Results 1 to 3 of 3

Thread: yet another smithfraud "basket case" and then some!

  1. #1
    Junior Member
    Join Date
    Feb 2008
    Posts
    1

    Default yet another smithfraud "basket case" and then some!

    Here are the files requested from the forum, I sure hope I did this correctly, Im not so techified! (and thank you so much for helping, I truly appreciate it)
    KASPERSKY ONLINE SCANNER REPORT
    Monday, February 04, 2008 9:49:29 AM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 4/02/2008
    Kaspersky Anti-Virus database records: 546515
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 243714
    Number of viruses found: 16
    Number of infected objects: 40
    Number of suspicious objects: 2
    Duration of the scan process: 05:40:53

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Report Logs\Report39481.701620370368.xml Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip/Yazzle1552OinUninstaller.exe Suspicious: Password-protected-EXE skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip ZIP: suspicious - 1 skipped
    C:\Documents and Settings\LAURA\Application Data\PC Tools\PC Tools AntiVirus\Application Logs\PCToolsAntivirus.txt Object is locked skipped
    C:\Documents and Settings\LAURA\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LAURA\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\LAURA\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\LAURA\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\LAURA\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
    C:\Documents and Settings\LAURA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LAURA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LAURA\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LAURA\Local Settings\History\History.IE5\MSHist012008020320080204\index.dat Object is locked skipped
    C:\Documents and Settings\LAURA\Local Settings\Temp\hpzasda213a/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\Documents and Settings\LAURA\Local Settings\Temp\hpzasda213a NSIS: infected - 1 skipped
    C:\Documents and Settings\LAURA\Local Settings\Temp\hpzasda213e Infected: not-a-virus:AdWare.Win32.ZenoSearch.ac skipped
    C:\Documents and Settings\LAURA\Local Settings\Temp\nsc29.tmp/memob_4.2.dll Infected: not-a-virus:AdWare.Win32.BHO.si skipped
    C:\Documents and Settings\LAURA\Local Settings\Temp\nsc29.tmp ZIP: infected - 1 skipped
    C:\Documents and Settings\LAURA\Local Settings\Temp\Perflib_Perfdata_c10.dat Object is locked skipped
    C:\Documents and Settings\LAURA\Local Settings\Temp\~DF7AAC.tmp Object is locked skipped
    C:\Documents and Settings\LAURA\Local Settings\Temporary Internet Files\Content.IE5\2N6BY1MB\WebfettiInitialSetup1.0.0.15-3[1].exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.aw skipped
    C:\Documents and Settings\LAURA\Local Settings\Temporary Internet Files\Content.IE5\C1GNCFCZ\T0CHD001[1].exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ac skipped
    C:\Documents and Settings\LAURA\Local Settings\Temporary Internet Files\Content.IE5\I5JWXGFM\CleanerInstall[1].exe Infected: not-a-virus:AdWare.Win32.WebSearch.br skipped
    C:\Documents and Settings\LAURA\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LAURA\Local Settings\Temporary Internet Files\Content.IE5\M1XIBQX4\install_en[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\LAURA\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LAURA\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Maia\Local Settings\Temp\snapsnet.exe/data0006 Infected: Trojan-Downloader.Win32.VB.cge skipped
    C:\Documents and Settings\Maia\Local Settings\Temp\snapsnet.exe NSIS: infected - 1 skipped
    C:\Documents and Settings\Maia\Local Settings\Temporary Internet Files\Content.IE5\MR5B2924\snapsnet[1].exe/data0006 Infected: Trojan-Downloader.Win32.VB.cge skipped
    C:\Documents and Settings\Maia\Local Settings\Temporary Internet Files\Content.IE5\MR5B2924\snapsnet[1].exe NSIS: infected - 1 skipped
    C:\Documents and Settings\Maia\Local Settings\Temporary Internet Files\Content.IE5\O1WPIJOJ\yazzsnet[1].exe Object is locked skipped
    C:\Documents and Settings\Maia\Local Settings\Temporary Internet Files\Content.IE5\OP2BO56Z\rasesnet[1].exe Infected: not-a-virus:AdWare.Win32.Virtumonde.giq skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\IMSafer\bin\db\cache.db Object is locked skipped
    C:\Program Files\IMSafer\bin\ims.log Object is locked skipped
    C:\Program Files\ISM\ism.exe Infected: not-a-virus:AdWare.Win32.Agent.vv skipped
    C:\Program Files\PC Tools AntiVirus\PCTAVService.txt Object is locked skipped
    C:\Program Files\PC Tools AntiVirus\~ulo Object is locked skipped
    C:\System Volume Information\_restore{518CC160-B25D-490B-B4F0-8F93BA7C9A53}\RP217\A0084648.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
    C:\System Volume Information\_restore{518CC160-B25D-490B-B4F0-8F93BA7C9A53}\RP230\A0085590.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
    C:\System Volume Information\_restore{518CC160-B25D-490B-B4F0-8F93BA7C9A53}\RP230\A0085590.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{518CC160-B25D-490B-B4F0-8F93BA7C9A53}\RP230\A0085605.ocx Infected: not-a-virus:AdWare.Win32.Coupons.h skipped
    C:\System Volume Information\_restore{518CC160-B25D-490B-B4F0-8F93BA7C9A53}\RP232\A0086340.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
    C:\System Volume Information\_restore{518CC160-B25D-490B-B4F0-8F93BA7C9A53}\RP232\A0086340.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{518CC160-B25D-490B-B4F0-8F93BA7C9A53}\RP232\A0086345.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
    C:\System Volume Information\_restore{518CC160-B25D-490B-B4F0-8F93BA7C9A53}\RP232\A0086347.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
    C:\System Volume Information\_restore{518CC160-B25D-490B-B4F0-8F93BA7C9A53}\RP232\A0086347.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{518CC160-B25D-490B-B4F0-8F93BA7C9A53}\RP252\change.log Object is locked skipped
    C:\WINDOWS\Debug\oakley.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UGA6P_0001_N122M2210NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2210NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\WINDOWS\Downloaded Program Files\WebfettiInitialSetup1.0.0.15-3.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.aw skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\000050.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
    C:\WINDOWS\system32\000050.exe NSIS: infected - 1 skipped
    C:\WINDOWS\system32\000080.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Agent.vv skipped
    C:\WINDOWS\system32\000080.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.vv skipped
    C:\WINDOWS\system32\000080.exe NSIS: infected - 2 skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\core.cache.dsk Object is locked skipped
    C:\WINDOWS\system32\drivers\ptilinkk.sys Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
    C:\WINDOWS\system32\memokknr.dll Infected: not-a-virus:AdWare.Win32.BHO.si skipped
    C:\WINDOWS\system32\vt8\tycodllz83122.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\WINDOWS\system32\vt8\tycodllz83122.exe NSIS: infected - 1 skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
    HJT:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:27:24 PM, on 2/3/2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\IMSafer\bin\imsc.exe
    C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\PC Tools AntiVirus\PCTAV.exe
    C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3D1B06AB-EF14-4FF9-871A-9B023FA28A7E} - (no file)
    O2 - BHO: On The Net Search Helper - {4E8F5D76-EF5B-46C8-B35B-C86F8BD6621A} - C:\WINDOWS\System32\memoibeo.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SpruceBHO - {54DE7259-C729-45B1-BBD8-4BE9B5BD8248} - C:\Program Files\Spruce\Spruce.dll
    O2 - BHO: (no name) - {670E2D7D-C4F5-445A-8C0F-C4DED2186B18} - C:\Program Files\Windows NT\homexyhiC:\WINDOWS\System32\vt8\tycodllz83122.exe.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {821BB7F5-CFAE-4C8B-BF03-A36119942A53} - C:\Program Files\Windows NT\homexyhiC:\DOCUME~1\LAURA\LOCALS~1\Temp\\hpzasda213a.dll (file missing)
    O2 - BHO: BndBlock4 BHO Class - {8F9E2BE3-766D-4831-BB0E-766D5B819995} - C:\Program Files\QdrDrive\QdrDrive9.dll
    O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
    O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
    O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunServices: [MS System Call Function] MSSCF32.exe
    O4 - HKCU\..\Run: [Slawdog Smart Shutdown] C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe startup
    O4 - HKCU\..\Run: [comup] C:\WINDOWS\System32\mobjchku.exe
    O4 - HKCU\..\Run: [MS System Call Function] MSSCF32.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: Tmp Clear v2.lnk = C:\Program Files\ScaramangaSoftware\Tmp Clear v2\tmpcv2.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st_current.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46.../bejeweled.cab
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49.../blockwerx.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1197388655250
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: IMSafer (ImSaferService) - IMSafer, Inc. - C:\Program Files\IMSafer\bin\imsc.exe
    O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
    O23 - Service: Microsoft Windows DMR Service (Windows DMR Service) - Unknown owner - C:\WINDOWS\dmrproc.exe (file missing)
    O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

    --
    End of file - 8812 bytes

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi lauralee

    One or more of the identified infections is a backdoor trojan.

    This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

    I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

    Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    When Should I Format, How Should I Reinstall

    We can attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards.

    Should you have any questions, please feel free to ask.

    Please let us know what you have decided to do in your next post.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Due to the lack of feedback this Topic is closed.

    If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

    Everyone else please begin a New Topic.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •