Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smithfraud + Reboot.exe


  • This topic is locked This topic is locked
13 replies to this topic

#1 rain183

rain183

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 11 December 2006 - 05:00 AM

hi hows it going. i was just wondering if anyone could help me or steer me in the right direction to deal with these 2 threats. i have run smithfraudfix and this is the log i got:

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Charlie


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Charlie\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Charlie\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

now im not sure how to interupt this but that is what i got after i ran safe mode and did a clean of the files in there

here is my hijackthis log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\?dobe\?ti2evxx.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Charlie\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\Charlie\LOCALS~1\Temp\~DP83.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EntriqMediaTray] "C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Wait extra time okay] C:\Documents and Settings\All Users\Application Data\STORE SURF WAIT EXTRA\bonedupe.exe
O4 - HKCU\..\Run: [Ooao] "C:\DOCUME~1\Charlie\APPLIC~1\SSTEM3~1\logonui.exe" -vt ndrv
O4 - HKCU\..\Run: [Qsx] C:\WINDOWS\system32\?dobe\?ti2evxx.exe
O4 - HKCU\..\Run: [ford beep] C:\DOCUME~1\Charlie\APPLIC~1\CHINLO~1\SurfCoolMulti.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132715462581
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://evideo.ufc.com/ufc/UFCMediaManager_3_3_1_20.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

now i do use spybot search and destroy and kaspersky anti virus and for both programs when i find the threat that may be a virus i get the blue screen of death for a quick second and then my computer restarts. im pretty sure i have some sort of smithfraud infection and i believe i may also have reboot.exe. if that is the case i cannot figure out a way to get rid of them at this point as the virus programs i use shut down as soon as they detect the problem restarting my computer.

any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:59 PM

Posted 11 December 2006 - 09:36 AM

Hello,

It is important you don't miss a step and perform everything in the right order!!

Go to start > controlpanel > software > add/remove programs and uninstall next if present:

Zone Media
Oin
Yazzle by Oin
YazzleActiveX By OIN
Purityscan by Oin
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it.


I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Reboot when done! Really important!

--------------------
After reboot....

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):

O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\Charlie\LOCALS~1\Temp\~DP83.dll (file missing)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Wait extra time okay] C:\Documents and Settings\All Users\Application Data\STORE SURF WAIT EXTRA\bonedupe.exe
O4 - HKCU\..\Run: [Ooao] "C:\DOCUME~1\Charlie\APPLIC~1\SSTEM3~1\logonui.exe" -vt ndrv
O4 - HKCU\..\Run: [Qsx] C:\WINDOWS\system32\?dobe\?ti2evxx.exe
O4 - HKCU\..\Run: [ford beep] C:\DOCUME~1\Charlie\APPLIC~1\CHINLO~1\SurfCoolMulti.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
<== this is a resource hog
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://evideo.ufc.com/ufc/UFCMediaManager_3_3_1_20.cab
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Don't worry if some entries won't go away, we'll deal with that later...

---------------------

Please download, install, and update AVG Anti-Spyware
  • Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close AVG Anti-Spyware and reboot!!
    I need the log later.
-------------------------

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post next logs in your following reply:
  • Log from combofix (combofix.txt)
  • Log from AVG Antispyware
  • New HijackThislog
You may need several replies to post the logs in case they won't fit in one reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 rain183

rain183
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 11 December 2006 - 12:24 PM

hi hows it going. ill start by doing the combofix write up then in another post ill do the hijackthis and adware write up.

Charlie - 06-12-11 12:11:23.70 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Charlie\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{3015A426-067B-1033-0112-020223040001}
C:\Program Files\Common Files\{4015A426-067B-1033-0112-020223040001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Charlie\Application Data\SSTEM3~1
C:\QooBox\Purity\Documents and Settings\Charlie\Application Data\SSTEM3~1\s?stem32
C:\QooBox\Purity\Program Files\Common Files\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\DOBE~1
C:\QooBox\Purity\WINDOWS\system32\DOBE~1\?ti2evxx.exe


((((((((((((((((((((((((((((((( Files Created from 2006-11-11 to 2006-12-11 ))))))))))))))))))))))))))))))))))


