View Full Version : Spyware (Toolbar and other pop up's)
I have had this infection of spyware or something to that nature, It's a toolbar in IE and various pop ups saying that I have an infection (W32.Myzor.FK@yf & Spybot@Mxt). I have tried running various Anti-Spyware programmes but to no avail. Please could you help.
Yours Thankfully,
Andsboy.
Hello and welcome to the forums :)
Please post a HijackThis log to here.
Download HJTInstall.exe (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to your Desktop.
Doubleclick HJTInstall.exe to install it.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Thankyou for the help. Here is the log you requested:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:51:59, on 01/01/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\txxxcxzn.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\txxxcxzn.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173538397578
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173538840328
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9AE8E80-C42A-4BE8-83B1-D72AF49E433F}: NameServer = 205.188.146.145
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: txxxcxzn - C:\WINDOWS\SYSTEM32\txxxcxzn.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 5967 bytes
Hi again :)
You're infected.
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Here are the logs:
VundoFix V6.5.7
Checking Java version...
Java version is 1.5.0.11
Scan started at 15:18:29 18/08/2007
Listing files found while scanning....
C:\WINDOWS\system32\txxxcxzn.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\txxxcxzn.dll
C:\WINDOWS\system32\txxxcxzn.dll Has been deleted!
Performing Repairs to the registry.
Done!
And:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:48, on 18/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AutoExNT.Exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173538397578
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173538840328
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9AE8E80-C42A-4BE8-83B1-D72AF49E433F}: NameServer = 205.188.146.145
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 6035 bytes
Hi again, we'll continue :)
You should print these instructions or save these to a text file. Follow these instructions carefully.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.
==================
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
Restart your computer.
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post along with a fresh HijackThis log.
Report From Kap:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, August 19, 2007 8:06:38 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 18/08/2007
Kaspersky Anti-Virus database records: 384961
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics:
Total number of scanned objects: 64972
Number of viruses found: 6
Number of infected objects: 12
Number of suspicious objects: 6
Duration of the scan process: 01:59:43
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\APP10400.LST Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\APP10708.LST Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\Apps.Lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\Diction.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\main.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sap.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\spool.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\STYLE.LST Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sysnews.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\Toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\andrjn911 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\andrjn911.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\andrjn911.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\CACHE\andrjn900 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\ShopAssist\DataStore\global\clientcache.adb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\ShopAssist\DataStore\users\AndrJn911.adb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\stderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\stdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess1.zip/imsmain.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess10.zip/iesunst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess10.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess4.zip/iesmn.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\Ands\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ands\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Ands\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ands\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ands\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ands\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ands\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ands\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP284\A0070352.exe Object is locked skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP319\A0084753.exe Object is locked skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP334\A0090601.exe/data0002/data0011 Infected: not-a-virus:AdWare.Win32.Comet.bb skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP334\A0090601.exe/data0002/data0012 Infected: not-a-virus:AdWare.Win32.Comet.be skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP334\A0090601.exe/data0002 Infected: not-a-virus:AdWare.Win32.Comet.be skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP334\A0090601.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP337\A0093905.exe Object is locked skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP339\A0094273.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bxw skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP339\A0094273.exe/stream Infected: Trojan-Downloader.Win32.Zlob.bxw skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP339\A0094273.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP340\A0095281.dll Object is locked skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP340\A0095283.exe Object is locked skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP340\A0095295.dll Object is locked skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP340\A0095297.exe Object is locked skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP340\A0095305.dll Object is locked skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP340\A0095307.exe Object is locked skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP340\A0095319.exe Object is locked skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP340\A0095324.dll Object is locked skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP340\A0095338.dll Object is locked skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP340\A0095340.exe Object is locked skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP340\A0095347.exe Object is locked skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP346\A0097570.exe/data0006 Infected: not-a-virus:FraudTool.Win32.VirusProtectPro.d skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP346\A0097570.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP350\A0099362.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP350\A0099362.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP350\A0099362.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP361\A0106239.exe Object is locked skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP370\A0116045.dll Object is locked skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP370\A0116113.dll Object is locked skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP370\A0116114.dll Object is locked skipped
C:\System Volume Information\_restore{BC66F810-9621-4E2C-AF19-54E11D088E27}\RP371\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8DFB2258-2E84-48FB-AC81-3FCED2DEB137}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\WindowsPowerShell.evt Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\jkkjg.dll Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Report from HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:09:46, on 19/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173538397578
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173538840328
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9AE8E80-C42A-4BE8-83B1-D72AF49E433F}: NameServer = 205.188.146.145
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 6323 bytes
Ok better but still something there...
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
The Log for Combofix:
ComboFix 07-08-14.4 - "Ands" 2007-08-21 12:00:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.452 [GMT 1:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\jkkjg.dll
((((((((((((((((((((((((( Files Created from 2007-07-21 to 2007-08-21 )))))))))))))))))))))))))))))))
2007-08-21 11:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-19 19:12 <DIR> d-------- C:\potrename
2007-08-19 19:07 <DIR> d-------- C:\Harry Potter and the Prisoner of Azkaban
2007-08-19 19:00 1,417,160 --a------ C:\ComboFix.exe
2007-08-19 16:19 <DIR> d-------- C:\Program Files\SopCast
2007-08-18 20:39 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-18 20:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-18 19:42 <DIR> d-------- C:\Program Files\Wise Registry Cleaner
2007-08-18 15:35 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-17 16:47 <DIR> d-------- C:\Program Files\iTunes
2007-08-17 16:47 <DIR> d-------- C:\Program Files\iPod
2007-08-15 22:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-15 21:06 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-08-15 21:06 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-08-15 17:43 1,156 --a------ C:\WINDOWS\mozver.dat
2007-08-15 17:40 <DIR> d-------- C:\DOCUME~1\Ands\.housecall6.6
2007-08-14 19:22 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-14 15:53 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2007-08-10 15:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
2007-08-08 23:24 1,470 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-08 17:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-04 08:47 9,488 --a------ C:\WINDOWS\system32\sporder.dll
2007-08-04 08:41 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2007-08-03 13:53 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-08-03 11:36 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-30 14:06 63 --a------ C:\WINDOWS\system\SYSRegC.dll
2007-07-30 14:06 143,360 --a------ C:\WINDOWS\system32\GetHardDiskNo.dll
2007-07-30 14:06 1,126,400 --a------ C:\WINDOWS\system32\VchReg.dll
2007-07-30 14:06 <DIR> d-------- C:\Program Files\Max Registry Cleaner
2007-07-24 10:48 <DIR> d-------- C:\Program Files\QuickTime
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-21 12:04 --------- d-------- C:\DOCUME~1\Ands\APPLIC~1\Azureus
2007-08-19 17:05 --------- d-------- C:\Program Files\Common Files\AOL
2007-08-19 17:02 --------- d-------- C:\Program Files\MSN Messenger
2007-08-19 08:23 --------- d-------- C:\Program Files\Azureus
2007-08-17 16:27 --------- d-------- C:\DOCUME~1\Ands\APPLIC~1\Real
2007-08-17 15:49 --------- d-------- C:\Program Files\Apple Software Update
2007-08-16 17:24 --------- d-------- C:\Program Files\CyberLink
2007-08-16 17:22 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-11 11:26 --------- d-------- C:\DOCUME~1\Ands\APPLIC~1\dvdcss
2007-08-07 22:09 --------- d-------- C:\Program Files\DirectVobSub
2007-08-07 22:09 --------- d-------- C:\Program Files\AOL 9.0
2007-08-05 16:49 203776 --a------ C:\WINDOWS\system32\clrviddc.dll
2007-08-04 21:06 --------- d-------- C:\DOCUME~1\Ands\APPLIC~1\LimeWire
2007-08-04 14:16 --------- d-------- C:\Program Files\Real
2007-08-03 18:54 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2007-08-03 17:21 --------- d-------- C:\Program Files\RealMedia
2007-08-02 17:28 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-24 11:00 --------- d-------- C:\Program Files\DivX
2007-07-09 20:07 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-09 20:07 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 20:07 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 20:07 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-09 20:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-09 20:05 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-09 20:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-09 20:05 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-09 20:05 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-09 20:05 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-09 20:05 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-09 20:05 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-09 20:05 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-09 20:05 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-09 20:05 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-09 20:05 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-09 20:05 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-09 20:05 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-06 14:33 --------- d-------- C:\DOCUME~1\Ands\APPLIC~1\Lavasoft
2007-07-04 17:59 --------- d-------- C:\Program Files\Common Files\Apple
