Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with Spyware removal


  • This topic is locked This topic is locked
24 replies to this topic

#1 bomni

bomni

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 29 March 2009 - 01:51 PM

Hi

Well I am completely frustrated with spyware that is on my computer I have tried numerous programs (Spybot, and Malware) but I can't seem to get rid of it. It is Contextuals by snappy. The programs have obviously not helped. So here is what happens I use Firefox and randomly (once or twice a day) a pop-up comes and its by contextual ads by snappy, so I try to remove it from my Control panel and it asks me to type in a security password( shows some numer/letter combo) before uninstalling it. so I do that and it disappears then comes back later on so what the heck is going on?

Here is my log from the Malwarebytes

Malwarebytes' Anti-Malware 1.35
Database version: 1912
Windows 5.1.2600 Service Pack 2

3/29/2009 10:08:05 AM
mbam-log-2009-03-29 (10-08-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 187269
Time elapsed: 1 hour(s), 19 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 51

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{eeb86aef-4a5d-4b75-9d74-f16d438fc286} (Adware.PremierOpinion) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\intelinetsecure (Rogue.Intelinet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\intelinetsecure (Rogue.Intelinet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelinetsecure (Rogue.Intelinet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8a571cbf-3983-c93e-accf-b69d71ea1ff6} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f9a8906-780f-e298-d808-05746939a667} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f9a8906-780f-e298-d808-05746939a667} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Backup (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PremierOpinion (Adware.PremierOpinion) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Talon\Local Settings\Temp\nst3C5.tmp\NSISdl.dll (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Talon\Local Settings\Temp\~nsu.tmp\Au_.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\intelin2.exe (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1562768274-1747296662-185026825-1005\Dc926.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1548\A0120238.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1549\A0120241.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1552\A0120992.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1554\A0121012.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1556\A0121017.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1559\A0121026.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1561\A0121099.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1563\A0121202.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1564\A0121212.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1564\A0121215.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1565\A0121229.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1565\A0121232.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1567\A0121253.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1567\A0121256.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1568\A0121280.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1568\A0122010.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1509\A0119055.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1510\A0119087.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1511\A0119089.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1511\A0119092.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1513\A0119115.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1515\A0119216.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1516\A0119237.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1519\A0119278.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1520\A0119290.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1521\A0119293.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1521\A0119296.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1522\A0119313.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1522\A0119316.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1524\A0119330.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1528\A0119341.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1530\A0119365.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1533\A0119408.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1537\A0119623.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1538\A0119630.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1541\A0119654.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1542\A0119687.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1543\A0119699.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1544\A0120170.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A5AB2A37-C005-4A8C-BBC7-F34E6E09C5D5}\RP1545\A0120195.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hokehyeolerwmz.dll-uninst.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_02_27.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PremierOpinion\About PremierOpinion.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PremierOpinion\Privacy Policy and User License Agreement.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PremierOpinion\Support.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PremierOpinion\Uninstall Instructions.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hokehyeolerwmz.dll (Adware.BHO) -> Quarantined and deleted successfully.


I hope someone can help me fix this, I fear that by downloading all these antispyware programs I am making things worse.

BC AdBot (Login to Remove)

 


#2 bomni

bomni
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 01 April 2009 - 06:52 PM

No one can help me????

I know a format would work but there has to be a better and easier solution

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:05:20 PM

Posted 07 April 2009 - 01:20 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 bomni

bomni
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 08 April 2009 - 04:09 PM

Here is my DDS scan


DDS (Ver_09-03-16.01) - NTFSx86
Run by Talon at 14:02:15.61 on Wed 04/08/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.92 [GMT -7:00]

