Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE automatically pops up with fake virus scan - help!


  • This topic is locked This topic is locked
2 replies to this topic

#1 elmsley4

elmsley4

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 10 May 2009 - 11:34 AM

Yes - I'm a moron. I received an email from a friend that instructed me to download something. It seemed odd, but I downloaded it and BAM - malware or virus or something...

So here are the symptoms:

- IE automatically opens and loads a screen telling me I'm infected with tons of viruses, spyware, etc... and I need to download a program to fix it.
- I can't close the window, and another pop-up comes up telling me if I try to close, I might risk more infections.
- If I hit close, the screen won't do anything
- I'm assuming the virus will take me to a screen and try to get me to enter my credit card and personal information to purchase the "program".

I'm currently running Google Chrome, and IE will STILL pop open automatically.

- I can't close out of the window, I can't switch to Chrome, I have to Cntrl-alt-del and force quit IE.
- the url's I have see are:
1) scan4mini.info
2) scan4star.info

POP-UP Message:

"Please note that Spyware is highly malicious for your PC Information Privacy
If you want to install the full version, please click "OK", wait for the page to load, start the installation process and follow the instructions.
If you want to wait for the scanning result to appear, please click "Cancel".
After Internet Antivirus Pro is installed, you can close the scanning window and remove Spyware from your computer."


I also get this garbage:

"Your private life and private details are threatened by potentially
severe privacy violations!
Your PC keeps track of all the sites you visit, including the adult sites.
As a rule, you don't even realize that there may be files on your PC
that may infringe your privacy or compromise you.
A hi-tech criminal can easily get your credit card credentials!
Without protection, you take a risk of becoming a fraud victim every
second you spend on-line."


I've tried installing the following:

1) Window's Defender
2) NOD32

a few other random things here & there, and NO LUCK.

My computer specs is as follows:

- Windows XP Pro
- 160gb hard drive
- 512 RAM
- Service Pack 3
- Sony Vaio VGN-S150P computer

* I've tried to insert a screen image, but I don't know how! I used photobucket, but the board doesn't like the format, so if you think it'll be helpful to see a screenshot, and you can tell me how to do it, I'll do it.

Much thanks!

-Joel

BELOW IS THE DDS SCAN:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Joel Gabelman at 11:14:11.79 on Sun 05/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.73 [GMT -5:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wodUpdSv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\windows\pp06.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Joel Gabelman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\East-Tec Eraser 2008\etRiskMon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Joel Gabelman\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60341
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll
BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {E1BACF55-35E1-4E47-9247-2D48660E5545} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Eraser RiskMonitor] "c:\program files\east-tec eraser 2008\launch.exe" "c:\program files\east-tec eraser 2008\etRiskMon.exe"
uRun: [Google Update] "c:\documents and settings\joel gabelman\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
mRun: [CreateCD_Reminder] c:\windows\sonysys\vaio recovery\reminder.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [HKSERV.EXE] c:\program files\sony\hotkey utility\HKserv.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [pp] c:\windows\pp06.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\joelga~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\joelga~1\startm~1\programs\startup\metacafe.lnk - c:\program files\metacafe\MetacafeAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\metacafe.lnk - c:\program files\metacafe\MetacafeAgent.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: ameritrade.com\wwws
Trusted Zone: netflix.com
Trusted Zone: netflix.com\www
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://usbportal.usbank.com/,DanaInfo=ccem500.us.bank-dns.com+iNotes6W.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186554917872
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186929650401
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\joelga~1\applic~1\mozilla\firefox\profiles\3fglq3qg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://starter.metacafe.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\crawler\toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xshared.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xwsg.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-5-1 142592]
R2 Akamai;Akamai;c:\windows\system32\svchost.exe -k Akamai [2004-5-10 14336]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2007-8-7 86098]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-11 24652]
R2 WeOnlyDo wodAppUpdate Service;WeOnlyDo wodAppUpdate Service;c:\windows\system32\wodUpdSv.exe [2009-1-20 28144]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 oibtvcom;Bluetooth Virtual COM Port;c:\windows\system32\drivers\oivmvcom.sys [2004-5-10 279680]
R3 oivmctrl;VCOMM Device Controller;c:\windows\system32\drivers\oivmctrl.sys [2004-5-10 15616]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2004-5-10 71961]
S2 gupdate1c9baf9cc4ffb90;Google Update Service (gupdate1c9baf9cc4ffb90);c:\program files\google\update\GoogleUpdate.exe [2009-4-11 133104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-20 29744]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-28 42512]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]