2006-12-11 11:36 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-11 11:36 <DIR> d-------- C:\Program Files\Grisoft
2006-12-11 04:26 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2006-12-11 04:26 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-11 04:26 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2006-12-11 04:26 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-11 04:26 3,948 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-11 04:26 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-11 04:26 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-11 03:41 73,728 --a------ C:\WINDOWS\system32\pv.exe
2006-12-11 03:41 39,184 --a------ C:\WINDOWS\system32\Ntrights.exe
2006-12-11 03:41 175,616 --a------ C:\WINDOWS\system32\strings.exe
2006-12-11 03:41 126,976 --a------ C:\WINDOWS\system32\zip.exe
2006-12-11 03:41 11,254 --a------ C:\WINDOWS\system32\locate.com
2006-12-11 03:05 <DIR> d-------- C:\Program Files\a-squared Free
2006-12-11 02:03 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-12-11 02:03 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-12-11 02:03 <DIR> d-------- C:\Program Files\Spyware Doctor
2006-12-11 02:03 <DIR> d-------- C:\Documents and Settings\Charlie\Application Data\PC Tools
2006-12-10 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2006-12-07 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2006-11-15 23:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-11-14 17:02 <DIR> d-------- C:\Program Files\PokerStars


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-11 12:13 -------- d-------- C:\Program Files\Common Files
2006-12-11 05:06 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-10 22:58 -------- d-------- C:\Program Files\World of Warcraft
2006-12-10 14:27 -------- d---s---- C:\Documents and Settings\Charlie\Application Data\Microsoft
2006-12-08 23:39 -------- d-------- C:\Documents and Settings\Charlie\Application Data\Chin Loud
2006-11-20 03:01 -------- d-------- C:\Program Files\Internet Explorer
2006-11-15 23:49 -------- d-------- C:\Documents and Settings\Charlie\Application Data\AdobeUM
2006-11-15 23:48 -------- d-------- C:\Program Files\Adobe
2006-11-15 23:48 -------- d-------- C:\Documents and Settings\Charlie\Application Data\Adobe
2006-11-06 12:51 -------- d-------- C:\Documents and Settings\Charlie\Application Data\NetPumper
2006-11-05 19:58 -------- d-------- C:\Program Files\Common Files\AOL
2006-11-05 19:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-03 19:59 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-10-31 23:40 93696 --a------ C:\WINDOWS\system32\xukunsk.dll
2006-10-23 12:43 -------- d---s---- C:\Program Files\Xfire
2006-10-22 22:26 -------- d-------- C:\Documents and Settings\Charlie\Application Data\Xfire
2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-10-22 12:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-10-22 12:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-10-22 12:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-10-22 12:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-10-22 12:22 7700480 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-10-22 12:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-10-22 12:22 5644288 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-10-22 12:22 5619712 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-10-22 12:22 5255168 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-10-22 12:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-10-22 12:22 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-10-22 12:22 4527488 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-10-22 12:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-10-22 12:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-10-22 12:22 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-10-22 12:22 3994624 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-10-22 12:22 3203072 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-10-22 12:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-10-22 12:22 3047424 --a------ C:\WINDOWS\system32\nvgames.dll
2006-10-22 12:22 2973696 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-10-22 12:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-10-22 12:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-10-22 12:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-10-22 12:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-10-22 12:22 212992 --a------ C:\WINDOWS\system32\nvapi.dll
2006-10-22 12:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-10-22 12:22 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-10-22 12:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-10-22 12:22 1622016 --a------ C:\WINDOWS\system32\nwiz.exe
2006-10-22 12:22 159810 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-10-22 12:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-10-22 12:22 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-10-22 12:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-10-22 12:22 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-10-22 12:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-10-22 12:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-10-17 18:27 -------- d-------- C:\Program Files\Sony
2006-10-17 18:18 -------- d-------- C:\Program Files\CyberLink
2006-10-16 14:31 -------- d-------- C:\Program Files\Canon
2006-10-16 14:29 -------- d--h----- C:\Program Files\CanonBJ
2006-10-16 10:07 -------- d-------- C:\Program Files\Winamp
2006-10-15 23:03 -------- d-------- C:\Program Files\Common Files\NSV
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 05:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-01 20:05 18320 --a------ C:\Documents and Settings\Charlie\Application Data\GDIPFONTCACHEV1.DAT
2006-09-13 21:55 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-09-13 21:55 286720 --a------ C:\WINDOWS\Setup1.exe
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"ford beep"="C:\\DOCUME~1\\Charlie\\APPLIC~1\\CHINLO~1\\SurfCoolMulti.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"WINDVDPatch"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"EntriqMediaTray"="\"C:\\Program Files\\Entriq\\MediaSphere\\EntriqMediaTray.exe\""
"Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\B5191504978A8448.job

Completion time: 06-12-11 12:14:33.80
C:\ComboFix.txt ... 06-12-11 12:14

#4 rain183

rain183
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 11 December 2006 - 12:26 PM

and here is the hijackthis and adware report:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Charlie\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EntriqMediaTray] "C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ford beep] C:\DOCUME~1\Charlie\APPLIC~1\CHINLO~1\SurfCoolMulti.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132715462581
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--------------------------------------------------------------------------

C:\Documents and Settings\Charlie\Desktop\keygen.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-343818398-1343024091-854245398-1002\Dc35.rar/keygen.exe -> Adware.Agent : Cleaned with backup (quarantined).
HKU\S-1-5-21-343818398-1343024091-854245398-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-343818398-1343024091-854245398-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} -> Adware.Isearch : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@bellglobemediapublishing.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@totalvid.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@wpni.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@chumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.50:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.53:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@bilbo.counted[2].txt -> TrackingCookie.Counted : Cleaned.
:mozilla.24:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.92:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.93:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.94:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.95:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.110:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.44:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.45:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.46:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.51:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\99vnkuuh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Charlie\Cookies\charlie@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@pmads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Charlie\Local Settings\Temp\Cookies\charlie@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\wnsapitr.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

again thank you for taking the time to go over this with me it is greatly appreciated

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:59 PM

Posted 11 December 2006 - 12:41 PM

Hello,

I see you installed Netpumper. Netpumper is responsible for the Swizzor infection you are dealing with as well.
That's why I strongly recommend you uninstall Netpumper.
reboot after uninstalling.

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.


Delete next folders:

C:\Documents and Settings\Charlie\Application Data\Chin Loud
C:\Documents and Settings\Charlie\Application Data\NetPumper
C:\Documents and Settings\All Users\Application Data\STORE SURF WAIT EXTRA <== if still present

In case you are having problems with deleting, try it in safe mode.
°To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.
Choose Safe Mode from the menu that will appear and press Enter.

* Check and fix next entry in Hijackthis again:

O4 - HKCU\..\Run: [ford beep] C:\DOCUME~1\Charlie\APPLIC~1\CHINLO~1\SurfCoolMulti.exe

* Download deljob.bat and save it on your desktop.
Doubleclick deljob.bat
Copy and paste the contents of the log it creates (logit.txt, present on your desktop) in your next reply together with a new Hijackthis.

By the way, you mention in your title that reboot.exe was being flagged. That's nothing to worry about. That's a part of smitfraudfix, a commandline tool which reboots your computer when clicked. Some scanners do indeed flag it as an "suspicious" tool, but it's harmless.

There's something else I would like to check as well..

Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\WINDOWS\system32\xukunsk.dll

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 rain183

rain183
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 11 December 2006 - 12:56 PM

here is the deljob.bat scan report for you:

--------------------------------------------------------
FILES IN TASKS DIR

--------------------------------------------------------
LOP-FILES FOUND

--------------------------------------------------------
FILES AFTER DELETION

--------------------------------------------------------
EXPORT APP DATA FOLDERS
--------------------------------------------------------
Volume in drive C has no label.
Volume Serial Number is 4015-A426