AV: TELUS Security service Anti-Virus *On-access scanning disabled* (Outdated)
FW: TELUS Security service Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\TELUS\TELUS security services\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdecoms.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 4800 Series\lxdemon.exe
C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
C:\Program Files\Laser Center\Laser Sensor Mouse\Panel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Documents and Settings\Talon\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: {a203c5cd-2de6-c975-7b33-369f2b3dd880} - c:\windows\Hxzavzun.dll
BHO: mysidesearch search enhancer: {0f9a8906-780f-e298-d808-05746939a667} - c:\windows\system32\hokehyeolerwmz.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\telus\telus security services\pkR.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ZKBho Class: {56071e0d-c61b-11d3-b41c-00e02927a304} - c:\program files\zero knowledge\telus security service\freebhor.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: snappyads: {7a01637d-d7ad-fc9d-4da6-ca817fb53fc9} - c:\windows\system32\nsa1D88.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
EB: Search panel: {2315d748-32b4-cd18-ccf3-da32b0dadc70} - c:\windows\system32\hokehyeolerwmz.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [Steam] "c:\program files\valve\steam\steam.exe" -silent
uRun: [Caea] c:\program files\aant\unlo.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [AdobeUpdater6] "c:\program files\common files\adobe\updater6\Adobe_Updater.exe"
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [eIw] c:\documents and settings\talon\local settings\temp\eIw.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Motive SmartBridge] c:\progra~1\teluse~1\smartb~1\MotiveSB.exe
mRun: [UDC Integration]
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [lxdemon.exe] "c:\program files\lexmark 4800 series\lxdemon.exe"
mRun: [lxdeamon] "c:\program files\lexmark 4800 series\lxdeamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Tsa.exe] "c:\program files\telus\telus security advisor\Tsa.exe" /AUTORUN
mRun: [Laser mouse] "c:\program files\laser center\laser sensor mouse\Panel.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\datavi~1.lnk - c:\program files\common files\dataviz\DvzIncMsgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\teluse~1.lnk - c:\program files\telus ecare\bin\matcli.exe
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
IE: &Block this popup - c:\program files\shaw secure\anti-spyware\blockpopups.htm
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {200DB664-75B5-47c0-8B45-A44ACCF73C00} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\shaw secure\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F01} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\shaw secure\fspc\fspcmsie.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {300DB664-75B5-47c0-8B45-A44ACCF73C00} - {0928F506-07E8-470c-979D-147C296D4879} - c:\program files\shaw secure\anti-spyware\ieshield.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://talontedgirlslife.spaces.live.com//PhotoUpload/MsnPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - hxxp://hotsearchbar.com/toolbar2/winhot32.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38098.3429166667
DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\talon\applic~1\mozilla\firefox\profiles\g2qj1qyn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - component: c:\program files\mozilla firefox\components\e79b6956-7418-0a31-e1d5-255020b7fbfd.dll
FF - component: c:\program files\mozilla firefox\components\hokehyeolerwmz.dll
FF - component: c:\program files\mozilla firefox\components\nssnappyads.dll
FF - plugin: c:\program files\telus\telus security advisor\nprpspa.dll
FF - HiddenExtension: XUL Cache: {6044AD17-0EC9-45D3-B72A-C5B9E5B3AE17} - c:\documents and settings\talon\local settings\application data\{6044AD17-0EC9-45D3-B72A-C5B9E5B3AE17}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=

============= SERVICES / DRIVERS ===============

R0 KL1;KL1;c:\windows\system32\drivers\kl1.sys [2009-3-14 112144]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-3-14 196368]
R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
R3 GMFilter Filter;GMFilter Filter;c:\windows\system32\drivers\GMFilter.sys [2009-3-25 25088]
S0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys --> c:\windows\system32\drivers\fsdfw.sys [?]
S2 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\shaw secure\anti-virus\win2k\fsfilter.sys --> c:\program files\shaw secure\anti-virus\win2k\FSfilter.sys [?]
S2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\shaw secure\anti-virus\win2k\fsgk.sys --> c:\program files\shaw secure\anti-virus\win2k\FSgk.sys [?]
S2 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\shaw secure\anti-virus\win2k\fsrec.sys --> c:\program files\shaw secure\anti-virus\win2k\FSrec.sys [?]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdeserv.exe [2008-11-11 99248]
S3 Radialpoint Security Services;TELUS security services;c:\program files\telus\telus security services\RpsSecurityAwareR.exe [2008-12-9 97520]
S4 F-Secure Gatekeeper Handler Starter;FSGKHS;"c:\program files\shaw secure\anti-virus\fsgk32st.exe" --> c:\program files\shaw secure\anti-virus\fsgk32st.exe [?]

=============== Created Last 30 ================

2009-04-03 08:56 556,032 a------- c:\windows\system32\hokehyeolerwmz.dll
2009-03-30 19:06 85,665 a------- c:\windows\system32\8fc91d37-a78a-3f57-c279-507a4064faf9.exe
2009-03-29 10:16 69,194 a------- c:\windows\system32\hokehyeolerwmz.dll-uninst.exe
2009-03-28 15:48 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-28 15:48 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-28 15:48 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-25 19:45 25,088 a------- c:\windows\system32\drivers\GMFilter.sys
2009-03-25 19:45 1,089,536 a------- c:\windows\system32\XWheel.dll
2009-03-25 19:45 598,016 a------- c:\windows\system32\MousePage.dll
2009-03-25 19:45 114,688 a------- c:\windows\system32\Hook.dll
2009-03-25 19:45 <DIR> --d----- c:\program files\Laser Center
2009-03-22 09:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-22 09:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-20 07:49 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-14 11:08 1,419,296 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-03-14 11:08 38,688 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-03-14 11:08 5,252 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-03-14 11:08 1,556 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-03-14 11:06 112,144 a------- c:\windows\system32\drivers\kl1.sys
2009-03-14 11:05 53,192 a------- c:\windows\system32\drivers\rp_skt32.sys
2009-03-14 11:03 48,384 a------- c:\windows\system32\drivers\rp_pkt32.sys
2009-03-14 11:03 <DIR> --d----- c:\program files\Raxco

