Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Trojan Clicker & Trojan Downloader on XP


  • This topic is locked This topic is locked
25 replies to this topic

#1 inthefog

inthefog

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Tennessee
  • Local time:12:01 AM

Posted 21 March 2010 - 12:47 PM

Please help...This is my first time. I read the Tutorials & I have ran all of the tools.....Pretty sure this computer has multiple problems.

In the fog again

Attached Files



BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:01 AM

Posted 24 March 2010 - 08:26 PM


Hello inthefog smile.gif Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.


Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.



After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.



You have two antivirus programs showing on your computer. This can cause you problems so I would suggest you remove one of the two.

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *On-access scanning disabled* (Updated)



I also need a GMER log so please do the following:


Download GMER Rootkit Scanner from here to your desktop.
  • Double click the exe file.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries




If GMER does not want to run add the following to those that you unchecked and try it again:

  • Registry
  • Files












Note: Please post the log in the reply window and do not make it an attachment. Do this with all subsequent replies unless I ask otherwise.







Thanks,



thewall





If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:01 AM

Posted 29 March 2010 - 07:39 PM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact my by PM. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#4 inthefog

inthefog
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Tennessee
  • Local time:12:01 AM

Posted 02 April 2010 - 05:33 PM

Please help. The bugs I have eat up all the resources, open programs or processes, freezes the computer. Im not sure how much longer the PC will continue running.

Im new at this. I hope I have all of the information correct.

Thank you in advance,

In The Fog




DDS (Ver_09-12-01.01) - NTFSx86
Run by main_user at 16:49:28.12 on Fri 04/02/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.326 [GMT -4:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\main_user\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {2f58eebb-ad1e-4aac-9293-ad0027553dff} - adHlpr Object
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: MessengerUpdate Class: {5948a52a-ba3a-49a8-bcaf-d578502bda9d} - c:\documents and settings\main_user\application data\messenger\drivers\MsgUpdate.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files\search toolbar\tbcore3.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IgfxSys] rundll32.exe "c:\documents and settings\main_user\application data\messenger\drivers\IgfxSys.dll",StartProtector
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [ezLife] 0 (0x0)
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-10 310320]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-5 162640]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-10 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-10 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100312.001\IDSXpx86.sys [2010-3-21 329592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-5 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-5 40384]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-10 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-9 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100331.034\NAVENG.SYS [2010-3-31 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100331.034\NAVEX15.SYS [2010-3-31 1324720]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-5 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-5 40384]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\samsung\samsung pc share manager\WiselinkPro.exe [2009-11-6 4235264]

=============== Created Last 30 ================

2010-03-16 01:31:50 0 ----a-w- c:\documents and settings\main_user\defogger_reenable
2010-03-16 00:57:29 0 d-----w- c:\windows\pss
2010-03-10 20:36:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-03-10 11:10:47 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-03-10 11:10:40 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-10 11:10:40 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-10 11:10:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-10 11:10:40 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-10 11:10:40 0 d-----w- c:\program files\Symantec
2010-03-10 11:10:40 0 d-----w- c:\program files\common files\Symantec Shared
2010-03-10 11:09:17 0 d-----w- c:\windows\system32\drivers\N360
2010-03-10 11:09:12 0 d-----w- c:\program files\Norton Security Suite
2010-03-10 11:09:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-03-10 11:08:57 0 d-----w- c:\program files\NortonInstaller
2010-03-10 11:08:57 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-03-05 23:43:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

==================== Find3M ====================

2010-04-02 20:01:42 10126 ----a-w- c:\docume~1\main_u~1\applic~1\wklnhst.dat
2010-03-10 11:10:24 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-10 11:10:08 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
1601-04-07 01:11:36 633680 ----a-w- c:\program files\Data1.dll
1601-02-08 09:15:34 683520 ----a-w- c:\program files\Data2.dll

============= FINISH: 16:50:28.26 ===============







UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/21/2008 1:01:40 PM
System Uptime: 4/2/2010 4:36:57 PM (0 hours ago)

