Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Attacked By Spyware, Cant Clean


  • This topic is locked This topic is locked
12 replies to this topic

#1 javygirl178

javygirl178

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 21 August 2006 - 01:57 AM

Two days ago, I got attacked by spyware/virus etc. I have a pretty good selection of programs that I run to clean my computer off, but apparnetly these arent even working.

I have XoftSpy 4.22 that has found the SAME things every time I run it (and I've done that about 15 times in the last 2 days). Which leads me to believe it's not cleaning it off my computer cause it just comes back.

It keeps finding: AdShooter.SearchForit and Ultimate Defender as the main things every time. And the last couple of times, it has found Purityscan\ClickSpring.

The main problem I'm having (like I guess the "side effect" of it) is that my active window "loses access" every now and then and I have to re-click in the active window to "reactivate" it. it gets rather annoying. And I am still getting random pop ups that arent being blocked by pop up stopper. I think part of the thing making me "lose access" on the windows is when the pop ups are blocked...si there a way to completely get rid of this? Is it caused by the spyware I've menitoned? I have never had a pop up problem til this weekend.

Here are the specifics on my system:

Windows XP Home
SP 1 (I have had problmes with SP2 that is why I dont have it installed)
Pentium 4, 2.39GHz, 1GB RAM

I also use Ad-Aware SE, Spybot S&D, Spyware Blaster, Grisoft AVG, and the online scan Housecall
These programs found things and removed them, but they are still coming back.

Any help is greatly appreciated. Below is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 1:56:26 AM, on 8/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\PROGRA~1\ECURIT~1\taskmgr.exe
C:\Program Files\AnyDVD\AnyDVD.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\WINDOWS\TEMP\idd13C.tmp.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\?ystem32\r?gsvr32.exe
C:\Program Files\XoftSpy\XoftSpy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mb3.scout.com/fatlantabravesfrm1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mb3.scout.com/fatlantabravesfrm1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Xjybi] C:\Program Files\?ystem32\r?gsvr32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149517580328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149560709281
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://chat2.j2.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - https://www.contentwatch.com/audit/includes...uditControl.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/b...7207/MILive.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:25 AM

Posted 22 August 2006 - 05:43 AM

Hello,

Go to start > controlpanel > software > add/remove programs and uninstall next if present:

Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it.


If OIN not listed, download and run this uninstaller.

Reboot when done! Really important!

I notice that you do not seem to be running Antivirus software and a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them first!!

Avira, AVG OR Avast are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Agnitum Outpost Free OR Kerio are FREE firewalls.

Understanding and using firewalls

After you installed your Antivirus and firewall, Can you rename Hijackthis.exe to Analyse.exe
Then scan with Analyse.exe and post the log in your next reply (which will be a hijackthislog ofcourse)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 javygirl178

javygirl178
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 22 August 2006 - 08:10 PM

I didn't see any of the OIN things listed in my programs to uninstall (I think I had already uninstalled one the other day when this first happened). But I am re-posting my analyse log (hijackthis). I've installed the Kerio firewall...I already had the AVG Anti Virus on my computer but it just wasn't running at the time of the first hijack this scan.

Logfile of HijackThis v1.99.1
Scan saved at 8:09:15 PM, on 8/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\Analyse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mb3.scout.com/fatlantabravesfrm1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mb3.scout.com/fatlantabravesfrm1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17BF287A-145D-4D41-A0D2-7F3FE2F03923} - C:\WINDOWS\System32\ddaba.dll
O2 - BHO: (no name) - {5A3E97DD-2A08-48BC-8F43-C0DEABC90266} - C:\WINDOWS\System32\urqoomk.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\System32\nsyCF.dll
O2 - BHO: PPCScamBHO Class - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - C:\WINDOWS\g47949906.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149517580328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149560709281
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://chat2.j2.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - https://www.contentwatch.com/audit/includes...uditControl.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/b...7207/MILive.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddaba - C:\WINDOWS\System32\ddaba.dll
O20 - Winlogon Notify: h618 - C:\WINDOWS\g50296484.dll
O20 - Winlogon Notify: urqoomk - C:\WINDOWS\SYSTEM32\urqoomk.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winxtx32 - C:\WINDOWS\SYSTEM32\winxtx32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:25 AM

Posted 23 August 2006 - 01:19 AM

Hello,

It is important that you follow my next steps in exactly the same order as I describe without missing any step...