==================== Find3M ====================

2009-03-25 21:11 2,438 a------- c:\docume~1\talon\applic~1\wklnhst.dat
2009-02-27 06:21 641,536 a------- c:\windows\system32\nsa1D88.dll
2009-02-09 03:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-08 17:31 16,694 a------- c:\windows\system32\drivers\PalmUSBD.sys
2009-02-08 17:31 53,248 a------- c:\windows\PalmDevC.dll
2001-11-23 12:08 712,704 a------- c:\windows\inf\other\AUDIO3D.DLL
2005-12-05 21:56 10,240 a--sh--- c:\windows\rnapxs\rnapxs.dat

============= FINISH: 14:03:35.48 ===============


I really hope that someone can he,p me out on this because it is very annoying though it is not frequesntly I don't like having random stuff popping up on me, while I browsing the internet

Attached Files



#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 08 April 2009 - 09:02 PM

Hello.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 11 April 2009 - 09:36 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the day I replied, the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 bomni

bomni
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 12 April 2009 - 07:15 PM

Hi there
I have been away this weekend but I just ran combo fix so, I will let you know if I have anymore problems. Do you want me to upload my combofix log?



Thanks for all your help! I really appreciate it!

Sincerely


Matt

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 12 April 2009 - 07:42 PM

Hello.

Do you want me to upload my combofix log?


Quoted from my instructions:

When finished, it will produce a report for you. Please post the contents of the log


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 bomni

bomni
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 13 April 2009 - 05:50 PM

Ok here it the log


ComboFix 09-04-13.07 - Talon 2009-04-12 16:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.112 [GMT -7:00]
Running from: c:\documents and settings\Talon\Desktop\ComboFix.exe
AV: TELUS Security service Anti-Virus *On-access scanning disabled* (Outdated)
FW: TELUS Security service Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Talon\LOCALS~1\Temp\gewhk1
c:\program files\Mozilla Firefox\components\e79b6956-7418-0a31-e1d5-255020b7fbfd.dll
c:\program files\Mozilla Firefox\components\hokehyeolerwmz.dll
c:\program files\mozilla firefox\components\nssnappyads.dll
c:\windows\system32\ICON.ico

.
((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 )))))))))))))))))))))))))))))))
.