Motherboard: Dell Computer Corporation | | Dimension 8100
Processor: Intel® Pentium® 4 CPU 1300MHz | Microprocessor | 1296/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 24.76 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 323.225 GiB free.
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP136: 12/30/2009 2:58:11 PM - System Checkpoint
RP137: 1/2/2010 4:06:15 PM - System Checkpoint
RP138: 1/3/2010 11:45:32 PM - System Checkpoint
RP139: 1/8/2010 4:09:56 PM - System Checkpoint
RP140: 1/11/2010 5:13:36 AM - System Checkpoint
RP141: 1/15/2010 10:36:16 PM - System Checkpoint
RP142: 1/19/2010 3:56:07 PM - Software Distribution Service 3.0
RP143: 1/20/2010 5:32:06 PM - System Checkpoint
RP144: 1/24/2010 1:05:58 AM - System Checkpoint
RP145: 1/24/2010 1:13:27 AM - Software Distribution Service 3.0
RP146: 1/26/2010 10:04:41 PM - Installed Java™ 6 Update 18
RP147: 1/26/2010 10:05:25 PM - Installed MSN Toolbar Setup
RP148: 1/28/2010 9:16:15 AM - System Checkpoint
RP149: 1/28/2010 12:56:04 PM - Cleaned registry with Windows Live OneCare safety scanner
RP150: 1/28/2010 7:09:44 PM - Software Distribution Service 3.0
RP151: 1/30/2010 12:13:33 PM - Software Distribution Service 3.0
RP152: 1/31/2010 4:02:21 AM - Software Distribution Service 3.0
RP153: 2/1/2010 4:11:46 AM - System Checkpoint
RP154: 2/5/2010 11:34:15 AM - Software Distribution Service 3.0
RP155: 2/10/2010 4:37:35 PM - Software Distribution Service 3.0
RP156: 2/10/2010 4:39:59 PM - Software Distribution Service 3.0
RP157: 2/10/2010 5:18:49 PM - Installed SAMSUNG PC Share Manager
RP158: 2/11/2010 10:32:01 PM - System Checkpoint
RP159: 2/13/2010 2:40:05 AM - Software Distribution Service 3.0
RP160: 2/13/2010 4:09:57 AM - Microsoft Antimalware Checkpoint
RP161: 2/13/2010 6:21:19 AM - Installed Roxio Easy Media Creator 7
RP162: 2/13/2010 6:31:52 AM - Installed Roxio Easy Media Creator 7
RP163: 2/13/2010 2:27:03 PM - Removed Roxio Easy Media Creator 7
RP164: 2/14/2010 6:58:28 PM - Software Distribution Service 3.0
RP165: 2/15/2010 3:28:41 AM - Software Distribution Service 3.0
RP166: 2/15/2010 4:18:45 AM - Installed Seagate Manager Installer
RP167: 2/15/2010 8:19:17 AM - Installed Trend Micro RUBotted
RP168: 2/20/2010 12:01:52 AM - Software Distribution Service 3.0
RP169: 3/4/2010 12:06:04 PM - Software Distribution Service 3.0
RP170: 3/4/2010 12:19:55 PM - Software Distribution Service 3.0
RP171: 3/4/2010 6:48:24 PM - Cleaned registry with Windows Live OneCare safety scanner
RP172: 3/5/2010 6:43:07 PM - avast! Free Antivirus Setup
RP173: 3/10/2010 2:15:16 AM - System Checkpoint
RP174: 3/10/2010 10:33:33 AM - Norton 360 Registry Clean
RP175: 3/10/2010 11:13:46 AM - Removed Trend Micro RUBotted
RP176: 3/10/2010 2:56:09 PM - Norton 360 Registry Clean
RP177: 3/13/2010 3:28:39 AM - Software Distribution Service 3.0
RP178: 3/16/2010 12:08:32 AM - System Checkpoint
RP179: 3/21/2010 3:01:58 PM - System Checkpoint
RP180: 3/25/2010 1:50:19 AM - System Checkpoint
RP181: 3/29/2010 12:04:16 PM - System Checkpoint
RP182: 3/31/2010 11:37:54 PM - System Checkpoint

