PDA

View Full Version : Multiple Problems



rochey
2007-05-27, 16:46
Hello,

A little while ago my computer started to act strange and slow down i ran multiple scans from different programs to see if they detected a problem(but with out success, i uninstalled each before installing the next).

I ran 'Spybot S&D' in safemode and normal however everytime it gets to the end of the scan it just hangs and doenst complete. It seems to hang everytime on 'Zlob.VideoAXObject', unless i press 'Stop Check' any problems detected won't appear, even then when i click to fix the problems 'Spybot' says its successfully removed them all but another scan detects them again.

Other problems are with Firefox/IE7/Flash/

FireFox
When ever i open Firefox i am prompted with an error saying that it could not connect. To fix this i have to go into the internet options and settings to tell firefox to automatically detect my proxy settings. However it doesn't permantly save my selections, because if i close FF then reopen it i get the error again.

Flash and IE
Something seems to be blocking IE7's usage of Flash as when i visit Youtube or anyother site using flash videos i am prompted to update. If i update, it says it was successful but it doesn't actually update, this also happens with 'Stage6' DivX's video stream site and its divx plugin.

Sorry for the essay of detail :x
HiJackThis log is below:

Logfile of HijackThis v1.99.1
Scan saved at 14:22:13, on 27/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Steganos AntiVirus 2007\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
F:\Program Files\Mozilla Firefox\firefox.exe
C:\5f6327adc7c0a2a8c697f027585bbb2c\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Steganos AntiVirus 2007\avp.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: LimeWire On Startup.lnk = F:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Download All with FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web AntiVirus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Steganos AntiVirus 2007\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Steganos AntiVirus 2007 (AVP) - Unknown owner - C:\Program Files\Steganos AntiVirus 2007\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\zfrpinqp.exe (file missing)

Mr_JAk3
2007-05-31, 22:44
Hello rochey and welcome to the Forums :)

Sorry for the delay...

One or more of the identified infections is a backdoor trojan :sick:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)

I can help you in the cleaning if you don't want to reformat but there is a possibility that we can't get you 100% clean.

Please let us know what you have decided to do in your next post:bigthumb:

rochey
2007-06-01, 02:01
Oh god didnt know it was that serious :(

I don't do banking online, i do however shop online can my passwords for online shopping accounts be lifted? I run my computer through a firewalled router does that mean people can't connect to the trojan, or once its in they have access regardless?

I don't really want to reinstall my OS and wipe my system as iv only recently (past 3 months) done so. If you could help me get my system clean i would be very grateful. I will take your advice about a full format into account and decide what to do after my system is clean.

Thanks

Mr_JAk3
2007-06-01, 11:35
Well backdoor infecftions are always dangerous.

I'll be happy to help you with the cleaning.

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.zip) and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

rochey
2007-06-01, 13:00
Ok this is the SDFIX log:


SDFix: Version 1.85

Run by Big Dave - 01/06/2007 - 10:47:07.37

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\BIGDAV~1\Desktop\sdfix\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"F:\\Program Files\\LimeWire\\LimeWire.exe"="F:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"F:\\Program Files\\iTunes\\iTunes.exe"="F:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"F:\\Program Files\\Azureus\\Azureus.exe"="F:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"F:\\Program Files\\FlashGet\\flashget.exe"="F:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:FlashGet"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------


Checking For Files with Hidden Attributes:

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Big Dave\Desktop\Removable Disk (G)\ict e-book\Unit 2 database\Activities\Database Assessment\~WRL0005.tmp

Finished



And the followiing is the new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:58:01, on 01/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Steganos AntiVirus 2007\avp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Steganos AntiVirus 2007\avp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
F:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Steganos AntiVirus 2007\avp.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: LimeWire On Startup.lnk = F:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Download All with FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web AntiVirus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Steganos AntiVirus 2007\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Steganos AntiVirus 2007 (AVP) - Unknown owner - C:\Program Files\Steganos AntiVirus 2007\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\zfrpinqp.exe (file missing)

I don't know if it makes any difference but i have another harddrive on my computer, do i have to run hijackthis seperatly on that one ?

thanks for your help so far :bigthumb:

Mr_JAk3
2007-06-01, 22:29
You don't need to run Hjt on a separate drive now.