Please download VundoFix.exe to your C:\.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, Right click the list box (white box) in the main VundoFix window.
  • Select Add More Files? from the menu that comes up. This will open a new VundoFix window.
  • In the Window: copy and paste next in the first field: C:\WINDOWS\System32\ddaba.dll
  • Copy and paste next in the second field: C:\WINDOWS\SYSTEM32\urqoomk.dll
  • Copy and paste next in the third field: C:\WINDOWS\SYSTEM32\winxtx32.dll
  • Click the Add Files button.
  • Click the "Close Window" button.
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
After reboot..

* Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.

After reboot,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O2 - BHO: (no name) - {17BF287A-145D-4D41-A0D2-7F3FE2F03923} - C:\WINDOWS\System32\ddaba.dll
O2 - BHO: (no name) - {5A3E97DD-2A08-48BC-8F43-C0DEABC90266} - C:\WINDOWS\System32\urqoomk.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\System32\nsyCF.dll
O2 - BHO: PPCScamBHO Class - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - C:\WINDOWS\g47949906.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll (file missing)
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll (file missing)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O20 - Winlogon Notify: ddaba - C:\WINDOWS\System32\ddaba.dll
O20 - Winlogon Notify: h618 - C:\WINDOWS\g50296484.dll
O20 - Winlogon Notify: urqoomk - C:\WINDOWS\SYSTEM32\urqoomk.dll
O20 - Winlogon Notify: winxtx32 - C:\WINDOWS\SYSTEM32\winxtx32.dll


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Please download, install, and update Ewido anti-spyware
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close Ewido and reboot!!
  • Post the contents of the Ewido log you saved in your next reply, together with the contents of C:\vundofix.txt, the contents of the logfile c\windelf.txt and a new HiJackThis log.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 javygirl178

javygirl178
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 23 August 2006 - 02:26 AM

I have done everything listed exactly in the same order. Here are the logs requested. Thanks!

Ewido Log
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:20:13 AM 8/23/2006

+ Scan result:



C:\WINDOWS\em.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\876057.exe -> Adware.Mirar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Common Files\mkuf\mkufd\mkufc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\VundoFix Backups\qomjhge.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\urqoomk.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Program Files\HijackThis\backups\backup-20060823-014954-717.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\WINDOWS\__delete_on_reboot__g_4_7_9_4_9_9_0_6_._d_l_l_ -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\WINDOWS\g111176187.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\WINDOWS\g124259250.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\WINDOWS\g130742015.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\WINDOWS\g150193328.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\WINDOWS\g21901031.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\WINDOWS\g28383156.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\WINDOWS\g41467609.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\WINDOWS\g7274812.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\WINDOWS\g793515.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\compstuih.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
[1400] C:\WINDOWS\g47949906.dll -> Downloader.Delf.aeo : Error during cleaning.
C:\WINDOWS\system32\actskn45.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.770:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.208:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.575:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.644:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.684:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.712:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.719:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.776:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.812:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.827:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.842:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.847:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.940:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.862:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.863:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.865:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.888:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.896:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.897:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.900:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.902:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.903:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.904:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.305:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.876:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.881:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.890:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.891:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.892:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.893:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.894:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.952:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
:mozilla.677:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.858:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.895:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.898:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.906:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.264:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.466:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.467:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.468:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.469:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.877:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.945:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.557:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.510:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.511:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.512:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.513:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.514:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.515:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.516:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.517:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.905:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.907:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.909:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.910:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.918:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.919:C:\Documents and Settings\Queen Rachel\Application Data\Flock\Browser\Profiles\wx69qdj6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


::Report end


C:\vundofix.txt

VundoFix V6.1.2

Checking Java version...

Java version is 1.5.0.3

Scan started at 1:29:11 AM 8/23/2006

Listing files found while scanning....

