Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojan Horse Downloader.generic7.yxj


  • This topic is locked This topic is locked
25 replies to this topic

#1 brikaye

brikaye

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:12:16 PM

Posted 25 July 2008 - 03:46 AM

My laptop has recently been infected with Trojan Horse Downloader.Generic7.yxj. The file name is C:\Windows\System32\msiebbar.dll
I downloaded the dss file from the "Preparation Guide For Use Before Posting A Hijackthis Log" Topic. Here is the log that was created, and I'm hoping someone can help me. Another user suggested that I run AVG in Safe Mode, so I did, but it didn't find anything. So, this is my next step! Please help!!!


Deckard's System Scanner v20071014.68
Run by Briana on 2008-07-25 01:23:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
18: 2008-07-25 08:24:42 UTC - RP361 - Deckard's System Scanner Restore Point
17: 2008-07-25 08:07:32 UTC - RP360 - Software Distribution Service 3.0
16: 2008-07-25 05:56:06 UTC - RP359 - System Checkpoint
15: 2008-07-24 04:56:53 UTC - RP358 - System Checkpoint
14: 2008-07-19 11:17:05 UTC - RP357 - System Checkpoint


-- First Restore Point --
1: 2008-07-07 23:16:42 UTC - RP344 - Installed AVG Free 8.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as Briana.exe) ---------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-25 01:26:27
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\UStorSrv.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SYSTEM32\BacsTray.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
C:\WINDOWS\SYSTEM32\msiexec.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\Documents and Settings\Briana\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Send Image to Phone - http://www.freeringers.net/ezimage.php
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{6B507E82-5DFB-40C4-A4A6-DEA0205CF4D9}: NameServer = 202.78.97.41
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O18 - Filter: text/html - {c9f2af41-416e-4569-bc50-a33cc99cf321} - C:\WINDOWS\system32\msiebbar.dll (file missing)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\SYSTEM32\UStorSrv.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe


--
End of file - 11228 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\BRIANA~1\MYDOCU~1\MYDOWN~1\HIJACK~1\backups\) --------------------------------------------------------------------------------

backup-20050318-220618-248 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
backup-20050318-220618-259 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
backup-20050318-220618-338 R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
backup-20050318-220618-342 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
backup-20050318-220618-434 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
backup-20050318-220618-537 O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
backup-20050318-220618-809 O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 QCMerced (Logitech QuickCam Communicate) - c:\windows\system32\drivers\lvcm.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 ZSMC302 (VIMICRO USB PC Camera) - c:\windows\system32\drivers\usbvm31b.sys <Not Verified; VM; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor5.0 (Adobe Active File Monitor V5) - c:\program files\adobe\photoshop elements 5.0\photoshopelementsfileagent.exe
R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 UStorage Server Service - c:\windows\system32\ustorsrv.exe /service <Not Verified; OTi; OTi Content Service>
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>

S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\32AA90C1474FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\32AA90C1474FC000
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth PAN Network Adapter
Device ID: ROOT\NET\0001
Manufacturer: IVT Corporation
Name: Bluetooth PAN Network Adapter
PNP Device ID: ROOT\NET\0001
Service: BT


-- Scheduled Tasks -------------------------------------------------------------

2008-07-24 22:51:00 328 --a------ C:\WINDOWS\Tasks\PcbugDoctorBriana.job
2005-03-03 19:47:09 230 --a------ C:\WINDOWS\Tasks\WebReg .job


-- Files created between 2008-06-25 and 2008-07-25 -----------------------------

2008-07-19 23:51:00 0 d------c- C:\Documents and Settings\Guest\Application Data\Talkback
2008-07-19 23:49:38 0 d------c- C:\Documents and Settings\Guest\Application Data\Mozilla
2008-07-09 03:13:06 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-08 09:02:35 0 d------c- C:\Documents and Settings\Guest\Application Data\Macromedia
2008-07-08 09:01:35 0 d------c- C:\Documents and Settings\Guest\Application Data\Adobe
2008-07-08 09:01:09 0 d------c- C:\Documents and Settings\Guest\Application Data\AVGTOOLBAR
2008-07-08 08:53:51 0 d------c- C:\Documents and Settings\Guest\Application Data\Jasc Software Inc
2008-07-08 08:53:51 0 d------c- C:\Documents and Settings\Guest\Application Data\Intel
2008-07-08 08:53:51 0 d------c- C:\Documents and Settings\Guest\Application Data\Identities
2008-07-08 08:53:50 0 d--h---c- C:\Documents and Settings\Guest\NetHood
2008-07-08 08:53:50 0 dr-----c- C:\Documents and Settings\Guest\My Documents
2008-07-08 08:53:50 0 d--h---c- C:\Documents and Settings\Guest\Local Settings
2008-07-08 08:53:50 0 dr-----c- C:\Documents and Settings\Guest\Favorites
2008-07-08 08:53:50 0 d------c- C:\Documents and Settings\Guest\Desktop
2008-07-08 08:53:50 0 d--hs--c- C:\Documents and Settings\Guest\Cookies
2008-07-08 08:53:50 0 dr-h---c- C:\Documents and Settings\Guest\Application Data
2008-07-08 08:53:50 0 d------c- C:\Documents and Settings\Guest\Application Data\Sun
2008-07-08 08:53:50 0 d------c- C:\Documents and Settings\Guest\Application Data\Sonic
2008-07-08 08:53:50 0 d---s--c- C:\Documents and Settings\Guest\Application Data\Microsoft
2008-07-08 08:53:49 0 d--h---c- C:\Documents and Settings\Guest\Templates
2008-07-08 08:53:49 0 dr-----c- C:\Documents and Settings\Guest\Start Menu
2008-07-08 08:53:49 0 dr-h---c- C:\Documents and Settings\Guest\SendTo
2008-07-08 08:53:49 0 dr-h---c- C:\Documents and Settings\Guest\Recent
2008-07-08 08:53:49 0 d--h---c- C:\Documents and Settings\Guest\PrintHood
2008-07-08 08:53:49 1310720 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2008-07-08 01:10:21 0 d--h---c- C:\$AVG8.VAULT$
2008-07-07 17:21:11 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-07 17:19:34 0 d-------- C:\Program Files\Windows Live
2008-07-07 17:18:49 0 d------c- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-07 16:17:58 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-07 16:17:56 0 d-------- C:\Documents and Settings\Briana\Application Data\AVGTOOLBAR
2008-07-07 16:17:31 0 d-------- C:\Program Files\AVG
2008-07-07 16:17:31 0 d------c- C:\Documents and Settings\All Users\Application Data\avg8


-- Find3M Report ---------------------------------------------------------------

2008-07-25 01:20:44 0 d-------- C:\Program Files\Java
2008-07-11 09:58:07 61619 --a------ C:\WINDOWS\system32\nvModes.dat
2008-07-07 17:21:11 0 d-------- C:\Program Files\Common Files
2008-07-07 16:54:19 0 d-------- C:\Documents and Settings\Briana\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/07/2008 04:17 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/07/2008 04:17 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/26/2004 11:01 AM]
"nwiz"="nwiz.exe" [10/26/2004 11:01 AM C:\WINDOWS\SYSTEM32\nwiz.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [08/21/2004 05:04 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"bacstray"="BacsTray.exe" [05/14/2003 05:37 PM C:\WINDOWS\SYSTEM32\BacsTray.exe]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [09/07/2004 03:08 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/13/2004 12:05 AM]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [05/27/2004 07:05 PM]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [11/01/2006 01:04 AM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [06/15/2007 04:15 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [09/14/2006 08:55 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/07/2008 04:17 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05/12/2004 02:03 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]

C:\Documents and Settings\Briana\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 12:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 12:04:12 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/23/2004 8:11:21 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 03:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2422559307-3441396934-3886131455-1006\Scripts\Logoff\0\0]
"Script"=C:\Program Files\Evidence-Blaster 2005 Trial\xp.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Briana^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Briana\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1149522281\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-07-25 01:28:07 ------------

BC AdBot (Login to Remove)

 


#2 Taz71498

Taz71498

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:16 PM

Posted 05 August 2008 - 04:42 PM

Hello brikaye,

Are you still in need of help?

It looks as if that file was cleaned up.

Let's run a online scan just to double check things:

Disable your antivirus program and go here and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee. When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit > Select All then copy the log and paste it back here.

#3 brikaye

brikaye
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:12:16 PM

Posted 05 August 2008 - 07:27 PM

Hi Taz1498,

Thanks for getting back to me. I'm not really sure what's going on with that file because each time AVG Resident Shield detected the Trojan virus, I was getting a message that the attempt to fix or heal it failed. And then it just pops up again and again and again!!!

I did the BitDefender scan, and here are the results:

BitDefender Online Scanner







Scan report generated at: Tue, Aug 05, 2008 - 16:52:49









Scan path: C:\;D:\;















Statistics

Time


01:01:51

Files


233461

Folders


6141

Boot Sectors


4

Archives


3476

Packed Files


7234







Results

Identified Viruses


1

Infected Files


2

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


2







Engines Info

Virus Definitions


1415077

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


16

Archive plugins


43

Unpack plugins


7

E-mail plugins


6

System plugins


5







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008


Detected with: Adware.AWS.A

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008


Deleted

C:\Program Files\AIM\Sysfiles\WxBug.EXE


Update failed

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>(Embedded EXE r)=>wise0008


Detected with: Adware.AWS.A

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>(Embedded EXE r)=>wise0008


Deleted

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>(Embedded EXE r)


Update failed




I did a search of my post for the path file name and see that it shows that the file is missing. Is that why you said it looks like the problem is fixed??? Here are the AVG Resident Shield logs for the virus:

Resident Shield detection
"Infection";"Object";"Result";"Detection time";"Object Type";"Process"
"Trojan horse Downloader.Generic7.YXJ";"C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP356\A0108463.dll";"Infected";"7/19/2008, 4:21:37 AM";"file";"C:\WINDOWS\System32\svchost.exe"
"Trojan horse Downloader.Generic7.YXJ";"C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP356\A0108463.dll";"Infected";"7/19/2008, 5:21:36 AM";"file";"C:\WINDOWS\System32\svchost.exe"
"Trojan horse Downloader.Generic7.YXJ";"C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP356\A0108463.dll";"Infected";"7/19/2008, 6:21:36 AM";"file";"C:\WINDOWS\System32\svchost.exe"
"Trojan horse Downloader.Generic7.YXJ";"C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP356\A0108463.dll";"Infected";"7/19/2008, 7:21:36 AM";"file";"C:\WINDOWS\System32\svchost.exe"
"Trojan horse Downloader.Generic7.YXJ";"C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP356\A0108463.dll";"Infected";"7/19/2008, 8:21:36 AM";"file";"C:\WINDOWS\System32\svchost.exe"
"Trojan horse Downloader.Generic7.YXJ";"C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP356\A0108463.dll";"Infected";"7/19/2008, 9:22:41 AM";"file";"C:\WINDOWS\System32\svchost.exe"
"Trojan horse Downloader.Generic7.YXJ";"C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP356\A0108463.dll";"Infected";"7/19/2008, 11:49:24 PM";"file";"C:\WINDOWS\System32\svchost.exe"
"Trojan horse Downloader.Generic7.YXJ";"C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP356\A0108463.dll";"Infected";"7/20/2008, 12:20:06 AM";"file";"C:\WINDOWS\System32\svchost.exe"
"Trojan horse Downloader.Generic7.YXJ";"C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP356\A0108463.dll";"Infected";"7/24/2008, 6:31:29 PM";"file";"C:\WINDOWS\System32\svchost.exe"
"Trojan horse Downloader.Generic7.YXJ";"C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP356\A0108463.dll";"Infected";"7/25/2008, 2:03:13 AM";"file";"C:\WINDOWS\System32\svchost.exe"

I also looked in the virus vault, and there is another trojan listed that I hadn't realized it detected. However, I couldn't figure out how to post the log. AVG doesn't allow me to export it and I can't select and copy it. Maybe it's a moot point since BitDefender didn't detect either of those trojans???

I also wonder about what else I can do to protect my computer?? I keep AVG updated and have had Spybot S&D for years, and yet it seems that I'm still vulnerable to attacks. Any suggestions??

Thanks so much for your help!!! I really appreciate it!!!

Briana

#4 brikaye

brikaye
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:12:16 PM

Posted 05 August 2008 - 08:51 PM

Interesting... I did some further looking at my AVG scan logs, and it appears that on 7/25 the trojan was taken care of. It hasn't popped up since I've had the laptop on today, which confirms that it's gone. Great!!

So, do I need to do anything with the AIM virus that BitDefender found, or is it already fixed???

I'm also still curious to know what I can do to better protect my computer. Anything you can suggest would be most appreciated!!!

And finally, is there anything else that you saw on HJT log that can be fixed to help my laptop run a little faster???

Thanks for your help!!!

Briana

#5 Taz71498

Taz71498

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:16 PM

Posted 06 August 2008 - 03:22 PM

Hi,

Good, I am glad you are not getting any signs.

I would like you to do this:

First I would like you to turn off Spybot's TeaTimer.
Open Spybot.
Click on Tools at the top and make sure Advanced is checked.
Select Tools on the left side.
Choose System Startup.
Look for the Value: SpybotSD TeaTimer and uncheck it the box.
Reboot the computer.

Next,
Go to Start>All Programs>Accessories>System Tools
Click system restore.
Click to add a check mark beside Turn off System Restore on all Drives, and click Apply.
When you are warned that all existing Restore Points will be deleted, click Yes to continue.

Now reboot the computer.

Go back to system restore and remove the checkmark.

Next,
Run HJT and check these items and then on Fix:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O18 - Filter: text/html - {c9f2af41-416e-4569-bc50-a33cc99cf321} - C:\WINDOWS\system32\msiebbar.dll (file missing)

As for how to help protect your computer....

Well, first don't use any peer-to-peer programs.
Next, be careful of what email you open. Do not open any attachments, even if you know the person. Their computer could be infected and they do not know. If you don't know who the email is from, delete it.

Here is a good link for you to read on how to keep your system clean:
http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/

Post me a new HJT log and tell me how things are working for you.

#6 brikaye

brikaye
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:12:16 PM

Posted 06 August 2008 - 05:14 PM

Thanks for your tips on how to keep my computer clean. Is there a better anti-virus software that you recommend? I think I also read something about a better firewall than the standard windows firewall. I'm just concerned that a trojan got past my anti-virus and spybot s&d. I make a point not to open forwards (hate them anyway), and I uninstalled the peer-2-peer software that was on my computer a long time ago. I'm just baffled!

So, I followed your instructions, and here is the new HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:05 PM, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Send Image to Phone - http://www.freeringers.net/ezimage.php
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.2_05) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B507E82-5DFB-40C4-A4A6-DEA0205CF4D9}: NameServer = 202.78.97.41
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {c9f2af41-416e-4569-bc50-a33cc99cf321} - C:\WINDOWS\system32\msiebbar.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10280 bytes




Thanks for your help!!!

#7 Taz71498

Taz71498

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:16 PM

Posted 07 August 2008 - 03:22 PM

Personally, I like NOD32 for an antivirus. You can find info on it here:
http://www.eset.com/

As for a firewall, I am not the best person to ask. I use the windows firewall also but I have Vista and I also have a router that I use.

You may want to ask that question here:
http://www.bleepingcomputer.com/forums/f/25/antivirus-firewall-and-privacy-products-and-protection-methods/

I would like you to run another log for me because I still see that file:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.


#8 brikaye

brikaye
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:12:16 PM

Posted 08 August 2008 - 12:27 AM

I ran into a problem when attempting to download the recovery console. I'm getting the following message when I put in X:\i386\winnt32.exe /cmdcons:

Windows Setup

Setup cannot continue because the version of Windows on your computer is newer than the version on the CD.


I find that message very strange and confusing... The only version of Windows that has ever been on this computer is the Windows XP that came pre-loaded when I bought the laptop from Dell four years ago. My only thought is that maybe I grabbed the wrong CD. At the top, it says "Operating System" followed by "Reinstallation CD Microsoft Windows XP Home Edition Including Service Pack 1a." Having Service Pack 2 downloaded on the laptop shouldn't make it think the XP loaded on my computer is a newer version, right???

I also have a PC that I bought before the laptop that also has Windows XP, so it's possible that this CD is for the PC. Would that make a difference??? I've moved several times since buying the laptop, so the other CD's that come with the computer are packed away somewhere. I can dig them out if needed. What do you think???

#9 Taz71498

Taz71498

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:16 PM

Posted 10 August 2008 - 08:11 AM

The cd you have may just be the manufacturers reinstall disk which may not work so go to this part in that link I gave you:

If you use Windows XP and do not have the Windows CD, ComboFix includes a method of installing the Windows Recovery console by downloading a file from Microsoft. To install the Windows Recovery Console when you do not have the Windows XP CD, please follow these instructions:


Follow those directions to install Recovery Console.

#10 brikaye

brikaye
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:12:16 PM

Posted 12 August 2008 - 04:17 AM

Hi,

Sorry for my delayed reply. I seem to be running into trouble with everything I try :thumbsup: I've downloaded the file from the Microsoft website for the Windows Recovery Console. Per the instructions, I dragged that icon onto the combofix.exe icon and released. Instead of installing the Windows Recovery Console, it skips directly to the window that asks if you want to run the combofix.exe software. It's as if I'm clicking on the combofix.exe icon, but I'm not. I use the touchpad on my laptop instead of a regular mouse, so I figure that has to be the problem. I'll try it with a regular mouse in the morning and see if I have a better result. Sorry this is taking so long for such a simple step!!

#11 Taz71498

Taz71498

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:16 PM

Posted 12 August 2008 - 04:33 PM

If you still run into problems, just go ahead and run combofix and post the log here.

#12 brikaye

brikaye
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:12:16 PM

Posted 14 August 2008 - 07:39 PM

Okay, I couldn't install the Windows Recovery program, so I just ran combofix.exe, like you said. (Just now realizing I forgot to turn off my antivirus, shoot.) I have the log and my desktop background is present, but nothing else has been restored. I don't have a start bar, programs on the desktop or anything. Should I just reboot the computer?? Combofix didn't seem to have any problems or hang-ups while it was running, so I don't quite understand what the problem is. HELP!!!

#13 brikaye

brikaye
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:12:16 PM

Posted 15 August 2008 - 02:25 PM

Good news...

I didn't do anything to my computer when it didn't bring windows back up, but apparently it restarted at some point because of a windows update that occured. Everything is back to normal! Thank goodness I had the foresight to save the combofix log, even when nothing else was coming up. Here it is:

ComboFix 08-08-14.01 - Briana ****** 2008-08-14 17:04:05.1 - NTFSx86
Running from: C:\Documents and Settings\Briana ******\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Briana ******\Cookies.\briana_8******@ad.yieldmanager[2].txt
C:\Documents and Settings\Briana ******\Cookies.\briana_******@edge.ru4[2].txt
C:\Documents and Settings\Briana ******\Cookies.\briana_******@insightexpressai[1].txt
C:\Documents and Settings\Briana ******\Cookies.\briana_******@myspace[2].txt
C:\Documents and Settings\Briana ******\Cookies.\briana_******@myspace[3].txt
C:\Documents and Settings\Briana ******\Cookies.\briana_******@photobucket[1].txt
C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\#SharedObjects\Y6GHSS7N\interclick.com
C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\#SharedObjects\Y6GHSS7N\interclick.com\ud.sol
C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\system32\drivers\fad.sys

.
((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
.

2008-08-14 16:57 . 2008-08-14 16:57 <DIR> d-------- C:\WINDOWS\LastGood
2008-08-12 01:57 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
2008-08-12 01:57 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mouhid.sys
2008-08-12 01:57 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys
2008-08-12 01:57 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hidusb.sys
2008-08-06 15:01 . 2008-08-06 15:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-06 14:21 . 2008-08-06 14:21 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-05 15:45 . 2008-08-05 16:52 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-25 01:23 . 2008-07-25 01:23 <DIR> d----c--- C:\Deckard
2008-07-25 01:21 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-07-19 23:51 . 2008-07-19 23:51 <DIR> d----c--- C:\Documents and Settings\Guest\Application Data\Talkback

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-25 08:20 --------- d-----w C:\Program Files\Java
2008-07-19 08:04 --------- dc----w C:\Documents and Settings\Guest\Application Data\AVGTOOLBAR
2008-07-09 10:13 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-08 07:23 --------- d-----w C:\Documents and Settings\Briana ******\Application Data\AVGTOOLBAR
2008-07-08 00:25 --------- d-----w C:\Program Files\Windows Live
2008-07-08 00:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-08 00:18 --------- dc----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-07 23:18 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-07 23:18 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-07 23:18 10,520 ----a-w C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-07-07 23:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\avg8
2008-07-07 23:17 --------- d-----w C:\Program Files\AVG
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2007-01-22 02:01 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-26 11:01 4632576]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-08-21 17:04 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-09-07 15:08 385024]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 00:05 122939]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 19:05 323584]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 01:04 321088]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 16:15 366400]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 08:55 61440]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-07 16:17 1232152]
"nwiz"="nwiz.exe" [2004-10-26 11:01 921600 C:\WINDOWS\SYSTEM32\nwiz.exe]
"bacstray"="BacsTray.exe" [2003-05-14 17:37 98304 C:\WINDOWS\SYSTEM32\BacsTray.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-11-23 08:11:21 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 15:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Briana ******^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Briana ******\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-06-09 00:37 40960 C:\WINDOWS\VM_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2004-05-16 19:18 528384 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 00:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 19:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-06-15 16:15 366400 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 00:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
--a------ 2005-07-15 14:48 479232 C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"AOL ACS"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-07 16:18]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-07 16:17]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-07 16:17]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-07 16:18]
S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2004-09-07 01:11]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-14 C:\WINDOWS\Tasks\PcbugDoctorBriana ******.job
- C:\Program Files\PCBugDoctor\PCBugDoctor.exe [2004-07-13 03:21]

2005-03-04 C:\WINDOWS\Tasks\WebReg .job
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe [2004-11-04 21:12]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Free Download Manager - C:\Program Files\Free Download Manager\fdm.exe
MSConfigStartUp-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-googletalk - C:\Program Files\Google\Google Talk\googletalk.exe
MSConfigStartUp-HostManager - C:\Program Files\Common Files\AOL\1149522281\ee\AOLSoftware.exe
MSConfigStartUp-IPHSend - C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
MSConfigStartUp-mmtask - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
MSConfigStartUp-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-Skype - C:\Program Files\Skype\Phone\Skype.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Briana ******\Application Data\Mozilla\Firefox\Profiles\qmx97evj.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 17:15:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = C:\Program Files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e??????? ???????????????X:??????????????????x????????:??x???????? ??????????x???? ??x???x???????(??????|????????x???????????????4???????x???????????x??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-14 17:24:14
ComboFix-quarantined-files.txt 2008-08-15 00:24:04

Pre-Run: 10,328,756,224 bytes free
Post-Run: 10,593,402,880 bytes free

186 --- E O F --- 2008-07-25 08:18:45




Also, I notice that Limewire is still coming up on the registry, but I uninstalled that quite a long time ago. How do I get it rid of what is coming up??

Thanks for all your help!!!!

Edited by brikaye, 15 August 2008 - 02:33 PM.


#14 Taz71498

Taz71498

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:16 PM

Posted 15 August 2008 - 03:49 PM

The log looks clean.

Those limewire entries are left overs. They will cause no harm in being there if you leave them but if you really want to delete them, let me know.

So everything is working normally again?

How about we do a final online virus scan and see what we get:

Disable your antivirus program and go here and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee. When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit > Select All then copy the log and paste it back here.

#15 brikaye

brikaye
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:12:16 PM

Posted 15 August 2008 - 06:31 PM

Okay, here is the new BitDefender Log. What is with the AIM virus it found last time and this time???

If you can tell me how to get rid of that empty Limewire file (or whatever it is) that would be most appreciated!!!



BitDefender Online Scanner







Scan report generated at: Fri, Aug 15, 2008 - 16:22:22









Scan path: C:\;D:\;















Statistics

Time


01:03:48

Files


205992

Folders


6147

Boot Sectors


4

Archives


3471

Packed Files


5897







Results

Identified Viruses


1

Infected Files


2

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


2







Engines Info

Virus Definitions


1516477

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


16

Archive plugins


43

Unpack plugins


7

E-mail plugins


6

System plugins


5







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008


Detected with: Adware.AWS.A

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008


Deleted

C:\Program Files\AIM\Sysfiles\WxBug.EXE


Update failed

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>(Embedded EXE r)=>wise0008


Detected with: Adware.AWS.A

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>(Embedded EXE r)=>wise0008


Deleted

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>(Embedded EXE r)


Update failed




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users