==== Installed Programs ======================

2570
2570_Help
2570Trb
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3
AiO_Scan_CDA
AiOSoftwareNPI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Belarc Advisor 8.1
Bonjour
BufferChm
Comcast Desktop Software (v1.2.0.9)
Compatibility Pack for the 2007 Office system
Content Transfer
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CustomerResearchQFolder
Dell Driver Download Manager
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DocProc
DocumentViewer
DocumentViewerQFolder
DVD Decrypter (Remove Only)
eSupportQFolder
ezLife browser enhancer
Fax_CDA
FullDPAppQFolder
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Product Assistant
HP PSC & OfficeJet 5.3.A
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
InstantShareDevices
iTunes
Java Auto Updater
Java™ 6 Update 16
Java™ 6 Update 18
LG USB Drivers
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft Works 6-9 Converter
MP3 Rocket
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NewCopy_CDA
Norton Security Suite
OpenOffice.org 3.1
PanoStandAlone
PhotoGallery
ProductContextNPI
QuickTime
RandMap
Readme
Safari
SAMSUNG PC Share Manager
Scan
ScannerCopy
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SkinsHP1
SolutionCenter
Sonic_PrimoSDK
SpeedFan (remove only)
Spybot - Search & Destroy
Status
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

4/2/2010 3:43:56 PM, error: Print [19] - Sharing printer failed + 1722, Printer HP remote printers share name Printer2.
3/29/2010 11:32:06 AM, error: Dhcp [1002] - The IP address lease 68.169.162.238 for the Network Card with network address 00065B1E2C90 has been denied by the DHCP server 196.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/29/2010 11:16:20 AM, error: ACPI [5] - AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
3/29/2010 11:16:20 AM, error: ACPI [4] - AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
3/29/2010 11:08:32 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

==== End Of File ===========================








#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,995 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:01 AM

Posted 02 April 2010 - 08:59 PM

Hello inthefog,

I have merged you latest topic to your previous topic which I have reopened. Please keep all posts regarding this issue to this topic by using the Add Reply button found near the bottom of the topic. Starting new topics causes confusion for everyone and delays the assistance you receive. If you know you will be unable to respond to your topic, please inform your helper so he knows the topic has not been abandoned.

Back to you thewall,

Orange Blossom fruits_cherry.gif
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#6 inthefog

inthefog
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Tennessee
  • Local time:12:01 AM

Posted 02 April 2010 - 10:02 PM

Thank you for your speedy reply. Is the GMER report okay? Were you able to open the attachment?

Sorry, I thought I had to re-post this issue. It would have been a lot easier....to have used the last post...My bad..New to blogging & I dont instant message. I feel a little behind the times.

I just recently put Avast (@30 days ago) on my Desktop & I decided I really liked it. At the time I had Comcast for my ISP. Then Comcast changed from McAfee to Norton & I heard they had really cleaned their act up.

So, thinking I was being clever I tried DISABELING AVAST. I think they have been fighting a bit. Had a hard time trying to decide which one I liked better. I have heard Avast & Spybot S&B work well together so I am thinking about keeping AVAST. I have not heard anything about the capatibility between Norton & Spybot S&D.

Would welcome any advice you have now that you know a little more about my reports.

In The Fog

#7 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:01 AM

Posted 02 April 2010 - 10:11 PM

Thanks OB, I appreciate you merging the topics.


@inthefog

It's OK , we'll work it out.

Be sure to read the quote below and follow it's instructions. This will ensure you are notified when I post a reply to your topic.


QUOTE
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.





I'm not sure what happened when you attempted to attach the GMER log but what it seems to be is the GMER program itself rather than the log. Please post the log GMER generated in the reply window like you did the DDS logs. I have deleted the attachment from the previous post to ensure no one else clicks on it because it starts running once you unzipped and opened it.


If you have any problems just let me know.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#8 inthefog

inthefog
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Tennessee
  • Local time:12:01 AM

Posted 02 April 2010 - 10:11 PM

Sorry, My Bad! I think this was what you were looking for.

I hope this is better.

In The Fog

Attached Files

  • Attached File  ark.txt   6.6KB   5 downloads


#9 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:01 AM

Posted 02 April 2010 - 10:17 PM

That was what I wanted, thanks.

Let's give MalwareBytes a try first and then go from there:


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#10 inthefog

inthefog
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Tennessee
  • Local time:12:01 AM

Posted 02 April 2010 - 10:17 PM

I have tried pushing Options and then Track This Topic each time I get an error report that says, "You already subscribe to this topic"???

In The Fog

#11 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:01 AM

Posted 02 April 2010 - 11:22 PM

Just making sure you got my last post about running MalwareBytes and we didn't get crossed up in our posts.