C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\abadd.ini
C:\WINDOWS\system32\abadd.bak1
C:\WINDOWS\system32\abadd.bak2
C:\WINDOWS\system32\abadd.ini2
C:\WINDOWS\system32\abadd.tmp
C:\WINDOWS\system32\qomjhge.dll
C:\WINDOWS\system32\urqoomk.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\ddaba.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\abadd.ini
C:\WINDOWS\system32\abadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\abadd.bak1
C:\WINDOWS\system32\abadd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\abadd.bak2
C:\WINDOWS\system32\abadd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\abadd.ini2
C:\WINDOWS\system32\abadd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\abadd.tmp
C:\WINDOWS\system32\abadd.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomjhge.dll
C:\WINDOWS\system32\qomjhge.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqoomk.dll
C:\WINDOWS\system32\urqoomk.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\ddaba.dll
C:\WINDOWS\System32\ddaba.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\winxtx32.dll
C:\WINDOWS\SYSTEM32\winxtx32.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.2

Checking Java version...

Java version is 1.5.0.3

Scan started at 1:36:43 AM 8/23/2006

Listing files found while scanning....

No infected files were found.



c\windelf.txt
************************
* WIN32DELFKIL LOGFILE *
************************
by Marckie


BEFORE RUNNING WIN32DELFKIL
***************************

File(s) found in Windows directory
----------------------------------
g111176187.dll
g124259250.dll
g130742015.dll
g150193328.dll
g21901031.dll
g28383156.dll
g41467609.dll
g47949906.dll
g7274812.dll
g793515.dll

File(s) found in system32 folder
--------------------------------

Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{259BA022-2005-45E9-A965-10EDB9C00618}"="Windowz Updater"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}"="g322"


sharedtaskkey: 259BA022-2005-45E9-A965-10EDB9C00618
---------------------------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}]
@="C:\\WINDOWS\\g50296484.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}\InprocServer32]
@="C:\\WINDOWS\\g50296484.dll"
"ThreadingModel"="Apartment"


sharedtaskkey: A4F94C0C-54A7-4DB1-9AF3-B22E63D00322
---------------------------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}\InprocServer32]
@="C:\\WINDOWS\\g47949906.dll"
"ThreadingModel"="Apartment"



Notify key
----------



AFTER RUNNING WIN32DELFKIL
**************************

File(s) found in Windows directory
----------------------------------
g111176187.dll
g124259250.dll
g130742015.dll
g150193328.dll
g21901031.dll
g28383156.dll
g41467609.dll
g47949906.dll
g7274812.dll
g793515.dll

File(s) found in system32 folder
--------------------------------
Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{259BA022-2005-45E9-A965-10EDB9C00618}"="Windowz Updater"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}"="g322"


sharedtaskkey: 259BA022-2005-45E9-A965-10EDB9C00618
---------------------------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}]
@="C:\\WINDOWS\\g50296484.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}\InprocServer32]
@="C:\\WINDOWS\\g50296484.dll"
"ThreadingModel"="Apartment"


sharedtaskkey: A4F94C0C-54A7-4DB1-9AF3-B22E63D00322
---------------------------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}\InprocServer32]
@="C:\\WINDOWS\\g47949906.dll"
"ThreadingModel"="Apartment"



Notify key
----------


HijackThis Log
Logfile of HijackThis v1.99.1
Scan saved at 2:26:02 AM, on 8/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\Analyse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mb3.scout.com/fatlantabravesfrm1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mb3.scout.com/fatlantabravesfrm1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149517580328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149560709281
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://chat2.j2.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - https://www.contentwatch.com/audit/includes...uditControl.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/b...7207/MILive.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:25 AM

Posted 23 August 2006 - 04:19 AM

Hello,

We really made progress here.. but I am pretty sure that some files are still present there which aren't flagged yet..

Let's deal with some leftovers in the registry first..

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00618}"=-
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Check and fix next entry in hijackthis:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Then, * Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 javygirl178

javygirl178
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 23 August 2006 - 09:28 AM

I started the combofix thing, but it seemed to not be doing anything even though I didnt click on the window. How long is that supposed to take? Maybe I dindt wait long enough for it to do its thing.

But I did the fix.reg thing and cleared the entry out you requested. When I get back from work I'll try the other thing (combofix) again. Thanks!

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:25 AM

Posted 23 August 2006 - 09:54 AM

What does it say in the combofix window? When you start it, it will ask your input first... It will say: type Y to continue or N to abort. In this case you have to type Y and hit enter. Then it will start it.

If that doesn't work, try next...

Since I don't know the right path to your desktop where combofix is located, I suggest you move combofix.exe to your C:\
So the right path should be C:\combofix.exe

I actually only need a part of the log from combofix, so to get this, go to start > run and copy and paste next command in the field:

C:\combofix.exe /f3m hit enter

This should also give the log.

Edited by miekiemoes, 23 August 2006 - 09:54 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 javygirl178

javygirl178
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 23 August 2006 - 06:13 PM

This is quite a long log...this is what it gave me when I typed the info into the run box.

((((((((((((((((((((((((((((((( Files Created from 2006-07-23 to 2006-08-23 ))))))))))))))))))))))))))))))))))


2006-08-23 09:06 297,270 --a------ C:\combofix.exe
2006-08-23 01:43 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2006-08-23 01:43 16,384 --a------ C:\WINDOWS\system32\restart.exe
2006-08-23 01:43 13,758 --a------ C:\delfiles.bat
2006-08-22 19:55 13,844 --a------ C:\WINDOWS\system32\asqtprhm.exe
2006-08-22 10:49 13,844 --a------ C:\WINDOWS\system32\tsolmvfu.exe
2006-08-21 19:41 13,844 --a------ C:\WINDOWS\system32\ggrvctjx.exe
2006-08-19 11:28 67,584 --------- C:\WINDOWS\system32\unPPC.exe
2006-08-19 11:28 66,560 --------- C:\WINDOWS\system32\unPPC6000.exe
2006-08-19 11:28 37,376 --------- C:\WINDOWS\system32\PPCOUNIN.exe
2006-08-19 11:28 32,256 --------- C:\WINDOWS\system32\unMAX.exe
2006-08-19 11:28 31,232 --------- C:\WINDOWS\system32\unACC.exe
2006-08-19 11:28 18,432 --------- C:\WINDOWS\system32\PPCInfo.exe
2006-08-19 11:28 10,752 --------- C:\WINDOWS\system32\PopWait.exe
2006-08-19 02:33 115,157 --a------ C:\WINDOWS\Justin.exe
2006-08-19 02:33 1,167 --a------ C:\WINDOWS\system32\frl35faa.sys
2006-08-10 16:16 262,240 --a------ C:\WINDOWS\system32\MILiveDownload3.dll
2006-08-04 02:02 981,504 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-08-04 02:02 82,432 --a------ C:\WINDOWS\system32\drmstor.dll
2006-08-04 02:02 816,264 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-04 02:02 81,408 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-04 02:02 760,968 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-04 02:02 678,912 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-04 02:02 670,208 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-08-04 02:02 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2006-08-04 02:02 410,248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-08-04 02:02 301,712 --a------ C:\WINDOWS\system32\drmclien.dll
2006-08-04 02:02 253,952 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-04 02:02 241,664 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-04 02:02 241,664 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-08-04 02:02 232,960 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-04 02:02 218,112 --a------ C:\WINDOWS\system32\wmasf.dll
2006-08-04 02:02 2,058,888 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-07-24 00:44 32,256 --a------ C:\WINDOWS\system32\msgsvc.dll
2006-07-24 00:43 831,519 --a------ C:\WINDOWS\system32\mswdat10.dll
2006-07-24 00:43 614,431 --a------ C:\WINDOWS\system32\mswstr10.dll
2006-07-24 00:43 552,989 --a------ C:\WINDOWS\system32\msrepl40.dll
2006-07-24 00:43 53,279 --a------ C:\WINDOWS\system32\msjter40.dll
2006-07-24 00:43 512,029 --a------ C:\WINDOWS\system32\msexch40.dll
2006-07-24 00:43 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2006-07-24 00:43 380,957 --a------ C:\WINDOWS\system32\expsrv.dll
2006-07-24 00:43 358,976 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2006-07-24 00:43 348,189 --a------ C:\WINDOWS\system32\msxbde40.dll
2006-07-24 00:43 348,189 --a------ C:\WINDOWS\system32\mspbde40.dll
2006-07-24 00:43 319,517 --a------ C:\WINDOWS\system32\msexcl40.dll
2006-07-24 00:43 315,423 --a------ C:\WINDOWS\system32\msrd3x40.dll
2006-07-24 00:43 30,749 --a------ C:\WINDOWS\system32\vbajet32.dll
2006-07-24 00:43 258,077 --a------ C:\WINDOWS\system32\mstext40.dll
2006-07-24 00:43 241,693 --a------ C:\WINDOWS\system32\msjtes40.dll
2006-07-24 00:43 151,583 --a------ C:\WINDOWS\system32\msjint40.dll
2006-07-24 00:43 1,507,356 --a------ C:\WINDOWS\system32\msjet40.dll
2006-07-24 00:42 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
2006-07-23 17:55 260,096 --a------ C:\WINDOWS\system32\mstask.dll
2006-07-23 17:55 172,544 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-07-23 17:55 10,752 --a------ C:\WINDOWS\system32\mstinit.exe
2006-07-23 12:28 127,208 --a------ C:\WINDOWS\system32\mucltui.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-23 09:26 125 ---hs---- C:\Documents and Settings\Queen Rachel\Application Data\.zreglib
2006-08-23 09:05 -------- d-------- C:\Program Files\HijackThis
2006-08-23 02:03 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-23 01:42 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-23 00:21 -------- d-------- C:\Program Files\Setup Files
2006-08-23 00:18 -------- d-------- C:\Documents and Settings\Queen Rachel\Application Data\LimeWire
2006-08-22 20:46 -------- d-------- C:\Program Files\Common Files\mkuf
2006-08-22 20:46 -------- d-------- C:\Program Files\Common Files\{58AFAAE8-0958-1033-0120-030816020001}
2006-08-22 20:08 -------- d-------- C:\Program Files\Kerio
2006-08-22 20:02 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-22 20:02 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-08-22 20:02 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-08-22 20:02 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-08-22 20:02 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-08-22 20:02 -------- d-------- C:\Documents and Settings\Queen Rachel\Application Data\AVG7
2006-08-22 20:01 -------- d---s---- C:\Documents and Settings\Queen Rachel\Application Data\Microsoft
2006-08-22 09:48 -------- d-------- C:\Program Files\?ecurity
2006-08-22 09:21 -------- d-------- C:\Program Files\?ystem32
2006-08-19 21:01 -------- d-------- C:\Documents and Settings\Queen Rachel\Application Data\SlySoft
2006-08-19 20:55 -------- d-------- C:\Program Files\PolderbitS
2006-08-19 20:52 -------- d-------- C:\Program Files\AnyDVD
2006-08-19 20:46 -------- d-------- C:\Documents and Settings\Queen Rachel\Application Data\Elaborate Bytes
2006-08-19 20:45 -------- d-------- C:\Program Files\CloneDVD2
2006-08-19 17:51 -------- d-------- C:\Documents and Settings\Queen Rachel\Application Data\Sun
2006-08-19 17:46 -------- d-------- C:\Program Files\PeoplePC
2006-08-19 10:44 -------- d-------- C:\Program Files\SpywareBlaster
2006-08-19 10:38 -------- d-------- C:\Program Files\Common Files
2006-08-19 02:37 -------- d-------- C:\Program Files\InetGet2
2006-08-18 22:11 -------- d-------- C:\Program Files\Trillian
2006-08-18 21:05 -------- d-------- C:\Program Files\XoftSpy
2006-08-18 20:46 -------- d-------- C:\Program Files\WinZip
2006-08-18 00:49 -------- d-------- C:\Program Files\PicSizer
2006-08-17 20:58 20096 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-08-16 22:42 -------- d-------- C:\Program Files\ArcSoft
2006-08-15 21:11 -------- d-------- C:\Program Files\LimeWire
2006-08-14 20:06 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-06 23:55 -------- d-------- C:\Program Files\MSN Messenger
2006-08-06 14:27 -------- d-------- C:\Program Files\NCR Media Formats
2006-08-06 14:26 -------- d-------- C:\Program Files\NCR
2006-08-04 20:50 -------- d-------- C:\Program Files\SmartDraw 7
2006-08-04 02:02 -------- d-------- C:\Program Files\Windows Media Player
2006-07-29 12:27 -------- d-------- C:\Documents and Settings\Queen Rachel\Application Data\uTorrent
2006-07-28 22:34 -------- d-------- C:\Program Files\Piolet
2006-07-28 21:24 -------- d-------- C:\Program Files\iMesh Applications