=============== Created Last 30 ================

2009-05-10 10:21 <DIR> --d----- c:\program files\iPod
2009-05-10 10:20 <DIR> --d----- c:\program files\iTunes
2009-05-10 10:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-03 02:54 <DIR> --d----- c:\program files\Free Window Registry Repair
2009-05-02 10:32 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-02 10:29 7,441 a------- c:\windows\system32\BIN_STRSBW.SPT
2009-05-01 20:44 <DIR> --d----- c:\program files\WinClamAVShield
2009-05-01 20:31 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-05-01 20:31 <DIR> --d----- c:\docume~1\joelga~1\applic~1\Spyware Terminator
2009-05-01 20:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2009-05-01 20:30 <DIR> --d----- c:\program files\Spyware Terminator
2009-04-30 22:32 0 a------- c:\windows\st_1241167200.exe
2009-04-30 22:32 0 a------- c:\windows\st_1241148772.exe
2009-04-30 22:25 <DIR> --d----- c:\program files\ESET
2009-04-30 21:17 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-04-30 21:17 10,752 -------- c:\windows\pp06.exe
2009-04-30 21:17 2 ----h--- c:\windows\t55ft2692f44.dat
2009-04-30 21:17 <DIR> --d----- c:\windows\system32\796525
2009-04-16 20:57 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-16 20:57 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-16 20:57 35,328 -c------ c:\windows\system32\dllcache\sc.exe
2009-04-16 20:57 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-16 20:57 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-16 20:57 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 20:57 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 20:57 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 20:57 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-16 20:57 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-16 20:52 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-16 20:52 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 20:52 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-11 18:04 <DIR> --d----- c:\program files\common files\DivX Shared

==================== Find3M ====================

2009-04-12 09:58 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-24 14:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-02-24 14:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-02-24 14:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-02-24 14:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-02-24 14:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-02-24 14:34 684,032 a------- c:\windows\system32\DivX.dll
2009-02-20 13:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-17 15:39 128,840 a------- c:\windows\system32\Metacafe.scr
2009-02-16 00:31 81,984 a------- c:\windows\system32\bdod.bin

============= FINISH: 11:15:37.10 ===============

ATTACH.TXT


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/7/2007 12:26:08 AM
System Uptime: 5/10/2009 10:50:16 AM (1 hours ago)
Processor: Intel® Pentium® M processor 1.60GHz | N/A | 1596/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 25 GiB total, 4.414 GiB free.
D: is FIXED (NTFS) - 68 GiB total, 18.941 GiB free.
E: is Removable
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP562: 3/29/2009 9:47:45 AM - System Checkpoint
RP563: 3/31/2009 8:30:40 PM - System Checkpoint
RP564: 4/1/2009 8:58:37 PM - System Checkpoint
RP565: 4/3/2009 11:48:39 PM - System Checkpoint
RP566: 4/5/2009 12:06:14 PM - System Checkpoint
RP567: 4/6/2009 7:29:41 PM - System Checkpoint
RP568: 4/7/2009 10:57:56 PM - System Checkpoint
RP569: 4/11/2009 9:20:13 AM - System Checkpoint
RP570: 4/12/2009 12:38:50 PM - System Checkpoint
RP571: 4/13/2009 7:30:01 PM - System Checkpoint
RP572: 4/15/2009 8:47:19 PM - System Checkpoint
RP573: 4/16/2009 9:57:33 PM - System Checkpoint
RP574: 4/17/2009 1:15:51 AM - Software Distribution Service 3.0
RP575: 4/18/2009 11:42:17 AM - System Checkpoint
RP576: 4/19/2009 5:59:04 PM - System Checkpoint
RP577: 4/21/2009 9:43:56 PM - System Checkpoint
RP578: 4/22/2009 12:33:32 AM - Software Distribution Service 3.0
RP579: 4/22/2009 8:25:56 AM - Installed Windows XP WgaNotify.
RP580: 4/23/2009 11:12:59 PM - System Checkpoint
RP581: 4/28/2009 8:43:43 PM - System Checkpoint
RP582: 4/29/2009 8:59:44 PM - System Checkpoint
RP583: 4/30/2009 10:25:27 PM - Installed ESET NOD32 Antivirus
RP584: 5/1/2009 10:34:51 PM - System Checkpoint
RP585: 5/1/2009 11:11:15 PM - Spyware Terminator - restore point
RP586: 5/2/2009 12:19:57 AM - Installed Windows Defender
RP587: 5/2/2009 12:53:07 AM - Software Distribution Service 3.0
RP588: 5/2/2009 1:39:57 AM - Software Distribution Service 3.0
RP589: 5/2/2009 9:25:51 AM - Software Distribution Service 3.0
RP590: 5/2/2009 10:30:40 AM - Avira AntiVir Personal - 5/2/2009 10:30
RP591: 5/3/2009 10:56:02 AM - System Checkpoint
RP592: 5/6/2009 1:15:03 AM - Software Distribution Service 3.0
RP593: 5/7/2009 12:19:59 AM - Software Distribution Service 3.0
RP594: 5/7/2009 9:47:46 PM - Software Distribution Service 3.0
RP595: 5/9/2009 8:59:15 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
7-Zip 4.57
AAC Decoder
Able2Extract Professional v4.0
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.1.0
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoUpdate
Bluetooth Virtual COM Port
Bonjour
Business Contact Manager for Outlook 2003
Citrix Presentation Server Client - Web Only
Critical Update for Windows Media Player 11 (KB959772)
Delicious Add-on for Internet Explorer
DivX Codec
DivX Converter
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Updater (AOL LLC)
DVgate Plus
East-Tec Eraser 2008 Version 8.9
ESET NOD32 Antivirus
Free Window Registry Repair
GMail Drive Shell Extension
Google Chrome
Google Desktop
Google Gmail Notifier
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
HijackThis 2.0.2
Home Key Logger Free Edition v1.70 (remove only)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HotKey Utility
Image Resizer Powertoy for Windows XP
Intel® PRO Network Adapters and Drivers
InterVideo WinDVD 5 for VAIO
ISScript
iTunes
Java 2 Runtime Environment, SE v1.4.2_01
Listing Factory 2008 v3.0
Logitech Audio Echo Cancellation Component
Logitech Desktop Messenger
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
MagicDisc 2.6.93
Memory Stick Formatter
Metacafe
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008 Equifax Addin
Microsoft Office Accounting 2008 Fixed Asset Manager
Microsoft Office Accounting 2008 PayPal Addin
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Small Business Connectivity Components
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Works 7.0
MKV Splitter
Move Networks Media Player for Internet Explorer
Mozilla Firefox (2.0.0.9)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Music Rescue 3.1.2
MVision
Netflix Movie Viewer
Nvu 1.0
OpenMG Limited Patch 3.4-03-12-16-01
OpenMG Secure Module 3.4.00
PANDA-IGS
PhotoScape
PictureGear Studio 2.0
PowerISO
QuickTime
Samsung SCX-4100 Series
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Skype™ 3.8
SoftV92 Data Fax Modem
SonicStage 2.0.02
Sony Certificate PCH
Sony Notebook Setup
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
Sony XBRITE Screen Saver
SoundMAX
Spyware Terminator
TD AMERITRADE StrategyDesk 3.0
The Options Toolbox v5.0
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VAIO Entertainment Platform
VAIO Help and Support
VAIO Media 3.0
VAIO Media Integrated Server 3.0
VAIO Media Redistribution 3.0
VAIO Power Management
VAIO Registration
VAIO SLIT-C Screen Saver
VAIO SLIT Pattern Wallpaper
VAIO Update 2
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
WebFldrs XP
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 4.0.1
WinRAR archiver
Yahoo! Install Manager
ZIP Reader 8.00.0018

==== Event Viewer Messages From Past Week ========

5/6/2009 12:22:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/6/2009 1:18:03 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.57.806.0).
5/5/2009 11:50:56 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/5/2009 11:50:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
5/5/2009 11:17:04 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/5/2009 11:02:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/5/2009 11:01:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/5/2009 11:01:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb DMICall ehdrv Fips intelppm SCDEmu sp_rsdrv2 ssmdrv
5/5/2009 11:00:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/5/2009 10:57:25 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 000E353D5408. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
5/4/2009 11:06:56 PM, error: Dhcp [1002] - The IP address lease 169.254.162.33 for the Network Card with network address 000E353D5408 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

Edited by Maurice Naggar, 10 May 2009 - 12:29 PM.


BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:25 PM

Posted 10 May 2009 - 12:19 PM

Hello elmsley4.

Your system has a rogue malware. If a message window is still there, use ALT + F4 keys on your keyboard to close the window.
Press and HOLD ALT key and then press F4 function key.


You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!
These steps are for member elmsley4 only. If you are a lurker, do NOT try this on your system!
If you are not elmsley4 and have a similar problem, do NOT post here; start your own topic


Do not run or start any other programs while these utilities and tools are in use!
Posted Image Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.


Let's have you start with the following:

Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

Take out the trash (temporary files & temporary internet files)
Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.
Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:
Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
ATF-Cleaner should be run per the above in every user-login account {User Profile}

=

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from
>>> here <<<
  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
  • This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.
Next, Download The Avenger by Swandog46 from here.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Unzip/extract The Avenger to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Drivers to delete:
    pp
    
    Files to delete:
    c:\windows\pp06.exe
    c:\windows\t55ft2692f44.dat
    c:\windows\9g2234wesdf3dfgjf23
    
    Folders to delete:
    c:\windows\system32\796525
    c:\windows\9g2234wesdf3dfgjf23
    C:\recycler
    D:\recycler
    e:\recycler
    f:\recycler
    g:\recycler
    h:\recycler
    
    Registry values to delete:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | pp
  • In the avenger window, click the Paste Script from Clipboard icon, Posted Image button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt) when I ask for it later.
=

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image


* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    Close your browser(s) and any open program window.
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

IF you should see a message like this:
Posted Image
then, be sure to write down fully and also copy that into your next reply here and then await for my response.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-------------------------------------------------------

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light.
If it is flashing, Combofix is still at work.
=

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference! Perhaps also save the file on your pc.

Close all browsers and all open windows & programs.

1. Please download SmitfraudFix (by S!Ri) and SAVE it to your Desktop.
Posted ImageIt's very important that you be using the most recent version (v2.416 as of this post).

2. Reboot into Safe Mode (Restart your computer, then continually tap F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. More at http://service1.symantec.com/SUPPORT/tsgen...001052409420406.)

3. Once in Safe Mode:
Double click the SmitFruadfix.exe file. It will create a folder named SmitfraudFix) on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Have plenty of patience as a Command prompt window opens. You'll eventually see a message and a "press any key to continue".
Press the space bar or any other key on the keyboard.

4. Select option #2 - Clean by typing 2 and pressing Enter to delete infected files.

5. You will be prompted: "Registry cleaning - Do you want to clean the registry ?" Answer "Yes" by typing Y and pressing Enter in order to remove the desktop background and clean registry keys associated with the infection.

6. The tool will then check if wininet.dll is infected. If prompted to replace the infected file (if found), answer "Yes" by typing Y and pressing Enter.

7. The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

8. A text file will appear onscreen with results from the cleaning process. Please copy/paste the content of that report into your next reply.

The report also may be found at the root of the system drive, usually at C:\rapport.txt

Notes:
  • process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. More on this at http://www.beyondlogic.org/consulting/proc...processutil.htm
  • Running option #2 on a non-infected computer will remove your Desktop background. No need to worry, you were infected
=
RE-Enable your AntiVirus and AntiSpyware applications.
Reply back with copy of
  • the C:\Avenger.txt log from above,
  • C:\Combofix.txt
  • C:\rapport.txt from SmitFraudFix run,
  • and, Tell me, How is your system now ?
Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You'll likely have to do more than 1 reply.

Edited by Maurice Naggar, 10 May 2009 - 12:26 PM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:25 PM

Posted 16 May 2009 - 11:49 AM

Closing due to lack of response. If you have not received help elsewhere AND the same issues are around AND you want assisted help here, send me or a moderator a PM to re-open this case.

Otherwise, this is closed. All others with similar issues, start your own topic; See and follow the steps at Preparation Guide For Use Before Using Hijackthis and other Malware Removal Tools, Instructions for receiving help in cleaning your computer
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users