If you are getting the message you state then you are already subscribed to the page and should be getting notifications by email.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#12 inthefog

inthefog
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Tennessee
  • Local time:12:01 AM

Posted 02 April 2010 - 11:33 PM

Okay, I ran the scan & computer re-started.

I had been running in selective start up because I have been trying to keep a few programs from starting. I clicked on normal start up. So I had to restart again to make changes.

At restart it said RUNDLL.dll error...yeah yeah yeah...messenger\Igfxsys.dll. So ran scan again..It says Im clean?

In The Fog


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3948

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/3/2010 12:00:45 AM
mbam-log-2010-04-03 (00-00-45).txt

Scan type: Quick scan
Objects scanned: 101192
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 13
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{d8c0508c-e235-4d9e-a27e-c8bb5f527dc9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e3a14032-f6fc-426d-a024-bead613d5db3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ezLife (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MessengerUpdateProject.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\messengerupdateproject.messengerupdat.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\messengerupdateproject.messengerupdate (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MsgU_pdate (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2f58eebb-ad1e-4aac-9293-ad0027553dff} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2f58eebb-ad1e-4aac-9293-ad0027553dff} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezlife (Adware.EZlife) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\main_user\Application Data\Messenger\Drivers (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\main_user\Application Data\Messenger\Drivers\Aud32 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\main_user\Application Data\Messenger\Sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.3.2.0 (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.3.6.0 (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Documents and Settings\main_user\Application Data\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Documents and Settings\main_user\Application Data\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Documents and Settings\main_user\Application Data\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Program Files\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Program Files\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Program Files\ezLife\ezLife\1.3.6.0 (Adware.EzLife) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\main_user\Application Data\Messenger\Drivers\MsgUpdate.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\main_user\Application Data\Messenger\Drivers\conf.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\main_user\Application Data\Messenger\Drivers\IgfxSys.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\main_user\Application Data\Messenger\Drivers\phuninst.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\main_user\Application Data\Messenger\Drivers\pub.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\main_user\Application Data\Messenger\Drivers\serial.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\main_user\Application Data\Messenger\Drivers\Aud32\go30.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\main_user\Application Data\Messenger\Drivers\Aud32\msgutil84.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\main_user\Application Data\Messenger\Drivers\Aud32\msgutil841.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\main_user\Application Data\Messenger\Sys\mu.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.3.2.0\SmartAdsxtra.dll (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.3.6.0\SmartAdsxtra.dll (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\ezLife\ezLife\1.3.6.0\ezLifextra.dll (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Program Files\ezLife\ezLife\1.3.6.0\uninstall.exe (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Program Files\Data1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Data2.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.



Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3948

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/3/2010 12:18:18 AM
mbam-log-2010-04-03 (00-18-18).txt

Scan type: Quick scan
Objects scanned: 101324
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxsys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#13 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:01 AM

Posted 03 April 2010 - 12:01 AM

Good deal. That took a lot off of the computer. We'll see if Kaspersky can find anything else:


It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:



Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Open the Kaspersky WebScanner
    page.
  • Click on the button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.


If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#14 inthefog

inthefog
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Tennessee
  • Local time:12:01 AM

Posted 03 April 2010 - 12:06 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, April 3, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, April 03, 2010 04:37:52
Records in database: 3913819
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 159857
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 08:36:38


File name / Threat / Threats count
F:\Julie Recovery\Julie's Desktop\dvd programs\BearShareV6.exe Infected: not-a-virus:AdWare.Win32.Mostofate.aa 1
F:\MUSIC\BearShare\BearShareV6.exe Infected: not-a-virus:AdWare.Win32.Mostofate.j 1

Selected area has been scanned.


#15 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:01 AM

Posted 03 April 2010 - 01:02 PM

See if you can delete these manually by using Windows Explorer. If you have any problems or don't feel comfortable doing it this way we can download a program to remove them with. Keep in mind the example below shows expanding the C: drive. You will be expanding the F: drive.



Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK



Use Windows Explorer to find and delete these files:

F:\Julie Recovery\Julie's Desktop\dvd programs\BearShareV6.exe
F:\MUSIC\BearShare\BearShareV6.exe


As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete



Now do the opposite of what you did above to Hide extensions for known file types and
to Hide protected operating system files (Recommended)



Reboot your computer and let me know when you have completed this.

Edited by thewall, 03 April 2010 - 01:03 PM.

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users