2009-04-12 23:40 . 2006-03-03 07:42 73728 ----a-w C:\pv.exe
2009-04-08 15:09 . 2009-04-08 15:09 710656 ----a-w c:\windows\system32\nsc2D3C.dll
2009-04-04 18:05 . 2009-04-04 18:05 556544 ----a-w c:\windows\system32\hokehyeolerwmz.dll
2009-03-31 02:06 . 2009-04-12 23:37 85665 ----a-w c:\windows\system32\8fc91d37-a78a-3f57-c279-507a4064faf9.exe
2009-03-29 17:16 . 2009-04-12 23:37 69194 ----a-w c:\windows\system32\hokehyeolerwmz.dll-uninst.exe
2009-03-28 22:48 . 2009-03-26 23:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-28 22:48 . 2009-03-26 23:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 02:45 . 2005-06-20 19:26 25088 ----a-w c:\windows\system32\drivers\GMFilter.sys
2009-03-26 02:45 . 2005-06-20 19:19 1089536 ----a-w c:\windows\system32\XWheel.dll
2009-03-26 02:45 . 2005-06-20 19:17 114688 ----a-w c:\windows\system32\Hook.dll
2009-03-26 02:45 . 2005-06-20 19:10 598016 ----a-w c:\windows\system32\MousePage.dll
2009-03-22 16:47 . 2009-03-22 18:07 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-20 14:49 . 2009-03-20 14:49 410984 ----a-w c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 23:52 . 2009-03-14 18:08 2156576 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-29 17:09 . 2009-03-14 18:08 5252 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-29 17:09 . 2009-03-14 18:08 38688 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-29 17:09 . 2009-03-14 18:08 1556 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-28 22:48 . 2009-03-28 22:48 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-28 22:37 . 2005-12-16 00:30 -------- d-----w c:\program files\LimeWire
2009-03-26 04:11 . 2006-02-28 06:45 2438 ----a-w c:\documents and settings\Talon\Application Data\wklnhst.dat
2009-03-26 02:45 . 2009-03-26 02:45 -------- d-----w c:\program files\Laser Center
2009-03-26 02:45 . 2004-04-21 15:07 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-23 01:23 . 2004-10-24 23:03 -------- d-----w c:\program files\Common Files\Adobe
2009-03-22 18:11 . 2009-03-22 18:10 3829434 ----a-w C:\immudebug.log
2009-03-22 16:47 . 2009-03-22 16:47 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-20 14:49 . 2005-12-16 00:44 -------- d-----w c:\program files\Java
2009-03-14 18:07 . 2007-06-13 07:34 -------- d-----w c:\documents and settings\Talon\Application Data\TELUS
2009-03-14 18:03 . 2009-03-14 18:03 -------- d-----w c:\program files\Raxco
2009-03-14 18:03 . 2009-03-14 18:03 -------- d-----w c:\documents and settings\All Users\Application Data\Raxco
2009-03-14 18:02 . 2007-06-13 07:33 -------- d-----w c:\program files\TELUS
2009-03-14 18:02 . 2007-06-13 07:33 -------- d-----w c:\documents and settings\All Users\Application Data\TELUS
2009-03-11 10:08 . 2008-11-12 01:14 -------- d-----w c:\program files\Lexmark 4800 Series
2009-03-11 10:01 . 2008-09-09 23:40 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 01:26 . 2008-09-10 01:13 -------- d-----w c:\documents and settings\All Users\Application Data\myitlab
2009-02-28 20:09 . 2008-11-12 01:15 -------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2009-02-27 22:46 . 2009-02-27 22:46 0 ----a-w C:\proc.id
2009-02-27 22:46 . 2009-02-27 22:46 0 ----a-w C:\asdasd.asdasd
2009-02-09 10:19 . 2004-04-21 14:11 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 00:31 . 2009-02-09 00:33 53248 ----a-w c:\windows\PalmDevC.dll
2008-11-27 04:49 . 2008-11-27 04:49 18113589 ----a-w c:\documents and settings\All Users\SPL27A.tmp
2008-11-06 03:58 . 2004-10-23 05:49 94968 ----a-w c:\documents and settings\Talon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-13 23:52 . 2009-03-14 18:08 2158624 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-29 17:09 . 2009-03-14 18:08 38688 --sha-w c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F9A8906-780F-E298-D808-05746939A667}]
2009-04-04 11:05 556544 --a------ c:\windows\system32\hokehyeolerwmz.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7a01637d-d7ad-fc9d-4da6-ca817fb53fc9}]
2009-04-08 08:09 710656 --a------ c:\windows\system32\nsc2D3C.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-10-07 1410296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2009-03-15 2521464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-02-07 114741]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"Motive SmartBridge"="c:\progra~1\TELUSE~1\SMARTB~1\MotiveSB.exe" [2006-10-23 393216]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2007-06-11 455600]
"lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2007-06-01 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 316336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-20 136600]
"Tsa.exe"="c:\program files\TELUS\TELUS security advisor\Tsa.exe" [2008-09-18 3228912]
"Laser mouse"="c:\program files\Laser Center\Laser Sensor Mouse\Panel.exe" [2005-06-20 233472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2009-02-08 28672]
HOTSYNCSHORTCUTNAME.lnk - c:\palm\Hotsync.exe [2004-06-09 471040]
TELUS eCare.lnk - c:\program files\TELUS eCare\bin\matcli.exe [2006-07-12 217088]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FSMA"=2 (0x2)
"fshttps"=3 (0x3)
"FSDFWD"=3 (0x3)
"F-Secure Gatekeeper Handler Starter"=2 (0x2)
"iPodService"=3 (0x3)
"gusvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Palm\\HOTSYNC.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bomni\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\steam.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\lxdemon.exe"=
"c:\\WINDOWS\\system32\\lxdecfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdepswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdetime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdejswx.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bomni\\codename gordon\\cg.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\shadowgrounds demo\\ShadowgroundsLauncher.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bomni\\darwinia demo\\darwinia.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bomni\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe"=
"c:\\WINDOWS\\system32\\lxdecoms.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\lxdeamon.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\FRun.exe"=

R0 FSFW;F-Secure Firewall Driver; [x]
R2 F-Secure Filter;F-Secure File System Filter; [x]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper; [x]
R2 F-Secure Recognizer;F-Secure File System Recognizer; [x]
R2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe [2007-05-29 99248]
R3 Radialpoint Security Services;TELUS security services;c:\program files\TELUS\TELUS security services\RpsSecurityAwareR.exe [2008-12-09 97520]
S2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe [2007-05-29 598960]
S3 GMFilter Filter;GMFilter Filter;c:\windows\system32\Drivers\GMFilter.sys [2005-06-20 25088]

.
Contents of the 'Scheduled Tasks' folder

2009-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-04-12 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\SHAWSE~1\ANTI-V~1\fsav.exe []
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A203C5CD-2DE6-C975-7B33-369F2B3DD880} - c:\windows\Hxzavzun.dll
HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
HKCU-Run-Caea - c:\program files\aant\unlo.exe
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-eIw - c:\documents and settings\talon\local settings\temp\eIw.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-UDC Integration - (no file)
MSConfigStartUp-F-Secure Manager - c:\program files\Shaw Secure\Common\FSM32.EXE
MSConfigStartUp-F-Secure Startup Wizard - c:\program files\Shaw Secure\FSGUI\FSSW.EXE
MSConfigStartUp-F-Secure TNB - c:\program files\Shaw Secure\TNB\TNBUtil.exe
MSConfigStartUp-News Service - c:\program files\Shaw Secure\FSGUI\ispnews.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Block this popup - c:\program files\Shaw Secure\Anti-Spyware\blockpopups.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
FF - ProfilePath - c:\documents and settings\Talon\Application Data\Mozilla\Firefox\Profiles\g2qj1qyn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - plugin: c:\program files\TELUS\TELUS security advisor\nprpspa.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 16:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-13 16:57
ComboFix-quarantined-files.txt 2009-04-13 23:57

Pre-Run: 64,101,416,960 bytes free
Post-Run: 65,521,524,736 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

225 --- E O F --- 2009-03-15 10:02

So far today that contextual ads has not returned to my add/remove programs.. It appears that has worked (fingers crossed)


Is there anything else I need to know or you need from me?

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 13 April 2009 - 07:23 PM

Hello.

There are still more to do. Please follow the instructions in the order I give them to you (from top to bottom).

Run GooredFix using Option2 (Removal)

Please download GooredFix and save it to your Desktop.
Alternative Download Mirror #2

Please make sure all instances of Firefox are closed at this point before proceeding.
  • Please double-click Goored.exe on your Desktop to run it.
  • A window will appear, please Select 2. (Fix Goored) by typing 2 and pressing Enter.
  • Type Y at the prompt and press Enter. The removal process will begin
  • A log will open with the file after completion, please post the contents of that log in your next reply
*Note: The log can also be found on your desktop (Goored.txt)

Run ComboFix with CFScript

We will run ComboFix again. This time it will be slightly different from the initial run.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    http://www.bleepingcomputer.com/forums/t/215018/need-help-with-spyware-removal/
    Collect::[68]
    c:\windows\system32\hokehyeolerwmz.dll
    c:\windows\system32\nsc2D3C.dll
    c:\windows\system32\hokehyeolerwmz.dll-uninst.exe
    c:\windows\system32\8fc91d37-a78a-3f57-c279-507a4064faf9.exe
    File::
    C:\proc.id
    C:\asdasd.asdasd
    c:\documents and settings\All Users\SPL27A.tmp
    c:\windows\Tasks\Scheduled scanning task.job
    Folder::
    c:\progra~1\SHAWSE~1
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F9A8906-780F-E298-D808-05746939A667}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7a01637d-d7ad-fc9d-4da6-ca817fb53fc9}]
    Firefox::
    FF - ProfilePath - c:\documents and settings\Talon\Application Data\Mozilla\Firefox\Profiles\g2qj1qyn.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
    FF - prefs.js: browser.search.selectedEngine - Yoog Search
    FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
    FF - user.js: browser.search.selectedEngine - Yoog Search
    FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
    FF - user.js: browser.search.defaultenginename - Yoog Search
    FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
    DDS::
    IE: &Block this popup - c:\program files\Shaw Secure\Anti-Spyware\blockpopups.htm
    IE: {200DB664-75B5-47c0-8B45-A44ACCF73C00} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\shaw secure\fspc\fspcmsie.dll
    IE: {200DB664-75B5-47c0-8B45-A44ACCF73F01} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\shaw secure\fspc\fspcmsie.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {300DB664-75B5-47c0-8B45-A44ACCF73C00} - {0928F506-07E8-470c-979D-147C296D4879} - c:\program files\shaw secure\anti-spyware\ieshield.dll
    Driver::
    FSFW
    F-Secure Filter
    F-Secure Gatekeeper
    F-Secure Recognizer
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at "C:\ComboFix.txt"
Upload Samples by ComboFix

When Combofix finishes running, the ComboFix log will open along with a message box. With the above script, ComboFix captured some files to submit for analysis.
  • Important: Ensure you are connected to the internet before clicking OK on the message box.
  • A blue-screen would appear auto-uploading the zipped file I requested.
  • After the uploading is done you should see a message near the bottom saying "Upload was Succesfull".
**NOTE**
=================
  • IF for some reason Combofix fails to upload anything please do the following:
  • Go to Start >> My Computer > C:\
  • Then Navigate to the C:\Qoobox\Quarantine folder.
  • Find the archive zip file called "[68]-Submit_Date_Time.zip"
  • Simply go to This Channel and upload the submit.zip archive file to me.
  • Follow the instructions on that page to copy/paste/send the requested file.
Let me know how it goes and if the upload went successfully or not in your next reply.

Download and Run F-Secure Removal Tool

Please download and run this tool.

F-Secure was not removed succesfully as I saw a lot of leftover of it in the logs. If when running it, it doesn't work because it says it was already uninstalled or there was nothing to remove then that is okay, because we probably already removed it :thumbup2:

Just run it and follow the prompts.

Update and Scan with MalwareBytes Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Go to the Update tab
  • Select Check for Update and let MBAM download and install any available updates.
  • After the update is complete go to the Scanner tab.
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Post back with:
-Goored log
-Combofix log
-MBAM log

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 bomni

bomni
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 14 April 2009 - 10:40 AM

Mbam did not have problems running so I assume it has been successful.

Here are the 3 logs

ComboFix 09-04-14.01 - Talon 04/13/2009 19:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.239 [GMT -7:00]
Running from: c:\documents and settings\Talon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Talon\Desktop\CFScript.txt
AV: TELUS Security service Anti-Virus *On-access scanning disabled* (Outdated)
FW: TELUS Security service Firewall *disabled*
* Created a new restore point

FILE ::
C:\asdasd.asdasd
c:\documents and settings\All Users\SPL27A.tmp
C:\proc.id
c:\windows\Tasks\Scheduled scanning task.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\asdasd.asdasd
c:\documents and settings\All Users\SPL27A.tmp
C:\proc.id
c:\progra~1\micros~2\office12\ONBttnIE.dll
c:\windows\system32\hokehyeolerwmz.dll-uninst.exe
c:\windows\system32\hokehyeolerwmz.dll
c:\windows\Tasks\Scheduled scanning task.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_F-SECURE_FILTER
-------\Legacy_F-SECURE_GATEKEEPER
-------\Legacy_F-SECURE_RECOGNIZER
-------\Legacy_FSFW
-------\Service_F-Secure Filter
-------\Service_F-Secure Gatekeeper
-------\Service_F-Secure Recognizer
-------\Service_FSFW


((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-03-28 22:48 . 2009-03-26 23:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-28 22:48 . 2009-03-26 23:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 02:45 . 2005-06-20 19:26 25088 ----a-w c:\windows\system32\drivers\GMFilter.sys
2009-03-26 02:45 . 2005-06-20 19:19 1089536 ----a-w c:\windows\system32\XWheel.dll
2009-03-26 02:45 . 2005-06-20 19:17 114688 ----a-w c:\windows\system32\Hook.dll
2009-03-26 02:45 . 2005-06-20 19:10 598016 ----a-w c:\windows\system32\MousePage.dll
2009-03-22 16:47 . 2009-03-22 18:07 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-20 14:49 . 2009-03-20 14:49 410984 ----a-w c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 02:43 . 2009-03-14 18:08 38688 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-14 02:43 . 2009-03-14 18:08 38688 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-14 02:43 . 2009-03-14 18:08 2420 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-14 02:43 . 2009-03-14 18:08 2175008 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-14 02:43 . 2009-03-14 18:08 2175008 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-14 02:43 . 2009-03-14 18:08 10196 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-28 22:48 . 2009-03-28 22:48 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-28 22:37 . 2005-12-16 00:30 -------- d-----w c:\program files\LimeWire
2009-03-26 04:11 . 2006-02-28 06:45 2438 ----a-w c:\documents and settings\Talon\Application Data\wklnhst.dat
2009-03-26 02:45 . 2009-03-26 02:45 -------- d-----w c:\program files\Laser Center
2009-03-26 02:45 . 2004-04-21 15:07 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-23 01:23 . 2004-10-24 23:03 -------- d-----w c:\program files\Common Files\Adobe
2009-03-22 18:11 . 2009-03-22 18:10 3829434 ----a-w C:\immudebug.log
2009-03-22 16:47 . 2009-03-22 16:47 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-20 14:49 . 2005-12-16 00:44 -------- d-----w c:\program files\Java
2009-03-14 18:07 . 2007-06-13 07:34 -------- d-----w c:\documents and settings\Talon\Application Data\TELUS
2009-03-14 18:03 . 2009-03-14 18:03 -------- d-----w c:\program files\Raxco
2009-03-14 18:03 . 2009-03-14 18:03 -------- d-----w c:\documents and settings\All Users\Application Data\Raxco
2009-03-14 18:02 . 2007-06-13 07:33 -------- d-----w c:\program files\TELUS
2009-03-14 18:02 . 2007-06-13 07:33 -------- d-----w c:\documents and settings\All Users\Application Data\TELUS
2009-03-11 10:08 . 2008-11-12 01:14 -------- d-----w c:\program files\Lexmark 4800 Series
2009-03-11 10:01 . 2008-09-09 23:40 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 01:26 . 2008-09-10 01:13 -------- d-----w c:\documents and settings\All Users\Application Data\myitlab
2009-02-28 20:09 . 2008-11-12 01:15 -------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2009-02-09 10:19 . 2004-04-21 14:11 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 00:31 . 2009-02-09 00:33 53248 ----a-w c:\windows\PalmDevC.dll
2008-11-06 03:58 . 2004-10-23 05:49 94968 ----a-w c:\documents and settings\Talon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-04-13_16.55.26.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-14 02:44 . 2009-04-14 02:44 16384 c:\windows\Temp\Perflib_Perfdata_76c.dat
+ 2009-03-14 18:08 . 2009-04-14 02:43 38688 c:\windows\system32\drivers\fidbox2.dat
- 2009-03-14 18:08 . 2009-03-29 17:09 38688 c:\windows\system32\drivers\fidbox2.dat
+ 2009-04-14 02:42 . 2005-10-21 03:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-03-14 18:08 . 2009-04-14 02:43 2175008 c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-10-08 1410296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2009-03-16 2521464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-02-07 114741]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"Motive SmartBridge"="c:\progra~1\TELUSE~1\SMARTB~1\MotiveSB.exe" [2006-10-24 393216]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-11 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2007-06-11 455600]
"lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2007-06-01 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 316336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-20 136600]
"Tsa.exe"="c:\program files\TELUS\TELUS security advisor\Tsa.exe" [2008-09-18 3228912]
"Laser mouse"="c:\program files\Laser Center\Laser Sensor Mouse\Panel.exe" [2005-06-20 233472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2009-2-8 28672]
HOTSYNCSHORTCUTNAME.lnk - c:\palm\Hotsync.exe [2004-6-9 471040]
TELUS eCare.lnk - c:\program files\TELUS eCare\bin\matcli.exe [2006-7-12 217088]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FSMA"=2 (0x2)
"fshttps"=3 (0x3)
"FSDFWD"=3 (0x3)
"F-Secure Gatekeeper Handler Starter"=2 (0x2)
"iPodService"=3 (0x3)
"gusvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Palm\\HOTSYNC.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bomni\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\steam.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\lxdemon.exe"=
"c:\\WINDOWS\\system32\\lxdecfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdepswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdetime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdejswx.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bomni\\codename gordon\\cg.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\shadowgrounds demo\\ShadowgroundsLauncher.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bomni\\darwinia demo\\darwinia.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bomni\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe"=
"c:\\WINDOWS\\system32\\lxdecoms.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\lxdeamon.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\FRun.exe"=

R2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe [2007-05-29 99248]
R3 Radialpoint Security Services;TELUS security services;c:\program files\TELUS\TELUS security services\RpsSecurityAwareR.exe [2008-12-09 97520]
S2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe [2007-05-29 598960]
S3 GMFilter Filter;GMFilter Filter;c:\windows\system32\Drivers\GMFilter.sys [2005-06-20 25088]

.
Contents of the 'Scheduled Tasks' folder

2009-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0F9A8906-780F-E298-D808-05746939A667} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Block this popup
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
FF - ProfilePath - c:\documents and settings\Talon\Application Data\Mozilla\Firefox\Profiles\g2qj1qyn.default\
FF - plugin: c:\program files\TELUS\TELUS security advisor\nprpspa.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 19:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3164)
c:\progra~1\TELUSE~1\SMARTB~1\SBHook.dll
c:\windows\System32\shdoclc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\TELUS\TELUS security services\Fws.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-14 02:55
ComboFix2.txt 2009-04-13 23:57

Pre-Run: 65,606,713,344 bytes free
Post-Run: 65,468,502,016 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
231 --- E O F --- 2009-03-15 10:02


The MBAM log
Malwarebytes' Anti-Malware 1.36
Database version: 1979
Windows 5.1.2600 Service Pack 2

4/13/2009 8:22:02 PM
mbam-log-2009-04-13 (20-22-02).txt

Scan type: Quick Scan
Objects scanned: 80520
Time elapsed: 4 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


And finally the Gooredlog

GooredFix v1.92 by jpshortstuff
Log created at 17:27 on 13/04/2009 running Option #2 (Talon)
Firefox version 3.0.8 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{6044AD17-0EC9-45D3-B72A-C5B9E5B3AE17}"="C:\Documents and Settings\Talon\Local Settings\Application Data\{6044AD17-0EC9-45D3-B72A-C5B9E5B3AE17}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\Talon\Local Settings\Application Data\{6044AD17-0EC9-45D3-B72A-C5B9E5B3AE17}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{6E19037A-12E3-4295-8915-ED48BC341614}"="C:\Program Files\PremierOpinion" (Folder Missing)

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{998B0A2E-1475-4318-8BE9-383A0E70DD2E}"="C:\Program Files\PremierOpinion" (Folder Missing)


Thanks again!


Bomni

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 14 April 2009 - 12:05 PM

Hello.

You did not upload the files I asked for via Combofix. Do it manually for me then....

**NOTE**
=================

  • IF for some reason Combofix fails to upload anything please do the following:
  • Go to Start >> My Computer > C:\
  • Then Navigate to the C:\Qoobox\Quarantine folder.
  • Find the archive zip file called "[68]-Submit_Date_Time.zip"
  • Simply go to This Channel and upload the submit.zip archive file to me.
  • Follow the instructions on that page to copy/paste/send the requested file.
Let me know how it goes and if the upload went successfully or not in your next reply.


Let me know once you upload it.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 bomni

bomni
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 14 April 2009 - 05:50 PM

File was uploaded sucessfully


sorry about that


Bomni

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 14 April 2009 - 07:29 PM

Hello.

Please update Java and run an online scan.

Update Java to Version 6 Update 12

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
*If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
** If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
*** The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Post back with a new dds log as well.

With Regards,
Extremeoby
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 bomni

bomni
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 16 April 2009 - 11:10 AM

Hello again

I tried a few times last night and Kaspersky failed, I was trying to get it to work this morning but the scan will not start. I was hoping to upload the error msg I was receiving. Also I am unfamiliar with the realtime protection software. This is not in my system tray.

Program database is being updated. Please wait...
Failed to connect to update source: 24.64.223.200
Updater logic error related to download process: http://24.64.223.200/wpad.dat
Update source selected: http://dnl-04.geo.kaspersky.com/
Downloading file: index/master.xml.klz
Downloading file: diffs/bases/five/avc/kavset.xml.zsk
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: diffs/bases/five/avc/black.lst.bgz
Downloading file: diffs/bases/five/avc/fa001.avc.ot2
Downloading file: diffs/bases/five/avc/base730c.avc.n9k
Downloading file: bases/five/avc/base731c.avc
Downloading file: bases/five/avc/base732c.avc
Downloading file: diffs/bases/five/avc/dailyc.avc.ea6
Downloading file: bases/five/avc/dailyc.avc
Downloading file: diffs/bases/five/avc/ext088c.avc.ndc
Downloading file: diffs/bases/five/avc/daily-ec.avc.5f0
Downloading file: bases/five/avc/daily-ec.avc
Downloading file: diffs/bases/five/avc/base003.avc.zz2
Downloading file: diffs/bases/five/avc/base162.avc.-hi
Downloading file: diffs/bases/five/avc/base164.avc.vte
Downloading file: diffs/bases/five/avc/base167.avc.plz
Downloading file: diffs/bases/five/avc/unp002.avc.89q
Downloading file: diffs/bases/five/avc/unp043.avc.kgz
Downloading file: diffs/bases/five/avc/daily.avc.ehl
Downloading file: diffs/bases/five/avc/fa.avc.d2a
Downloading file: diffs/bases/five/avc/avp.set.qqg
Downloading file: diffs/bases/five/avc/avp_ext.set.xbz
Downloading file: diffs/bases/five/avc/avp_x.set.yx2
Downloading file: diffs/bases/five/avc/avp.klb.ag_
Downloading file: diffs/bases/five/avc/avp.klb.qdr
Downloading file: diffs/bases/five/avc/avp.klb.rqs
Downloading file: bases/five/avc/avp.klb
Database is updated. Ready to scan.

I'm not sure if work or not. Last statement said it updated so I'm a little confused. I will try it again but I won't too much time today as I have some finals exam I need to do.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users