PDA

View Full Version : virtumonde ..I think ...



herself
2007-10-20, 23:24
Ran Spybot but it wont delete it stalls on the 'fix this'
Ran Kaspersky scan but it wouldnt let me save the report..
It did show this ...
win32.pakes.su
in
c:\windows\system32\rllmgbbl.exe
and
not-a-virusadware.win32.seetoolbar.g
in
c:\windows\system32\hdkdiosm.dll

hijackthislog...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:15 PM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by139w.bay139.mail.live.com/mail/TodayLight.aspx?n=1689534646
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://by139fd.bay139.hotmail.msn.com/cgi-bin/hmhome?fti=yes&fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=cf9297429b1491de57267c4a6a077818a472537a61130e24847a0f2b21c0bb38
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://by139fd.bay139.hotmail.msn.com/cgi-bin/hmhome?fti=yes&fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=cf9297429b1491de57267c4a6a077818a472537a61130e24847a0f2b21c0bb38
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {08E64AAF-C216-4F0B-A96F-96EF763DFAD3} - (no file)
O2 - BHO: (no name) - {2E9984C6-345F-4EB2-8202-B4F8C4712F47} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\hdkdiosm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\brvpttru.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\brvpttru.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://t-cossie.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174759255624
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174764179311
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by139fd.bay139.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: brvpttru - C:\WINDOWS\SYSTEM32\brvpttru.dll
O20 - Winlogon Notify: hggedbc - hggedbc.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 8038 bytes

random/random
2007-10-21, 00:08
Download the latest version of ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

herself
2007-10-21, 00:44
Wow quick reply thankyou !!



C:\WINDOWS\system32\hdkdiosm.dll
C:\WINDOWS\system32\rllmgbbl.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN


((((((((((((((((((((((((( Files Created from 2007-09-20 to 2007-10-20 )))))))))))))))))))))))))))))))
.

2007-10-20 16:05 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-20 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-19 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-19 00:30 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-10-17 09:44 <DIR> d-------- C:\Program Files\RegCure
2007-10-16 06:19 <DIR> d-------- C:\Program Files\Alwil Software
2007-10-15 07:07 <DIR> d-------- C:\Documents and Settings\Michelle\.housecall6.6
2007-10-14 22:50 <DIR> dr-h----- C:\Documents and Settings\Michelle\Application Data\yahoo!
2007-10-14 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-14 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-10-14 22:34 <DIR> d-------- C:\Program Files\Rogers
2007-10-14 22:29 <DIR> d-------- C:\Program Files\Yahoo!
2007-10-14 14:22 <DIR> d-------- C:\divx
2007-10-14 14:21 <DIR> d-------- C:\Documents and Settings\Michelle\Application Data\DivX
2007-10-14 14:00 16,962 --a------ C:\dj.exe
2007-10-08 11:11 <DIR> d-------- C:\Documents and Settings\Michelle\Application Data\gtk-2.0
2007-10-08 11:02 <DIR> d-------- C:\Documents and Settings\Michelle\.gimp-2.2
2007-10-08 11:01 <DIR> d-------- C:\Program Files\GIMP-2.0
2007-10-08 10:58 <DIR> d-------- C:\Program Files\Common Files\GTK
2007-10-06 21:38 <DIR> d-------- C:\Program Files\iTunes
2007-10-06 21:38 <DIR> d-------- C:\Program Files\iPod
2007-10-05 13:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-09-30 23:08 <DIR> d-------- C:\Documents and Settings\Michelle\Application Data\OTVREG
2007-09-30 23:05 <DIR> d-------- C:\Program Files\Online TV Player 4
2007-09-30 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\flag ace stupid data
2007-09-30 22:00 <DIR> d-------- C:\Program Files\WinZix
2007-09-30 02:41 <DIR> d-------- C:\Documents and Settings\Michelle\Application Data\vlc
2007-09-30 02:06 <DIR> d-------- C:\Program Files\VideoLAN
2007-09-30 01:36 <DIR> d-------- C:\Program Files\Google
2007-09-22 21:26 <DIR> d-------- C:\Documents and Settings\Michelle\Application Data\PCTV4Me
2007-09-22 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCTV4Me
2007-09-22 20:16 <DIR> d-------- C:\Program Files\DivX
2007-09-21 19:46 <DIR> d-------- C:\Documents and Settings\Michelle\Application Data\FoxyTunes
2007-09-21 19:45 <DIR> d-------- C:\Program Files\FoxyTunes
2007-09-21 15:52 <DIR> d-------- C:\Program Files\PC Speed Booster Toolbar
2007-09-21 15:42 <DIR> d-------- C:\Program Files\Live_TV

