Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

.exe Files For Antivirus Programs Are Being Deleted


  • Please log in to reply
39 replies to this topic

#1 Red_Dwarf1977

Red_Dwarf1977

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 07 January 2007 - 12:45 AM

Hi, I posted my problem but i think it was in the wrong department.This is my Hijackthis log i hope it helps
I have scanned with bit defender, Panda scan, Ad aware, Mcafee rootdetective, that is all as i cant get any other program to install including Spybot search and destroy

Logfile of HijackThis v1.99.1
Scan saved at 14:42:49, on 07/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Weather Alarm Clock\WeatherAlarmClock.exe
C:\Program Files\Draxysoft\Wallpaper Sequencer\Walser.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\PROGRA~1\kauav\CLAMCO~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\TMPGEnc Plus\TMPGEnc.exe
C:\Documents and Settings\red dwarf\Desktop\Other downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6061214
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6061214
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WeatherAlarmClock] C:\Program Files\Weather Alarm Clock\WeatherAlarmClock.exe
O4 - HKCU\..\Run: [Walser] C:\Program Files\Draxysoft\Wallpaper Sequencer\Walser.exe start
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCYYYYYYLEAU
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRA~1\STARDO~1\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\red dwarf\Start Menu\Programs\IMVUchat\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...933/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 07 January 2007 - 11:06 AM

Add remove programs - remove - SpyBrowser - MyWebSearch

=============================

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Well get them next step.
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm


=================================

Download Superantispyware

http://www.superantispyware.com/superantis...efreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.
Please paste that information here for me with a new HijackThis log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 Red_Dwarf1977

Red_Dwarf1977
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 08 January 2007 - 12:28 AM

Hi, Thanks For Helping i really appreciate it.I have been a little impatient though, I used a couple of online scanners since i posted tha hijackthis log but hopefully the info will be helpful.Housecall online scanner found 2 trojans one called TSPY_Bagle.pac and the other was TSPY_Joiner.av but it was unable to remove them, i also scanned with Kapersky and that found a number of WIN32.bagle.hb (I think) viruses and a couple of trojans presumably the same ones.but it said object was locked and could not remove them.I hope this doesnt cause problems for you.Anyway back to the job at hand.Ive done everything you said, when i scanned with Superantispyware the first time it crashed and i got the Dreaded blue screen so i tried again and it went all the way through without crashing so i removed everything it found.Also myweb search doesnt appear in the add/remove programs list yet my internet browser is still using it as default but the toolbar it comes with has gone.Ive change the default search engine back to google so maybe thats all it was.spybrowser has gone hopefully.anyway here are the logs


Logfile of HijackThis v1.99.1
Scan saved at 14:22:28, on 08/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Weather Alarm Clock\WeatherAlarmClock.exe
C:\Program Files\Draxysoft\Wallpaper Sequencer\Walser.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\red dwarf\Desktop\Other downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6061214
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6061214
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WeatherAlarmClock] C:\Program Files\Weather Alarm Clock\WeatherAlarmClock.exe
O4 - HKCU\..\Run: [Walser] C:\Program Files\Draxysoft\Wallpaper Sequencer\Walser.exe start
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRA~1\STARDO~1\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\red dwarf\Start Menu\Programs\IMVUchat\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...933/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe





SmitFraudFix v2.132

Scan done at 12:44:53.78, 08/01/2007
Run from C:\Documents and Settings\red dwarf\Desktop\Other downloads\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\red dwarf


C:\Documents and Settings\red dwarf\Application Data


Start Menu


C:\DOCUME~1\REDDWA~1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


pe386-msguard-lzx32


Scanning wininet.dll infection


End







SUPERAntiSpyware Scan Log
Generated 01/08/2007 at 01:47 PM

Application Version : 3.4.1000

Core Rules Database Version : 3160
Trace Rules Database Version: 1173

Scan type : Complete Scan
Total Scan Time : 00:57:10

Memory items scanned : 385
Memory threats detected : 0
Registry items scanned : 5502
Registry threats detected : 0
File items scanned : 104144
File threats detected : 16