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

rochey
2007-06-02, 00:47
"Big Dave" - 2007-06-01 22:36:37 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Big Dave\Desktop\Firefox Downloads\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\opera6.ini"


((((((((((((((((((((((((((((((( Files Created from 2007-05-01 to 2007-06-01 ))))))))))))))))))))))))))))))))))


2007-06-01 17:15 <DIR> d-------- C:\Fraps
2007-06-01 17:09 <DIR> d-------- C:\Program Files\Gravity
2007-06-01 11:08 675 --a------ C:\Documents and Settings\BIGDAV~1\clean.reg
2007-06-01 11:08 675 --a------ C:\DOCUME~1\BIGDAV~1\clean.reg
2007-05-28 13:51 454,656 --a------ C:\WINDOWS\system32\CapabilityTable.exe
2007-05-28 13:37 176,128 --a------ C:\WINDOWS\system32\nvusmb.exe
2007-05-28 13:37 176,128 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-05-26 23:41 <DIR> d-------- C:\hijackthis
2007-05-26 17:35 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-05-20 13:35 <DIR> d-------- C:\VundoFix Backups
2007-05-19 16:48 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-05-19 16:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-05-19 16:19 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-05-19 16:19 <DIR> d-------- C:\Program Files\FireTune
2007-05-19 01:13 <DIR> d-------- C:\Temp
2007-05-18 23:47 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-05-18 23:47 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-05-18 23:47 <DIR> d-------- C:\Program Files\Steganos AntiVirus 2007
2007-05-18 23:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Steganos
2007-05-18 23:46 18,855,456 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-05-18 23:46 167,200 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-05-18 08:14 <DIR> d-------- C:\DOCUME~1\BIGDAV~1\APPLIC~1\Uniblue
2007-05-16 16:42 <DIR> d-------- C:\Program Files\Disney
2007-05-14 22:09 <DIR> d-------- C:\Documents and Settings\BIGDAV~1\.housecall6.6
2007-05-14 22:09 <DIR> d-------- C:\DOCUME~1\BIGDAV~1\.housecall6.6
2007-05-13 23:40 <DIR> d-------- C:\Program Files\Smart Projects
2007-05-10 16:07 <DIR> d-------- C:\Program Files\Max Payne
2007-05-09 15:04 <DIR> d-------- C:\DOCUME~1\BIGDAV~1\APPLIC~1\vlc
2007-05-09 14:43 <DIR> d-------- C:\Program Files\VideoLAN
2007-05-04 00:47 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-05-04 00:47 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-05-04 00:47 <DIR> d-------- C:\Program Files\Microsoft Producer 2
2007-05-04 00:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-05-04 00:04 <DIR> d-------- C:\OutputFolder
2007-05-03 21:21 <DIR> d-------- C:\DOCUME~1\BIGDAV~1\APPLIC~1\Lavasoft
2007-05-03 20:49 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-03 20:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-03 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-05-02 23:08 <DIR> d-------- C:\Program Files\GetData
2007-05-02 23:06 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-02 20:05 <DIR> d-------- C:\Program Files\New Folder
2007-05-02 01:05 <DIR> d-------- C:\Program Files\Roxio
2007-05-02 01:05 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2007-05-02 01:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
2007-05-02 00:56 <DIR> d-------- C:\WINDOWS\system32\NtmsData


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-01 21:11:08 -------- d-----w C:\DOCUME~1\BIGDAV~1\APPLIC~1\Skype
2007-06-01 16:13:54 -------- d-----w C:\Program Files\XoftSpySE
2007-06-01 16:11:33 -------- d-----w C:\DOCUME~1\BIGDAV~1\APPLIC~1\LimeWire
2007-05-30 12:57:29 -------- d-----w C:\DOCUME~1\BIGDAV~1\APPLIC~1\IGN_DLM
2007-05-14 15:49:29 671 ----a-w C:\WINDOWS\mozver.dat
2007-05-13 14:48:30 -------- d-----w C:\Program Files\DivX
2007-05-13 08:49:31 -------- d-----w C:\DOCUME~1\BIGDAV~1\APPLIC~1\Azureus
2007-05-10 15:15:29 28,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-10 15:07:18 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-09 13:33:33 -------- d-----w C:\DOCUME~1\BIGDAV~1\APPLIC~1\DivX
2007-05-09 11:27:26 -------- d-----w C:\Program Files\Kontiki
2007-05-06 21:17:08 -------- d-----w C:\Program Files\VisualKore
2007-05-02 00:03:26 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-30 20:03:41 -------- d-----w C:\Program Files\Microsoft Works
2007-04-30 20:03:31 -------- d-----w C:\Program Files\MSBuild
2007-04-30 20:02:40 -------- d-----w C:\Program Files\Microsoft.NET
2007-04-30 20:00:43 -------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-04-29 21:38:18 -------- d-----w C:\Program Files\CCleaner
2007-04-29 21:38:14 -------- d-----w C:\Program Files\Yahoo!
2007-04-29 14:20:48 -------- d-----w C:\Program Files\Windows Defender
2007-04-27 02:04:17 -------- d-----w C:\Program Files\Messenger
2007-04-27 00:32:33 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-04-27 00:32:33 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-04-26 22:07:56 -------- d-----w C:\Program Files\Windows Journal Viewer
2007-04-26 21:24:33 -------- d-----w C:\DOCUME~1\BIGDAV~1\APPLIC~1\Apple Computer
2007-04-26 19:17:36 -------- d-----w C:\Program Files\MSN Messenger
2007-04-26 18:47:18 -------- d-----w C:\Program Files\Realtek Sound Manager
2007-04-26 18:47:18 -------- d-----w C:\Program Files\AvRack
2007-04-26 18:47:13 -------- d-----w C:\Program Files\Realtek AC97
2007-04-26 18:32:37 -------- d-----w C:\Program Files\Download Manager
2007-04-26 18:16:30 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-04-26 18:09:25 -------- d-----w C:\Program Files\Common Files\Logitech
2007-04-26 18:09:24 -------- d-----w C:\Program Files\Logitech
2007-04-26 18:07:41 -------- d-----w C:\Program Files\AMD
2007-04-26 18:02:51 -------- d-----w C:\Program Files\iTunes
2007-04-26 18:02:49 -------- d-----w C:\Program Files\iPod
2007-04-26 18:00:05 -------- d-----w C:\Program Files\QuickTime
2007-04-26 18:00:04 -------- d-----w C:\Program Files\Skype
2007-04-26 17:58:09 -------- d-----w C:\DOCUME~1\BIGDAV~1\APPLIC~1\Kore
2007-04-26 17:30:36 0 ----a-w C:\WINDOWS\nsreg.dat
2007-04-26 09:53:41 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-04-25 22:59:50 -------- d-----w C:\Program Files\Common Files\ODBC
2007-04-25 22:59:48 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-04-25 22:32:48 -------- d-----w C:\Program Files\microsoft frontpage
2007-04-25 22:32:42 0 --sha-r C:\MSDOS.SYS
2007-04-25 22:32:42 0 --sha-r C:\IO.SYS
2007-04-25 22:32:42 0 ----a-w C:\CONFIG.SYS
2007-04-25 22:32:42 0 ----a-w C:\AUTOEXEC.BAT
2007-04-25 22:31:51 -------- d--h--w C:\Program Files\WindowsUpdate
2007-04-25 22:31:07 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-04-25 22:31:00 -------- d-----w C:\Program Files\Movie Maker
2007-04-25 22:30:37 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-04-25 22:30:06 -------- d-----w C:\Program Files\Online Services
2007-04-25 22:29:58 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-04-25 22:29:51 -------- d-----w C:\Program Files\Windows NT
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-27 07:55:57 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-03-27 07:55:48 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 07:55:31 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-03-27 07:55:31 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 07:55:31 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-03-27 07:49:07 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-03-27 07:49:07 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-03-27 07:49:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 07:49:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 07:49:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-03-27 07:49:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-03-27 07:48:59 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 07:48:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 07:48:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 07:48:58 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=F:\Program Files\FlashGet\jccatch.dll [2007-01-29 10:46]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49]
"Logitech Utility"="Logi_MwX.Exe" []
"SoundMan"="SOUNDMAN.EXE" []
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-08-31 20:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 22:57]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-10 16:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\install.exe


Contents of the 'Scheduled Tasks' folder
2007-06-01 10:30:23 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-04-26 18:48:45 C:\WINDOWS\tasks\XoftSpySE 2.job
2007-06-01 16:12:33 C:\WINDOWS\tasks\XoftSpySE.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-01 22:44:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-06-01 22:45:02
C:\ComboFix-quarantined-files.txt ... 2007-06-01 22:45

--- E O F ---


Once again thanks for your time.:bigthumb:

Mr_JAk3
2007-06-03, 15:07
Hi again, we'll continue :)

Sorry for the delay, I wasn't on the reach of my pc yesterday.

You should print these instructions or save these to a text file. Follow these instructions carefully.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.

Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.

==================

Disable the bad service
Start
Run
Type services.msc to the field and press enter.
A window opens, scroll down to Task Scheduler (Schedule)
Rightclick it and choose Stop
Then choose Properties
Set Startup to Disabled
Click Apply and OK.

Then, open HijackThis.
Open the Misc Tools section
Delete an NT service
Copy the following line to the box and press OK; Schedule
Answer Yes
Close HIjackThis

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.

Go to the My Computer and delete the following files (if present):
C:\WINDOWS\system32\zfrpinqp.exe

Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

================

When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log

rochey
2007-06-04, 16:22
Thanks for the reply,

I couldn't perform a couple of things in those instructions, firstly the ATF-Cleaner wouldn't let me click 'Firefox' because it was greyed out. Also AVG doesn't let me click on certain options such as 'Start with windows' and the various other options that were in the instructions as they were too greyed out.

However, i tried to follow the instructions as best as i could and the results are below:

Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 14:17:03, on 04/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Steganos AntiVirus 2007\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Steganos AntiVirus 2007\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
F:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Steganos AntiVirus 2007\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - Startup: LimeWire On Startup.lnk = F:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Download All with FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web AntiVirus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Steganos AntiVirus 2007\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Steganos AntiVirus 2007 (AVP) - Unknown owner - C:\Program Files\Steganos AntiVirus 2007\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

rochey
2007-06-04, 16:23
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:09:18 04/06/2007

+ Scan result:



C:\System Volume Information\_restore{13134C68-06FD-4433-82A8-33B995ED2A1B}\RP44\A0004784.dll -> Backdoor.Small.oq : Cleaned with backup (quarantined).
:mozilla.323:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.351:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.489:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.535:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.201:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.203:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.534:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.132:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.133:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.134:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.137:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.138:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.358:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.359:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.311:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.312:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.313:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.314:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.316:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.471:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.36:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.463:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.464:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.100:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.279:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.280:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.281:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.33:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.34:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.35:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.160:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.161:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.162:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.163:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.164:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.165:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.228:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.229:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.388:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.405:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.135:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.140:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.449:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.504:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.158:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.7:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.328:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.29:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.478:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.480:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.294:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.296:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.297:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.298:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.304:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.450:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.220:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.221:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.222:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.223:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.224:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.225:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.172:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.173:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.174:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.175:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.176:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.177:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.187:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.188:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.189:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.190:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.191:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.192:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.193:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.194:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.129:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.130:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.131:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.136:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.139:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.465:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.276:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.278:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.406:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.407:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.484:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.486:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.430:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.436:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.37:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.38:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.39:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.40:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.41:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.42:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.43:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.517:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.518:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.519:C:\Documents and Settings\Big Dave\Application Data\Mozilla\Firefox\Profiles\qvyv33p9.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Mr_JAk3
2007-06-04, 22:47
Hello :)

Looks pretty good now. How is the computer running?

rochey
2007-06-05, 02:54
Thats good to hear thanks for the help!

