Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91803 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Bogus Security Warnings - Maybe?


  • This topic is locked This topic is locked
8 replies to this topic

#1 idontno

idontno

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 07 March 2007 - 03:25 PM

I keep getting security warnings either popping up on my desktop or in my system tray. When I click [OK] I get sent to a website trying to sell me anti-malware. These sites are also marked as bad by McAfee SiteAdvisor. So, here's the logs from the scans I did (in order scanned).

Ad-Aware - Safe Mode
AVG Anti-Spyware - Safe Mode
Spybot SD - Safe Mode - Didn't find anything, so no post
Kaspersky Online - Safe Mode
RootkitRevealer - Normal Mode
HijackThis - Normal Mode

-----------------------------------------------------------------------------------------------------------------------------
Ad-Aware...

Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, March 07, 2007 11:07:15 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R157 05.03.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Other(TAC index:5):1 total references
SpyDawn(TAC index:3):1 total references
Tracking Cookie(TAC index:3):32 total references
Win32.Trojandownloader.Zlob(TAC index:10):19 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Dump details about unhandled exceptions to disk
Set : Play sound at scan completion if scan locates critical objects


3-7-2007 11:07:15 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 560
ThreadCreationTime : 3-7-2007 4:02:51 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 608
ThreadCreationTime : 3-7-2007 4:02:55 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 3-7-2007 4:02:56 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 676
ThreadCreationTime : 3-7-2007 4:02:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 688
ThreadCreationTime : 3-7-2007 4:02:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 844
ThreadCreationTime : 3-7-2007 4:03:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 912
ThreadCreationTime : 3-7-2007 4:03:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1056
ThreadCreationTime : 3-7-2007 4:03:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1084
ThreadCreationTime : 3-7-2007 4:03:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1224
ThreadCreationTime : 3-7-2007 4:03:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1596
ThreadCreationTime : 3-7-2007 4:03:16 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [cpserver.exe]
FilePath : C:\Program Files\SurfControl\CyberPatrol\
ProcessID : 1784
ThreadCreationTime : 3-7-2007 4:03:18 PM
BasePriority : Normal
FileVersion : 7, 6, 0, 63
ProductVersion : 7.6.0.63
ProductName : CyberPatrol®
CompanyName : SurfControl plc.
FileDescription : CyberPatrol® Server
InternalName : CyberPatrol® Server
LegalCopyright : Copyright © 1996-2006 SurfControl plc.
OriginalFilename : cpserver.exe

#:13 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2000
ThreadCreationTime : 3-7-2007 4:03:52 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@adopt.euroclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@adopt.euroclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@ads.pointroll[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@ads.pointroll[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@apmebf[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@apmebf[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@bfast[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@bfast[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@bluestreak[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@bluestreak[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@ehg-findlaw.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@ehg-findlaw.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@insightexpressai[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@insightexpressai[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@perf.overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@revsci[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@revsci[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@tacoda[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@tacoda[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@tradedoubler[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@trafficmp[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@trafficmp[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@unicast[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@unicast[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@adopt.euroclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@adopt.euroclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@ads.pointroll[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@ads.pointroll[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@bluestreak[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@bluestreak[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@buy[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@buy[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@insightexpressai[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@insightexpressai[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@mediaplex[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@mediaplex[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@revsci[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@revsci[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@tradedoubler[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@trafficmp[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@trafficmp[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : wonderfulme@AdRotator[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\WONDERFULME\Cookies\wonderfulme@AdRotator[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : wonderfulme@AdRotator[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\WONDERFULME\Cookies\wonderfulme@AdRotator[3].txt

Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : iesplugin.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\Video Access ActiveX Object\



Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : pmsnrr.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\Video Access ActiveX Object\



Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0001492.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP10\



Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0001605.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP11\



Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0001651.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP11\



