26 replies to this topic

[inzanity]

Hi, yes that was a good progress indeed but there are lot's more to do.

Please do the following:
Go to the site below to scan the following file:
Virus Total

Click on Browse, and upload the following file for analysis or copy/paste the text below into the browse box:
c:\windows\system32\mlfcache.dat

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.

--Next--

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  beep.sys

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

To post in your next reply:
1. Virus Total log.
2. Systemlook log.
3. How is your computer? Please have a test on normal mode and tell us how it goes.

[reedon]

1. Virus Total log. File mlfcache.dat received on 2009.12.23 03:11:56 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/41 (0%) Loading server information... Your file is queued in position: 2. Estimated start time is between 50 and 71 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.43 2009.12.22 - AhnLab-V3 5.0.0.2 2009.12.22 - AntiVir 7.9.1.122 2009.12.22 - Antiy-AVL 2.0.3.7 2009.12.22 - Authentium 5.2.0.5 2009.12.22 - Avast 4.8.1351.0 2009.12.22 - AVG 8.5.0.430 2009.12.22 - BitDefender 7.2 2009.12.23 - CAT-QuickHeal 10.00 2009.12.22 - ClamAV 0.94.1 2009.12.22 - Comodo 3336 2009.12.23 - DrWeb 5.0.1.12181 2009.12.23 - eSafe 7.0.17.0 2009.12.22 - eTrust-Vet 35.1.7192 2009.12.22 - F-Prot 4.5.1.85 2009.12.22 - F-Secure 9.0.15370.0 2009.12.22 - Fortinet 4.0.14.0 2009.12.22 - GData 19 2009.12.22 - Ikarus T3.1.1.79.0 2009.12.22 - Jiangmin 13.0.900 2009.12.22 - K7AntiVirus 7.10.926 2009.12.22 - Kaspersky 7.0.0.125 2009.12.23 - McAfee 5840 2009.12.22 - McAfee+Artemis 5840 2009.12.22 - McAfee-GW-Edition 6.8.5 2009.12.23 - Microsoft 1.5302 2009.12.22 - NOD32 4710 2009.12.22 - Norman 6.04.03 2009.12.22 - nProtect 2009.1.8.0 2009.12.22 - Panda 10.0.2.2 2009.12.15 - PCTools 7.0.3.5 2009.12.23 - Prevx 3.0 2009.12.23 - Rising 22.27.02.00 2009.12.23 - Sophos 4.49.0 2009.12.23 - Sunbelt 3.2.1858.2 2009.12.23 - Symantec 1.4.4.12 2009.12.23 - TheHacker 6.5.0.3.106 2009.12.23 - TrendMicro 9.120.0.1004 2009.12.22 - VBA32 3.12.12.0 2009.12.23 - ViRobot 2009.12.23.2103 2009.12.23 - VirusBuster 5.0.21.0 2009.12.22 - Additional information File size: 69512 bytes MD5...: 1073bf7c7fd50f373639b6df56f7a186 SHA1..: ff6a28f36f356ca2d53648cb50e357a413c2c018 SHA256: 8118010fb470b9e0fd77525f856b7b46861c626daf71dbef5eec09ef4f7cc658 ssdeep: 384:JiFpT9Cf0b/0iXfHmsGHwtMOUQUFYYYx2txRjMlc/B3jEjx2Oj1JR/rt:o1S 0b/RaY2txJMlcOjPR/x PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - pdfid.: - trid..: Unknown! sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 2. Systemlook log. SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 22:15 on 22/12/2009 by Matt (Administrator - Elevation successful) ========== filefind ========== Searching for "beep.sys" C:\i386\beep.sys --a--- 4224 bytes [21:37 13/09/2006] [10:00 10/08/2004] DA1F27D85E0D1525F6621372E7B685E9 -=End Of File=- 3. How is your computer? Please have a test on normal mode and tell us how it goes. Once the computer boots up, the window security center pops up in the system tray telling me I don't have a virus protection. After a minute or so, spysweeper loads and the security center disappears from the systray. Other than that everything looks back to normal, except for shutting down. When I'm shutting down in normal mode, it will not shut down and I usually will have to hold down the power button. Thank you, Matt

[inzanity]

Hi,

Please do the following:

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty in properly disabling your protective programs, refer to this link - How to Disable your Security Programs
--------------------------------------------------------------------

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>


FCopy::
C:\i386\beep.sys | c:\windows\System32\drivers\beep.sys
c:\windows\system32\dllcache\wuauclt.exe | c:\windows\System32\wuauclt.exe

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

--Next--

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. Please save it to a convenient location and post back the log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.

