Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Reply to Silver


  • This topic is locked This topic is locked
8 replies to this topic

#1 TonyG123

TonyG123

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 29 April 2008 - 09:17 AM

hey, sorry this took so long for me to reply.. i followed your instructions and here is the Malware Log:

Malwarebytes' Anti-Malware 1.11
Database version: 697

Scan type: Quick Scan
Objects scanned: 32917
Time elapsed: 11 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 41
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3935b537-3e6d-04ed-abb3-acb16a699e3b} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{14e6d991-db22-4661-981d-20c168d6847b} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2242513c-f5e9-41b3-bc89-4d9daf487450} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3b489b37-fc1b-45c8-b1ce-78d9aef5b336} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3d6a6e24-fdff-418e-a93d-9fbdcba377af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e318e44-0c35-4292-af91-18dd17795636} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{495349a3-3a35-465f-88df-6ccfc1348246} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{575e8879-d6cf-4992-a7fe-651da9277bcb} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{76a15001-ff88-47ee-9e34-9f68e34246af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819a1c55-735f-4696-8727-3772ec87ad26} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8dc7e656-ffbc-4ba2-af81-1c6c4fe04407} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a86bed71-2b56-4778-9c48-829a3d01c687} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ae119e11-cf86-43cb-91aa-1acf2bbf9ec6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5a1ce7f-011d-4475-98db-076aaf3b1d18} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b667f141-171c-4ac6-bd2b-8e0c646fb920} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da4f8351-05ef-4956-b9ab-1093b732436f} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e1e4e46d-53b8-45dc-abf0-3e7adef79012} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{83b0cadc-ea64-4ac6-822a-3ece95f44da6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{860b20f5-12c2-44ee-befe-7cd167a7a98e} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{016998bb-c153-4bc9-8ea0-d8ebab843641} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1d33825d-31d6-4064-920c-af1a11acf5d9} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1d436319-1b6f-4116-a2ae-479b5e5f58f7} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{23202b12-d1f9-41ef-b684-e0e0c025c5e4} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3c8d07ad-db5c-444b-984e-6b619e3f90e0} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{778c6547-2567-4177-ba41-63e420843e29} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7b79f338-0a8d-44af-a809-4e34b47e0bf8} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7d9745a5-5c08-441c-b809-264bba43cb19} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a3c744fa-9a23-4ac2-b167-658458764982} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b68de76d-f354-4a0d-96de-b3c4726b0874} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c29d7379-4f31-4b46-971f-7c94b15c709e} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cce1768a-3fff-49c4-8c48-2daed860d118} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e2cb4866-da3d-4158-af12-e296fb8de109} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e85fff2f-d5c5-43df-85e8-2258857f596c} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e9b4ddb2-a1db-49c1-a1d3-05cc43b12e10} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fd849917-2cc9-4e7a-a7bf-6e825315a749} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{4946cbc5-dc18-4c7a-bc4d-299203c80602} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\AntiSpyKit.EXE (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AntiSpywareShield (Rogue.AntiSpywareShield) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AntiSpyKit 5.3 (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpyKit 5.3\Logs (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
C:\Program Files\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\215651 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\tbird08\Start Menu\Programs\AntiSpywareShield (Rogue.AntiSpywareShield) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\AntiSpyKit 5.3\DbgHelp.Dll (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpyKit 5.3\ignored.lst (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpyKit 5.3\monitorConfig.xml (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpyKit 5.3\usageStats.xml (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpyKit 5.3\Logs\scan_log_04112008-000959.html (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\Ncm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\Nem.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\sbun.exe_old (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\scm.exe_old (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\scu.exe_old (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\waun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\tbird08\Start Menu\Programs\AntiSpywareShield\AntiSpywareShield.lnk (Rogue.AntiSpywareShield) -> Quarantined and deleted successfully.
C:\Documents and Settings\tbird08\Start Menu\Programs\AntiSpywareShield\Uninstall.lnk (Rogue.AntiSpywareShield) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.


and here is a new HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:51, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\HJT\HiJackThis.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?1dc59dabe98f4301ab0a85e0e437586e
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?1dc59dabe98f4301ab0a85e0e437586e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 4934 bytes


thanks in advance.

    Advertisements

Register to Remove


#2 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 29 April 2008 - 07:20 PM

Hi TonyG123,

Make hidden/system files and folders visible:
Click Start -> My Computer
Select the Tools menu, click Folder Options and select the View tab
Under the Hidden files and folders heading SELECT Show hidden files and folders
UNCHECK the Hide extensions for known file types option
UNCHECK the Hide protected operating system files (recommended) option
Click Yes to confirm and press OK

Use Windows Explorer (right-click Start, select Explore) to find and delete the following folders (if present):

C:\Program Files\Easy SpyRemover
C:\Program Files\AntiSpywareShield
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Program Files\Messenger Plus! Live

If you have trouble finding or deleting any, please let me know in your next response.