2007-06-27 15:34 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:34 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:34 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:34 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:34 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-26 16:13 851968 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 15:09 658944 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 07:08 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 14:31 282112 --a--c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-14 19:09 96256 --a--c--- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 19:09 615424 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 19:09 55808 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 19:09 532480 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 19:09 474112 --a--c--- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 19:09 449024 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 19:09 39424 --a--c--- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 19:09 357888 --a--c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 19:09 3058688 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 19:09 251392 --a--c--- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 19:09 205312 --a--c--- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 19:09 16384 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 19:09 151040 --a--c--- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 19:09 1494528 --a--c--- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 19:09 146432 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 19:09 1054208 --a--c--- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 19:09 1023488 --a--c--- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 15:07 18432 --a--c--- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 12:26 1033216 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 12:26 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a--c--- C:\WINDOWS\system32\dllcache\wmp.dll
2007-03-10 18:29 87608 --a------ C:\DOCUME~1\Ands\APPLIC~1\ezpinst.exe
2007-03-10 18:29 47360 --a------ C:\DOCUME~1\Ands\APPLIC~1\pcouffin.sys
2006-12-05 20:51 915968 --a------ C:\Program Files\WinRAR.exe
2006-12-05 20:51 483 --a------ C:\Program Files\rarreg.key
2006-12-05 20:36 22 --a------ C:\Program Files\zipnew.dat
2006-12-05 20:36 20 --a------ C:\Program Files\rarnew.dat
2006-12-03 15:53 98304 --a------ C:\Program Files\Uninstall.exe
2006-12-03 15:53 66560 --a------ C:\Program Files\Zip.SFX
2006-12-03 15:53 651 --a------ C:\Program Files\Uninstall.lst
2006-12-03 15:53 405874 --a------ C:\Program Files\WinRAR.hlp
2006-12-03 15:53 126464 --a------ C:\Program Files\RarExt.dll
2006-12-03 15:53 100864 --a------ C:\Program Files\Default.SFX
2006-12-03 15:52 313856 --a------ C:\Program Files\Rar.exe
2006-12-03 15:52 200704 --a------ C:\Program Files\UnRAR.exe
2006-12-02 15:34 9232 --a------ C:\Program Files\TechNote.txt
2006-12-02 15:34 71189 --a------ C:\Program Files\Rar.txt
2006-12-02 15:34 502 --a------ C:\Program Files\File_Id.diz
2006-12-02 15:32 16536 --a------ C:\Program Files\WhatsNew.txt
2006-09-14 01:19 79360 --a------ C:\Program Files\WinCon.SFX
2006-06-29 19:35 9695 --a------ C:\Program Files\WinRAR.cnt
2006-04-11 13:01 1088 --a------ C:\Program Files\RarFiles.lst
2005-10-18 19:20 3128 --a------ C:\Program Files\Order.htm
2005-10-18 19:10 4494 --a------ C:\Program Files\License.txt
2005-06-07 13:26 43008 --a------ C:\Program Files\RarExt64.dll
2005-06-07 13:25 44032 --a------ C:\Program Files\RarExtLoader.exe
2005-06-02 17:05 1111 --a------ C:\Program Files\Descript.ion
2005-05-12 19:02 90 --a------ C:\Program Files\UnrarSrc.txt
2005-05-12 19:01 1687 --a------ C:\Program Files\ReadMe.txt
2007-05-20 13:11:02 5 --sha-w C:\WINDOWS\system32\fccdfeaf7_d.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-04 14:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"HostManager"="C:\Program Files\Common Files\AOL\1173538569\ee\AOLSoftware.exe" [2006-11-17 14:21]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ands^Start Menu^Programs^Startup^IMVU.lnk]
backup=C:\WINDOWS\pss\IMVU.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\%FP%Friendly fts.exe]
"C:\Program Files\VoyagerTest\fts.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
dslagent.exe USB
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GSICONEXE]
gsicon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1173538569\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
"c:\Program Files\Microsoft IntelliType Pro\itype.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCAutoLiveUpdate]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystemTray]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusProtectPro 3.5]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe
R2 AutoExNT;AutoExNT;C:\WINDOWS\system32\AutoExNT.Exe
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 glausb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sys
S3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys
S3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\system32\PavTPK.sys
S3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\Autorun.exe
Contents of the 'Scheduled Tasks' folder
2007-08-17 14:49:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-06-14 14:32:17 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1173792879.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-21 12:05:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-21 12:08:45 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-21 12:08
--- E O F ---
Hello :)
Ok looks quite good now. How is the computer running?
Go to virustotal.com (http://www.virustotal.com)
Copy the following to the box next to "Browse" button:
C:\WINDOWS\system32\fccdfeaf7_d.dll
Click on Send
Wait for the scan to end.
Copy & Paste the scan results to here.