SpyDawn Object Recognized!
Type : File
Data : A0001662.exe
TAC Rating : 3
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP11\
FileVersion : 3.0.0.0
ProductVersion : 3.0.0.0
ProductName : SpyDawn
CompanyName : SpyDawn.com
FileDescription : Anti- spyware and adware
InternalName : SpyDawn.exe
LegalCopyright : © SpyDawn.com. All rights reserved.
OriginalFilename : SpyDawn.exe


Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0001694.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP12\



Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0001710.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP12\



Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0001718.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP12\



Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0001726.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP12\



Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0002741.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP13\



Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0004744.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP14\



Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0005762.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP15\



Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0001456.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP9\



Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0001467.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP9\



Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0001478.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP9\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 48


Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 48


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 48


Deep scanning and examining files (H:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for H:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 48


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 48




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\internet security

Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\internet security
Value : 65007

Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\policies\explorer\run
Value : user32.dll

Win32.Trojandownloader.Zlob Object Recognized!
Type : Folder
TAC Rating : 10
Category : Malware
Comment : Win32.Trojandownloader.Zlob
Object : C:\Program Files\Video Access ActiveX Object

Other Object Recognized!
Type : File
Data : PMSNRR.EXE-06CA8879.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 53

11:25:03 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:17:47.657
Objects scanned:290661
Objects identified:54
Objects ignored:0
New critical objects:54

-----------------------------------------------------------------------------------------------------------------------------
AVG...

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:19:31 PM 3/7/2007

+ Scan result:



C:\WINDOWS\system32\SearchTool\uninstallSE.exe -> Adware.Beginto : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP16\A0005861.dll -> Adware.ProtectionBar : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP10\A0001534.ini -> Adware.Qworke : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP11\A0001660.exe -> Adware.Trymedia : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP11\A0001661.exe -> Adware.Trymedia : No action taken.
C:\Documents and Settings\ANDY\Local Settings\Temp\lafFC.tmp -> Adware.WorldSecurityOnline : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP16\A0005867.exe -> Downloader.Zlob.bng : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP16\A0005862.exe -> Downloader.Zlob.bor : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP10\A0001491.dll -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP10\A0001493.exe -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP11\A0001604.dll -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP11\A0001606.exe -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP11\A0001652.dll -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP11\A0001653.exe -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP11\A0001657.exe -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP16\A0005863.dll -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP16\A0005864.exe -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP16\A0005865.exe -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP9\A0001454.dll -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP9\A0001455.exe -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP9\A0001466.dll -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP9\A0001468.exe -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP9\A0001476.dll -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP9\A0001477.exe -> Downloader.Zlob.bpf : No action taken.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.36:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Dealtime : No action taken.
C:\Documents and Settings\ANDY\Cookies\andy@www.dealtime[2].txt -> TrackingCookie.Dealtime : No action taken.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@enhance[2].txt -> TrackingCookie.Enhance : No action taken.
:mozilla.106:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Real : No action taken.
:mozilla.24:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Real : No action taken.
:mozilla.25:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Real : No action taken.
:mozilla.26:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Real : No action taken.
:mozilla.27:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Real : No action taken.
:mozilla.28:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Real : No action taken.
:mozilla.29:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Real : No action taken.
:mozilla.30:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Real : No action taken.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.27:C:\Documents and Settings\ANDY\Application Data\Mozilla\Profiles\default\k0dwrfg2.slt\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.28:C:\Documents and Settings\ANDY\Application Data\Mozilla\Profiles\default\k0dwrfg2.slt\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.92:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.93:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.94:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@anat.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@login.tracking101[2].txt -> TrackingCookie.Tracking101 : No action taken.


::Report end

-----------------------------------------------------------------------------------------------------------------------------
Kaspersky Online...

Wednesday, March 07, 2007 2:55:53 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/03/2007
Kaspersky Anti-Virus database records: 262751


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics
Total number of scanned objects 159730
Number of viruses found 1
Number of infected objects 6 / 0
Number of suspicious objects 0
Duration of the scan process 01:21:38

Infected Object Name Virus Name Last Action
C:\Andy\Anti-Malware\AdvancedSpywareRemover\ASRLSetup.exe/Stream/data0001 Infected: Backdoor.Win32.VB.ate skipped

C:\Andy\Anti-Malware\AdvancedSpywareRemover\ASRLSetup.exe/Stream Infected: Backdoor.Win32.VB.ate skipped

C:\Andy\Anti-Malware\AdvancedSpywareRemover\ASRLSetup.exe Inno: infected - 2 skipped

C:\Andy\Anti-Malware\AdvancedSpywareRemover\Update\ASRLSetup.exe/Stream/data0001 Infected: Backdoor.Win32.VB.ate skipped

C:\Andy\Anti-Malware\AdvancedSpywareRemover\Update\ASRLSetup.exe/Stream Infected: Backdoor.Win32.VB.ate skipped

C:\Andy\Anti-Malware\AdvancedSpywareRemover\Update\ASRLSetup.exe Inno: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\05acee3c1fc5626b63818dc1e0163c29_0b868c2e-0d3e-4380-8488-a2adfccc296f Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e124cf757ec97ef8f507228db12f588_0b868c2e-0d3e-4380-8488-a2adfccc296f Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\41d90e611b504966eb3c18ae7501549a_0b868c2e-0d3e-4380-8488-a2adfccc296f Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\afaef41ffcdc019a2d3e452c74fe06d4_0b868c2e-0d3e-4380-8488-a2adfccc296f Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d3d8feee505b4856cf6c6182a66a1e71_0b868c2e-0d3e-4380-8488-a2adfccc296f Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\ANDY\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\ANDY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\ANDY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\ANDY\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\ANDY\ntuser.dat Object is locked skipped

C:\Documents and Settings\ANDY\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP16\change.log Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

H:\ANDY\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

-----------------------------------------------------------------------------------------------------------------------------
Rootkit Revealer...

HKLM\S-1-5-21-606747145-1645522239-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings 3/7/2007 2:59 PM 87 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-606747145-1645522239-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{38E70A65-D629-E7F8-C433-120793699B6D}* 10/9/2006 10:51 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{38E70A65-D629-E7F8-C433-120793699B6D}\InProcServer32* 10/21/2006 12:36 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{F3EC8C23-88F0-45dd-9525-15E8B74569A1}\2_2001\P\7kWBEQG-gd7ad3H-E1te6TU-E6lC0\Data2 3/7/2007 2:58 PM 204 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 3/7/2007 2:59 PM 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\MSSYCLM\Start 3/7/2007 2:58 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System* 9/18/2006 10:24 AM 0 bytes Key name contains embedded nulls (*)
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173284541jtun_ncodat70307005-70307006.x01.full.zip 3/7/2007 3:03 PM 4.16 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\3236C040.TMP 3/7/2007 3:23 PM 0 bytes Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003 3/7/2007 10:32 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\Catalog.dat 11/23/2006 6:10 AM 1.74 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\full-webauth.sql.bin 3/7/2007 10:32 AM 3.99 MB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\Identifiers.xml.bin 3/7/2007 10:32 AM 629.75 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\Indicators.xml.bin 3/7/2007 10:32 AM 63.85 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\nppw.zip 3/7/2007 6:11 AM 289.77 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\PopularSites.xml.bin 3/7/2007 10:32 AM 2.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\Redirectors.xml.bin 3/7/2007 10:32 AM 46.32 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\Resources.xml.bin 3/7/2007 10:32 AM 556 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\SafeList.xml.bin 3/7/2007 10:32 AM 554.16 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\SearchServices.xml.bin 3/7/2007 10:32 AM 19.66 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\Throttle.xml.bin 3/7/2007 10:32 AM 454 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\TrustedDomains.xml.bin 3/7/2007 10:32 AM 242.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\URLAnalysis.xml.bin 3/7/2007 10:32 AM 555.43 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\v.grd 3/7/2007 2:05 AM 1.06 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\v.sig 3/7/2007 2:05 AM 2.21 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\virscan1.dat 3/7/2007 2:05 AM 32 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\WebHostingSites.xml.bin 3/7/2007 10:32 AM 20.99 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006 3/7/2007 3:03 PM 0 bytes Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\Catalog.dat 11/23/2006 6:10 AM 1.74 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\full-webauth.sql.bin 3/7/2007 3:03 PM 3.99 MB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\Identifiers.xml.bin 3/7/2007 3:03 PM 619.73 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\Indicators.xml.bin 3/7/2007 3:03 PM 63.85 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\nppw.zip 3/7/2007 3:03 PM 288.98 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\PopularSites.xml.bin 3/7/2007 3:03 PM 2.63 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\Redirectors.xml.bin 3/7/2007 3:03 PM 46.32 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\Resources.xml.bin 3/7/2007 3:03 PM 556 bytes Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\SafeList.xml.bin 3/7/2007 3:03 PM 554.21 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\SearchServices.xml.bin 3/7/2007 3:03 PM 19.66 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\Throttle.xml.bin 3/7/2007 3:03 PM 454 bytes Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\TrustedDomains.xml.bin 3/7/2007 3:03 PM 242.99 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\URLAnalysis.xml.bin 3/7/2007 3:03 PM 555.43 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\v.grd 3/7/2007 9:25 AM 1.06 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\v.sig 3/7/2007 9:25 AM 2.21 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\virscan1.dat 3/7/2007 9:25 AM 32 bytes Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\WebHostingSites.xml.bin 3/7/2007 3:03 PM 20.99 KB Hidden from Windows API.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP16\A0005890.data 3/7/2007 10:28 AM 29.54 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 3/7/2007 2:58 PM 64.00 KB Visible in Windows API, but not in MFT or directory index.

-----------------------------------------------------------------------------------------------------------------------------
HijackThis...

Logfile of HijackThis v1.99.1
Scan saved at 3:46:24 PM, on 3/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\SurfControl\CyberPatrol\cphq.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\SurfControl\CyberPatrol\cpserver.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SurfControl\CyberPatrol\cpACtrl.exe
C:\Program Files\SurfControl\CyberPatrol\cpCCtrl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SurfControl\CyberPatrol\cpkbinst.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Wisdom-soft ScreenHunter Free\ScreenHunter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f588.mail....d=aulbrmoupqfdn
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software&#

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 March 2007 - 09:12 PM

idontno :D

Welcome to Tom Coyote.

I need you to do two things, you did not provide a complete HJT log.

  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread.
  • Please use Posted Imageand not Posted Image
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.



Please download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.


I need to see the complete HJT log and the Smitfraud report.

Edited by ken545, 10 March 2007 - 09:13 PM.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#3 idontno

idontno

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 14 March 2007 - 11:33 AM

Here they are...

Logfile of HijackThis v1.99.1
Scan saved at 1:21:31 PM, on 3/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\SurfControl\CyberPatrol\cphq.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\SurfControl\CyberPatrol\cpserver.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SurfControl\CyberPatrol\cpACtrl.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\SurfControl\CyberPatrol\cpCCtrl.exe
C:\Program Files\SurfControl\CyberPatrol\cpkbinst.exe
C:\Program Files\Wisdom-soft ScreenHunter Free\ScreenHunter.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f588.mail....d=aulbrmoupqfdn
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [CyberPatrolNew] "C:\Program Files\SurfControl\CyberPatrol\cphq.exe" /m
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Startup: Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Startup: ScreenHunter 4.0 Free.lnk = C:\Program Files\Wisdom-soft ScreenHunter Free\ScreenHunter.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.mediabuilder.com
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/F...oad/tgctlar.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1161262044625
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1158499961359
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...866/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by12fd.bay12....ex/HMAtchmt.ocx
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

----------------------------------------------------------------------------------------------------------------------------

SmitFraudFix v2.148

Scan done at 13:25:41.31, Wed 03/14/2007
Run from C:\Documents and Settings\ANDY\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ANDY


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ANDY\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ANDY\FAVORI~1

C:\DOCUME~1\ANDY\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://www.cognitive...=w&sz=800&sb=1"
"SubscribedURL"="http://www.cognitive...ed.jpgw800.cdf"
"FriendlyName"="72_GlassBeadGameRevisited.jpg cognitivedistortion.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="http://www.cognitive...=s&sz=800&sb=1"
"SubscribedURL"="http://www.cognitive...ed.jpgs800.cdf"
"FriendlyName"="72_GlassBeadGameRevisited.jpg cognitivedistortion.com"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


.

#4 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 14 March 2007 - 11:55 AM

idontno, :D

Do this.

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop. <-- In case you deleted it

Download and install the 30 day trial of AVG Anti-Spyware 7.5 to your desktop.
  • Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run Ewido and update the definition files.
  • On the main screen select the icon Update then select the Update now link.
  • Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
  • Once in the Settings screen click on Recommended actions and then select Quarantine <-- Dont forget this
  • Under Reports
  • Select Automatically generate report after every scan
  • Un-Select Only if threats were found
  • Close AVG Anti-Spyware 7.5 <-- Do not run the scan yet.


Boot your computer into Safemode
  • Go to Start> Shut Off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly.
  • This will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to SAFEMODE
  • Then press the Enter on your Keyboard
Tutorial if you need it How to boot into Safemode



  • Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
  • Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
  • You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
  • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
  • The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart into normal Windows.
  • A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt






Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start> Control Panel and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete Offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button.
  • Click Apply then OK.







  • Launch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
  • Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
  • AVG will now begin the scanning process, be patient this may take a little time.
  • Once the scan is complete do the following:
  • If you have any infections you will prompted, then select Apply all actions
  • Next select the Reports icon at the top.
  • Select the Save report as button in the lower left hand of the screen and save it to a text file on your system
  • make sure to remember where you saved that file, this is important
  • Close AVG Anti-Spyware 7.5
IMPORTANT: Do not open any other windows or programs while AVG is scanning, it may interfere with the scanning process:




Reboot normally.
  • Open the SmitfraudFix folder and double-click smitfraudfix.cmd
  • Select option #3 - Delete Trusted zone by typing 3 and press Enter
  • Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.


Post the log from Smitfraud fix, the AVG Spyware log and a New HJT log please

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#5 idontno

idontno

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 16 March 2007 - 01:52 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:38:38 PM 3/16/2007

+ Scan result:



C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP16\A0005873.exe -> Adware.Beginto : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\WONDERFULME\Cookies\wonderfulme@www.adobe[2].txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\WONDERFULME\Cookies\wonderfulme@info[2].txt -> TrackingCookie.Info : Cleaned.
C:\Documents and Settings\WONDERFULME\Cookies\wonderfulme@web.info[2].txt -> TrackingCookie.Info : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\WONDERFULME\Cookies\wonderfulme@search.live[1].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\WONDERFULME\Cookies\wonderfulme@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.81:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\KATIE\Cookies\katie@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@www.paypal[2].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\WONDERFULME\Cookies\wonderfulme@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\KATIE\Cookies\katie@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.


::Report end

----------------------------------------------------------------------------------------------------------------------------

SmitFraudFix v2.148

Scan done at 14:25:09.32, Fri 03/16/2007
Run from C:\Documents and Settings\ANDY\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ANDY\FAVORI~1\Online Security Test.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

----------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:42:39 PM, on 3/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\SurfControl\CyberPatrol\cphq.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SurfControl\CyberPatrol\cpserver.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\SurfControl\CyberPatrol\cpACtrl.exe
C:\Program Files\SurfControl\CyberPatrol\cpCCtrl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SurfControl\CyberPatrol\cpkbinst.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Wisdom-soft ScreenHunter Free\ScreenHunter.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [CyberPatrolNew] "C:\Program Files\SurfControl\CyberPatrol\cphq.exe" /m
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Startup: Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Startup: ScreenHunter 4.0 Free.lnk = C:\Program Files\Wisdom-soft ScreenHunter Free\ScreenHunter.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

.

#6 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 16 March 2007 - 02:24 PM

idontno :D

C:\Program Files\MiniMind <- Is this a program that you know about and use?

Most of what AVG found where cookies and one bad entry in your System Restore program that was cleaned.

Remove this with HJT.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac


Download HostsXpert v3.7
  • Unzip HostXpert to your desktop
  • Open up the HostXpert program.
  • Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled.
  • Click Create Back Up
  • Then click on Restore Microsoft's Host Files
  • Close the HostXpert program



  • Your Java is out of date and leaving your system vulnerable.
  • Go to your Add-Remove Programs in the Control Panel and uninstall any previous versions of Java (J2SE Runtime Environment)
  • It should have an icon next to it:
    Posted Image
    Select it and click Remove.
  • Reboot your system.
  • Then go to the Sun Microsystems and install the update
  • Java Runtime Environment (JRE) 5.0 Update 11 <--This is what you need to download and install.
  • If you chose the online installation, it will prompt you to run the program.
  • If you chose the offline installation, you will be prompted to save the file and you can run it from wherever you saved it.
  • Then after install you can verify your installation here Sun Java Verify
I like to to do the offline installation and save the setup file in case I may need it in the future


The rest of your log looks fine, how are things running now? Post a new HJT log and let me go over it to make sure nothing has changed.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#7 idontno

idontno

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 23 March 2007 - 07:24 AM

Sorry it took so long. I was away for a few days.

Yes, I use Miniminder.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac is set by googles WebAccelerator.

Everything seems to be running fine now.

Thank you. :)

---------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:13:20 AM, on 3/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\SurfControl\CyberPatrol\cphq.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\SurfControl\CyberPatrol\cpserver.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SurfControl\CyberPatrol\cpACtrl.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Wisdom-soft ScreenHunter Free\ScreenHunter.exe
C:\Program Files\SurfControl\CyberPatrol\cpCCtrl.exe
C:\Program Files\SurfControl\CyberPatrol\cpkbinst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [CyberPatrolNew] "C:\Program Files\SurfControl\CyberPatrol\cphq.exe" /m
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Startup: ScreenHunter 4.0 Free.lnk = C:\Program Files\Wisdom-soft ScreenHunter Free\ScreenHunter.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - AppInit_DLLs: wbsys.dll "C:\PROGRA~1\Google\Web Accelerator\FASTSE~1.DLL"
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


.

#8 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 23 March 2007 - 10:20 AM

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac is set by googles WebAccelerator.
My bad :( I forgot to ask you if you knew what it was and use it.


The rest of your log looks fine :thumbup: :thumbup:


Malware Complaints
Are you mad ? I mean really mad, seething mad, so mad your ready to spit, mad that you have taken your hard earned dollars to buy a computer only to have some Miscredents, Dirt Bags and Cyber Criminals install a malicious program on your computer without your knowledge or consent. You can post your complaint at the above site. If you live in the U.S.A. you can also report your grievance to your State Attorney Generals Office and the Federal Trade Commission's Bureau of Consumer Protection.




How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.


Here are some free programs to install, don't leave home without them
  • Spybot Search and Destroy 1.4
    Check for Updates/ Immunize and run a Full System Scan on a regular basis.
  • Ad-Aware SE Personal 1.06
    Check for Updates and run a Full System Scan on a regular basis.
  • Spyware Blaster It will prevent most spyware from ever being installed.
  • Spyware Guard It offers realtime protection from spyware installation attempts.
  • Win Patrol This program will warn you when any changes are being made to your system and give you the option to deny the change.
  • IE-Spyad
    IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 2.0 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
  • Zone Alarm Here is a free Firewall from Zone Labs, I wouldn't access the internet without it.
Thanks for stopping by Tom Coyote , I'm glad I was able to help you. :D

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#9 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 25 March 2007 - 12:05 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users