2006-07-28 21:24 -------- d-------- C:\Documents and Settings\Queen Rachel\Application Data\iMesh
2006-07-28 01:17 -------- d-------- C:\Program Files\eMusic Download Manager
2006-07-27 09:28 -------- d-------- C:\Documents and Settings\Queen Rachel\Application Data\VERITAS
2006-07-27 09:23 -------- d-------- C:\Program Files\Allume Systems
2006-07-22 00:50 -------- d-------- C:\Documents and Settings\Queen Rachel\Application Data\Clark Color Labs
2006-07-22 00:48 -------- d-------- C:\Documents and Settings\Queen Rachel\Application Data\Simple Star
2006-07-21 03:30 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-19 18:36 -------- d-------- C:\Documents and Settings\Queen Rachel\Application Data\Real
2006-07-19 18:31 -------- d-------- C:\Program Files\Real
2006-07-19 18:31 -------- d-------- C:\Program Files\Common Files\xing shared
2006-07-19 18:31 -------- d-------- C:\Program Files\Common Files\Real
2006-07-18 00:44 -------- d-------- C:\Program Files\File Scavenger 3.0
2006-07-13 03:50 595968 --a------ C:\WINDOWS\system32\xpsp2res.dll
2006-07-12 20:31 -------- d-------- C:\Program Files\Quick Screen Capture
2006-07-05 01:12 -------- d-------- C:\Program Files\Xilisoft
2006-07-05 01:07 -------- d-------- C:\Program Files\WinRAR
2006-07-05 00:48 -------- d-------- C:\Program Files\Slide
2006-07-05 00:42 -------- d-------- C:\Program Files\LitexMedia
2006-07-04 23:17 -------- d-------- C:\Program Files\AnMing
2006-07-02 23:20 -------- d-------- C:\Documents and Settings\Queen Rachel\Application Data\MySpace
2006-07-02 21:49 -------- d-------- C:\Program Files\Flock
2006-07-02 21:49 -------- d-------- C:\Documents and Settings\Queen Rachel\Application Data\Mozilla
2006-07-02 21:49 -------- d-------- C:\Documents and Settings\Queen Rachel\Application Data\Flock
2006-06-25 21:00 -------- d-------- C:\Program Files\Outlook Express
2006-06-25 12:55 -------- d-------- C:\Program Files\coolpro2
2006-06-25 12:53 -------- d-------- C:\Documents and Settings\Queen Rachel\Application Data\Syntrillium
2006-06-12 18:06 1386496 --a------ C:\WINDOWS\system32\msvbvm60.dll
2006-06-03 02:18 869 --a------ C:\Documents and Settings\Queen Rachel\Application Data\AdobeDLM.log
2006-06-03 02:18 0 --a------ C:\Documents and Settings\Queen Rachel\Application Data\dm.ini
2006-06-01 20:56 0 -rahs---- C:\MSDOS.SYS
2006-06-01 20:56 0 -rahs---- C:\IO.SYS
2006-06-01 20:56 0 --a------ C:\CONFIG.SYS
2006-06-01 20:56 0 --a------ C:\AUTOEXEC.BAT
2006-06-01 15:45 62 --ahs---- C:\Documents and Settings\Queen Rachel\Application Data\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"UpdateManager"="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Components\\vupdman32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"Mn@iboddPubswLfov"=dword:00000000
"Mn@mlrf"=dword:00000000
"MnOndNeg"=dword:00000000
"MnQtm"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"Ghp`amfUbrhLds"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5A3E97DD-2A08-48BC-8F43-C0DEABC90266}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^Queen Rachel^Start Menu^Programs^Startup^Slide.exe.lnk]
"path"="C:\\Documents and Settings\\Queen Rachel\\Start Menu\\Programs\\Startup\\Slide.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\Slide.exe.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Slide\\Slide.exe "
"item"="Slide.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\BCMSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCMSMMSG"
"hkey"="HKLM"
"command"="BCMSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1149215974\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\IPHSend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPHSend"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\PhotoShow Deluxe Media Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mssysmgr"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\CLARKC~1\\CLARKC~1\\data\\Xtras\\mssysmgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\winupdates]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winupdates"
"hkey"="HKLM"
"command"="C:\\Program Files\\winupdates\\winupdates.exe /auto"
"inimapping"="0"



Completion time: Wed 08/23/2006 18:11:20.00
ComboFix.txt




This is the hijackthis log.
Logfile of HijackThis v1.99.1
Scan saved at 6:12:47 PM, on 8/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\AnyDVD\AnyDVD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\Analyse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mb3.scout.com/fatlantabravesfrm1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mb3.scout.com/fatlantabravesfrm1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149517580328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149560709281
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://chat2.j2.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - https://www.contentwatch.com/audit/includes...uditControl.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/b...7207/MILive.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:25 AM

Posted 23 August 2006 - 06:45 PM

Let's deal with the leftovers now..

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"Mn@iboddPubswLfov"=-
"Mn@mlrf"=-
"MnOndNeg"=-
"MnQtm"=-

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{5A3E97DD-2A08-48BC-8F43-C0DEABC90266}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\winupdates]

Save this as fix2.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.

Delete next files and folders:

C:\WINDOWS\system32\asqtprhm.exe
C:\WINDOWS\system32\tsolmvfu.exe
C:\WINDOWS\system32\ggrvctjx.exe
C:\WINDOWS\Justin.exe
C:\WINDOWS\system32\frl35faa.sys
C:\Program Files\Common Files\mkuf <== folder
C:\Program Files\Common Files\{58AFAAE8-0958-1033-0120-030816020001} <==folder
C:\Program Files\InetGet2 <== folder

Next is a bit more advanced to delete, since this infection uses names of legit files and folders, so make sure you don't delete the legitimate one!!

C:\Program Files\?ecurity <== this folder, will most probably look like security. Please make sure you don't delete the legit security folder. The one you have to delete, when you rightclick the folder and choose properties, the date should be 2006-08-22 09:48

C:\Program Files\?ystem32 <== this folder, will most probably look like system32. Please make sure you don't delete the legit system32 folder present in your windows folder!. The one you have to delete, when you rightclick the folder and choose properties, the date should be 2006-08-22 09:21

Let me know in your next reply how things are running now...
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 javygirl178

javygirl178
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 23 August 2006 - 10:22 PM

Well, so far so good. no annoyances anymore (at least yet)...although UltimateDefender is still being found with XoftSpy. But other than that, I dont have any other computer problems. It's running like it used to again. So for now, I guess when its found in the scan, I'll just remove it each time.

Anyway, thanks so much for your help!! GREATLY Appreciated!!!

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:25 AM

Posted 24 August 2006 - 12:52 AM

Glad I could help. :thumbsup:

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates, so visit asap: http://windowsupdate.microsoft.com/ to update to SP2!
Effective October 11, 2006, Windows XP SP1 and SP1a will transition to a non-supported status. After this date, Microsoft will no longer provide any incident support options or security updates. Existing support documents, however, will continue to be available through the Microsoft Support Product Solution Center Web site.
http://support.microsoft.com/gp/lifean19

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

Also visit this Free Online Scanner for PC Health and Safety and Microsoft Security At Home for tips to Protect your Pc, Protect yourself and Protect your Family.

More info on how to prevent malware you can also find here (By Tony Klein)
and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

Also read: Simple and easy ways to keep your computer safe and secure on the Internet

Happy surfing again! :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:25 AM

Posted 25 August 2006 - 04:22 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users