Adware.Tracking Cookie
C:\Documents and Settings\red dwarf\Cookies\red_dwarf@atdmt[2].txt
C:\Documents and Settings\red dwarf\Cookies\red_dwarf@media.sensis.com[2].txt
C:\Documents and Settings\red dwarf\Cookies\red_dwarf@msnportal.112.2o7[1].txt
C:\Documents and Settings\red dwarf\Cookies\red_dwarf@track.searchignite[1].txt
C:\Documents and Settings\red dwarf\Cookies\red_dwarf@imrworldwide[2].txt
C:\Documents and Settings\red dwarf\Cookies\red_dwarf@ad.uk.tangozebra[1].txt
C:\Documents and Settings\red dwarf\Cookies\red_dwarf@sento.122.2o7[1].txt
C:\Documents and Settings\red dwarf\Cookies\red_dwarf@ad2.billboard[1].txt
C:\Documents and Settings\red dwarf\Cookies\red_dwarf@acvs.mediaonenetwork[1].txt
C:\Documents and Settings\red dwarf\Cookies\red_dwarf@doubleclick[1].txt
C:\Documents and Settings\red dwarf\Cookies\red_dwarf@toplist[1].txt
C:\Documents and Settings\red dwarf\Cookies\red_dwarf@ad.wz[2].txt
C:\Documents and Settings\red dwarf\Cookies\red_dwarf@www.googleadservices[1].txt
C:\Documents and Settings\red dwarf\Cookies\red_dwarf@mediaonenetwork[1].txt
C:\Documents and Settings\red dwarf\Cookies\red_dwarf@mywebsearch[1].txt
C:\Documents and Settings\red dwarf\Cookies\red_dwarf@www.googleadservices[3].txt





Also i have the kapersky log you might find helpful...its riddled with viruses.





KASPERSKY ONLINE SCANNER REPORT
Sunday, January 07, 2007 11:14:39 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/01/2007
Kaspersky Anti-Virus database records: 242258


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 114600
Number of viruses found 4
Number of infected objects 64 / 0
Number of suspicious objects 0
Duration of the scan process 01:05:13

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\red dwarf\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\AUPNP.log Object is locked skipped

C:\Documents and Settings\red dwarf\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped

C:\Documents and Settings\red dwarf\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped

C:\Documents and Settings\red dwarf\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped

C:\Documents and Settings\red dwarf\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped

C:\Documents and Settings\red dwarf\Application Data\Lavasoft\Ad-Aware\Logs\AWEVLOG.txt Object is locked skipped

C:\Documents and Settings\red dwarf\Application Data\Sun\Java\Deployment\log\plugin150_10.trace Object is locked skipped

C:\Documents and Settings\red dwarf\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\red dwarf\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\red dwarf\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\red dwarf\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\red dwarf\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\red dwarf\Local Settings\History\History.IE5\MSHist012007010720070108\index.dat Object is locked skipped

C:\Documents and Settings\red dwarf\Local Settings\Temp\hsperfdata_red dwarf\2544 Object is locked skipped

C:\Documents and Settings\red dwarf\Local Settings\Temp\Perflib_Perfdata_684.dat Object is locked skipped

C:\Documents and Settings\red dwarf\Local Settings\Temp\~DF21A2.tmp Object is locked skipped

C:\Documents and Settings\red dwarf\Local Settings\Temp\~DF21AF.tmp Object is locked skipped

C:\Documents and Settings\red dwarf\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\red dwarf\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\red dwarf\ntuser.dat.LOG Object is locked skipped

C:\Program Files\eMule\Temp\001.part Object is locked skipped

C:\Program Files\eMule\Temp\002.part Object is locked skipped

C:\Program Files\eMule\Temp\003.part Object is locked skipped

C:\Program Files\eMule\Temp\004.part Object is locked skipped

C:\Program Files\eMule\Temp\005.part Object is locked skipped

C:\Program Files\eMule\Temp\006.part Object is locked skipped

C:\Program Files\eMule\Temp\009.part Object is locked skipped

C:\Program Files\eMule\Temp\010.part Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP55\A0005789.exe/WISE0069.BIN Infected: Trojan-Downloader.Win32.Agent.avz skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP55\A0005789.exe WiseSFX: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP55\A0005789.exe WiseSFX Dropper: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP55\A0005790.exe/WISE0069.BIN Infected: Trojan-Downloader.Win32.Agent.avz skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP55\A0005790.exe WiseSFX: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP55\A0005790.exe WiseSFX Dropper: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP59\A0006992.exe/WISE0069.BIN Infected: Trojan-Downloader.Win32.Agent.avz skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP59\A0006992.exe WiseSFX: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP59\A0006992.exe WiseSFX Dropper: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP60\A0007081.exe Infected: Email-Worm.Win32.Bagle.gx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP60\A0007095.exe Infected: Email-Worm.Win32.Bagle.gx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP63\A0007309.exe/WISE0069.BIN Infected: Trojan-Downloader.Win32.Agent.avz skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP63\A0007309.exe WiseSFX: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP63\A0007309.exe WiseSFX Dropper: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP63\A0007347.exe Infected: Email-Worm.Win32.Bagle.gx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP63\A0007349.exe Infected: Trojan-Downloader.Win32.Bagle.be skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP63\A0007351.exe Infected: Trojan-Downloader.Win32.Bagle.be skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP63\A0007354.exe Infected: Email-Worm.Win32.Bagle.gx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP70\A0008952.exe Infected: Email-Worm.Win32.Bagle.gx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP70\A0009012.sys Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP70\A0009029.sys Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP70\A0009077.sys Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP72\A0009132.sys Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP72\A0009223.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP72\A0009224.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP73\A0009259.sys Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP73\A0009350.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP73\A0009351.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0009386.sys Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0009477.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0009478.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0009497.sys Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0009504.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP75\A0009601.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP75\A0009604.sys Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP75\A0009620.sys Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0009629.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0009630.sys Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0009900.sys Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0009903.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0009914.sys Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0009917.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0009952.sys Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0009965.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0010950.sys Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0010955.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\exefld\1014546.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\WINDOWS\exefld\1016218.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\WINDOWS\exefld\1378281.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\WINDOWS\exefld\15991265.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\WINDOWS\exefld\15996406.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\WINDOWS\exefld\16157000.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\WINDOWS\exefld\16158718.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\WINDOWS\exefld\31265046.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\WINDOWS\exefld\31276609.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\WINDOWS\exefld\738671.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\WINDOWS\exefld\790484.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\WINDOWS\exefld\810843.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\WINDOWS\exefld\82960906.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\WINDOWS\exefld\844187.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\WINDOWS\exefld\859656.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\WINDOWS\exefld\914859.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\WINDOWS\exefld\938546.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\WINDOWS\exefld\939218.exe Infected: Email-Worm.Win32.Bagle.hb skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\change.log Object is locked skipped

Scan process completed.

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 08 January 2007 - 01:53 PM

You have no active AntiVirus!

Get the free AVG AntiVirus 7.5 install it, check for updates and run a full scan

AVG 7.5 - http://free.grisoft.com/freeweb.php/doc/2/

After running AVG then

Turn off restore points, boot, turn them back on heres how

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam



Now scan with Kaspersky again
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 Red_Dwarf1977

Red_Dwarf1977
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 08 January 2007 - 08:50 PM

I know I have no antivirus thats my problem i cant install one, it wont allow the .exe to be installed.This includes AVG.Ive turned the restore points off and on and im about to scan with kaspersky again but i dont think it will be any different, please give me advice on what to do next. Heres a new Hijack log but i imagine its the same as the last one.I will get back to you with the results of th e Kapersky scan asap.





Logfile of HijackThis v1.99.1
Scan saved at 10:47:30, on 09/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Weather Alarm Clock\WeatherAlarmClock.exe
C:\Program Files\Draxysoft\Wallpaper Sequencer\Walser.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TMPGEnc 3.0 XPress\TMPGEnc3XP.exe
C:\Program Files\TMPGEnc 3.0 XPress\VFAPIFrameServer.exe
C:\PROGRA~1\STARDO~1\stardown.exe
C:\Documents and Settings\red dwarf\Desktop\Other downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6061214
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6061214
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WeatherAlarmClock] C:\Program Files\Weather Alarm Clock\WeatherAlarmClock.exe
O4 - HKCU\..\Run: [Walser] C:\Program Files\Draxysoft\Wallpaper Sequencer\Walser.exe start
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRA~1\STARDO~1\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\red dwarf\Start Menu\Programs\IMVUchat\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...933/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 08 January 2007 - 08:58 PM

Delete this folder C:\WINDOWS\exefld

http://www.pandasoftware.com/products/activescan.htm

When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Post a new HiJackThis log along with the results from ActiveScan
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 Red_Dwarf1977

Red_Dwarf1977
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 08 January 2007 - 11:11 PM

Hi again did i mention that i really appreciate your help.Any way ive removed that folder and im scanning with pandascan as i type.I just wanted to know how much longer you will be online today because im in Australia and its 1pm right now and im guessing your going to bed soon if your in North Carolina which means i gotta wait a whole day to get a reply back.scan is only halfway through at the moment so will be another 30mins or so.

South Carolina...sorry

#8 Red_Dwarf1977

Red_Dwarf1977
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 08 January 2007 - 11:18 PM

quicker than i thought.its displayed a bit funny hope you can read it.


Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Hacktool:rootkit/mhook Not disinfected hkey_local_machine\system\currentcontrolset\services\m_hook
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\red dwarf\Cookies\red_dwarf@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\red dwarf\Cookies\red_dwarf@doubleclick[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\red dwarf\Cookies\red_dwarf@tribalfusion[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\red dwarf\Cookies\red_dwarf@zedo[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\red dwarf\Desktop\Other downloads\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Pskill.K Not disinfected C:\Documents and Settings\red dwarf\Desktop\Other downloads\WinKRootKitRemover.exe[P]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\19be06835f9d95646b844fd2fa4c4155.a2q[Program Files/mywebsearch/bar/2.bin/F3HTTPCT.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\19be06835f9d95646b844fd2fa4c4155.a2q[Program Files/mywebsearch/bar/2.bin/F3PSSAVR.SCR]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\19be06835f9d95646b844fd2fa4c4155.a2q[Program Files/mywebsearch/bar/2.bin/F3REPROX.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\19be06835f9d95646b844fd2fa4c4155.a2q[Program Files/mywebsearch/bar/2.bin/F3RESTUB.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\19be06835f9d95646b844fd2fa4c4155.a2q[Program Files/mywebsearch/bar/2.bin/F3SCHMON.EXE]
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\19be06835f9d95646b844fd2fa4c4155.a2q[Program Files/mywebsearch/bar/2.bin/F3SCRCTR.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\19be06835f9d95646b844fd2fa4c4155.a2q[Program Files/mywebsearch/bar/2.bin/F3WPHOOK.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\19be06835f9d95646b844fd2fa4c4155.a2q[Program Files/mywebsearch/bar/2.bin/M3FFXTBR.JAR][contents.rdf]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\19be06835f9d95646b844fd2fa4c4155.a2q[Program Files/mywebsearch/bar/2.bin/M3FFXTBR.JAR][menu.xul]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\19be06835f9d95646b844fd2fa4c4155.a2q[Program Files/mywebsearch/bar/2.bin/M3FFXTBR.JAR][toolbarembed.html]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\19be06835f9d95646b844fd2fa4c4155.a2q[Program Files/mywebsearch/bar/2.bin/M3FFXTBR.MANIFEST]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\19be06835f9d95646b844fd2fa4c4155.a2q[Program Files/mywebsearch/bar/2.bin/M3IDLE.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\19be06835f9d95646b844fd2fa4c4155.a2q[Program Files/mywebsearch/bar/2.bin/M3OUTLCN.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\19be06835f9d95646b844fd2fa4c4155.a2q[Program Files/mywebsearch/bar/2.bin/M3PLUGIN.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\19be06835f9d95646b844fd2fa4c4155.a2q[Program Files/mywebsearch/bar/2.bin/MWSOEMON.EXE]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\19be06835f9d95646b844fd2fa4c4155.a2q[Program Files/mywebsearch/bar/2.bin/MWSOEPLG.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\19be06835f9d95646b844fd2fa4c4155.a2q[Program Files/mywebsearch/bar/2.bin/NPMYWEBS.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\19be06835f9d95646b844fd2fa4c4155.a2q[Program Files/mywebsearch/SrchAstt/2.bin/MWSSRCAS.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\2aadfd4a3ee9ad68abea462a14d76749.a2q[Program Files/mywebsearch/bar/2.bin/F3CJPEG.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\2aadfd4a3ee9ad68abea462a14d76749.a2q[Program Files/mywebsearch/bar/2.bin/F3HISTSW.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\2aadfd4a3ee9ad68abea462a14d76749.a2q[Program Files/mywebsearch/bar/2.bin/F3HTTPCT.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\2aadfd4a3ee9ad68abea462a14d76749.a2q[Program Files/mywebsearch/bar/2.bin/F3PSSAVR.SCR]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\2aadfd4a3ee9ad68abea462a14d76749.a2q[Program Files/mywebsearch/bar/2.bin/F3REPROX.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\2aadfd4a3ee9ad68abea462a14d76749.a2q[Program Files/mywebsearch/bar/2.bin/F3RESTUB.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\2aadfd4a3ee9ad68abea462a14d76749.a2q[Program Files/mywebsearch/bar/2.bin/F3SCHMON.EXE]
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\2aadfd4a3ee9ad68abea462a14d76749.a2q[Program Files/mywebsearch/bar/2.bin/F3SCRCTR.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\2aadfd4a3ee9ad68abea462a14d76749.a2q[Program Files/mywebsearch/bar/2.bin/F3WPHOOK.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\2aadfd4a3ee9ad68abea462a14d76749.a2q[Program Files/mywebsearch/bar/2.bin/M3FFXTBR.JAR][contents.rdf]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\2aadfd4a3ee9ad68abea462a14d76749.a2q[Program Files/mywebsearch/bar/2.bin/M3FFXTBR.JAR][menu.xul]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\2aadfd4a3ee9ad68abea462a14d76749.a2q[Program Files/mywebsearch/bar/2.bin/M3FFXTBR.JAR][toolbarembed.html]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\2aadfd4a3ee9ad68abea462a14d76749.a2q[Program Files/mywebsearch/bar/2.bin/M3FFXTBR.MANIFEST]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\2aadfd4a3ee9ad68abea462a14d76749.a2q[Program Files/mywebsearch/bar/2.bin/M3IDLE.