Next please do an online scan with Kaspersky:
Open Kaspersky Online Scanner in Internet Explorer using this link:
http://www.kaspersky...kavwebscan.html
  • Click Accept and the web scanner will begin to load
  • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
  • You will be prompted to install an ActiveX component from Kaspersky, click Install
  • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Next and then Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save Report As... button, change Save as type: to Text file and save the file to your desktop as Kaspersky.txt

Then, make a new main.txt with DSS. If you need to download the program again the link is here:
http://www.techsuppo...Deckard/dss.exe
  • Make sure DSS.exe is on your Desktop
  • Press the Start->Run, copy/paste the following command into the box and press OK:

    "%userprofile%\desktop\dss.exe" /config

  • A configuration box will appear, make sure all boxes are checked in the Main Log section, then un-check everything in the Extra Log section and press Scan!

Once complete, please post the Kaspersky report and a new DSS main.txt report.
ASAP & UNITE Member

#3 TonyG123

TonyG123

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 30 April 2008 - 01:15 PM

Hello Silver, i did everything that you asked and here are both logs:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 01, 2006 12:39:37 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/04/2008
Kaspersky Anti-Virus database records: 733325
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 33765
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:53:14

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\tbird08\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Documents and Settings\tbird08\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\tbird08\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\tbird08\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\tbird08\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\tbird08\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\tbird08\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\tbird08\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\tbird08\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BD59C723-1DFF-46FB-90CD-62E866E09411}\RP26\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{31828B8E-8A22-4444-9B83-0B0FAFD09962}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_84.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------




Deckard's System Scanner v20071014.68
Run by tbird08 on 2006-01-01 00:51:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as tbird08.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:51:34, on 01/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\tbird08\Desktop\dss.exe
C:\HJT\tbird08.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?1dc59dabe98f4301ab0a85e0e437586e
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?1dc59dabe98f4301ab0a85e0e437586e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6275 bytes