Much better now thankyou.. Thansk for all ur help, It is much appreciated! Here is the result of the scan:
File fccdfeaf7_d.dll received on 08.24.2007 17:59:47 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 39 and 56 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2007.8.25.0 2007.08.24 -
AntiVir 7.4.1.63 2007.08.24 -
Authentium 4.93.8 2007.08.23 -
Avast 4.7.1029.0 2007.08.24 -
AVG 7.5.0.484 2007.08.24 -
BitDefender 7.2 2007.08.24 -
CAT-QuickHeal 9.00 2007.08.23 -
ClamAV 0.91 2007.08.24 -
DrWeb 4.33 2007.08.24 -
eSafe 7.0.15.0 2007.08.23 -
eTrust-Vet 31.1.5084 2007.08.24 -
Ewido 4.0 2007.08.24 -
FileAdvisor 1 2007.08.25 -
Fortinet 2.91.0.0 2007.08.24 -
F-Prot 4.3.2.48 2007.08.23 -
F-Secure 6.70.13030.0 2007.08.24 -
Ikarus T3.1.1.12 2007.08.24 -
Kaspersky 4.0.2.24 2007.08.24 -
McAfee 5105 2007.08.24 -
Microsoft 1.2803 2007.08.24 -
NOD32v2 2482 2007.08.24 -
Norman 5.80.02 2007.08.24 -
Panda 9.0.0.4 2007.08.24 -
Prevx1 V2 2007.08.25 -
Rising 19.37.42.00 2007.08.24 -
Sophos 4.21.0 2007.08.24 -
Sunbelt 2.2.907.0 2007.08.24 -
Symantec 10 2007.08.24 -
TheHacker 6.1.8.172 2007.08.24 -
VBA32 3.12.2.3 2007.08.24 -
VirusBuster 4.3.26:9 2007.08.24 -
Webwasher-Gateway 6.0.1 2007.08.24 -
Additional information
File size: 5 bytes
MD5: 90708c2b5e914bd2967c787175392195
SHA1: b557686d0b627d393c752c0aa5375dad9dad1add
Hi again, it is looking clean now :)
You can remove the tools we used.
Then you should update your Java to the latest version (6u2) Start
Control Panel
Add/Remove Programs
Delete the old Java,
J2SE Runtime Environment 5.0 Update 11
Download the latest version of Java Runtime Environment (JRE) 6u2 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Install it
Now you can make your hidden files hidden again.
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Check "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
=============
Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware (http://www.ewido.net/en/)
Download and install AVG Anti-Spyware. Update it and scan your computer regularly with it.
Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.
Use Firefox browser (http://www.mozilla.org)
Firefox is faster and more secure browser than Internet Explorer.
Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly. How to enable Automatic Updates? (http://www.bleepingcomputer.com/tutorials/tutorial35.html)
Keep your antivirus (http://forum.malwareremoval.com/viewtopic.php?p=53#53) and firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) up-to-date
Scan your computer regularly with you antivirus software.
Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?
Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Stay clean and be safe ;)
Again Thankyou.. Your help is very much appreciated..I have followed ur advice..! I'm using Windows own firewall is that ok or would another firewall be better suited..? Also Where would I get advice about System configuration utility(Services) from..?
Thankfully,
Andsboy.
Hi :)
For the firewall:
You don't seem to have a third-party firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) installed. You must install one firewall.
It is possible that you're using the Windows XP firewall. That is of course better than nothing but I recommend that you install a more advanced firewall that gives more protection. Windows firewall doesn't eg protect your computer from inbound threats. This means that any malware on your computer is free to "phone home" for more instructions. Remember to use only one firewall at the same time. I'll give you a few alternatives if you want to install a third-party firewall:
These are good (free) firewalls: Sunbelt-Kerio (http://www.sunbelt-software.com/Kerio.cfm)
ZoneAlarm (http://www.zonelabs.com/)
Sygate (http://http://www.majorgeeks.com/download.php?det=3356)
Outpost (http://www.majorgeeks.com/download.php?det=1056)
Comodo (http://www.personalfirewall.comodo.com)
The "Services" tab in system config utility lists all the services in your system. Would you like to get info about some specific service or services in general?
In regard to the Services yes I would like info.. I believe running things that I dont need to be running, but not sure which ones to uncheck..? if you get my meaning..!
Thanks
Andsboy
Hello :)
Well you can Google for the service name...no other ways really...though I advice that you don't disable anything until you're sure that it isn't needed.
:bigthumb: