Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I Infected With Malware Or Not?


  • This topic is locked This topic is locked
9 replies to this topic

#1 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:05:07 PM

Posted 04 July 2007 - 09:15 PM

Spybot continuoulsy finds these problems: Microsoft.WindowsSecurityCenter.FirewallBypass, Virtumonde and Smitfraud-C. Toolbar888.

When Spybot fixes these items it says that the fix is successful. But when i scan again, the same problems are discovered.

I used VundoFix to remove Virtumonde and Smitfraud-C. Toolbar888. It discovered a lot of infected files and removed them all, but when i scanned with spybot the same problems are discovered. Running this program however, did speed up my computer to its usual speed, as prior to this the computer was extremely slow.

I then ran VundoFix again but it says there are no infected files!

So i ran SmitfraudFix. I followed all of the instructions and it too says that it successfully removed the malware.

But when i ran Spybot again, the same problems are detected!! :flowers:

Also, every time i log onto my computer with access to the internet, after a while, Tread Micro pops up with real time virus protection messages stating that several files are trying to access the internet. So the files are moved to quarantine and i delete the files. But when i log on again, the same thing happens!

There are also popups from Internet Explorer something along the lines of 'the website you are trying to access can be harmful to your computer'. When i close that message, another reappears after a while. This is odd seeing as i don't use Internet Explorer-I use Mozilla Firefox to browse. So i open up task manager, go to processes and terminate internet explorer.exe After doing this a few more times, the message does not come up anymore.

When performing a full AVG Anti-Spyware 7.5.1.43 for a deep system scan, several threats are continously found: Adware.Generic, Trojan.Agent.apt and Downloader.Swizzor.ag

So i delete those files to as they are not cleanable. But when i rescan the computer after restarting, the same problems come up.

I have a feeling that all this is caused by the 3 viruses that Spybot keeps on detecting.

Can someone help me? :thumbsup:

Here is my HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 11:36:49 AM, on 5/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\MUM&DA~1\LOCALS~1\TEMP\UZ_4965\CR_UZ300.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=3081
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://annabackwards.spaces.live.com//Phot...ad/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmyy32 - C:\WINDOWS\SYSTEM32\winmyy32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\pkelgomt.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 05 July 2007 - 06:18 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum annabackwards :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download KillBox,unzip/extract it to your desktop.
http://download.bleepingcomputer.com/spyware/KillBox.exe
Start up Killbox and place a check in 'Delete on Reboot'.
In the 'Full path of file to delete' box,copy and paste:

C:\WINDOWS\SYSTEM32\winmyy32.dll

Then press the red button with the white cross.
It will then provide a window for you to confirm the delete.
Next it will ask if you now wish to reboot,select YES.
Allow it to reboot.
If it does'nt reboot automatically,reboot manually.

=============================

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.bat to your desktop.
Then double click on the fix.bat file on your desktopPosted Image
You'll see a black screen flash,thats normal.

@echo off
sc stop DomainService
sc delete DomainService


Restart your pc.

==============================

Please download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.


Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 annabackwards

annabackwards
  • Topic Starter

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:05:07 PM

Posted 05 July 2007 - 09:00 PM

Thanks for helping me! :thumbsup:
I done exactly what you said.

Here's my ComboFix log:
"annA" - 2007-07-06 10:53:08 - ComboFix 07-07-06 - Service Pack 2


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\wr.txt


((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 )))))))))))))))))))))))))))))))


2007-07-06 10:57 <DIR> d----c--- C:\Program Files\Smart PC Solutions
2007-07-06 10:37 51,200 --a--c--- C:\WINDOWS\nircmd.exe
2007-07-06 10:07 <DIR> d----c--- C:\!KillBox
2007-07-05 13:49 9,984 --a------ C:\WINDOWS\system32\drivers\DriveSentryRegHookDriver.sys
2007-07-05 13:49 53,248 --------- C:\WINDOWS\system32\Winlogonevents.dll
2007-07-05 13:49 16,000 --a------ C:\WINDOWS\system32\drivers\DriveSentryCommsDriver.sys
2007-07-05 13:49 12,800 --a------ C:\WINDOWS\system32\drivers\DriveSentryFilterDriver2Lite.sys
2007-07-05 13:49 <DIR> d----c--- C:\Program Files\DriveSentry
2007-07-05 13:49 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Tarma Installer
2007-07-05 13:49 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\DriveSentry
2007-07-05 11:07 <DIR> d----c--- C:\Program Files\HJT
2007-07-05 10:36 73,728 -r------- C:\WINDOWS\system32\psProxy.dll
2007-07-05 10:36 380,928 -r------- C:\WINDOWS\system32\pSOAP32.dll
2007-07-05 10:36 188,416 -r------- C:\WINDOWS\system32\pocketHTTP.dll
2007-07-05 10:36 110,676 -r------- C:\WINDOWS\system32\psDime.dll
2007-07-04 22:49 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-04 22:49 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-04 22:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-04 20:10 2,634 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-04 20:10 <DIR> d----c--- C:\DOCUME~1\ANNA~1.ANN\SmitfraudFix
2007-07-04 19:20 <DIR> d----c--- C:\Program Files\Enigma Software Group
2007-07-04 14:29 <DIR> d----c--- C:\Program Files\MSXML 4.0
2007-07-03 20:24 <DIR> d----c--- C:\WINDOWS\Prefetch
2007-07-03 20:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-03 11:57 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-07-03 11:03 <DIR> d----c--- C:\Program Files\Lavasoft
2007-07-03 11:03 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
2007-07-03 10:57 <DIR> d----c--- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-03 09:27 1,032,192 --a--c--- C:\Program Files\explorer.exe
2007-07-02 19:40 <DIR> d----c--- C:\DOCUME~1\MUM&DA~1\APPLIC~1\Canon
2007-07-02 11:31 <DIR> d----c--- C:\WINDOWS\Windows Update Setup Files
2007-07-02 09:45 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-01 17:41 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-07-01 14:55 962,560 --a------ C:\DOCUME~1\ADMINI~1.000\NTUSER.DAT
2007-07-01 12:27 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-07-01 12:27 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-06-30 21:47 69,632 --a--c--- C:\DOCUME~1\ANNA~1.ANN\MoveEx.exe
2007-06-30 21:25 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1.ANN\NTUSER.DAT
2007-06-30 20:38 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2007-06-30 16:30 6,553,600 --a------ C:\DOCUME~1\ANNA~1.ANN\ntuser.dat
2007-06-30 16:30 1,310,720 --a------ C:\DOCUME~1\NETWOR~1.001\ntuser.dat
2007-06-30 16:30 1,310,720 --a------ C:\DOCUME~1\LOCALS~1.002\ntuser.dat
2007-06-30 12:01 <DIR> d--h-c--- C:\CanonMP
2007-06-30 12:00 126,976 --a------ C:\WINDOWS\system32\CNCSTR51.DLL
2007-06-30 10:04 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-06-30 10:04 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-06-30 09:28 <DIR> d---sc--- C:\DOCUME~1\MUM&DA~1\UserData
2007-06-29 20:32 <DIR> d--h-c--- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2007-06-29 08:16 <DIR> d----c--- C:\DOCUME~1\MUM&DA~1\APPLIC~1\Ahead
2007-06-28 20:09 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-06-28 20:09 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-06-28 20:09 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-06-28 20:09 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-06-28 20:09 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-06-28 20:09 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-06-28 20:09 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-06-28 20:09 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-06-28 20:09 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-06-28 20:09 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-06-28 20:09 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-06-28 20:09 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-06-28 20:09 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-06-28 20:09 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-06-28 20:09 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-06-28 20:09 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-06-28 20:09 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-06-28 20:09 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-06-28 20:09 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-06-28 20:09 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-06-28 20:09 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-06-28 20:07 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-06-28 20:07 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-06-28 20:07 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-06-28 20:07 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-06-28 20:07 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-06-28 20:07 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-06-28 20:07 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-06-28 20:07 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-06-28 20:07 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-06-28 20:07 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-06-28 20:07 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-06-28 20:07 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-06-28 20:07 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-06-28 20:07 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-06-28 20:07 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-06-28 20:07 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-06-28 20:07 53,080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-06-28 20:07 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-06-28 20:07 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-06-28 20:07 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-06-28 20:07 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-06-28 20:07 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-06-28 20:07 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-06-28 20:07 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-06-28 20:07 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-06-28 20:07 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-06-28 20:07 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-06-28 20:07 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-06-28 20:07 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-06-28 20:07 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-05 11:10:05 -------- dc----w C:\Program Files\Ahead
2007-07-05 03:48:55 -------- dc----w C:\Program Files\UltimateZip
2007-07-05 03:48:36 -------- dc----w C:\Program Files\SnIco Edit
2007-07-05 03:48:15 -------- dc----w C:\Program Files\Movie Maker
2007-07-04 10:50:51 -------- dc--a-w C:\Program Files\Common Files\Ahead
2007-07-04 10:49:30 -------- dc----w C:\Program Files\messenger
2007-07-04 10:49:29 -------- dc----w C:\Program Files\LimeWire
2007-07-03 10:57:20 -------- dc----w C:\Program Files\MSN Messenger
2007-07-03 04:54:04 -------- dc----w C:\Program Files\Windows NT
2007-07-02 05:57:51 -------- dc----w C:\Program Files\Google
2007-07-01 07:08:09 -------- dc----w C:\Program Files\Incomplete
2007-07-01 06:58:56 -------- dc----w C:\DOCUME~1\ANNA~1.ANN\APPLIC~1\LimeWire
2007-06-29 09:23:33 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-28 10:08:19 23,348 -c--a-w C:\WINDOWS\system32\emptyregdb.dat
2007-06-26 11:21:57 -------- dc----w C:\DOCUME~1\ANNA~1.ANN\APPLIC~1\Ahead
2007-06-25 10:55:54 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-25 10:46:37 -------- dc--a-w C:\Program Files\Common Files\InstallShield
2007-06-23 23:31:02 588 -c--a-w C:\WINDOWS\eReg.dat
2007-06-12 09:00:54 203,024 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-06-12 09:00:50 36,112 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-06-12 08:52:00 1,126,328 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys
2007-06-04 07:55:23 -------- dc----w C:\DOCUME~1\ANNA~1.ANN\APPLIC~1\Talkback
2007-06-04 05:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 05:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 05:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 11:25:26 1,156 -c--a-w C:\WINDOWS\mozver.dat
2007-06-03 01:56:05 0 -c--a-w C:\WINDOWS\nsreg.dat
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-07 11:30:20 -------- dc----w C:\Program Files\Eusing Free Registry Cleaner
2007-04-27 06:30:49 27,128 -c--a-w C:\DOCUME~1\ANNA~1.ANN\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 12:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 12:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 12:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 12:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 12:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 12:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 12:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 12:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 05:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06647158-359E-4D10-A8DE-E6145DA90BE9}]
2006-03-08 13:36 241736 --a--c--- C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 16:39 37808 --a--c--- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11359F4A-B191-42d7-905A-594F8CF0387B}]
2003-02-06 08:16 270336 --a--c--- C:\WINDOWS\Downloaded Program Files\lexbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a--c--- C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 19:33 322368 --a--c--- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-02 11:05]
"DriveSentry"="C:\Program Files\DriveSentry\DriveSentry.exe" [2007-05-25 18:59]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 17:04]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-04-29 21:29]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-04-29 21:29]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [2006-03-08 13:30]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 07:12 C:\WINDOWS\soundman.exe]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-16 09:45]
"VTTimer"="VTTimer.exe" [2005-03-08 05:33 C:\WINDOWS\system32\VTTimer.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-07-02 11:05]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmyy32]
winmyy32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-06 11:03:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-06 11:08:55
C:\ComboFix-quarantined-files.txt ... 2007-07-06 11:08

--- E O F ---



Here's my HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:22:24 AM, on 6/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DriveSentry\DriveSentry.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Smart PC Solutions\1-2-3 Spyware Free\SpywareFree.exe
C:\Program Files\Smart PC Solutions\1-2-3 Spyware Free\SpywareFreeMonitor.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DriveSentry] C:\Program Files\DriveSentry\DriveSentry.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://annabackwards.spaces.live.com//Phot...ad/MsnPUpld.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmyy32 - winmyy32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

I don't know if if will be of any help...but i'm not getting the explorer warning popus anymore and Spybot no longer detects anything. Does that mean my computers fix????

Thank you again for helping!
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 06 July 2007 - 03:43 AM

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O20 - Winlogon Notify: winmyy32 - winmyy32.dll (file missing)
Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.

==========================

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program,then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
*Note*
Don't forget to re-enable your antivirus program.

Also post a new Hijackthis log,let me know how your pc is running now.
Posted Image
Posted Image

#5 annabackwards

annabackwards
  • Topic Starter

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:05:07 PM

Posted 08 July 2007 - 07:45 AM

Here's my SuperAntiSpyware log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/08/2007 at 01:04 PM

Application Version : 3.9.1008

Core Rules Database Version : 3266
Trace Rules Database Version: 1277

Scan type : Complete Scan
Total Scan Time : 01:30:26

Memory items scanned : 364
Memory threats detected : 0
Registry items scanned : 5317
Registry threats detected : 16
File items scanned : 72633
File threats detected : 10

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{47A603F1-FDA2-4CC3-B637-EE5F53875DA3}
HKCR\CLSID\{47A603F1-FDA2-4CC3-B637-EE5F53875DA3}
HKCR\CLSID\{47A603F1-FDA2-4CC3-B637-EE5F53875DA3}\InprocServer32
HKCR\CLSID\{47A603F1-FDA2-4CC3-B637-EE5F53875DA3}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\SSQRQ.DLL
HKLM\Software\Classes\CLSID\{4C9B5814-0762-46E8-BA6F-C4059B8E977C}
HKCR\CLSID\{4C9B5814-0762-46E8-BA6F-C4059B8E977C}
HKCR\CLSID\{4C9B5814-0762-46E8-BA6F-C4059B8E977C}\InprocServer32
HKCR\CLSID\{4C9B5814-0762-46E8-BA6F-C4059B8E977C}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{934F153B-AC18-4879-A173-C58AEC7EDAF0}
HKCR\CLSID\{934F153B-AC18-4879-A173-C58AEC7EDAF0}
HKCR\CLSID\{934F153B-AC18-4879-A173-C58AEC7EDAF0}\InprocServer32
HKCR\CLSID\{934F153B-AC18-4879-A173-C58AEC7EDAF0}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\SSQRO.DLL
HKLM\Software\Classes\CLSID\{D9F1D489-52C5-4443-B63A-D8AC174339C6}
HKCR\CLSID\{D9F1D489-52C5-4443-B63A-D8AC174339C6}
HKCR\CLSID\{D9F1D489-52C5-4443-B63A-D8AC174339C6}\InprocServer32
HKCR\CLSID\{D9F1D489-52C5-4443-B63A-D8AC174339C6}\InprocServer32#ThreadingModel

Adware.Tracking Cookie
C:\Documents and Settings\Mum & Dad\Cookies\mum & dad@cgi-bin[2].txt
C:\Documents and Settings\Mum & Dad\Cookies\mum & dad@msnportal.112.2o7[1].txt
C:\Documents and Settings\annA.ANNA-1PQCY3C8D7\Cookies\anna@sensismediasmart.com[1].txt
C:\Documents and Settings\Mum & Dad\Cookies\mum & dad@f3.bestmanage[1].txt
C:\Documents and Settings\Mum & Dad\Cookies\mum & dad@pacificpoker[1].txt
C:\Documents and Settings\nguyen\Cookies\nguyen@accelerator-media[2].txt

Trojan.Downloader-Win/GHY
C:\!KILLBOX\WINMYY32.DLL

Adware.Accoona
C:\DOCUMENTS AND SETTINGS\NGUYEN\LOCAL SETTINGS\TEMP\GLB10.TMP


Here's my BitDefender Online Scanner log:
BitDefender Online Scanner



Scan report generated at: Sun, Jul 08, 2007 - 22:39:57





Scan path: A:\;C:\;D:\;E:\;







Statistics

Time
01:54:06

Files
154678

Folders
7946

Boot Sectors
2

Archives
2297

Packed Files
305




Results

Identified Viruses
1

Infected Files
1

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
1




Engines Info

Virus Definitions
599806

Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
2

Archive plugins
10

Unpack plugins
2

E-mail plugins
1

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\System Volume Information\_restore{0758EA56-D804-447A-8330-8B355F7D4909}\RP111\A0006232.msi=>(Embedded CAB)=>transtask.exe
Infected with: Trojan.Peed.Gen

C:\System Volume Information\_restore{0758EA56-D804-447A-8330-8B355F7D4909}\RP111\A0006232.msi=>(Embedded CAB)=>transtask.exe
Disinfection failed

C:\System Volume Information\_restore{0758EA56-D804-447A-8330-8B355F7D4909}\RP111\A0006232.msi=>(Embedded CAB)=>transtask.exe
Deleted

C:\System Volume Information\_restore{0758EA56-D804-447A-8330-8B355F7D4909}\RP111\A0006232.msi=>(Embedded CAB)
Update failed



Here's my HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 10:44:20 PM, on 8/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://annabackwards.spaces.live.com//Phot...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmyy32 - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe



My computer is running much, much faster than before. It also takes as long as it usually does to boot now. Which is way faster than compared to before!!! It does not freeze as much and there are no more popups.

Thanks a million for taking the time to help!!! You rock! :flowers: :thumbsup:
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 08 July 2007 - 08:11 AM

Disable Spybot S&Dís protection,or it will interfere.
You can enable it after you're clean.
Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Reboot the computer.

If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm

-----------------------------------------

Disable Spywareguard or it will interfere:
Right click the running icon of Spywareguard in the system tray to open the program.
Then go to Menu, File, and choose Exit.
It will automatically restart at next boot.

-----------------------------------------

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O20 - Winlogon Notify: winmyy32 - C:\WINDOWS\


-----------------------------------------

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

-----------------------------------------

Restart your pc.
Post a new Hijackthis log please.
Let me know how your pc is running now.
Posted Image
Posted Image

#7 annabackwards

annabackwards
  • Topic Starter

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:05:07 PM

Posted 08 July 2007 - 08:42 PM

here's the new HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:29:43 AM, on 9/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HJT\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\usnsvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://annabackwards.spaces.live.com//Phot...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

My computer seems fine. The have been no more programs not responding so far. My startup seems a bit long though. Is it because i have too many programs to start up? Should i disable some and if so which ones?

Thanks again for all your help!
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 08 July 2007 - 11:41 PM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
--------------------------------------------

Your log is clean :thumbsup:
If all's ok,please do the following:

Find and delete:
KillBox
fix.bat
Combofix.exe


C:\!KillBox
C:\QOOBOX

--------------------------------------------

Enable Spybot S&Dís protection.

--------------------------------------------

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

My startup seems a bit long though. Is it because i have too many programs to start up? Should i disable some and if so which ones?

Try uninstalling SUPERAntiSpyware via Start/Control Panel/Add or Remove Programs.
Posted Image
Posted Image

#9 annabackwards

annabackwards
  • Topic Starter

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:05:07 PM

Posted 09 July 2007 - 12:20 AM

Thanks for all your help!!! :thumbsup:

My computer is great now!

I will head your advice an be more cautious when surfing the net!

You rock! :flowers:
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 09 July 2007 - 01:36 AM

You're most welcome :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users