Some original problems that i posted in my first post, which im not sure related to the big 'trojan backdoor' thing still exist. These are:

- Firefox will not save my connection settings when i press 'apply'. This means i have to set them everytime i open it.

- When looking at http://stage6.divx.com/ videos in Firefox im prompted to download the new plugins even though i have them. I can however watch the videos with no prompts for plugins in internet explorer.

- Viewing emails via MSN by 'Right Clicking the icon in the taskbar' then 'Clicking on the Email Inbox button' still won't load up IE. I have to open a IE window via the desktop shortcut then click on emails via msn and only then will it open.

Im not sure if these problems are due to a virus or spyware but their effects are what made me post on this forum. However, your help has allowed for youtube videos to be viewed on IE now and not ask for the latest flash. This is what makes me think that the above problems are due to some sort of virus.

Thanks again,

Is there a donation section on this site?

rochey
2007-06-05, 03:28
oops Forgot to mention the biggest problem which is that Spybot S&D still can't complete its scan resulting in it being unable to remove problems.

Mr_JAk3
2007-06-05, 18:39
Hello :)

Ok the other problems sound like not-malware related. Have you tried installing/uninstalling or updating the programs?

Could you post the Spybot findings to here (the log file) :bigthumb:

And yes, we have a donation section --> http://www.spybot.info/en/donate/index.html
Thank you :)

rochey
2007-06-06, 02:43
The 'Results' are below but i dont know if u wanted the 'full report' or not.

AdRevolver: Tracking cookie (Firefox: David) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: David) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: David) (Cookie, fixed)


Advertising.com: Tracking cookie (Firefox: David) (Cookie, fixed)


Advertising.com: Tracking cookie (Firefox: David) (Cookie, fixed)


Advertising.com: Tracking cookie (Firefox: David) (Cookie, fixed)


Advertising.com: Tracking cookie (Firefox: David) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: David) (Cookie, fixed)


Avenue A, Inc.: Tracking cookie (Firefox: David) (Cookie, fixed)


DoubleClick: Tracking cookie (Firefox: David) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: David) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: David) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: David) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: David) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: David) (Cookie, fixed)


Tradedoubler: Tracking cookie (Firefox: David) (Cookie, fixed)


Tradedoubler: Tracking cookie (Firefox: David) (Cookie, fixed)


BlackCore: Tracking cookie (Firefox: David) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: David) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: David) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: David) (Cookie, fixed)


User abort!: Scan was not completed successfully. ()



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-05-09 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-05-30 Includes\Cookies.sbi (*)
2007-05-30 Includes\Dialer.sbi (*)
2007-05-30 Includes\DialerC.sbi (*)
2007-05-30 Includes\Hijackers.sbi (*)
2007-05-30 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-05-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-05-30 Includes\Malware.sbi (*)
2007-05-30 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-05-30 Includes\PUPSC.sbi (*)
2007-05-30 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-05-30 Includes\SecurityC.sbi (*)
2007-05-30 Includes\Spybots.sbi (*)
2007-05-30 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-05-16 Includes\Trojans.sbi (*)
2007-05-30 Includes\TrojansC.sbi (*)

Mr_JAk3
2007-06-06, 21:52
Ok those Spybot findings are just cookies. These are easy to handle.

Did you try updating the other programs? Still issues?

rochey
2007-06-07, 18:44
Iv uninstalled firefox and i still get the connection settings error. I have also uninstalled Spybot and it still will not complete its scan.

:(

Mr_JAk3
2007-06-07, 22:12
Hmm please try to run Spybot scan in safe mode.

Does it run there? :bigthumb:

rochey
2007-06-08, 00:06
Tried that already, just tried again then it still hangs :(

Mr_JAk3
2007-06-08, 22:45
Hmm is there a some specific point whre the scan hangs? eg some specific file or infection?

rochey
2007-06-09, 01:26
This seems to be the last thing it scans "zlob.videoplugin". It scans for this probably for about the last quarter of the scan.