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\2aadfd4a3ee9ad68abea462a14d76749.a2q[Program Files/mywebsearch/bar/2.bin/M3OUTLCN.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\2aadfd4a3ee9ad68abea462a14d76749.a2q[Program Files/mywebsearch/bar/2.bin/M3PLUGIN.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\2aadfd4a3ee9ad68abea462a14d76749.a2q[Program Files/mywebsearch/bar/2.bin/MWSOEMON.EXE]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\2aadfd4a3ee9ad68abea462a14d76749.a2q[Program Files/mywebsearch/bar/2.bin/MWSOEPLG.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\2aadfd4a3ee9ad68abea462a14d76749.a2q[Program Files/mywebsearch/bar/2.bin/NPMYWEBS.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\2aadfd4a3ee9ad68abea462a14d76749.a2q[Program Files/mywebsearch/SrchAstt/2.bin/MWSSRCAS.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\8eacf9829c73218953ad3708179b5995.a2q[Program Files/mywebsearch/srchastt/2.bin/MWSSRCAS.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\8fc8409a55a4bb4089e3ff56f3b2a97f.a2q[Program Files/mywebsearch/bar/2.bin/F3HTTPCT.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\8fc8409a55a4bb4089e3ff56f3b2a97f.a2q[Program Files/mywebsearch/bar/2.bin/F3PSSAVR.SCR]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\8fc8409a55a4bb4089e3ff56f3b2a97f.a2q[Program Files/mywebsearch/bar/2.bin/F3REPROX.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\8fc8409a55a4bb4089e3ff56f3b2a97f.a2q[Program Files/mywebsearch/bar/2.bin/F3RESTUB.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\8fc8409a55a4bb4089e3ff56f3b2a97f.a2q[Program Files/mywebsearch/bar/2.bin/F3SCHMON.EXE]
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\8fc8409a55a4bb4089e3ff56f3b2a97f.a2q[Program Files/mywebsearch/bar/2.bin/F3SCRCTR.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\8fc8409a55a4bb4089e3ff56f3b2a97f.a2q[Program Files/mywebsearch/bar/2.bin/F3WPHOOK.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\8fc8409a55a4bb4089e3ff56f3b2a97f.a2q[Program Files/mywebsearch/bar/2.bin/M3FFXTBR.JAR][contents.rdf]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\8fc8409a55a4bb4089e3ff56f3b2a97f.a2q[Program Files/mywebsearch/bar/2.bin/M3FFXTBR.JAR][menu.xul]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\8fc8409a55a4bb4089e3ff56f3b2a97f.a2q[Program Files/mywebsearch/bar/2.bin/M3FFXTBR.JAR][toolbarembed.html]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\8fc8409a55a4bb4089e3ff56f3b2a97f.a2q[Program Files/mywebsearch/bar/2.bin/M3FFXTBR.MANIFEST]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\8fc8409a55a4bb4089e3ff56f3b2a97f.a2q[Program Files/mywebsearch/bar/2.bin/M3IDLE.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\8fc8409a55a4bb4089e3ff56f3b2a97f.a2q[Program Files/mywebsearch/bar/2.bin/M3OUTLCN.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\8fc8409a55a4bb4089e3ff56f3b2a97f.a2q[Program Files/mywebsearch/bar/2.bin/M3PLUGIN.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\8fc8409a55a4bb4089e3ff56f3b2a97f.a2q[Program Files/mywebsearch/bar/2.bin/MWSOEMON.EXE]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\8fc8409a55a4bb4089e3ff56f3b2a97f.a2q[Program Files/mywebsearch/bar/2.bin/MWSOEPLG.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\a2onlinescan\quarantine\8fc8409a55a4bb4089e3ff56f3b2a97f.a2q[Program Files/mywebsearch/bar/2.bin/NPMYWEBS.DLL]
Potentially unwanted tool:Application/Pskill.K Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\nsl34.tmp
Potentially unwanted tool:Application/Pskill.K Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\nsm7D.tmp
Potentially unwanted tool:Application/Pskill.K Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\nsx81.tmp
Potentially unwanted tool:Application/Pskill.K Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\nsz89.tmp
Virus:Trj/Mitglieder.MF Disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\~D7.exe
Virus:W32/Bagle.LA.worm Disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\~D8.exe
Virus:Trj/Mitglieder.MF Disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\~D9.exe
Virus:W32/Bagle.LA.worm Disinfected C:\Documents and Settings\red dwarf\Local Settings\Temp\~DA.exe
Adware:Adware/FlashTrack Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temporary Internet Files\Content.IE5\9WN4AXOS\channels_02[1].gif
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temporary Internet Files\Content.IE5\IIT44RL6\CursorManiaFWBInitialSetup1.0.0.15[1].cab[f3initialsetup1.0.0.15.inf]
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temporary Internet Files\Content.IE5\IIT44RL6\CursorManiaFWBInitialSetup1.0.0.15[1].cab[f3Setup1.exe]
Adware:Adware/FlashTrack Not disinfected C:\Documents and Settings\red dwarf\Local Settings\Temporary Internet Files\Content.IE5\QBUS0IX7\channels_02[1].gif
Virus:Bck/Freeze.C Disinfected C:\Program Files\ScreenSaver.com\3D Tropical Sunsets Full\UNINSTAL.EXE
Virus:Bck/Freeze.C Disinfected C:\Program Files\ScreenSaver.com\3D Water Effects Full\UNINSTAL.EXE
Virus:Bck/Freeze.C Disinfected C:\Program Files\ScreenSaver.com\Starry Night Full\UNINSTAL.EXE
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe











Logfile of HijackThis v1.99.1
Scan saved at 13:14:50, on 09/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Weather Alarm Clock\WeatherAlarmClock.exe
C:\Program Files\Draxysoft\Wallpaper Sequencer\Walser.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\red dwarf\Desktop\Other downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6061214
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6061214
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WeatherAlarmClock] C:\Program Files\Weather Alarm Clock\WeatherAlarmClock.exe
O4 - HKCU\..\Run: [Walser] C:\Program Files\Draxysoft\Wallpaper Sequencer\Walser.exe start
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRA~1\STARDO~1\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\red dwarf\Start Menu\Programs\IMVUchat\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...933/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#9 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 09 January 2007 - 09:56 AM

DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

Use the clear files and Unnecessary files buttons I do not recommend
using the Duplicates files button
as many dupes are there on purpose.

Not all files will delete that is normal.

In the unnecessary button I check the top 4 entries
======================

Make sure everything in

C:\Documents and Settings\red dwarf\Local Settings\Temp

is deleted
===============
Delete these

C:\WINDOWS\system32\Process.exe
c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
=======================

http://www.softpedia.com/get/Antivirus/AVG...i-Rootkit.shtml

run it
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#10 Red_Dwarf1977

Red_Dwarf1977
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 09 January 2007 - 08:10 PM

Ive done everything, Except The File:

c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf

Wasnt there maybe it was removed by Easy cleaner, also i cant see:

C:\Documents and Settings\red dwarf\Local Settings\Temp

Cant see a Local settings folder.I ran the in Depth Scan using Avg rootkit thingy im assuming you didnt want me to remove anything just yet, here is the report followed by a new hijack log.



C:\Documents and Settings\red dwarf\Application Data\hidires\m_hook.sys,Hidden driver file, Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared,Hidden directory
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared\agent.cab,Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared\agentcfg.cab,Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared\agentdui.cab,Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared\agentsub.cab,Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared\agentupd.cab,Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared\mcdetect.cab,Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared\mctskshd.cab,Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared\mcuicfg.cab,Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared\mcunilib.cab,Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared\mghtml.cab,Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_VsoCabs\shared,Hidden directory
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_VsoCabs\shared\mccomctl.cab,Hidden file
c:\Documents and Settings\red dwarf\Application Data\hidires,Hidden directory
c:\Documents and Settings\red dwarf\Application Data\hidires\hidr.exe,Hidden file
c:\Program Files\McAfee.com\Shared,Hidden directory
c:\Program Files\McAfee.com\Shared\mcappins.exe,Hidden file
c:\Program Files\McAfee.com\Shared\mcappins.inf,Hidden file
c:\Program Files\McAfee.com\Shared\mcinsres.dll,Hidden file
c:\Program Files\Movie Maker\Shared,Hidden directory
c:\Program Files\Movie Maker\Shared\Empty.txt,Hidden file
c:\Program Files\Movie Maker\Shared\Filters.xml,Hidden file
c:\Program Files\Movie Maker\Shared\news.png,Hidden file
c:\Program Files\Movie Maker\Shared\paint.png,Hidden file
c:\Program Files\Movie Maker\Shared\Sample1.jpg,Hidden file
c:\Program Files\Movie Maker\Shared\Sample2.jpg,Hidden file
c:\WINDOWS\ime\shared,Hidden directory
c:\WINDOWS\ime\shared\imepaden.hlp,Hidden file
c:\WINDOWS\ime\shared\imepadsm.dll,Hidden file
c:\WINDOWS\ime\shared\imepadsv.exe,Hidden file
c:\WINDOWS\ime\shared\imlang.dll,Hidden file






Logfile of HijackThis v1.99.1
Scan saved at 10:08:37, on 10/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Weather Alarm Clock\WeatherAlarmClock.exe
C:\Program Files\Draxysoft\Wallpaper Sequencer\Walser.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\GRISOFT\AVG Anti-Rootkit Beta\antiRootkit.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\red dwarf\Desktop\Other downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6061214
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6061214
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WeatherAlarmClock] C:\Program Files\Weather Alarm Clock\WeatherAlarmClock.exe
O4 - HKCU\..\Run: [Walser] C:\Program Files\Draxysoft\Wallpaper Sequencer\Walser.exe start
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRA~1\STARDO~1\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\red dwarf\Start Menu\Programs\IMVUchat\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...933/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#11 Red_Dwarf1977

Red_Dwarf1977
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 09 January 2007 - 11:42 PM

OK i had the folders hidden option still ticked so i can see the TEMP folder now and have removed everything except 6 items which wouldnt delete but when i restarted the computer they had gone so i have done a new scan with AVG Anti rootkit and created a new hijack log , sorry for the double reply.


AVG ANTI ROOTKIT LOG:

C:\Documents and Settings\red dwarf\Application Data\hidires\m_hook.sys,Hidden driver file, Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared,Hidden directory
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared\agent.cab,Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared\agentcfg.cab,Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared\agentdui.cab,Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared\agentsub.cab,Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared\agentupd.cab,Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared\mcdetect.cab,Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared\mctskshd.cab,Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared\mcuicfg.cab,Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared\mcunilib.cab,Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_AgentCabs\shared\mghtml.cab,Hidden file
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_VsoCabs\shared,Hidden directory
c:\Documents and Settings\All Users\Application Data\McAfee.com\download\VSO_INSTALL_VsoCabs\shared\mccomctl.cab,Hidden file
c:\Documents and Settings\red dwarf\Application Data\hidires,Hidden directory
c:\Documents and Settings\red dwarf\Application Data\hidires\hidr.exe,Hidden file
c:\Program Files\McAfee.com\Shared,Hidden directory
c:\Program Files\McAfee.com\Shared\mcappins.exe,Hidden file
c:\Program Files\McAfee.com\Shared\mcappins.inf,Hidden file
c:\Program Files\McAfee.com\Shared\mcinsres.dll,Hidden file
c:\Program Files\Movie Maker\Shared,Hidden directory
c:\Program Files\Movie Maker\Shared\Empty.txt,Hidden file
c:\Program Files\Movie Maker\Shared\Filters.xml,Hidden file
c:\Program Files\Movie Maker\Shared\news.png,Hidden file
c:\Program Files\Movie Maker\Shared\paint.png,Hidden file
c:\Program Files\Movie Maker\Shared\Sample1.jpg,Hidden file
c:\Program Files\Movie Maker\Shared\Sample2.jpg,Hidden file
c:\WINDOWS\ime\shared,Hidden directory
c:\WINDOWS\ime\shared\imepaden.hlp,Hidden file
c:\WINDOWS\ime\shared\imepadsm.dll,Hidden file
c:\WINDOWS\ime\shared\imepadsv.exe,Hidden file
c:\WINDOWS\ime\shared\imlang.dll,Hidden file




Logfile of HijackThis v1.99.1
Scan saved at 13:41:32, on 10/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Weather Alarm Clock\WeatherAlarmClock.exe
C:\Program Files\Draxysoft\Wallpaper Sequencer\Walser.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\red dwarf\Desktop\Other downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6061214
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6061214
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WeatherAlarmClock] C:\Program Files\Weather Alarm Clock\WeatherAlarmClock.exe
O4 - HKCU\..\Run: [Walser] C:\Program Files\Draxysoft\Wallpaper Sequencer\Walser.exe start
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRA~1\STARDO~1\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\red dwarf\Start Menu\Programs\IMVUchat\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...933/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#12 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 10 January 2007 - 12:30 PM

Let it fix what it wants

===============

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis mark them, close IE, click fix checked

O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart

DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\SpyBro

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START RUN type in %temp% - OK - Edit Select all File Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didnt work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#13 Red_Dwarf1977

Red_Dwarf1977
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 10 January 2007 - 07:42 PM

Should I select all files for the AVG Anti rootkit then?
Im just starting to follow your next reply just dont know what to remove for avg cos you have to tick the boxes dont you?

#14 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 10 January 2007 - 08:00 PM

Have rootkit fix this c:\Documents and Settings\red dwarf\Application Data\hidires
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#15 Red_Dwarf1977

Red_Dwarf1977
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 10 January 2007 - 08:11 PM

I have fix Hidires with AVG anti rootkit
And i have fix the Spybro.exe with Hijack but i cant boot into Safe mode, all i get is the dreaded blue screen with an error saying:

Stop 0X0000007B (OXF7B56524,0XC0000034,0X00000000,0X00000000




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users