Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log: Please Help! Privacy_danger Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 BiloxiBeau

BiloxiBeau

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 30 July 2008 - 11:59 AM

I downloaded by mistake the privacy_danger virus and I just want to make sure that it is gone... or 99.9% of it. Please see my two logs below and let me know if I need to do anything else. I have ran HiJack This (see log below), Deckard's System Scanner (see log below) as well as VundoFix and Malwarebytes (no logs). Please help! I got most of my functionality back but my background screen seems to overlay a "Files and Folder Tasks", "Other Places" and "Details" screen on the left side of my dsktop. There are probably other functions I'm unaware of but that's the most noticable. Also, IE is running with add-ons disabled.

Thanks!!!

BiloxiBeau

Deckard's System Scanner v20071014.68
Run by Justin on 2008-07-30 11:13:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
93: 2008-07-30 16:14:15 UTC - RP1022 - Deckard's System Scanner Restore Point
92: 2008-07-30 00:40:07 UTC - RP1021 - Last known good configuration
91: 2008-07-30 00:27:24 UTC - RP1020 - Software Distribution Service 3.0
90: 2008-07-29 19:01:11 UTC - RP1019 - Configured eKEY
89: 2008-07-29 18:44:44 UTC - RP1018 - Removed Bonjour


-- First Restore Point --
1: 2008-07-30 00:39:38 UTC - RP930 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Justin.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:11 AM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\8BF1M4B5\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Justin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.monavievo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: (no name) - {62159E4C-3C0D-412C-9A57-11D0BEDF9464} - C:\WINDOWS\system32\geBusRJA.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: posHelp Class - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRA~1\ADVANC~1\Toolbar.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Advanced Searchbar\Toolbar.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SmartUI.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Advanced Searchbar\Toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Advanced Searchbar\Toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://vinsupport.vinmanager.com/scriptx/smsx6_3.cab
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://swla.mlxchange.com/Control/Specfile.cab
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} (SISCtrl Class) - http://mgc.mlxchange.com/Control/SISC.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145460163828
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mgc.mlxchange.com/3.0.09.83/Control/IRCSharc.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c2/v16.607/qboax10.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://vinsupport.vinmanager.com/arview2.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\SYSTEM32\Brmfrmps.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 10548 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD5>
R2 BrPar - c:\windows\system32\drivers\brpar.sys <Not Verified; Brother Industries Ltd.; Brother Parallel Class Driver>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)
S3 USBAAPL (Apple Mobile USB Driver) - c:\windows\system32\drivers\usbaapl.sys <Not Verified; Apple, Inc.; Apple Mobile Device USB Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-30 11:20:00 424 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{07FB8623-F74D-464A-A67B-5D555E72190D}.job
2008-07-30 02:00:00 364 --a------ C:\WINDOWS\Tasks\PPv5Scan_Daily as Justin at 2 00 AM.job
2008-07-28 20:00:00 624 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Justin.job
2008-07-23 18:50:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-30 and 2008-07-30 -----------------------------

2008-07-30 10:52:36 0 d-------- C:\Computer Problem Software
2008-07-30 10:37:18 0 d-------- C:\Program Files\Trend Micro
2008-07-30 09:56:40 0 d-------- C:\VundoFix Backups
2008-07-30 09:27:18 0 d-------- C:\Documents and Settings\Justin\Application Data\Malwarebytes
2008-07-30 09:26:51 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 09:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 12:15:16 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-07-29 10:43:11 0 d-------- C:\Documents and Settings\Justin\Application Data\TmpRecentIcons
2008-07-23 17:13:06 176235 --a------ C:\WINDOWS\system32\Primomonnt.dll
2008-07-23 17:12:41 0 d-------- C:\WINDOWS\PrimoPDF4
2008-07-23 17:12:41 0 d-------- C:\Program Files\activePDF
2008-07-16 19:20:53 0 d-------- C:\Program Files\Safari
2008-07-09 01:07:24 0 d-------- C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$


-- Find3M Report ---------------------------------------------------------------

2008-07-30 11:17:02 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-29 14:03:46 0 d-------- C:\Documents and Settings\Justin\Application Data\Move Networks
2008-07-29 11:25:26 0 d-------- C:\Program Files\Advanced Searchbar
2008-07-29 11:22:25 0 d-------- C:\Program Files\QuickTime
2008-07-29 11:21:44 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-28 15:01:16 0 d-------- C:\Documents and Settings\Justin\Application Data\mjusbsp
2008-07-25 19:19:14 0 d-------- C:\Program Files\Conference
2008-07-23 18:08:36 6443 --a------ C:\Documents and Settings\Justin\Application Data\PrimoPDFSet.xml
2008-07-23 17:41:52 310 --a------ C:\Documents and Settings\Justin\Application Data\APUSet.xml
2008-07-23 14:35:12 0 d-------- C:\Documents and Settings\Justin\Application Data\Canon
2008-07-16 20:05:39 0 d-------- C:\Program Files\iTunes
2008-07-16 20:04:07 0 d-------- C:\Program Files\iPod
2008-07-07 23:39:19 4428 --a------ C:\WINDOWS\mozver.dat
2008-06-04 17:01:17 0 d-------- C:\Documents and Settings\Justin\Application Data\NeroDigital™
2008-06-03 17:48:20 0 d-------- C:\Program Files\Common Files
2008-06-03 17:37:32 0 d-------- C:\Documents and Settings\Justin\Application Data\Nero
2008-06-03 17:34:30 0 d-------- C:\Program Files\Common Files\Nero
2008-06-03 17:30:36 0 d-------- C:\Program Files\Nero
2008-06-02 19:38:50 0 d-------- C:\Documents and Settings\Justin\Application Data\magicJackOutlookAddIn
2008-05-31 22:43:39 0 d-------- C:\Program Files\Sun
2008-05-31 22:42:24 0 d-------- C:\Program Files\Java
2008-05-30 09:09:46 0 d-------- C:\Program Files\CyberLink
2008-05-30 09:09:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-30 09:08:09 0 d-------- C:\Program Files\Palm
2008-05-30 08:59:15 0 d-------- C:\Program Files\VinStickers
2008-05-30 00:25:11 0 d-------- C:\Program Files\Microangelo
2008-05-30 00:12:37 0 d-------- C:\Program Files\HP
2008-05-30 00:06:02 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-14 00:43:32 92 --a------ C:\Documents and Settings\Justin\Application Data\burnaware.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
08/24/2007 10:51 PM 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62159E4C-3C0D-412C-9A57-11D0BEDF9464}]
C:\WINDOWS\system32\geBusRJA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
01/31/2008 01:18 AM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [08/24/2007 10:51 PM 316784]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/16/2007 10:37 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]

C:\Documents and Settings\Justin\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 2:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/2/2005 11:45:11 AM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 1:05:26 AM]
DESKTOP.INI [8/10/2004 2:04:12 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [10/11/2007 9:07:07 AM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [1/10/2007 5:16:27 PM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [5/3/2005 11:07:32 PM]
SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2/3/2003 12:29:12 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMorePrograms"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoSetFolders"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-07-30 11:21:11 ------------









I don't know what this log is, but here it is:


03/13/2005 15:24:36 NoClear flag is not specified.
03/13/2005 15:24:36 Deleted reg values for custom Windows Update menu text and URL.

03/13/2005 15:24:36 COM initialized with S_OK success code.

03/13/2005 15:24:36 Branding Internet Explorer...
03/13/2005 15:24:36 Command line is "/mode:isp /peruser".

03/13/2005 15:24:36 Global branding settings are:
03/13/2005 15:24:36 Context is (0x01C00008) "Internet Content Providers, running from per-user stub";
03/13/2005 15:24:36 Settings file is "C:\Program Files\Internet Explorer\Signup\install.ins";
03/13/2005 15:24:36 Target folder path is "C:\Program Files\Internet Explorer\Signup".
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 About to clear previous branding...

03/13/2005 15:24:36 Removing customizations...
03/13/2005 15:24:36 Checking User Agent Key SV1 =
03/13/2005 15:24:36 Done.
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing migration of old settings...
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing wininet setup...
03/13/2005 15:24:36 There are no connection settings to process!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing deletion of connection settings...
03/13/2005 15:24:36 Existing connection settings weren't specified to be deleted!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing zones HKCU settings...
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing local machine policies and restrictions...
03/13/2005 15:24:36 There are no local machine *.inf files to process!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing current user policies and restrictions...
03/13/2005 15:24:36 There are no current user *.inf files to process!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing legacy policies and restrictions...
03/13/2005 15:24:36 There are no local machine *.inf files to process!
03/13/2005 15:24:36 There are no current user *.inf files to process!
03/13/2005 15:24:36 There are no legacy *.inf files to process!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing general customizations...
03/13/2005 15:24:36 Wizard version is set to "6.00.2800.1106".
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing Help->About customization...
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing browser toolbar buttons...
03/13/2005 15:24:36 There are no toolbar buttons to process!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing root certificates...
03/13/2005 15:24:36 This feature is for ISPs only!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing deletion of favorites and/or quick links...
03/13/2005 15:24:36 None of the favorites folders were specified to be deleted!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing favorites...
03/13/2005 15:24:36 There are no favorites to add!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing ordering of favorites...
03/13/2005 15:24:36 Favorites will be put into the default position!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing quick links...
03/13/2005 15:24:36 There are no quick links to add!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing ordering of quick links...
03/13/2005 15:24:36 Quick Links will be put into the default position!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing connection settings...
03/13/2005 15:24:36 There are no connection settings to process!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing TrustedPublisherLockdown restriction...
03/13/2005 15:24:36 This restriction is not set!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Registering download URLs as safe for updating IE...
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Deleting links...
03/13/2005 15:24:36 No links to delete!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Branding Outlook Express...
03/13/2005 15:24:36 There are no Outlook Express settings to brand!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing active desktop customizations...
03/13/2005 15:24:36 No desktop customizations to process!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing channels and their categories (if any)...
03/13/2005 15:24:36 There are no channels to process!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing software update channels...
03/13/2005 15:24:36 <Web> folder location is "C:\WINDOWS\Web".
03/13/2005 15:24:36 There are no software update channels to add!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Actual processing of channels by calling webcheck.dll "DllInstall" API...
03/13/2005 15:24:36 There is no webcheck processing necessary!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Showing channel bar on the desktop...
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Processing subscriptions...
03/13/2005 15:24:36 There are no subscriptions to process!
03/13/2005 15:24:36 Done.

03/13/2005 15:24:36 Refreshing browser settings...
03/13/2005 15:24:36 Broadcasting "Windows settings change" to all top level windows...
03/13/2005 15:24:36 Done.
03/13/2005 15:24:36 Done.
03/13/2005 15:24:36 Done.









HiJack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:12 AM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.monavievo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: (no name) - {62159E4C-3C0D-412C-9A57-11D0BEDF9464} - C:\WINDOWS\system32\geBusRJA.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: posHelp Class - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRA~1\ADVANC~1\Toolbar.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Advanced Searchbar\Toolbar.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SmartUI.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Advanced Searchbar\Toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Advanced Searchbar\Toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://vinsupport.vinmanager.com/scriptx/smsx6_3.cab
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://swla.mlxchange.com/Control/Specfile.cab
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} (SISCtrl Class) - http://mgc.mlxchange.com/Control/SISC.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145460163828
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mgc.mlxchange.com/3.0.09.83/Control/IRCSharc.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c2/v16.607/qboax10.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://vinsupport.vinmanager.com/arview2.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\SYSTEM32\Brmfrmps.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 10628 bytes



Please Help!!!

BC AdBot (Login to Remove)

 


#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:46 PM

Posted 10 August 2008 - 04:02 AM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above We still need to see the current state of the machine fresh scan and logs are still necessary

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with dss reports main.txt, extra.txt and Kaspersky report.

Regards
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:46 PM

Posted 15 August 2008 - 01:33 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users