To post in your next reply:
1. CFScript log.
2. Malwarebytes' log.

[reedon]

I have found that when the computer is on idle for 10 minutes or more, when I come back to use the computer no programs will load. I can move the mouse, the computer isn't frozen, it's just the programs will not start. At that point, I've been restarting and then everything is back to normal unless I let the computer idle again. Also I was online today, I was prompted by another virus protection scam; however this time spysweeper caught it. That never use to happen, i was on rivals.com; not a sketchy website at all.

Thanks again for your continued guidance!!!!


ComboFix 09-12-20.08 - Matt 2009-12-23 21:42:25.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1514 [GMT -5:00]
Running from: c:\documents and settings\Matt\Desktop\Clean up Programs\Combo-Fix.exe
Command switches used :: c:\documents and settings\Matt\Desktop\Clean up Programs\CFScript.txt
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot AntiVirus with Spy Sweeper *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\Webroot\SPYSWE~1\Backup\ntSVc.ocx

.
--------------- FCopy ---------------

c:\i386\beep.sys --> c:\windows\System32\drivers\beep.sys
c:\windows\system32\dllcache\wuauclt.exe --> c:\windows\System32\wuauclt.exe
.
((((((((((((((((((((((((( Files Created from 2009-11-24 to 2009-12-24 )))))))))))))))))))))))))))))))
.

2009-12-24 02:42 . 2008-10-16 19:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-12-24 02:42 . 2008-10-16 19:09 51224 ----a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-12-24 02:42 . 2004-08-10 10:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-12-24 02:42 . 2004-08-10 10:00 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-12-24 01:42 . 2009-11-18 16:53 1817704 ------w- c:\documents and settings\Matt\Application Data\Webroot\Spy Sweeper\AvUpdates\VEEX.DLL
2009-12-24 01:42 . 2009-11-18 16:53 134184 ------w- c:\documents and settings\Matt\Application Data\Webroot\Spy Sweeper\AvUpdates\SAVMSCM.DLL
2009-12-24 01:42 . 2009-11-18 16:53 494696 ------w- c:\documents and settings\Matt\Application Data\Webroot\Spy Sweeper\AvUpdates\SAVI.DLL
2009-12-24 01:42 . 2009-11-18 16:53 118847 ------w- c:\documents and settings\Matt\Application Data\Webroot\Spy Sweeper\AvUpdates\OSDP.DLL
2009-12-21 20:35 . 2009-12-21 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-12-21 17:02 . 2009-12-21 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-18 02:26 . 2009-12-18 02:26 -------- d-----w- c:\documents and settings\Becky\Application Data\Malwarebytes
2009-12-18 01:27 . 2009-12-18 01:27 -------- d-----w- c:\documents and settings\Becky\Local Settings\Application Data\Mozilla
2009-12-04 15:03 . 2009-12-04 15:03 251376 ----a-w- c:\documents and settings\Matt\Application Data\Mozilla\plugins\npgoogletalk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 02:36 . 2006-09-12 01:40 -------- d-----w- c:\program files\Dl_cats
2009-12-23 03:57 . 2006-10-01 15:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-23 03:53 . 2007-01-15 05:01 -------- d-----w- c:\program files\NewzToolz
2009-12-23 03:53 . 2009-02-08 02:16 -------- d-----w- c:\program files\Punch! Home Design - Platinum
2009-12-23 03:50 . 2008-05-30 04:01 -------- d-----w- c:\documents and settings\Matt\Application Data\Vso
2009-12-23 03:46 . 2007-05-26 16:27 -------- d-----w- c:\program files\NCH Swift Sound
2009-12-23 03:44 . 2006-11-05 03:41 -------- d-----w- c:\program files\Visicom Media
2009-12-23 03:44 . 2007-01-15 17:05 -------- d-----w- c:\program files\DVDFab Platinum
2009-12-22 00:53 . 2009-08-29 23:40 164 ----a-w- c:\windows\install.dat
2009-12-21 19:30 . 2008-10-27 21:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-21 15:18 . 2007-05-27 22:59 92328 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-12-03 21:14 . 2008-10-27 21:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13 . 2008-10-27 21:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-22 17:41 . 2009-11-22 17:40 -------- d-----w- c:\program files\iTunes
2009-11-22 17:40 . 2009-11-22 17:40 -------- d-----w- c:\program files\iPod
2009-11-22 17:40 . 2007-09-08 13:56 -------- d-----w- c:\program files\Common Files\Apple
2009-11-22 17:37 . 2006-10-14 14:17 -------- d-----w- c:\program files\QuickTime
2009-11-22 17:32 . 2009-11-22 17:32 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-19 16:14 . 2009-11-19 16:14 4732800 ----a-w- c:\documents and settings\All Users\Application Data\Flip Video\FlipShare\Updates\FirmwareExec_Windows_en-US_83.06_83.07\FlipVideoFWUpdate.exe
2009-11-06 20:19 . 2008-04-11 21:26 1563008 ----a-w- c:\windows\WRSetup.dll
2009-11-06 17:00 . 2008-04-11 21:26 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 17:00 . 2008-04-11 21:26 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 17:00 . 2009-04-21 22:27 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-10-20 16:54 . 2009-10-20 16:54 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\English\setup.exe
2009-09-26 22:28 . 2009-09-26 22:28 69512 ---ha-w- c:\windows\system32\mlfcache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-05-13 19:34 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 68856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-12-12 1840424]
"Google Update"="c:\documents and settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-31 133104]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-07 169984]
"dlcimon.exe"="c:\program files\Dell AIO Printer 946\dlcimon.exe" [2006-02-14 430080]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-06 570664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"DLCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-02-24 73728]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-7 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCICATS]
2006-02-24 21:30 73728 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\dlcitime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-06-16 20:39 7323648 ----a-w- c:\windows\system32\nvcpl.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\dlcicoms.exe"=
"c:\\Program Files\\Yahoo! Games\\Scrabble\\Scrabble.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero MediaHome\\NMMediaServer.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Documents and Settings\\Matt\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Matt\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-04-21 5:27 PM 29808]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [2009-08-29 6:42 PM 1201640]
R3 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-01-30 8:41 PM 33808]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [2006-11-18 155264]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?rls=ig
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Matt\Application Data\Mozilla\Firefox\Profiles\1ys9arm5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 21:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-12-23 21:51:19
ComboFix-quarantined-files.txt 2009-12-24 02:51
ComboFix2.txt 2009-12-21 20:12

Pre-Run: 153,528,741,888 bytes free
Post-Run: 153,828,450,304 bytes free

- - End Of File - - 7C5D08E323FFA999AC580564D258506C


Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

2009-12-23 10:03:17 PM
mbam-log-2009-12-23 (22-03-17).txt

Scan type: Quick Scan
Objects scanned: 126619
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by reedon, 23 December 2009 - 09:20 PM.

[inzanity]

Hi,

Please do a scan with Kaspersky Online Scanner.

• Click on the Accept button and install any components it needs.
• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Once the scan is complete, click on View scan report To obtain the report:
• Click on: Save Report As
• Next, in the Save as prompt, Save in area, select: Desktop
• In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
• Then, click: Save
• Please post the Kaspersky Online Scanner Report in your reply.

--Next--

Please run another DDS scan for me please then post the log. Thank you.

To post in your next reply:
1. Kaspersky log.
2. DDS log.
3. Is your computer experiencing any redirects?

[reedon]

1. I couldn't get the Kapersky website to work. Everytime I visit the site, a message box pops and says 'please establish an uninterrupted internet connection.' I'm not sure what to do...nothing else is running. 2. DDS (Ver_09-06-26.01) - NTFSx86 Run by Matt at 20:50:53.09 on 2009-12-25 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1318 [GMT -5:00] AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597} FW: Webroot AntiVirus with Spy Sweeper *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE} ============== Running Processes =============== C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell AIO Printer 946\dlcimon.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Digital Line Detect\DLG.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\dlcicoms.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\update\update.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\pchealth\helpctr\binaries\HSCUpd.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\Documents and Settings\Matt\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/webhp?rls=ig uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll TB: VMN Toolbar: {4e7bd74f-2b8d-469e-8da9-fd60bb9aae33} - c:\progra~1\vmntoo~1\VMNTOO~1.DLL uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE" uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 uRun: [Google Update] "c:\documents and settings\matt\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" uRunOnce: [TSClientMSIUninstaller] "cmd.exe" /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" uRunOnce: [TSClientAXDisabler] "cmd.exe" /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" mRun: [ehTray] "c:\windows\ehome\ehtray.exe" mRun: [SigmatelSysTrayApp] "stsystra.exe" mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [DMXLauncher] "c:\program files\dell\media experience\DMXLauncher.exe" mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [dlcimon.exe] "c:\program files\dell aio printer 946\dlcimon.exe" mRun: [PinnacleDriverCheck] "c:\windows\system32\PSDrvCheck.exe" -CheckReg mRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe" mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe" mRun: [NeroFilterCheck] "c:\program files\common files\nero\lib\NeroCheck.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [DLCICATS] "rundll32" c:\windows\system32\spool\drivers\w32x86\3\DLCItime.dll,_RunDLLEntry@16 mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\matt\applic~1\mozilla\firefox\profiles\1ys9arm5.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ============= SERVICES / DRIVERS =============== R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808] R2 FlipShare Service;FlipShare Service;c:\program files\flip video\flipshare\FlipShareService.exe [2009-11-19 455944] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240] R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-8-29 1201640] R3 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?] R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-1-30 33808] S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2005-8-16 26144] S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [2006-11-18 155264] =============== Created Last 30 ================ 2009-12-25 20:48 <DIR> --d----- c:\windows\system32\scripting 2009-12-25 20:48 <DIR> --d----- c:\windows\l2schemas 2009-12-25 20:48 <DIR> --d----- c:\windows\system32\en 2009-12-25 20:48 <DIR> --d----- c:\windows\system32\bits 2009-12-25 20:40 33,656 a------- c:\windows\system32\sprecovr.exe 2009-12-25 20:23 <DIR> --dsh--- c:\documents and settings\matt\IECompatCache 2009-12-25 08:57 <DIR> --d----- C:\74859cb24b62ebf5be7c4b033b 2009-12-24 15:47 285,184 a------- c:\windows\system32\SET372.tmp 2009-12-24 15:46 32,768 -------- c:\windows\system32\setupn.exe 2009-12-24 15:42 25,471 -------- c:\windows\system32\drivers\watv10nt.sys 2009-12-24 09:47 <DIR> --dsh--- c:\documents and settings\matt\PrivacIE 2009-12-24 09:46 <DIR> --dsh--- c:\documents and settings\matt\IETldCache 2009-12-24 09:18 12,800 -------- c:\windows\system32\dllcache\xpshims.dll 2009-12-24 09:18 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll 2009-12-24 09:18 <DIR> --d----- c:\windows\ie8updates 2009-12-24 09:18 92,160 -------- c:\windows\system32\dllcache\iecompat.dll 2009-12-24 09:17 <DIR> -cd-h--- c:\windows\ie8 2009-12-23 22:36 <DIR> --d----- c:\windows\ServicePackFiles 2009-12-23 22:00 153,088 -------- c:\windows\system32\dllcache\triedit.dll 2009-12-23 22:00 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx 2009-12-23 21:59 655,872 -------- c:\windows\system32\dllcache\mstscax.dll 2009-12-23 21:42 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe 2009-12-23 21:42 4,224 a------- c:\windows\system32\dllcache\beep.sys 2009-12-23 21:42 4,224 -------- c:\windows\system32\drivers\beep.sys 2009-12-21 15:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure 2009-12-21 14:43 161,792 a------- c:\windows\SWREG.exe 2009-12-21 14:43 98,816 a------- c:\windows\sed.exe 2009-12-21 14:43 77,312 a------- c:\windows\MBR.exe 2009-12-21 12:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files 2009-12-07 13:41 1,015 a----r-- C:\logFile.xsl ==================== Find3M ==================== 2009-12-25 09:24 92,328 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-12-09 22:54 261,632 a------- c:\windows\PEV.exe 2009-12-03 16:14 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-03 16:13 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-11-06 15:19 1,563,008 a------- c:\windows\WRSetup.dll 2009-11-06 12:00 176,752 a------- c:\windows\system32\drivers\ssidrv.sys 2009-11-06 12:00 23,152 a------- c:\windows\system32\drivers\sshrmd.sys 2009-11-06 12:00 29,808 a------- c:\windows\system32\drivers\ssfs0bbc.sys 2009-10-29 02:46 133,120 a------- c:\windows\system32\dllcache\extmgr.dll 2009-10-29 02:45 916,480 a------- c:\windows\system32\wininet.dll 2009-10-29 02:45 916,480 -------- c:\windows\system32\dllcache\wininet.dll 2009-10-29 02:45 5,940,736 -------- c:\windows\system32\dllcache\mshtml.dll 2009-10-29 02:45 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll 2009-10-29 02:45 206,848 -------- c:\windows\system32\dllcache\occache.dll 2009-10-29 02:45 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll 2009-10-29 02:45 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll 2009-10-29 02:45 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll 2009-10-29 02:45 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll 2009-10-29 02:45 184,320 -------- c:\windows\system32\dllcache\iepeers.dll 2009-10-29 02:45 11,069,952 -------- c:\windows\system32\dllcache\ieframe.dll 2009-10-29 02:45 387,584 -------- c:\windows\system32\dllcache\iedkcs32.dll 2009-10-28 09:40 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-10-28 09:36 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-10-21 01:00 75,776 -------- c:\windows\system32\strmfilt.dll 2009-10-21 01:00 25,088 -------- c:\windows\system32\httpapi.dll 2009-10-13 05:53 266,752 -------- c:\windows\system32\oakley.dll 2009-10-12 08:54 112,128 -------- c:\windows\system32\rastls.dll 2009-10-12 08:54 69,632 -------- c:\windows\system32\raschap.dll 2008-05-29 23:01 47,360 a------- c:\docume~1\matt\applic~1\pcouffin.sys 2007-10-15 13:11 5,452,407 a------- c:\documents and settings\matt\Tech Project.zip 2006-11-16 20:18 560 a---h--- c:\docume~1\matt\applic~1\ViewerApp.dat ============= FINISH: 20:51:04.26 =============== 3. The shutting down has improved. No other issues online. The Kaspersky message bugs me, I'm not sure if it's my computer effecting my internet connection or if it is a isp issue. Thanks again for your help, I would be computer shopping if it weren't for you! Reedon

Attached Files

•  Attach.txt   23.22KB   358 downloads

[inzanity]

Hi,

Kaspersky is finicky, let's try this one instead:

Go here to run an online scanner from ESET.

• Note: You will need to use Internet explorer for this scan
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activeX control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
• Copy and paste that log as a reply to this topic and also let me know how things are now.

[reedon]

This one worked!!! Thanks for your continued expertise!!!! ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=dd3ec82031be3f479cfccdd9288f7957 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-12-28 03:39:15 # local_time=2009-12-27 10:39:15 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 35970498 35970498 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=175244 # found=5 # cleaned=0 # scan_time=5933 C:\My Downloaded Software\Nero-8.3.2.1_eng_update.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I C:\My Downloaded Software\Pinnacle_Studio_9.3.5_MultiLanguage + Hollywood Fx 5.1 Plus Extra Packs.zip probably a variant of Win32/TrojanDownloader.Zlob trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTtbenymstkv.dll.vir a variant of Win32/Kryptik.BNX trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1101\A0171479.dll a variant of Win32/Kryptik.BNX trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1101\A0171589.exe Win32/PrcView application 00000000000000000000000000000000 I

[inzanity]

Hi,

Please go to the site below to scan the following files:
Virus Total

Click on Browse, and upload the following file for analysis or copy/paste the text below into the browse box:
C:\My Downloaded Software\Pinnacle_Studio_9.3.5_MultiLanguage + Hollywood Fx 5.1 Plus Extra Packs.zip

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.

--Next--

Download Rooter.exe to your desktop

• Then doubleclick it to start the tool
• A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here.

To post in your next reply:
1. Virus Total log.
2. Rooter log.

[reedon]

1.The website says 'Bigger than max permited size.' Can I just delete that folder? I don't use that software any longer. 2. Rooter.exe (v1.0.2) by Eric_71 . SeDebugPrivilege granted successfully ... . Windows XP . (5.1.2600) Service Pack 3 [32_bits] - x86 Family 6 Model 15 Stepping 6, GenuineIntel . [wscsvc] (Security Center) RUNNING (state:4) [SharedAccess] RUNNING (state:4) Windows Firewall -> Enabled . Internet Explorer 8.0.6001.18702 Mozilla Firefox 3.0.6 (en-US) . C:\ [Fixed-NTFS] .. ( Total:228 Go - Free:137 Go ) D:\ [CD_Rom] E:\ [CD_Rom] F:\ [Removable] G:\ [Removable] H:\ [Removable] I:\ [Removable] J:\ [Removable] M:\ [Fixed-FAT32] .. ( Total:74 Go - Free:15 Go ) . Scan : 09:59.27 Path : C:\Documents and Settings\Matt\Desktop\Rooter.exe User : Matt ( Administrator -> YES ) . ----------------------\\ Processes . Locked [System Process] (0) ______ System (4) ______ \SystemRoot\System32\smss.exe (676) ______ \??\C:\WINDOWS\system32\csrss.exe (748) ______ \??\C:\WINDOWS\system32\winlogon.exe (772) ______ C:\WINDOWS\system32\services.exe (816) ______ C:\WINDOWS\system32\lsass.exe (828) ______ C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (984) ______ C:\WINDOWS\system32\svchost.exe (1028) ______ C:\WINDOWS\system32\svchost.exe (1100) ______ C:\WINDOWS\System32\svchost.exe (1240) ______ C:\WINDOWS\system32\svchost.exe (1308) ______ C:\WINDOWS\system32\svchost.exe (1472) ______ C:\WINDOWS\system32\spoolsv.exe (1628) ______ C:\WINDOWS\system32\svchost.exe (1804) ______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1836) ______ C:\Program Files\Bonjour\mDNSResponder.exe (1848) ______ C:\WINDOWS\eHome\ehRecvr.exe (1888) ______ C:\WINDOWS\eHome\ehSched.exe (2004) ______ C:\Program Files\Flip Video\FlipShare\FlipShareService.exe (2024) ______ C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (264) ______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (316) ______ C:\Program Files\Microsoft LifeCam\MSCamS32.exe (352) ______ C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (448) ______ C:\WINDOWS\system32\nvsvc32.exe (564) ______ C:\WINDOWS\system32\IoctlSvc.exe (588) ______ C:\WINDOWS\system32\svchost.exe (740) ______ C:\WINDOWS\system32\svchost.exe (1216) ______ C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (1420) ______ C:\WINDOWS\ehome\mcrdsvc.exe (616) ______ C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe (1732) ______ C:\WINDOWS\system32\wbem\wmiprvse.exe (2356) ______ C:\WINDOWS\Explorer.EXE (2400) ______ C:\WINDOWS\system32\dllhost.exe (2472) ______ C:\WINDOWS\system32\wbem\unsecapp.exe (2544) ______ C:\WINDOWS\ehome\ehtray.exe (2728) ______ C:\WINDOWS\stsystra.exe (2800) ______ C:\WINDOWS\eHome\ehmsas.exe (2848) ______ C:\WINDOWS\System32\alg.exe (2876) ______ C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (2884) ______ C:\Program Files\Dell\Media Experience\DMXLauncher.exe (2940) ______ C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (2976) ______ C:\Program Files\Dell AIO Printer 946\dlcimon.exe (3056) ______ C:\WINDOWS\system32\dlcicoms.exe (3188) ______ C:\Program Files\Google\Google Talk\googletalk.exe (3360) ______ C:\Program Files\iTunes\iTunesHelper.exe (3620) ______ C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (3640) ______ C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (3680) ______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3724) ______ C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (3756) ______ C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (3848) ______ C:\Program Files\RocketDock\RocketDock.exe (3908) ______ C:\WINDOWS\System32\svchost.exe (4004) ______ C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (2192) ______ C:\Program Files\Digital Line Detect\DLG.exe (1300) ______ C:\Program Files\iPod\bin\iPodService.exe (3240) ______ C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (1552) ______ C:\Program Files\Internet Explorer\iexplore.exe (532) ______ C:\Program Files\Internet Explorer\iexplore.exe (3500) ______ C:\Documents and Settings\Matt\Desktop\Rooter.exe (3072) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [Sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:49319424) \Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:49351680 | Length:244957063680) \Device\Harddisk0\Partition3 (Start_Offset:245006415360 | Length:4984519680) . ----------------------\\ Scheduled Tasks . C:\WINDOWS\Tasks\AppleSoftwareUpdate.job C:\WINDOWS\Tasks\desktop.ini C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2737939767-1837397024-4018921267-1006Core.job C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2737939767-1837397024-4018921267-1006UA.job C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IcePick_exe.job C:\WINDOWS\Tasks\SA.DAT C:\WINDOWS\Tasks\User_Feed_Synchronization-{BA676629-1EA5-4A2E-805E-25111604B6E9}.job C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job C:\WINDOWS\Tasks\wrSpySweeper_LFD6D6859EB35467B9A30BFE380650178.job . ----------------------\\ Registry . . ----------------------\\ Files & Folders . ----------------------\\ Scan completed at 10:00.45 . C:\Rooter$\Rooter_1.txt - (30/12/2009 | 10:00.45) Thanks again for your help. I really appreciate it!!!! Reedon

[inzanity]

Hi,

Click on Start then Run, on the Run box, copy and paste the following text inside the quotebox:

cmd /c del /f/a/q "C:\My Downloaded Software\Pinnacle_Studio_9.3.5_MultiLanguage + Hollywood Fx 5.1 Plus Extra Packs.zip"

Click OK.

--Next--

Your computer now looks clean!

Let's do a little clean up.

Delete DDS, RootRepeal, SystemLook and all the logs we've created.

You can keep Malwarebytes, it is an excellent malware removal tool. Update atleast once a week then run a complete scan.

--Next--
Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

--Next--
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall



--Next--

You need to create a new Clean restore point.
Click Start Menu > Run > copy and paste

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it (something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Remove all previous Restore Points
Click Start Menu > Run > copy and paste

cleanmgr

At top, click on More Options tab. Click Clean up... button in the System Restore box. Click on Yes button. When finished, click on Cancel button to exit.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.

--Next--

Adobe
You can get the latest version here.
Or you can download and install Foxit Reader.


To keep your operating system up to date visit

• Secunia Software inspector to check your program update status.
• Microsoft Windows Update .

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer More Secure

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab.
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
  
  
  • Change the Download signed ActiveX controls to Prompt.
  • Change the Download unsigned ActiveX controls to Disable.
  • Change the Initialise and script ActiveX controls not marked as safe to Disable.
  • Change the Installation of desktop items to Prompt.
  • Change the Launching programs and files in an IFRAME to Prompt.
  • Change the Navigate sub-frames across different domains to Prompt.
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

2. Update your Anti-Virus Software - I can not overemphasize the need for you to update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

3. Make sure you keep your Windows OS current by visiting Windows update regularly to download and install any critical updates and service packs. Without these you are leaving the back door open.

4. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

5. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

6. SpywareBlaster - Download and install SpywareBlaster. This program prevents the installation of ActiveX-based spyware and other potentially unwanted programs.

7. Protect your computer from internet threats with SandboxIE. This program isolates Internet Explorer from the rest of your operating system, 'sandboxing' it away - so malicious websites can't do damage to the rest of your system. There is a Getting Started guide on their website.

8. Some excellent free firewalls. Note: Use only one firewall at a time.
Agnitum Outpost Firewall
Comodo Firewall - If you are installing this and already have an anti spyware then please do not install Comodo's anti spyware program.
Online Armor Personal Firewall

9. And finally, please read these excellent articles:
Malware: Help prevent the Infection by Sandi Hardmeier,
Preventing Malware - Tools and Practices for Safe Computing

For more safe computing tips please read the guide by Rorschach112 on how to prevent malware and about safe computing here.



Goodluck, happy computing and stay clean!

[oldman960]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.