Directory of C:\Documents and Settings\Charlie\Application Data

02/04/2006 01:35 AM <DIR> acccore
11/15/2006 11:48 PM <DIR> Adobe
11/15/2006 11:49 PM <DIR> AdobeUM
02/05/2006 12:56 PM <DIR> APPLEC~1 Apple Computer
09/22/2006 02:56 PM <DIR> FUNKIT~1 funkitron
10/01/2006 08:05 PM 18,320 GDIPFO~1.DAT GDIPFONTCACHEV1.DAT
02/02/2006 07:03 PM <DIR> Help
11/22/2005 09:59 PM <DIR> IDENTI~1 Identities
09/01/2006 07:47 PM <DIR> MACROM~1 Macromedia
08/15/2006 02:10 PM <DIR> Mozilla
12/26/2005 01:21 PM <DIR> MSN6
12/11/2006 02:03 AM <DIR> PCTOOL~1 PC Tools
01/18/2006 02:51 PM <DIR> PUBLIS~1 Publish Providers
01/18/2006 02:51 PM <DIR> Sony
12/20/2005 12:08 AM <DIR> Sun
12/21/2005 01:08 AM <DIR> TEAMSP~1 teamspeak2
11/24/2005 01:03 PM <DIR> Ventrilo
03/02/2006 12:21 AM <DIR> vlc
10/22/2006 10:26 PM <DIR> Xfire
1 File(s) 18,320 bytes
18 Dir(s) 32,071,073,792 bytes free
Volume in drive C has no label.
Volume Serial Number is 4015-A426

Directory of C:\Documents and Settings\All Users\Application Data

11/15/2006 11:48 PM <DIR> Adobe
11/05/2006 07:58 PM <DIR> AOL
08/15/2006 02:10 PM <DIR> AOLDOW~1 AOL Downloads
02/05/2006 12:55 PM <DIR> APPLEC~1 Apple Computer
12/10/2006 02:27 PM <DIR> Avg7
10/17/2006 06:18 PM <DIR> CYBERL~1 CyberLink
11/28/2005 01:12 PM <DIR> KASPER~1 Kaspersky Anti-Virus Personal
12/26/2005 01:21 PM <DIR> MSN6
12/07/2006 12:29 AM <DIR> NVIEW_~1 nView_Profiles
01/18/2006 01:50 PM <DIR> Sony
04/21/2006 01:04 AM <DIR> SPYBOT~1 Spybot - Search & Destroy
09/22/2006 02:56 PM <DIR> Trymedia
12/11/2006 11:28 AM <DIR> VIEWPO~1 Viewpoint
0 File(s) 0 bytes
13 Dir(s) 32,071,073,792 bytes free
--------------------------------------------------------

here is the virus total report:

ntiVir 7.2.0.49 12.11.2006 TR/Vundo.Gen
Authentium 4.93.8 12.08.2006 Possibly a new variant of W32/Bongler-based
Avast 4.7.892.0 12.11.2006 no virus found
AVG 386 12.11.2006 no virus found
BitDefender 7.2 12.11.2006 no virus found
CAT-QuickHeal 8.00 12.11.2006 no virus found
ClamAV devel-20060426 12.11.2006 no virus found
DrWeb 4.33 12.11.2006 no virus found
eSafe 7.0.14.0 12.11.2006 Win32.Polipos.sus
eTrust-InoculateIT 23.73.81 12.09.2006 no virus found
eTrust-Vet 30.3.3244 12.11.2006 no virus found
Ewido 4.0 12.10.2006 no virus found
Fortinet 2.82.0.0 12.11.2006 suspicious
F-Prot 3.16f 12.08.2006 Possibly a new variant of W32/Bongler-based
F-Prot4 4.2.1.29 12.08.2006 W32/Bongler-based
Ikarus T3.1.0.26 12.11.2006 no virus found
Kaspersky 4.0.2.24 12.11.2006 Trojan-Downloader.Win32.Busky.gen
McAfee 4916 12.11.2006 no virus found
Microsoft 1.1804 12.11.2006 Trojan:Win32/Busky.gen!dll
NOD32v2 1914 12.11.2006 a variant of Win32/TrojanDownloader.Busky.AZ
Norman 5.80.02 12.11.2006 no virus found
Panda 9.0.0.4 12.11.2006 no virus found
Prevx1 V2 12.11.2006 no virus found
Sophos 4.12.0 12.10.2006 Troj/Busky-Gen
Sunbelt 2.2.907.0 11.30.2006 VIPRE.Suspicious
TheHacker 6.0.3.131 12.10.2006 no virus found
UNA 1.83 12.11.2006 no virus found
VBA32 3.11.1 12.10.2006 no virus found
VirusBuster 4.3.15:9 12.11.2006 no virus found

i will make a new post containing the results of hijack this for ease of reading


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Charlie\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EntriqMediaTray] "C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunOnce: [remititit22292] C:\WINDOWS\system32\command.com /c del C:\DOCUME~1\Charlie\APPLIC~1\CHINLO~1\NURBGP~1.EXE
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132715462581
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

thank you for your continued assistance

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:59 PM

Posted 11 December 2006 - 01:09 PM

Hello,

Check and fix this entry in Hijackthis again:

O4 - HKCU\..\RunOnce: [remititit22292] C:\WINDOWS\system32\command.com /c del C:\DOCUME~1\Charlie\APPLIC~1\CHINLO~1\NURBGP~1.EXE

because it's the uninstallcommand after uninstalling Netpumper, but we already deleted the related folder.