-- Files created between 2005-12-01 and 2006-01-01 -----------------------------

2008-04-30 15:04:34 0 d-------- C:\Program Files\MSXML 6.0
2008-04-30 14:58:19 0 d-------- C:\Program Files\MSBuild
2008-04-30 14:54:49 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-30 14:54:12 0 d-------- C:\Program Files\Reference Assemblies
2008-04-30 14:53:21 0 d-------- C:\53c3878dba33fee19f62da64
2008-04-30 14:28:31 0 d-------- C:\WINDOWS\network diagnostic
2008-04-30 14:02:40 0 d-------- C:\fb20093618841d2ad41f58ca
2008-04-30 13:30:06 0 d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-30 13:25:45 0 d-------- C:\Program Files\TmNationsForever
2008-04-30 10:55:58 0 d-------- C:\Documents and Settings\tbird08\Application Data\ATI
2008-04-30 10:55:58 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-30 10:39:51 0 d-------- C:\Program Files\ATI Technologies
2008-04-30 10:38:57 0 d-------- C:\ATI
2008-04-29 22:46:36 0 d-------- C:\Program Files\Lavalys
2008-04-29 22:23:31 0 d-------- C:\Program Files\PCPitstop
2008-04-29 14:57:28 0 d-------- C:\Documents and Settings\tbird08\Application Data\Malwarebytes
2008-04-29 14:57:13 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-29 14:57:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-27 21:26:55 0 d-------- C:\Program Files\Windows Live Safety Center
2008-04-25 14:31:31 0 d-------- C:\Documents and Settings\tbird08\Application Data\WinRAR
2008-04-24 18:03:55 0 d-------- C:\Program Files\Activision
2008-04-24 18:01:28 0 d--hs---- C:\WINDOWS\ftpcache
2008-04-18 17:00:03 0 d-------- C:\Program Files\Java
2008-04-18 16:59:36 0 d-------- C:\Program Files\Common Files\Java
2008-04-17 12:06:50 0 d-------- C:\HJT
2008-04-16 12:20:46 0 d-------- C:\Program Files\Alwil Software
2008-04-14 22:17:06 0 d-------- C:\divx
2008-04-12 16:12:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-12 15:56:35 0 d-------- C:\WINDOWS\system32\appmgmt
2008-04-12 12:29:36 0 d-------- C:\Documents and Settings\tbird08\.housecall6.6
2008-04-11 22:11:57 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-04-11 21:53:54 0 d-------- C:\Documents and Settings\tbird08\Application Data\DivX
2008-04-11 21:53:52 0 d-------- C:\Documents and Settings\tbird08\Application Data\Media Player Classic
2008-04-11 21:45:06 0 d-------- C:\Program Files\DivX
2008-04-11 21:40:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-11 19:35:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-11 17:43:05 0 d-------- C:\Documents and Settings\tbird08\Application Data\F-Secure
2008-04-11 17:31:47 0 d-------- C:\Program Files\F-Secure Internet Security
2008-04-11 17:31:40 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-11 17:19:08 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-04-11 11:38:07 0 d-------- C:\Program Files\Spyware Doctor
2008-04-10 21:59:29 0 dr-h----- C:\$VAULT$.AVG
2008-04-10 21:51:30 0 d-------- C:\Documents and Settings\tbird08\Application Data\AVG7
2008-04-10 21:51:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-10 21:51:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-10 21:51:01 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-10 21:33:26 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-10 21:30:52 0 d-------- C:\Program Files\Ares
2008-04-07 17:11:45 0 d-------- C:\WINDOWS\Sun
2008-04-07 17:11:45 0 d-------- C:\Documents and Settings\tbird08\Application Data\Sun
2008-04-07 11:25:10 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-07 11:25:00 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-06 14:54:07 0 d--h----- C:\WINDOWS\PIF
2008-04-06 14:51:07 0 d-------- C:\Program Files\Windows Live
2008-04-06 13:52:25 0 d-------- C:\Program Files\mIRC
2008-04-06 13:52:25 0 d-------- C:\Documents and Settings\tbird08\Application Data\mIRC
2008-04-06 13:48:25 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-06 13:47:37 0 d-------- C:\Documents and Settings\tbird08\Application Data\Xfire
2008-04-06 13:47:32 0 d-------- C:\Program Files\Xfire
2008-04-06 13:11:30 0 d-------- C:\UnrealTournament
2008-04-06 12:56:20 0 d-------- C:\Program Files\uTorrent
2008-04-06 12:56:13 0 d-------- C:\Documents and Settings\tbird08\Application Data\uTorrent
2008-04-06 02:00:21 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-06 02:00:19 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-05 21:54:44 0 d-------- C:\Documents and Settings\tbird08\Application Data\Macromedia
2008-04-05 21:54:44 0 d-------- C:\Documents and Settings\tbird08\Application Data\Adobe
2008-04-05 14:37:46 0 d-------- C:\Documents and Settings\tbird08\Contacts
2008-04-05 14:36:27 0 d-------- C:\Program Files\Windows Live Favorites
2008-04-05 14:36:12 0 d-------- C:\Program Files\Real
2008-04-05 14:36:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-04-05 14:36:01 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-05 14:35:46 0 d-------- C:\Program Files\Windows Live Toolbar
2008-04-05 14:35:22 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-05 14:35:17 0 d-------- C:\Program Files\MSN Messenger
2008-04-05 14:17:01 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-05 14:14:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-05 14:13:19 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-04-05 14:00:46 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-04-05 14:00:46 76336 --a------ C:\WINDOWS\War3Unin.dat
2008-04-05 14:00:45 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-04-05 13:55:15 0 d-------- C:\Program Files\Warcraft III
2008-04-05 13:51:14 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-05 13:51:12 0 d-------- C:\Documents and Settings\tbird08\Application Data\Mozilla
2008-04-05 13:47:42 0 d--hs---- C:\WINDOWS\Installer
2008-04-05 13:47:41 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-05 13:47:36 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-05 13:47:35 0 dr------- C:\Program Files
2008-04-05 13:47:35 0 d-------- C:\Program Files\Common Files
2008-04-05 13:47:00 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-04-05 13:47:00 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-04-05 13:47:00 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-05 13:47:00 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-04-05 13:47:00 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-04-05 13:47:00 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-04-05 13:47:00 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-04-05 13:47:00 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-04-05 13:47:00 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-04-05 13:47:00 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-04-05 13:47:00 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-05 13:47:00 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-04-05 13:47:00 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-04-05 13:47:00 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-04-05 13:47:00 0 dr------- C:\Documents and Settings\All Users\Documents
2008-04-05 13:47:00 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-04-05 13:46:42 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-05 13:46:42 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-05 13:46:36 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-05 13:46:36 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-05 13:46:36 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-05 13:46:36 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-05 13:46:15 0 d--hs---- C:\System Volume Information
2008-04-05 13:46:15 0 d-------- C:\Documents and Settings
2008-04-05 13:33:08 0 d-------- C:\WINDOWS
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\WinSxS
2008-04-05 13:33:08 0 dr------- C:\WINDOWS\Web
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\twain_32
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\wins
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\wbem
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\usmt
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\spool
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\Setup
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\ras
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\oobe
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\npp
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\mui
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\IME
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\ias
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\export
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\drivers
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-05 13:33:08 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\config
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\3076
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\2052
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\1054
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\1042
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\1041
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\1037
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\1033
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\1031
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\1028
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\1025
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\security
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\Resources
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\repair
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\Provisioning
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\PeerNet
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\pchealth
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\mui
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\msapps
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\msagent
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\Media
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\java
2008-04-05 13:33:08 0 d--h----- C:\WINDOWS\inf
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\ime
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\Help
2008-04-05 13:33:08 0 dr--s---- C:\WINDOWS\Fonts
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\ehome
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\Driver Cache
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\Debug
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\Cursors
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\Config
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\AppPatch
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\addins
2008-04-05 13:25:59 0 d--hs---- C:\Documents and Settings\tbird08\UserData
2008-04-05 13:16:26 0 d-------- C:\WINDOWS\system32\Lang
2008-04-05 13:15:15 40960 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-04-05 13:14:54 0 d-------- C:\WINDOWS\system32\RTCOM
2008-04-05 13:14:05 0 d-------- C:\Program Files\Realtek
2008-04-05 13:13:58 487424 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-04-05 13:13:12 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-05 13:13:07 0 d-------- C:\WINDOWS\OPTIONS
2008-04-05 13:13:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-05 13:13:03 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-05 13:12:34 6016 -----n--- C:\WINDOWS\system32\drivers\ALLOW-IO.SYS
2008-04-05 13:06:05 0 d-------- C:\Documents and Settings\tbird08\Application Data\Identities
2008-04-05 13:05:56 0 d--h----- C:\Documents and Settings\tbird08\Templates
2008-04-05 13:05:56 0 dr------- C:\Documents and Settings\tbird08\Start Menu
2008-04-05 13:05:56 0 dr-h----- C:\Documents and Settings\tbird08\SendTo
2008-04-05 13:05:56 0 dr-h----- C:\Documents and Settings\tbird08\Recent
2008-04-05 13:05:56 0 d--h----- C:\Documents and Settings\tbird08\PrintHood
2008-04-05 13:05:56 3407872 --ah----- C:\Documents and Settings\tbird08\NTUSER.DAT
2008-04-05 13:05:56 0 d--h----- C:\Documents and Settings\tbird08\NetHood
2008-04-05 13:05:56 0 dr------- C:\Documents and Settings\tbird08\My Documents
2008-04-05 13:05:56 0 d--h----- C:\Documents and Settings\tbird08\Local Settings
2008-04-05 13:05:56 0 dr------- C:\Documents and Settings\tbird08\Favorites
2008-04-05 13:05:56 0 d-------- C:\Documents and Settings\tbird08\Desktop
2008-04-05 13:05:56 0 d--hs---- C:\Documents and Settings\tbird08\Cookies
2008-04-05 13:05:56 0 dr-h----- C:\Documents and Settings\tbird08\Application Data
2008-04-05 13:03:49 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-05 13:03:37 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-05 13:03:37 0 d-------- C:\WINDOWS\Prefetch
2008-04-05 13:03:36 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-05 13:03:36 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-04-05 13:03:36 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-04-05 13:03:36 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-04-05 13:03:36 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-05 13:02:52 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-05 13:02:52 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-04-05 13:02:52 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-04-05 13:02:52 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-04-05 13:02:52 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-05 12:58:19 0 d-------- C:\WINDOWS\system32\xircom
2008-04-05 12:58:19 0 d-------- C:\Program Files\microsoft frontpage
2008-04-05 12:58:02 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-05 12:57:59 0 -rahs---- C:\MSDOS.SYS
2008-04-05 12:57:59 0 -rahs---- C:\IO.SYS
2008-04-05 12:57:59 0 --a------ C:\CONFIG.SYS
2008-04-05 12:57:59 0 --a------ C:\AUTOEXEC.BAT
2008-04-05 12:56:32 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-05 12:56:19 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-05 12:56:19 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-05 12:56:03 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-05 12:55:41 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-05 12:55:07 0 d---s---- C:\WINDOWS\Tasks
2008-04-05 12:55:06 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-05 12:55:02 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-05 12:55:02 0 d-------- C:\WINDOWS\srchasst
2008-04-05 12:54:54 0 d-------- C:\Program Files\Movie Maker
2008-04-05 12:54:46 0 d-------- C:\WINDOWS\system32\Restore
2008-04-05 12:54:02 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-05 12:53:52 0 d-------- C:\WINDOWS\Registration
2008-04-05 12:53:47 0 d-------- C:\Program Files\Online Services
2008-04-05 12:53:40 0 d-------- C:\Program Files\Messenger
2008-04-05 12:53:37 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-05 12:53:01 0 d-------- C:\Program Files\Windows NT
2008-04-05 12:52:58 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-05 12:52:57 0 d-------- C:\WINDOWS\system32\Com
2007-10-11 08:55:10 88576 --a------ C:\WINDOWS\system32\infocardapi.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2007-10-09 11:58:20 16896 --a------ C:\WINDOWS\system32\tswpfwrp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-14 15:43:38 124928 -----n--- C:\WINDOWS\system32\prntvpt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-12-31 23:24:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2005-12-31 23:24:51 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2005-12-31 23:24:50 0 d-------- C:\WINDOWS\LastGood


-- Find3M Report ---------------------------------------------------------------

2008-04-05 13:47:00 62 --ahs---- C:\Documents and Settings\tbird08\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 17:37]
"BluetoothAuthenticationAgent"="bthprops.cpl" [03/08/2004 23:56 C:\WINDOWS\system32\bthprops.cpl]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [21/01/2008 11:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:00]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 10:34]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 10:43]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2006-01-01 00:53:08 ------------



cheers :thumbup:

#4 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 30 April 2008 - 08:07 PM

Hi TonyG123,

Backup Your Registry:
  • Download ERUNT to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Double-click erunt-setup.exe and follow the prompts to install the program
  • When asked if you wish to Create an ERUNT entry in the Startup folder say No
  • ERUNT should start automatically, if it does not then click Start->All Programs->ERUNT->ERUNT
  • OK all the prompts to back up your registry to the default location.
Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Download secprov.reg to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
Locate secprov.reg on your Desktop, it should look like this:Posted Image
Right-click it and select Merge, when it asks if you want to merge with the registry, click Yes.
You can then delete secprov.reg

------------------------------------------------------------------------

Next press Start->Run, copy/paste the following command (it's one long command) into the box and press OK:

cmd /c reg query HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders /v securityproviders >> "%userprofile%\desktop\check.txt


A file called check.txt should appear on your Desktop, please post the contents with your next response.

------------------------------------------------------------------------

Once complete, please post the check.txt output and a new HijackThis log. Also, let me know how your computer is running now.
ASAP & UNITE Member

#5 TonyG123

TonyG123

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 01 May 2008 - 10:22 AM

Hello again Silver.. everything is complete and here are the logs you asked for:


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll







Deckard's System Scanner v20071014.68
Run by tbird08 on 2006-01-01 21:59:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as tbird08.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:45, on 01/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\tbird08\Desktop\dss.exe
C:\HJT\tbird08.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?1dc59dabe98f4301ab0a85e0e437586e
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?1dc59dabe98f4301ab0a85e0e437586e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6148 bytes

-- Files created between 2005-12-01 and 2006-01-01 -----------------------------

2008-04-30 15:04:34 0 d-------- C:\Program Files\MSXML 6.0
2008-04-30 14:58:19 0 d-------- C:\Program Files\MSBuild
2008-04-30 14:54:49 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-30 14:54:12 0 d-------- C:\Program Files\Reference Assemblies
2008-04-30 14:53:21 0 d-------- C:\53c3878dba33fee19f62da64
2008-04-30 14:28:31 0 d-------- C:\WINDOWS\network diagnostic
2008-04-30 14:02:40 0 d-------- C:\fb20093618841d2ad41f58ca
2008-04-30 13:30:06 0 d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-30 13:25:45 0 d-------- C:\Program Files\TmNationsForever
2008-04-30 10:55:58 0 d-------- C:\Documents and Settings\tbird08\Application Data\ATI
2008-04-30 10:55:58 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-30 10:39:51 0 d-------- C:\Program Files\ATI Technologies
2008-04-30 10:38:57 0 d-------- C:\ATI
2008-04-29 22:46:36 0 d-------- C:\Program Files\Lavalys
2008-04-29 22:23:31 0 d-------- C:\Program Files\PCPitstop
2008-04-29 14:57:28 0 d-------- C:\Documents and Settings\tbird08\Application Data\Malwarebytes
2008-04-29 14:57:13 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-29 14:57:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-27 21:26:55 0 d-------- C:\Program Files\Windows Live Safety Center
2008-04-25 14:31:31 0 d-------- C:\Documents and Settings\tbird08\Application Data\WinRAR
2008-04-24 18:03:55 0 d-------- C:\Program Files\Activision
2008-04-24 18:01:28 0 d--hs---- C:\WINDOWS\ftpcache
2008-04-18 17:00:03 0 d-------- C:\Program Files\Java
2008-04-18 16:59:36 0 d-------- C:\Program Files\Common Files\Java
2008-04-17 12:06:50 0 d-------- C:\HJT
2008-04-16 12:20:46 0 d-------- C:\Program Files\Alwil Software
2008-04-14 22:17:06 0 d-------- C:\divx
2008-04-12 16:12:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-12 15:56:35 0 d-------- C:\WINDOWS\system32\appmgmt
2008-04-12 12:29:36 0 d-------- C:\Documents and Settings\tbird08\.housecall6.6
2008-04-11 22:11:57 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-04-11 21:53:54 0 d-------- C:\Documents and Settings\tbird08\Application Data\DivX
2008-04-11 21:53:52 0 d-------- C:\Documents and Settings\tbird08\Application Data\Media Player Classic
2008-04-11 21:45:06 0 d-------- C:\Program Files\DivX
2008-04-11 21:40:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-11 19:35:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-11 17:43:05 0 d-------- C:\Documents and Settings\tbird08\Application Data\F-Secure
2008-04-11 17:31:47 0 d-------- C:\Program Files\F-Secure Internet Security
2008-04-11 17:31:40 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-11 17:19:08 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-04-11 11:38:07 0 d-------- C:\Program Files\Spyware Doctor
2008-04-10 21:59:29 0 dr-h----- C:\$VAULT$.AVG
2008-04-10 21:51:30 0 d-------- C:\Documents and Settings\tbird08\Application Data\AVG7
2008-04-10 21:51:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-10 21:51:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-10 21:51:01 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-10 21:33:26 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-10 21:30:52 0 d-------- C:\Program Files\Ares
2008-04-07 17:11:45 0 d-------- C:\WINDOWS\Sun
2008-04-07 17:11:45 0 d-------- C:\Documents and Settings\tbird08\Application Data\Sun
2008-04-07 11:25:10 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-07 11:25:00 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-06 14:54:07 0 d--h----- C:\WINDOWS\PIF
2008-04-06 14:51:07 0 d-------- C:\Program Files\Windows Live
2008-04-06 13:52:25 0 d-------- C:\Program Files\mIRC
2008-04-06 13:52:25 0 d-------- C:\Documents and Settings\tbird08\Application Data\mIRC
2008-04-06 13:48:25 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-06 13:47:37 0 d-------- C:\Documents and Settings\tbird08\Application Data\Xfire
2008-04-06 13:47:32 0 d-------- C:\Program Files\Xfire
2008-04-06 13:11:30 0 d-------- C:\UnrealTournament
2008-04-06 12:56:20 0 d-------- C:\Program Files\uTorrent
2008-04-06 12:56:13 0 d-------- C:\Documents and Settings\tbird08\Application Data\uTorrent
2008-04-06 02:00:21 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-06 02:00:19 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-05 21:54:44 0 d-------- C:\Documents and Settings\tbird08\Application Data\Macromedia
2008-04-05 21:54:44 0 d-------- C:\Documents and Settings\tbird08\Application Data\Adobe
2008-04-05 14:37:46 0 d-------- C:\Documents and Settings\tbird08\Contacts
2008-04-05 14:36:27 0 d-------- C:\Program Files\Windows Live Favorites
2008-04-05 14:36:12 0 d-------- C:\Program Files\Real
2008-04-05 14:36:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-04-05 14:36:01 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-05 14:35:46 0 d-------- C:\Program Files\Windows Live Toolbar
2008-04-05 14:35:22 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-05 14:35:17 0 d-------- C:\Program Files\MSN Messenger
2008-04-05 14:17:01 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-05 14:14:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-05 14:13:19 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-04-05 14:00:46 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-04-05 14:00:46 76336 --a------ C:\WINDOWS\War3Unin.dat
2008-04-05 14:00:45 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-04-05 13:55:15 0 d-------- C:\Program Files\Warcraft III
2008-04-05 13:51:14 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-05 13:51:12 0 d-------- C:\Documents and Settings\tbird08\Application Data\Mozilla
2008-04-05 13:47:42 0 d--hs---- C:\WINDOWS\Installer
2008-04-05 13:47:41 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-05 13:47:36 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-05 13:47:35 0 dr------- C:\Program Files
2008-04-05 13:47:35 0 d-------- C:\Program Files\Common Files
2008-04-05 13:47:00 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-04-05 13:47:00 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-04-05 13:47:00 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-05 13:47:00 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-04-05 13:47:00 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-04-05 13:47:00 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-04-05 13:47:00 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-04-05 13:47:00 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-04-05 13:47:00 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-04-05 13:47:00 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-04-05 13:47:00 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-05 13:47:00 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-04-05 13:47:00 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-04-05 13:47:00 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-04-05 13:47:00 0 dr------- C:\Documents and Settings\All Users\Documents
2008-04-05 13:47:00 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-04-05 13:46:42 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-05 13:46:42 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-05 13:46:36 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-05 13:46:36 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-05 13:46:36 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-05 13:46:36 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-05 13:46:15 0 d--hs---- C:\System Volume Information
2008-04-05 13:46:15 0 d-------- C:\Documents and Settings
2008-04-05 13:33:08 0 d-------- C:\WINDOWS
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\WinSxS
2008-04-05 13:33:08 0 dr------- C:\WINDOWS\Web
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\twain_32
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\wins
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\wbem
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\usmt
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\spool
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\Setup
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\ras
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\oobe
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\npp
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\mui
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\IME
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\ias
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\export
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\drivers
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-05 13:33:08 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\config
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\3076
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\2052
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\1054
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\1042
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\1041
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\1037
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\1033
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\1031
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\1028
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system32\1025
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\system
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\security
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\Resources
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\repair
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\Provisioning
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\PeerNet
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\pchealth
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\mui
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\msapps
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\msagent
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\Media
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\java
2008-04-05 13:33:08 0 d--h----- C:\WINDOWS\inf
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\ime
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\Help
2008-04-05 13:33:08 0 dr--s---- C:\WINDOWS\Fonts
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\ehome
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\Driver Cache
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\Debug
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\Cursors
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\Config
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\AppPatch
2008-04-05 13:33:08 0 d-------- C:\WINDOWS\addins
2008-04-05 13:25:59 0 d--hs---- C:\Documents and Settings\tbird08\UserData
2008-04-05 13:16:26 0 d-------- C:\WINDOWS\system32\Lang
2008-04-05 13:15:15 40960 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-04-05 13:14:54 0 d-------- C:\WINDOWS\system32\RTCOM
2008-04-05 13:14:05 0 d-------- C:\Program Files\Realtek
2008-04-05 13:13:58 487424 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-04-05 13:13:12 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-05 13:13:07 0 d-------- C:\WINDOWS\OPTIONS
2008-04-05 13:13:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-05 13:13:03 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-05 13:12:34 6016 -----n--- C:\WINDOWS\system32\drivers\ALLOW-IO.SYS
2008-04-05 13:06:05 0 d-------- C:\Documents and Settings\tbird08\Application Data\Identities
2008-04-05 13:05:56 0 d--h----- C:\Documents and Settings\tbird08\Templates
2008-04-05 13:05:56 0 dr------- C:\Documents and Settings\tbird08\Start Menu
2008-04-05 13:05:56 0 dr-h----- C:\Documents and Settings\tbird08\SendTo
2008-04-05 13:05:56 0 dr-h----- C:\Documents and Settings\tbird08\Recent
2008-04-05 13:05:56 0 d--h----- C:\Documents and Settings\tbird08\PrintHood
2008-04-05 13:05:56 3407872 --ah----- C:\Documents and Settings\tbird08\NTUSER.DAT
2008-04-05 13:05:56 0 d--h----- C:\Documents and Settings\tbird08\NetHood
2008-04-05 13:05:56 0 dr------- C:\Documents and Settings\tbird08\My Documents
2008-04-05 13:05:56 0 d--h----- C:\Documents and Settings\tbird08\Local Settings
2008-04-05 13:05:56 0 dr------- C:\Documents and Settings\tbird08\Favorites
2008-04-05 13:05:56 0 d-------- C:\Documents and Settings\tbird08\Desktop
2008-04-05 13:05:56 0 d--hs---- C:\Documents and Settings\tbird08\Cookies
2008-04-05 13:05:56 0 dr-h----- C:\Documents and Settings\tbird08\Application Data
2008-04-05 13:03:49 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-05 13:03:37 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-05 13:03:37 0 d-------- C:\WINDOWS\Prefetch
2008-04-05 13:03:36 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-05 13:03:36 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-04-05 13:03:36 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-04-05 13:03:36 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-04-05 13:03:36 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-05 13:02:52 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-05 13:02:52 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-04-05 13:02:52 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-04-05 13:02:52 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-04-05 13:02:52 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-05 12:58:19 0 d-------- C:\WINDOWS\system32\xircom
2008-04-05 12:58:19 0 d-------- C:\Program Files\microsoft frontpage
2008-04-05 12:58:02 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-05 12:57:59 0 -rahs---- C:\MSDOS.SYS
2008-04-05 12:57:59 0 -rahs---- C:\IO.SYS
2008-04-05 12:57:59 0 --a------ C:\CONFIG.SYS
2008-04-05 12:57:59 0 --a------ C:\AUTOEXEC.BAT
2008-04-05 12:56:32 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-05 12:56:19 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-05 12:56:19 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-05 12:56:03 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-05 12:55:41 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-05 12:55:07 0 d---s---- C:\WINDOWS\Tasks
2008-04-05 12:55:06 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-05 12:55:02 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-05 12:55:02 0 d-------- C:\WINDOWS\srchasst
2008-04-05 12:54:54 0 d-------- C:\Program Files\Movie Maker
2008-04-05 12:54:46 0 d-------- C:\WINDOWS\system32\Restore
2008-04-05 12:54:02 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-05 12:53:52 0 d-------- C:\WINDOWS\Registration
2008-04-05 12:53:47 0 d-------- C:\Program Files\Online Services
2008-04-05 12:53:40 0 d-------- C:\Program Files\Messenger
2008-04-05 12:53:37 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-05 12:53:01 0 d-------- C:\Program Files\Windows NT
2008-04-05 12:52:58 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-05 12:52:57 0 d-------- C:\WINDOWS\system32\Com
2007-10-11 08:55:10 88576 --a------ C:\WINDOWS\system32\infocardapi.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2007-10-09 11:58:20 16896 --a------ C:\WINDOWS\system32\tswpfwrp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-14 15:43:38 124928 -----n--- C:\WINDOWS\system32\prntvpt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-12-31 23:24:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2005-12-31 23:24:51 0 d-------- C:\WINDOWS\system32\Kaspersky Lab


-- Find3M Report ---------------------------------------------------------------

2008-04-05 13:47:00 62 --ahs---- C:\Documents and Settings\tbird08\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 17:37]
"BluetoothAuthenticationAgent"="bthprops.cpl" [03/08/2004 23:56 C:\WINDOWS\system32\bthprops.cpl]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [21/01/2008 11:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:00]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 10:34]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 10:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2006-01-01 22:00:50 ------------


once again... thanks :thumbup:


Oh by the way, my computer runs fine.. its just when i play games it seems to have difficulty playing certain maps on warcraft 3 still even though i got a new graphics card. i have already made a topic about this but i was told to wait til you have finished helping me before they can continue :)

Edited by TonyG123, 01 May 2008 - 10:24 AM.


#6 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 01 May 2008 - 08:01 PM

Hi TonyG123,

That looks good, some important final steps:

You should now delete dss.exe from your Desktop, also delete this folder:

C:\Deckard


Re-hide hidden/system files and folders:
Click Start -> My Computer
Select the Tools menu, click Folder Options and select the View tab
Under the Hidden files and folders heading SELECT Do not show hidden files and folders
CHECK the Hide extensions for known file types option
CHECK the Hide protected operating system files (recommended) option
Press OK

Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm

------------------------------------------------------------------------

If the above went well, I think your machine is now clean of malware :) here are some tips to help you keep it that way:

I recommend you consider installing a Personal Firewall program. Even if you are behind a NAT router, I recommend you use firewall software as it will improve the security of your computer by monitoring and controlling outbound connections to the internet as well as inbound. There are various free packages available, one I can recommend is Comodo:
http://www.personalf...all.comodo.com/
A tutorial on firewalls to help you get started:
http://www.bleepingc...tutorial60.html

I recommend you install a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
Also: subscribe to the mailing list to get update notifications.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins or ActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Find out more about how to prevent infection in the future
http://forum.malware...pic.php?p=33687

Please post back to let me know that you have read this, and if there are any further issues.
ASAP & UNITE Member

#7 TonyG123

TonyG123

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 02 May 2008 - 02:53 PM

Hello Silver, thank you very much for all your time and help... much appreciated it... it amazes me how you know all this stuff :P anyway thanks alot.. now i can continue with my other topic yay :) 1 last thing.. all those programs you told me to download like Erunt and Everest home. that i saved to my desktop.. should i keep them or is it safe to delete them ?

Edited by TonyG123, 02 May 2008 - 03:05 PM.


#8 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 02 May 2008 - 10:34 PM

You're very welcome :)

In this thread we used ERUNT and MalwareBytes Antimalware, both of which can be removed if you wish via Start->Control Panel->Add/Remove Programs however I recommend you keep MalwareBytes and scan with it regularly as it is an excellent program and free.

If you have any further questions please let me know.
ASAP & UNITE Member

#9 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 05 May 2008 - 10:01 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
ASAP & UNITE Member

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users