Scanner: finished at 2008-07-04 17:35:34 ------------



so are we clean??? :thumbsup:

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:28 PM

Posted 04 July 2008 - 01:19 PM

I think I see what's giving your IE trouble.

Click Start -> Control Panel -> Add Remove Programs and uninstall this program:

thechatterbox.cc Toolbar


Reboot afterwards and IE should work much better for you.



Aside from that, your log looks clean to me! :)

Let's go ahead and clean up.
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users