Also delete next file:

C:\WINDOWS\system32\xukunsk.dll

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click "Delete".
  • Click "Delete Files", "Delete cookies" and "Delete history"
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 10.
  • Scroll down to where it says "Java Runtime Environment (JRE) 5.0 Update 10".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_10-windows-i586-p.exe to install the newest version.
Let me know in your next reply how things are running now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 rain183

rain183
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 11 December 2006 - 01:31 PM

everything is running much better now how ever there is still 1 problem which exists. that is when i run spybot i get the blue screen of death and my computer restarts. it happens about 80% through scanning. it also takes place. it also happens if i am watching a 'live' video on youtube or something.

thank you for all your assistance here is an updated hijackthis log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Charlie\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EntriqMediaTray] "C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132715462581
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:59 PM

Posted 11 December 2006 - 01:45 PM

Hello,

everything is running much better now how ever there is still 1 problem which exists. that is when i run spybot i get the blue screen of death and my computer restarts. it happens about 80% through scanning. it also takes place. it also happens if i am watching a 'live' video on youtube or something.


This looks like rather a hardware issue... when "stress" is put on the processor, like scans...

But I want to check something else first before I redirect you to the harware part of this forum.. because they are more knowledgeable people there to deal with hardware issues. I have only a basic knowledge about hardware.

However, I see you are still running an older version of Kaspersky. I am a Kaspersky user myself and I remember that the 5.0 version I had caused BSODs as well once in a while.

But perform next first:

Download and Save blacklight to your desktop.
F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
click > scan then > next,
You'll see a list of all items found - if found, so don't worry it tells that there were no files found.
In case hidden files were found, Don't choose for rename yet! I want to see the log first, because legit items can also be present there...
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
Post the contents of the log in your next reply.

Edited by miekiemoes, 11 December 2006 - 01:46 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 rain183

rain183
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 11 December 2006 - 02:54 PM

i ran the blacklight search and returned nothing

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:59 PM

Posted 11 December 2006 - 03:06 PM

Ok, it's better I redirect you to the hardware forum.
No need to post a Hijackthislog there - because Hijackthislogs don't belong there. Just give a detailed description of your problem, when exactly you get a BSOD.

Also look in your logfiles for the errors you get. To do this, go to start > run and type: eventvwr.msc
There you'll find the errors (red crosses) and they may be an indication what is causing the BSODs. Look when exactly the BSOD happened and look in your logfiles if you can find the exact time when it happened and post that info in the thread as well.

And an extra remark - which *may be the cause of your problem -- as I already said, you are using an outdated version of Kaspersky. Kaspersky has been updated - and some updates were also bugfixes, to fix compatibility issues causing BSODs as well.
That's why I suggest you update your Kaspersky to version 6 - It's a lot faster and powerful as well.

Edit.. I forgot to include the link to the hardware part of this forum:
http://www.bleepingcomputer.com/forums/f/7/internal-hardware/

Now concerning your malware issues you were dealing with previously - how are things now?

Edited by miekiemoes, 11 December 2006 - 03:08 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 rain183

rain183
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 11 December 2006 - 03:38 PM

all known sources of malware are gone to my knowledge :thumbsup: thanks alot for your time and assistance it is greatly appreciated. i am also updating to 6.0 of kaspersky so hopefully that will help prevent further attacks on my system

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:59 PM

Posted 11 December 2006 - 03:46 PM

Glad I could help. :thumbsup:

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.
How to use SpywareBlaster

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

Also visit this Free Online Scanner for PC Health and Safety and Microsoft Security At Home for tips to Protect your Pc, Protect yourself and Protect your Family.

More info on how to prevent malware you can also find here (By Tony Klein)
and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

Also read: Simple and easy ways to keep your computer safe and secure on the Internet

Happy surfing again! :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:59 PM

Posted 14 December 2006 - 01:44 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users