Mr_JAk3
2007-06-09, 19:44
Ok hmm...

Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.exe) (by S!Ri)

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)

NOTE: Do not run any other options from SmitfraudFix until I tell you to do so!

rochey
2007-06-09, 22:18
Thank you for your continued support!

SmitFraudFix v2.194

Scan done at 20:17:51.59, 09/06/2007
Run from C:\Documents and Settings\Big Dave\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Big Dave


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Big Dave\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BIGDAV~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{74D524E7-9AD0-4216-BB2E-5C057E932820}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{74D524E7-9AD0-4216-BB2E-5C057E932820}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{74D524E7-9AD0-4216-BB2E-5C057E932820}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Mr_JAk3
2007-06-10, 18:59
Hmm ok.

Maybe the scan is going on in the backround but the programs seems to freeze. How soon have you stopped the scan? Please try scan again and when the program seems to freeze leave the computer alone for like an ½ or 1 hour. It is possible that the scan is then able to finish. Let me know :bigthumb:

rochey
2007-06-11, 14:39
I left it over night and it finished.

It took probably 10hours to complete the scan, at least it completed.

Im in the process of running another scan atm. The problems with firefox and explorer havent been fixed so im gunna run a scan over night in safemode and leave it to finish as well as try to run the repair windows disk to see if that can solve anything.

Thanks

Mr_JAk3
2007-06-11, 22:04
Ok let me know the results :bigthumb:

rochey
2007-06-16, 01:03
sorry about not replying sooner, iv had exams and such so havent had chance.

Im going to run the scans and that tonight so ill post the results tomorrow, thanks for your patience and help :D

Mr_JAk3
2007-06-16, 13:40
Ok :bigthumb:

rochey
2007-06-20, 10:33
Finally exams are finished.

Goodnews, i ran repair windows disk and that fixed my internet explorer problems, i also uninstalled firefox again and removed the registry's and any trace of it throughout my computer which seemed to solve the problem.

The only problem now is the way S&D hangs at the end for hours and hours before completing. At the moment im not 100% sure whether it still does this as i ran the scan over night so didnt have a chance to see how long it hung for.

Anyway ill run another scan just to see if it hangs still. Results of last nights safemode scan are below:

rochey
2007-06-20, 10:38
--- Search result list ---
Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, nothing done)


DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Tradedoubler: Tracking cookie (Firefox: default) (Cookie, nothing done)


I have the full report saved but its massive and takes some breaking up to post on the forum due to the character limit. If you want it all ill post it for you.

Mr_JAk3
2007-06-21, 22:00
Ok there is propably something specific that slows down the scan. Propably some software. This doesn't sound like malware related.

How is the computer running now? :bigthumb:

rochey
2007-06-22, 23:34
The computer is running great now, the only problem is the slow 10hr+ scan speed but at least its nothing to do with spyware or anything.

I think my problems are all solved now. I can't thank you enough for helping me out with all my problems, your help and patience has been great.

Thanks again!

Mr_JAk3
2007-06-24, 16:41
Hi again, it is looking clean now :)

You can remove the tools that we used.

Now you can make your hidden files hidden again.
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Check "Hide protected operating system files"
Click Apply and then the OK and close My Computer.

=============

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.

Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.

Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.

Use AVG Anti-Spyware (http://www.ewido.net/en/)
Download and install AVG Anti-Spyware. Update it and scan your computer regularly with it.

Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.

Install SpywareBlaster (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
SpywareBlaster will prevent spyware from being installed.

Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.

Use Firefox browser (http://www.mozilla.org)
Firefox is faster and more secure browser than Internet Explorer.

Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly. How to enable Automatic Updates? (http://www.bleepingcomputer.com/tutorials/tutorial35.html)

Keep your antivirus (http://forum.malwareremoval.com/viewtopic.php?p=53#53) and firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) up-to-date
Scan your computer regularly with you antivirus software.

Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?

Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.


Stay clean and be safe ;)


As the problem appears to be resolved this topic has been archived.

If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.

Glad we could help :2thumb: