Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] hijackthis log


  • This topic is locked This topic is locked
14 replies to this topic

#1 mikeymikey23

mikeymikey23

    New Member

  • New Member
  • Pip
  • 11 posts

Posted 14 October 2007 - 08:56 AM

hello! im a newbie here.. and also a new user of hijckthis,. i just wanna know if there's a problem with my system.. because sometimes it's too slow.. thanks! god bless..

Logfile of HijackThis v1.99.1
Scan saved at 10:37:21 PM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Other Softwares\DAP\DAP.EXE
E:\Other Softwares\HiJackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = %3clocal%3e:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Other Softwares\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DownloadAccelerator] "E:\Other Softwares\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: BlueSoleil.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - E:\Other Softwares\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Other Softwares\DAP\dapextie.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download &all with DAP - E:\Other Softwares\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1178201221656
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...crypt/npkcx.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: systems.txt
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: WBSrv - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - E:\Other Softwares\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - E:\OTHERS~1\SPEEDB~1\VideoAcceleratorEngine.exe
Posted Image
mikeymikey23
Posted Image
Posted Image

    Advertisements

Register to Remove


#2 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 16 October 2007 - 12:42 AM

Hi mikey23,

It appears that you have two antivirus programs running - AVG and NOD32. Running one antivirus program is essential, but having two can cause conflicts, slow your system down and even cause stability problems without improving your security. You should use just one antivirus program and if you want an "2nd opinion", use an online scanner like Kaspersky's.

If you have two antivirus programs installed, then before proceeding, please remove one of them.
Please make sure you choose one currently capable of receiving updates, because an antivirus program without updates cannot protect your system effectively. If you have any problems, please stop and let me know.

------------------------------------------------------------------------

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.

IMPORTANT: Do NOT run any other options until you are asked to do so!

If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C: ), and launch from there.

Note: process.exe is detected by some antivirus programs as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. Further info is available here.

------------------------------------------------------------------------

Download Deckard's System Scanner (DSS)
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply
------------------------------------------------------------------------

Once complete, please post the SmitfraudFix report and both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.
The logs may not fit into one post so please check that they are complete and use multiple posts if necessary.
ASAP & UNITE Member

#3 mikeymikey23

mikeymikey23

    New Member

  • New Member
  • Pip
  • 11 posts

Posted 17 October 2007 - 12:59 AM

here's what the two programs have scanned in my system..


SmitFraudFix v2.240

Scan done at 14:54:40.75, Wed 10/17/2007
Run from C:\Documents and Settings\pc\My Documents\My Completed Downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\SnoopFreeUI.exe
E:\Other Softwares\DAP\DAP.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Other Softwares\Ram Booster 2.0\Rambooster.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\pc


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\pc\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\pc\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="systems.txt"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 203.84.191.216
DNS Server Search Order: 121.1.3.208
DNS Server Search Order: 121.1.3.199
DNS Server Search Order: 121.1.3.250

HKLM\SYSTEM\CCS\Services\Tcpip\..\{14CE54A6-9DBD-4E16-8946-A6146E75118F}: DhcpNameServer=203.84.191.216 121.1.3.208 121.1.3.199 121.1.3.250
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=203.84.191.216 121.1.3.208 121.1.3.199 121.1.3.250


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Deckard's System Scanner v20071014.68
Run by pc on 2007-10-17 14:45:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
58: 2007-10-17 06:45:55 UTC - RP178 - Deckard's System Scanner Restore Point
57: 2007-10-17 06:24:14 UTC - RP177 - Installed AVG 7.5
56: 2007-10-17 06:20:05 UTC - RP176 - Removed AVG 7.5
55: 2007-10-13 14:58:53 UTC - RP175 - Installed Google Earth.
54: 2007-10-13 04:45:46 UTC - RP174 - Spyware Terminator - restore point


-- First Restore Point --
1: 2007-07-11 02:01:17 UTC - RP121 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 223 MiB (512 MiB recommended).


-- HijackThis (run as pc.exe) --------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-10-17 14:47:10
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\SnoopFreeSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTTrayp.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe
C:\WINDOWS\SnoopFreeUI.exe
E:\Other Softwares\DAP\DAP.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Other Softwares\Ram Booster 2.0\Rambooster.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\pc\My Documents\My Completed Downloads\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = %3clocal%3e:80
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Other Softwares\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "E:\Other Softwares\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [RamBooster] E:\Other Softwares\Ram Booster 2.0\Rambooster.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: BlueSoleil.lnk.disabled = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Clean Traces - E:\Other Softwares\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Other Softwares\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Other Softwares\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1178201221656
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...crypt/npkcx.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: systems.txt
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\system32\
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - E:\Other Softwares\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\ESET\nod32krn.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\system32\SnoopFreeSvc.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\Sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - E:\Other Softwares\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe


--
End of file - 10558 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R0 SnoopFree (SnoopFree Driver) - c:\windows\system32\drivers\snopfree.sys
R1 sp_rsdrv2 (Spyware Terminator Driver 2) - c:\windows\system32\drivers\sp_rsdrv2.sys
R2 sbbotdi - e:\other softwares\speedbit video accelerator\sbbotdi.sys <Not Verified; SpeedBit Ltd.; Speedbit TDI Driver>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 npkcrypt - c:\windows\system32\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 SnoopFreeSvc (Snoop Free Service) - system32\snoopfreesvc.exe
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>

S2 aawservice (Ad-Aware 2007 Service) - "e:\other softwares\lavasoft\ad-aware 2007\aawservice.exe" (file missing)
S2 npkcsvc - c:\windows\system32\npkcsvc.exe <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Service>
S3 sp_clamsrv (Spyware Terminator Clam Service) - "c:\program files\winclamavshield\sp_clamsrv.exe" <Not Verified; Crawler.com; Spyware Terminator>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth PAN Network Adapter
Device ID: ROOT\NET00
Manufacturer: IVT Corporation
Name: Bluetooth PAN Network Adapter
PNP Device ID: ROOT\NET00
Service: BT


-- Files created between 2007-09-17 and 2007-10-17 -----------------------------

2007-10-17 14:40:43 3374 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-17 14:39:37 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-17 14:39:37 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-10-17 14:39:36 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-17 14:39:35 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-10-17 14:39:34 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-10-17 14:24:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-16 21:22:21 0 dr-h----- C:\Documents and Settings\pc\Recent
2007-10-14 23:23:04 0 d-------- C:\Documents and Settings\pc\Application Data\Help
2007-10-14 21:17:47 0 dr-h----- C:\Documents and Settings\Guest\Recent
2007-10-14 21:02:57 0 dr-h----- C:\Documents and Settings\rhaisa\Recent
2007-10-13 23:00:21 0 d-------- C:\Program Files\Google
2007-10-13 18:48:42 0 dr-h----- C:\Documents and Settings\lyn\Recent
2007-10-12 22:18:18 4096 --a------ C:\WINDOWS\d3dx.dat
2007-10-10 14:28:19 0 d-------- C:\Documents and Settings\rhaisa\Application Data\Comodo
2007-10-07 10:35:45 0 d-------- C:\Program Files\Common Files\NSV
2007-10-04 16:37:58 0 d-------- C:\Documents and Settings\lyn\Application Data\Comodo
2007-10-03 22:42:57 0 d-------- C:\Documents and Settings\Guest\Application Data\Comodo
2007-10-03 21:32:21 0 d-------- C:\Documents and Settings\pc\Application Data\Comodo
2007-10-03 21:31:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-10-03 21:25:53 0 d-------- C:\Program Files\Comodo
2007-10-03 20:25:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Icon Constructor 3
2007-10-02 23:32:35 0 d-------- C:\Program Files\MegauploadToolbar
2007-10-02 23:32:33 0 d-------- C:\Documents and Settings\pc\Application Data\MegauploadToolbar
2007-09-23 22:07:11 0 d-------- C:\Documents and Settings\Guest\Application Data\Sun
2007-09-23 00:14:26 45056 --a------ C:\WINDOWS\SnoopFreeDll.dll
2007-09-23 00:14:24 221184 --a------ C:\WINDOWS\SnoopFreeUI.exe <Not Verified; SnoopFree Software; SnoopFree Privacy Shield>
2007-09-23 00:14:22 9472 --a------ C:\WINDOWS\system32\drivers\SnopFree.sys
2007-09-23 00:14:21 90112 --a------ C:\WINDOWS\system32\SnoopFreeSvc.exe
2007-09-21 20:46:54 0 d-------- C:\Documents and Settings\lyn\Application Data\gtk-2.0
2007-09-20 01:42:18 0 d-------- C:\Documents and Settings\rhaisa\Application Data\Spyware Terminator


-- Find3M Report ---------------------------------------------------------------

2007-10-16 20:45:55 0 d-------- C:\Program Files\Common Files
2007-10-16 20:39:26 0 d-------- C:\Program Files\Spyware Terminator
2007-10-16 20:15:05 0 d-------- C:\Program Files\WinClamAVShield
2007-10-16 20:13:11 0 d-------- C:\Documents and Settings\pc\Application Data\Spyware Terminator
2007-10-13 23:03:34 0 d-------- C:\Documents and Settings\pc\Application Data\Google
2007-10-13 12:51:05 0 d-------- C:\Documents and Settings\pc\Application Data\LimeWire
2007-10-11 18:50:06 0 d-------- C:\Documents and Settings\pc\Application Data\Winamp
2007-10-06 20:38:07 0 d-------- C:\Documents and Settings\pc\Application Data\Yahoo!
2007-09-30 16:25:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-13 10:51:30 3597312 --a------ C:\WINDOWS\system32\logonuiX.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-09-13 10:50:54 0 d-------- C:\Program Files\LogonStudio
2007-09-08 16:54:15 72239 --a------ C:\WINDOWS\War3Unin.dat
2007-08-18 20:35:31 0 d-------- C:\Documents and Settings\pc\Application Data\Real
2007-07-25 20:38:12 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [09/15/2006 06:07 AM C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [09/15/2006 06:07 AM C:\WINDOWS\system32\VTTrayp.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [05/03/2007 04:40 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"LClock"="C:\Program Files\LClock\LClock.exe" [09/20/2004 01:27 AM]
"SMSERIAL"="sm56hlpr.exe" [12/29/2004 07:01 AM C:\WINDOWS\sm56hlpr.exe]
"LogonStudio"="C:\Program Files\LogonStudio\logonstudio.exe" [09/03/2002 06:38 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [02/22/2007 07:53 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/24/2007 12:24 AM]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [02/10/2007 03:40 PM]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [02/07/2007 01:28 PM]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [09/19/2006 09:07 AM]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [09/09/2007 08:01 PM]
"SnoopFreeUI"="SnoopFreeUI.exe" [09/23/2007 12:14 AM C:\WINDOWS\SnoopFreeUI.exe]
"DownloadAccelerator"="E:\Other Softwares\DAP\DAP.exe" [09/30/2007 07:56 PM]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [10/03/2007 09:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 09:07 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05/31/2005 01:04 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"RamBooster"="E:\Other Softwares\Ram Booster 2.0\Rambooster.exe" [11/17/2005 07:32 AM]

C:\Documents and Settings\pc\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
PowerReg Scheduler.exe [7/3/2007 11:21:52 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk.disabled [5/3/2007 10:28:25 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"NoLogoff"=0 (0x0)
"MaxRecentDocs"=0
"NoLowDiskSpaceChecks"=0
"NoInstrumentation"=0 (0x0)
"NoRecentDocsMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=systems.txt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"E:\Other Softwares\DAP\DAP.EXE" /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
C:\Program Files\Registry Mechanic\RegMech.exe /QS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
C:\Program Files\Styler\Styler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
C:\Program Files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"=E:\Other Softwares\Winamp\winampa.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

60 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-10-17 14:48:48 ------------

Attached Files


Posted Image
mikeymikey23
Posted Image
Posted Image

#4 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 17 October 2007 - 01:53 AM

Hi mikey23

Please open Start->Control Panel->Add/Remove Programs, look down the list for these items and remove them:

J2SE Runtime Environment 5.0 Update 3
Java™ 6 Update 2
Java™ SE Runtime Environment 6 Update 1

These are out of date and now a security risk, you can get the latest update (version 6 update 3) from here

You have the Megaupload Toolbar installed, this software tracks the websites you visit and provides the information to advertisers. I recommend you remove it, to do so, find and remove Megaupload Toolbar.

You have DAP installed on your system, it is not technically malware but the free version is ad supported and not recommended.
A safe, ad-free alternative is wxDownloadfast
I recommend you remove DAP, if you wish to do so, find and remove Download Accelerator Plus (DAP)

You have a program called Spyware Terminator installed on your computer. This program was until recently classified as a Rogue antispyware program. Typically, rogue programs do not provide any security benefits, and use false positives to goad users into purchasing a full version of the program. I strongly suggest you remove it - to do so], look down the list for Spyware Terminator and remove it.

You have LimeWire, a P2P file sharing program installed on your computer. This program does not come bundled with malware as some similar programs do, but peer-to-peer file sharing networks are one of the biggest sources of malware we see. Anything downloaded from them cannot be trusted to be clean, because even if the file appears to be what it claims to be, it can have malware embedded in it.
I recommend you remove it, but of course the choice is yours. You can remove Limewire via Add/Remove Programs.

------------------------------------------------------------------------

Please print/save a copy of these instructions because we will be using Safe Mode, during which time you won't have access to the internet.

Temporarily disable Spybot's TeaTimer. This is a two step process.
First:
  • Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
  • Choose Exit Spybot S&D Resident
Second:
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Uncheck the box labeled Resident TeaTimer and OK any prompts.
  • Use File, Exit to terminate Spybot.
  • Reboot your machine for the changes to take effect.
Reboot your computer in Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8
A menu should appear, use the arrow keys to select Safe Mode and press enter

------------------------------------------------------------------------

First, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

------------------------------------------------------------------------

Once complete, please post the new SmitfraudFix report and a new HijackThis log.
ASAP & UNITE Member

#5 mikeymikey23

mikeymikey23

    New Member

  • New Member
  • Pip
  • 11 posts

Posted 17 October 2007 - 04:43 AM

here's the new log file..



SmitFraudFix v2.240

Scan done at 18:31:41.81, Wed 10/17/2007
Run from C:\Documents and Settings\pc\My Documents\Softwares\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost


127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{14CE54A6-9DBD-4E16-8946-A6146E75118F}: DhcpNameServer=203.84.191.216 121.1.3.208 121.1.3.199 121.1.3.250
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=203.84.191.216 121.1.3.208 121.1.3.199 121.1.3.250


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of HijackThis v1.99.1
Scan saved at 6:42:55 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
E:\OTHERS~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\OTHERS~1\SPEEDB~1\VideoAccelerator.exe
E:\Other Softwares\Ram Booster 2.0\Rambooster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
E:\Other Softwares\HiJackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = %3clocal%3e:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Other Softwares\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [RamBooster] E:\Other Softwares\Ram Booster 2.0\Rambooster.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: BlueSoleil.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1178201221656
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.5.0_03) -
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...crypt/npkcx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: WBSrv - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - E:\Other Softwares\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - E:\OTHERS~1\SPEEDB~1\VideoAcceleratorEngine.exe
Posted Image
mikeymikey23
Posted Image
Posted Image

#6 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 17 October 2007 - 05:08 AM

Hi mikey23,

Please open HijackThis, choose Do a system scan only and place a checkmark next to the following lines:

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...crypt/npkcx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: WBSrv - C:\WINDOWS\

Restrictions have been placed on Internet Explorer control panel options, probably for security reasons by Spybot S&D. If however you wish to remove these restrictions then please check this line also:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

Next, fix file associations with DSS:
  • Make sure DSS.exe is on your Desktop
  • Next press Start->Run, copy/paste the following command into the box and press OK:

    "%userprofile%\desktop\dss.exe" /daft

  • Press OK to the disclaimer(s) and then press Scan
  • Place checkmarks in all the boxes that appear and press Fix
  • Then close Deckard's System Scanner
Download HostsXpert.
  • Unzip HostsXpert.zip
  • Double click on HostsXpert.exe
  • Click Backup/Restore->Create Backup to back up your existing hosts file
  • Then click on Restore Original Hosts and OK the prompt to restore your Hosts file to the default
  • Click on Make Hosts Read Only to secure it against changes
  • Close program when complete.
  • If for any reason you wish to restore the old hosts file, you can do so by pressing Make Writeable?, then Backup/Restore->Restore Backup and OK to the prompt.
Then, please do an online scan with Kaspersky:

Open Kaspersky Online Scanner in Internet Explorer

You will be prompted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT and then Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save as Text button and save the file to your desktop
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

Once complete, please post the Kaspersky report and a new HijackThis log.
ASAP & UNITE Member

#7 mikeymikey23

mikeymikey23

    New Member

  • New Member
  • Pip
  • 11 posts

Posted 17 October 2007 - 08:35 AM

amazingly, it detected two viruses and i didn't even noticed that my pc was infected..




-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 17, 2007 10:30:04 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/10/2007
Kaspersky Anti-Virus database records: 410500
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 71238
Number of viruses found: 2
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 01:35:34

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\pc\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\pc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\pc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\pc\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\pc\Local Settings\Temp\Perflib_Perfdata_b98.dat Object is locked skipped
C:\Documents and Settings\pc\Local Settings\Temp\~DFB8A2.tmp Object is locked skipped
C:\Documents and Settings\pc\Local Settings\Temp\~DFF08B.tmp Object is locked skipped
C:\Documents and Settings\pc\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\pc\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\age.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\AGE2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\appearance.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\APPEARANCE2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\bicepacc.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\BICEPACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\birthstate.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\BIRTHSTATE2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\birthtown.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\BIRTHTOWN2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\bracketdata.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\BRACKETDATA1.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\brows.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\BROWS2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\career.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\CAREER2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\cheeks.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\CHEEKS2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\coaches.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\COACHES2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\compshortacc.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\COMPSHORTACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\cpan.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\CPAN1.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\cusarena.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\CUSARENA2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\custunis.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\CUSTUNIS2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\dailynws.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\DAILYNWS2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\defplays.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\DEFPLAYS2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\eappearance.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\EAPPEARANCE1.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\ears.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\EARS2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\elbowacc.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\ELBOWACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\eplayers.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\EPLAYERS1.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\eteams.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\ETEAMS1.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\eyeacc.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\EYEACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\eyes.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\EYES2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\facehair.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\FACEHAIR2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\faces.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\FACES2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\fingeracc.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\FINGERACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\forearmacc.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\FOREARMACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\forehead.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\FOREHEAD2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\gmhistory.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\GMHISTORY2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\hair.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\HAIR2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\HAIRSTYLES.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\HAIRSTYLES2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\headacc.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\HEADACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\jukebox.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\JUKEBOX1.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\kneeacc.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\KNEEACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\lbiceptatacc.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\LBICEPTATACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\lfarmtatacc.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\LFARMTATACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\llegacc.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\LLEGACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\llegtatacc.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\LLEGTATACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\lnecktatacc.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\LNECKTATACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\location.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\LOCATION2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\mouths.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\MOUTHS2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\MUSCLEDEF.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\MUSCLEDEF1.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\names.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\NAMES2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\nbastore.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\NBASTORE2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\nicknames.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\NICKNAMES2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\noses.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\NOSES2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\players.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\PLAYERS2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\playmap.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\PLAYMAP1.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\plays.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\PLAYS2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\rbiceptatacc.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\RBICEPTATACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\referees.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\REFEREES2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\rfarmtatacc.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\RFARMTATACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\RLEGACC.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\RLEGACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\rlegtatacc.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\RLEGTATACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\rnecktatacc.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\RNECKTATACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\rookies.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\ROOKIES1.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\rounddata.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\ROUNDDATA1.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\rumormill.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\RUMORMILL3.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\scheduleoffseason.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\SCHEDULEOFFSEASON3.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\scheduleplayoff.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\SCHEDULEPLAYOFF3.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\schedulepreseason.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\SCHEDULEPRESEASON2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\scheduleseason.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\SCHEDULESEASON3.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\schools.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\SCHOOLS2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\shoesacc.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\SHOESACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\sockacc.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\SOCKACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\staff.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\STAFF2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\tasklist.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\TASKLIST2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\teamgear.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\TEAMGEAR2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\teaminfo.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\TEAMINFO2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\teams.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\TEAMS2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\tmcareer.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\TMCAREER2.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\treedata.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\TREEDATA1.CDX Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\wristacc.dbf Object is locked skipped
C:\Documents and Settings\pc\My Documents\NBA LIVE 07\database\workingdb\WRISTACC2.CDX Object is locked skipped
C:\Documents and Settings\pc\ntuser.dat Object is locked skipped
C:\Documents and Settings\pc\ntuser.dat.LOG Object is locked skipped
C:\Program Files\DAP\History\lyn\_lasthist.dat Object is locked skipped
C:\Program Files\DAP\History\rhaisa\_lasthist.dat Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\HN2K2CAA.NQF Infected: not-virus:Hoax.Win32.Renos.jh skipped
C:\Program Files\ESET\infected\WYHAOSBA.NQF Infected: Trojan.Win32.Qhost.of skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{836C7478-7259-460A-B877-E0631A3859DC}\RP172\A0085999.dll Object is locked skipped
C:\System Volume Information\_restore{836C7478-7259-460A-B877-E0631A3859DC}\RP182\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\SnopFree.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\Other Softwares\DAP\History\Guest\20070923.dat Object is locked skipped
E:\Other Softwares\DAP\History\Guest\20070930.dat Object is locked skipped
E:\Other Softwares\DAP\History\Guest\_lasthist.dat Object is locked skipped
E:\Other Softwares\DAP\History\lyn\_lasthist.dat Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{836C7478-7259-460A-B877-E0631A3859DC}\RP182\change.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{836C7478-7259-460A-B877-E0631A3859DC}\RP182\change.log Object is locked skipped

Scan process completed.






Logfile of HijackThis v1.99.1
Scan saved at 10:33:42 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
E:\OTHERS~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\OTHERS~1\SPEEDB~1\VideoAccelerator.exe
E:\Other Softwares\Ram Booster 2.0\Rambooster.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Other Softwares\wxDownload Fast\wxDFast.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\pc\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = %3clocal%3e:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Other Softwares\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [RamBooster] E:\Other Softwares\Ram Booster 2.0\Rambooster.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: BlueSoleil.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1178201221656
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.5.0_03) -
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - E:\Other Softwares\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - E:\OTHERS~1\SPEEDB~1\VideoAcceleratorEngine.exe
Posted Image
mikeymikey23
Posted Image
Posted Image

#8 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 17 October 2007 - 08:21 PM

Hi mikey23,

Yes it detected malware, but the malware is located in NOD32's quarantine area so it's not a problem. Please open NOD32 and empty the quarantined files.

Then, open HijackThis, choose Do a system scan only and place a checkmark next to the following line:

O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.5.0_03) -

Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

Otherwise it looks pretty good, how is your computer running now?
ASAP & UNITE Member

#9 mikeymikey23

mikeymikey23

    New Member

  • New Member
  • Pip
  • 11 posts

Posted 17 October 2007 - 09:25 PM

Mr. Silver, i am very grateful for your help.. :) now my pc is running smoothly again just like it was brand new, or maybe even better.. thanks a lot for your help.. anyway, i also added some programs like spyware blaster, and IE-Spyad-now-known-as ZonedOut, just like what i saw on "self-help".. is this ok now? and i also want to join u guys in fighting malware and other spywares.. i wish i could be trained to do that in order to help other victims, just like me who have been helped by you.. In deep gratitude, mikey23
Posted Image
mikeymikey23
Posted Image
Posted Image

#10 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 17 October 2007 - 11:36 PM

Hi mikey23,

You're most welcome and I'm glad your machine is running better now :)

You certainly can be trained to help fight malware, there aren't enough qualified helpers to deal with the victims so your help is needed!
You can apply to join the WhatTheTech Classroom here - it would be great for you to join the team!

Some important final steps:

You should now delete SmitfraudFix.exe from your Desktop, also delete this folder:
C:\SmitfraudFix

Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm

Re-enable Spybot's TeaTimer
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Check the box labeled Resident TeaTimer and OK any prompts.
  • Use File, Exit to terminate Spybot.
  • Reboot your machine for the changes to take effect.
Here are some tips to help you keep your computer clean:

The programs you have installed are good protection programs, however please ensure it is kept up to date. Check that your antivirus and antispyware programs are set to automatically update themselves daily, and that your firewall is the latest version.

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins orActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Find out more about how to prevent infection in the future
http://forum.malware...pic.php?p=33687

Please post back to let me know that you have read this, and if there are any further issues.
ASAP & UNITE Member

#11 mikeymikey23

mikeymikey23

    New Member

  • New Member
  • Pip
  • 11 posts

Posted 18 October 2007 - 09:36 AM

ive followed your instructions on how to protect my pc.. but, should i consider installing a winpatrol and a CWShredder to my system?
Posted Image
mikeymikey23
Posted Image
Posted Image

#12 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 18 October 2007 - 11:32 PM

Hi mikey23,

CWShredder is a removal tool for a particular infection, as your machine is not infected, it's not necessary to use this program.

WinPatrol is an excellent addition to any system and I am happy to recommend it. Have a look at this tutorial to help you get started with the program.

If you have any further questions please let me know.
ASAP & UNITE Member

#13 mikeymikey23

mikeymikey23

    New Member

  • New Member
  • Pip
  • 11 posts

Posted 19 October 2007 - 12:09 AM

i have no more questions to ask. And if i'd have a new one, i'd love to ask you guys. Again, thank you for your help. :)
Posted Image
mikeymikey23
Posted Image
Posted Image

#14 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 19 October 2007 - 07:42 PM

You're most welcome and best of luck!
ASAP & UNITE Member

#15 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 19 October 2007 - 07:42 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
ASAP & UNITE Member

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users