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-20 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-20 03:55 --------- d-----w C:\Program Files\XoftSpySE
2007-10-17 03:15 --------- d-----w C:\Program Files\WinAce
2007-10-15 10:56 35,328 ----a-w C:\WINDOWS\system32\fccabyv.dll
2007-10-15 04:15 --------- d-----w C:\Program Files\InstallShield Installation Information
2007-10-15 03:22 35,328 ----a-w C:\WINDOWS\system32\efccabx.dll
2007-10-14 22:35 35,328 ----a-w C:\WINDOWS\system32\yayvttt.dll
2007-10-14 18:05 35,328 ----a-w C:\WINDOWS\system32\mljgeby.dll
2007-10-13 19:15 --------- d-----w C:\Program Files\Lx_cats
2007-10-11 20:34 --------- d-----w C:\Program Files\F-Serv
2007-10-05 19:32 --------- d-----w C:\Documents and Settings\Michelle\Application Data\Bell
2007-10-05 19:32 --------- d-----w C:\Documents and Settings\Guest\Application Data\Bell
2007-10-05 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bell
2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-28 16:07 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-09-28 16:07 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-09-28 16:07 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-09-28 16:07 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-09-24 19:18 --------- d-----w C:\Program Files\Apple Software Update
2007-09-20 02:44 --------- d-----w C:\Program Files\SmartDraw 2008
2007-09-07 00:32 --------- d-----w C:\Documents and Settings\Michelle\Application Data\Apple Computer
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-04 19:56 --------- d-----w C:\Program Files\MSN Messenger
2007-09-04 02:29 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-08-29 17:45 --------- d-----w C:\Program Files\Kodak
2007-08-29 17:42 --------- d-----w C:\Program Files\Common Files\Kodak
2007-08-29 02:31 --------- d-----w C:\Documents and Settings\Michelle\Application Data\Talkback
2007-08-28 16:52 --------- d-----w C:\Program Files\QuickTime
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 05:12 216,064 ----a-w C:\WINDOWS\iun3405.exe
2007-08-21 03:51 --------- d-----w C:\Program Files\Universal
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 23:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2003-01-31 16:08 65,536 -c----w C:\WINDOWS\inf\setup\bcr.exe
2003-01-31 16:08 50,934 -c----w C:\WINDOWS\inf\ssdsl3x\drivers\vvpciusb.sys
2003-01-31 16:08 50,911 -c----w C:\WINDOWS\inf\ssdsl3x\drivers\vvbususb.sys
2003-01-31 16:08 49,296 -c----w C:\WINDOWS\inf\setup\efnt16.dll
2003-01-31 16:08 49,152 -c----w C:\WINDOWS\inf\enclss32.dll
2003-01-31 16:08 32,768 -c----w C:\WINDOWS\inf\setup\efnt32.dll
2003-01-31 16:08 3,690,496 -c----w C:\WINDOWS\inf\setup.exe
2003-01-31 16:08 28,005 -c----w C:\WINDOWS\inf\ssdsl3x\drivers\enethusb.sys
2003-01-31 16:08 241,664 -c----w C:\WINDOWS\inf\setup\bohica.dll
2003-01-31 16:08 23,560 -c----w C:\WINDOWS\inf\enclss16.dll
2003-01-31 16:08 163,840 -c----w C:\WINDOWS\inf\setup\enisnmp.dll
2003-01-31 16:08 163,840 -c----w C:\WINDOWS\inf\setup\efntsw.dll
2003-01-31 16:08 159,744 -c----w C:\WINDOWS\inf\setup\l2xpdrv.dll
2003-01-31 16:08 159,744 -c----w C:\WINDOWS\inf\setup\csshim.dll
2003-01-31 16:08 155,648 -c----w C:\WINDOWS\inf\setup\prox.dll
2003-01-31 16:08 155,648 -c----w C:\WINDOWS\inf\setup\efntos2k.dll
2003-01-31 16:08 155,648 -c----w C:\WINDOWS\inf\setup\ClearMB.exe
2003-01-31 16:08 15,332 -c----w C:\WINDOWS\inf\ssdsl3x\drivers\vvbeth.sys
2003-01-31 16:08 15,309 -c----w C:\WINDOWS\inf\ssdsl3x\drivers\vvbetht.sys
2003-01-31 16:08 147,456 -c----w C:\WINDOWS\inf\setup\efntos9x.dll
2003-01-31 16:08 139,264 -c----w C:\WINDOWS\inf\setup\enicommon.dll
2003-01-31 16:08 135,168 -c----w C:\WINDOWS\inf\setup\EnCmnSvr.exe
2003-01-31 16:08 122,880 -c----w C:\WINDOWS\inf\setup\efntos.dll
2003-01-31 16:08 122,880 -c----w C:\WINDOWS\inf\setup\efntnio.dll
2003-01-31 16:08 118,784 -c----w C:\WINDOWS\inf\setup\defdel.exe
2002-06-04 09:06 65,536 -c----w C:\WINDOWS\inf\copyinf.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08E64AAF-C216-4F0B-A96F-96EF763DFAD3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E9984C6-345F-4EB2-8202-B4F8C4712F47}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StandardInstall"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggedbc]
hggedbc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RogersAgent]
c:\Program Files\Rogers\SelfHealing\rogersagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SHS]
"C:\Program Files\Rogers\SelfHealing\SHS.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spybot - Search & Destroy]
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingA5265]
command /c del "C:\WINDOWS\system32\brvpttru.dllbox"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB3747]
command /c del "C:\WINDOWS\system32\brvpttru.dllbox"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD8277]
cmd /c del "C:\WINDOWS\system32\brvpttru.dllbox"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager]
"C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 15:56:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-20 21:30:34 C:\WINDOWS\Tasks\RegCure Program Check.job"
"2007-10-17 13:47:28 C:\WINDOWS\Tasks\RegCure.job"
"2007-10-20 21:30:33 C:\WINDOWS\Tasks\XoftSpySE 2.job"
"2007-10-20 07:00:13 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-20 17:31:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-20 17:36:51 - machine was rebooted
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:43 PM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by139w.bay139.mail.live.com/mail/TodayLight.aspx?n=1689534646
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://by139fd.bay139.hotmail.msn.com/cgi-bin/hmhome?fti=yes&fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=cf9297429b1491de57267c4a6a077818a472537a61130e24847a0f2b21c0bb38
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://by139fd.bay139.hotmail.msn.com/cgi-bin/hmhome?fti=yes&fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=cf9297429b1491de57267c4a6a077818a472537a61130e24847a0f2b21c0bb38
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {08E64AAF-C216-4F0B-A96F-96EF763DFAD3} - (no file)
O2 - BHO: (no name) - {2E9984C6-345F-4EB2-8202-B4F8C4712F47} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://t-cossie.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174759255624
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174764179311
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by139fd.bay139.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: hggedbc - hggedbc.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 7452 bytes

herself
2007-10-21, 00:45
I think I love you :red:

random/random
2007-10-21, 01:23
Looks like combofix took out the active infections, just some clearing up to do

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.



Open a new notepad window (Start>All programs>accessories>notepad)
Highlight the contents of the below codebox and then press ctrl+c to copy it to the clipboard

File::
C:\WINDOWS\system32\fccabyv.dll
C:\WINDOWS\system32\efccabx.dll
C:\WINDOWS\system32\yayvttt.dll
C:\WINDOWS\system32\mljgeby.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08E64AAF-C216-4F0B-A96F-96EF763DFAD3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E9984C6-345F-4EB2-8202-B4F8C4712F47}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StandardInstall"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggedbc]
Paste the contents of the clipboard into the notepad window by pressing ctrl+v or edit>paste
Save it to the desktop as CFscript.txt
Now drag and drop CFscript.txt onto combofix.exe as in the picture below and follow the prompts:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Go here (http://www.eset.eu/online-scanner) to run an online scannner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic, along with a description of any remaining problems

herself
2007-10-22, 03:09
It seems to be gone the popups have stopped ...

ComboFix 07-10-20.6 - Michelle 2007-10-21 18:46:16.2 - NTFSx86
Script execution time was exceeded on script "C:\ComboFix\osid.vbs".
Script execution was terminated.
Running from: C:\Documents and Settings\Michelle\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michelle\Desktop\CFscript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\efccabx.dll
C:\WINDOWS\system32\fccabyv.dll
C:\WINDOWS\system32\mljgeby.dll
C:\WINDOWS\system32\yayvttt.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\efccabx.dll
C:\WINDOWS\system32\fccabyv.dll
C:\WINDOWS\system32\mljgeby.dll
C:\WINDOWS\system32\yayvttt.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-21 to 2007-10-21 )))))))))))))))))))))))))))))))
.

2007-10-20 22:05 <DIR> d-------- C:\Documents and Settings\Michelle\Application Data\iLike
2007-10-20 22:04 <DIR> d-------- C:\Program Files\iLike
2007-10-20 17:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-20 16:05 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-20 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-20 00:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-19 17:42 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-19 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-19 00:30 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-10-17 09:44 <DIR> d-------- C:\Program Files\RegCure
2007-10-16 06:21 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-16 06:21 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-16 06:21 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-16 06:21 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-16 06:20 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-16 06:20 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-16 06:19 <DIR> d-------- C:\Program Files\Alwil Software
2007-10-16 06:19 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-10-16 06:19 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-15 07:07 <DIR> d-------- C:\Documents and Settings\Michelle\.housecall6.6
2007-10-14 22:50 <DIR> dr-h----- C:\Documents and Settings\Michelle\Application Data\yahoo!
2007-10-14 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-14 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-10-14 22:38 65,536 --a------ C:\WINDOWS\system32\YCRWin32.dll
2007-10-14 22:37 89,088 --a------ C:\WINDOWS\system32\ATL71.DLL
2007-10-14 22:37 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-10-14 22:34 <DIR> d-------- C:\Program Files\Rogers
2007-10-14 22:29 <DIR> d-------- C:\Program Files\Yahoo!
2007-10-14 14:22 <DIR> d-------- C:\divx
2007-10-14 14:21 <DIR> d-------- C:\Documents and Settings\Michelle\Application Data\DivX
2007-10-14 14:00 16,962 --a------ C:\dj.exe
2007-10-10 14:08 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 22:37 15,360 -rah----- C:\WINDOWS\system32\drivers\NetMotCM.sys
2007-10-08 11:11 <DIR> d-------- C:\Documents and Settings\Michelle\Application Data\gtk-2.0
2007-10-08 11:02 <DIR> d-------- C:\Documents and Settings\Michelle\.gimp-2.2
2007-10-08 11:01 <DIR> d-------- C:\Program Files\GIMP-2.0
2007-10-08 10:58 <DIR> d-------- C:\Program Files\Common Files\GTK
2007-10-06 21:38 <DIR> d-------- C:\Program Files\iTunes
2007-10-06 21:38 <DIR> d-------- C:\Program Files\iPod
2007-10-05 13:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-09-30 23:08 <DIR> d-------- C:\Documents and Settings\Michelle\Application Data\OTVREG
2007-09-30 23:05 <DIR> d-------- C:\Program Files\Online TV Player 4
2007-09-30 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\flag ace stupid data
2007-09-30 22:00 <DIR> d-------- C:\Program Files\WinZix
2007-09-30 02:41 <DIR> d-------- C:\Documents and Settings\Michelle\Application Data\vlc
2007-09-30 02:06 <DIR> d-------- C:\Program Files\VideoLAN
2007-09-30 01:36 <DIR> d-------- C:\Program Files\Google
2007-09-28 12:08 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-22 21:26 <DIR> d-------- C:\Documents and Settings\Michelle\Application Data\PCTV4Me
2007-09-22 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCTV4Me
2007-09-22 20:16 <DIR> d-------- C:\Program Files\DivX
2007-09-22 20:16 684 --a------ C:\WINDOWS\mozver.dat
2007-09-21 19:46 <DIR> d-------- C:\Documents and Settings\Michelle\Application Data\FoxyTunes
2007-09-21 19:45 <DIR> d-------- C:\Program Files\FoxyTunes
2007-09-21 15:52 <DIR> d-------- C:\Program Files\PC Speed Booster Toolbar
2007-09-21 15:42 <DIR> d-------- C:\Program Files\Live_TV

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-21 22:20 --------- d-----w C:\Program Files\Java
2007-10-20 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-20 03:55 --------- d-----w C:\Program Files\XoftSpySE
2007-10-17 03:15 --------- d-----w C:\Program Files\WinAce
2007-10-15 04:15 --------- d-----w C:\Program Files\InstallShield Installation Information
2007-10-13 19:15 --------- d-----w C:\Program Files\Lx_cats
2007-10-11 20:34 --------- d-----w C:\Program Files\F-Serv
2007-10-05 19:32 --------- d-----w C:\Documents and Settings\Michelle\Application Data\Bell
2007-10-05 19:32 --------- d-----w C:\Documents and Settings\Guest\Application Data\Bell
2007-10-05 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bell
2007-09-28 16:07 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-09-24 19:18 --------- d-----w C:\Program Files\Apple Software Update
2007-09-20 02:44 --------- d-----w C:\Program Files\SmartDraw 2008
2007-09-07 00:32 --------- d-----w C:\Documents and Settings\Michelle\Application Data\Apple Computer
2007-09-04 19:56 --------- d-----w C:\Program Files\MSN Messenger
2007-09-04 02:29 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-08-29 17:45 --------- d-----w C:\Program Files\Kodak
2007-08-29 17:42 --------- d-----w C:\Program Files\Common Files\Kodak
2007-08-29 02:31 --------- d-----w C:\Documents and Settings\Michelle\Application Data\Talkback
2007-08-28 16:52 --------- d-----w C:\Program Files\QuickTime
2007-08-21 05:12 216,064 ----a-w C:\WINDOWS\iun3405.exe
2007-08-21 03:51 --------- d-----w C:\Program Files\Universal
.

((((((((((((((((((((((((((((( snapshot@2007-10-20_17.35.35.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-21 02:05:00 25,214 ----a-r C:\WINDOWS\Installer\{7B394AAA-6E2D-4850-9C0E-7A127F763CF7}\_6FEFF9B68218417F98F549.exe
- 2006-12-15 05:30:58 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-25 02:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-12-15 05:31:06 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 02:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-12-15 07:09:14 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-25 03:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2007-09-21 23:42:37 48,749 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2007-10-21 02:05:07 48,749 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RogersAgent]
c:\Program Files\Rogers\SelfHealing\rogersagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SHS]
"C:\Program Files\Rogers\SelfHealing\SHS.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spybot - Search & Destroy]
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingA5265]
command /c del "C:\WINDOWS\system32\brvpttru.dllbox"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB3747]
command /c del "C:\WINDOWS\system32\brvpttru.dllbox"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD8277]
cmd /c del "C:\WINDOWS\system32\brvpttru.dllbox"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager]
"C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background


.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 15:56:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-21 22:57:55 C:\WINDOWS\Tasks\RegCure Program Check.job"
"2007-10-17 13:47:28 C:\WINDOWS\Tasks\RegCure.job"
"2007-10-21 22:57:55 C:\WINDOWS\Tasks\XoftSpySE 2.job"
"2007-10-20 07:00:13 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-21 18:59:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-21 19:04:24 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-20 17:36
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:16 PM, on 10/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by139w.bay139.mail.live.com/mail/TodayLight.aspx?n=1689534646
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://by139fd.bay139.hotmail.msn.com/cgi-bin/hmhome?fti=yes&fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=cf9297429b1491de57267c4a6a077818a472537a61130e24847a0f2b21c0bb38
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://by139fd.bay139.hotmail.msn.com/cgi-bin/hmhome?fti=yes&fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=cf9297429b1491de57267c4a6a077818a472537a61130e24847a0f2b21c0bb38
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://t-cossie.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174759255624
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174764179311
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by139fd.bay139.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 7787 bytes

herself
2007-10-22, 03:17
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2604 (20071019)
# vers_arch_module=1.058 (20070906)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=6e4c0922d95af647821dc81c2822bb8a
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2007-10-22 12:08:58
# local_time=2007-10-21 08:08:58 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=149574
# found=136
# scan_time=2712
C:\qoobox\Quarantine\catchme2007-10-20_173119.79.zip Win32/Adware.SecToolbar application 75D6C1A6701A46884098FA22CCD3FC2C
C:\qoobox\Quarantine\catchme2007-10-20_173119.79.zip »ZIP »brvpttru.dll Win32/Adware.SecToolbar application 00000000000000000000000000000000
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk.vir Win32/Adware.SecToolbar application 97A276AF90933C30F9E4C1CFC5057ABD
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk.vir Win32/Adware.SecToolbar application 50EBCEEC18173C0BECEF812A9383020D
C:\qoobox\Quarantine\C\Documents and Settings\Michelle\Desktop\Live Safety Center.lnk.vir Win32/Adware.SecToolbar application 5629120E8B92767B94DBB8EEE08BC44F
C:\qoobox\Quarantine\C\Documents and Settings\Michelle\Desktop\Online Security Guide.lnk.vir Win32/Adware.SecToolbar application 875A4994AA988BCF29892D201B84B60A
C:\qoobox\Quarantine\C\Documents and Settings\Michelle\Favorites\Online Security Guide.lnk.vir Win32/Adware.SecToolbar application A0EBE914799E25D994A53B3607F913D0
C:\qoobox\Quarantine\C\Program Files\Hammer.dll.vir Win32/Adware.SecToolbar application 650E83AE6756865B0570EF2C52A2507D
C:\qoobox\Quarantine\C\WINDOWS\system32\brvpttru.dll.vir Win32/Adware.SecToolbar application 650E83AE6756865B0570EF2C52A2507D
C:\qoobox\Quarantine\C\WINDOWS\system32\rllmgbbl.exe.vir Win32/Adware.SecToolbar application B3A5DBD59006EEACD58BA9D2ECC44404
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0132839.lnk Win32/Adware.SecToolbar application D5564D92584F9104EFAB85F570FBA13A
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0132840.lnk Win32/Adware.SecToolbar application A8206DABA2D8546E7F62E131D59ADBCC
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0132841.lnk Win32/Adware.SecToolbar application E6A0D42E45AF2C923E7B4E572415D196
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0132842.lnk Win32/Adware.SecToolbar application 0C55AB2774756517BC54DF4651A6F518
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0132844.lnk Win32/Adware.SecToolbar application 2A0718B8B6C3296AD6A666185D1E2D62
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0132845.lnk Win32/Adware.SecToolbar application 440E57DCA9D835829F9B66AB323FF684
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0133828.lnk Win32/Adware.SecToolbar application 226CE9E69E92E55E0B6174D5AEF4958D
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0133829.lnk Win32/Adware.SecToolbar application CD6EF7A3D750DB9C70986325AA67AEB0
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0133872.lnk Win32/Adware.SecToolbar application 42E62E65F2F731B345CE65582F839EB8
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0133873.lnk Win32/Adware.SecToolbar application B8F4DC4BAF06F787D99B5E8D5C4CF84B
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0134909.lnk Win32/Adware.SecToolbar application C0B2DA75AF32BFFAAE97BEF93F169F4B
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0134910.lnk Win32/Adware.SecToolbar application ACD63D017840BBEC23578977FED54AA7
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0134915.lnk Win32/Adware.SecToolbar application 20AE525B7C22D282C71136BFBB6EFADE
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0134916.lnk Win32/Adware.SecToolbar application 8E71C004C637F1BB4A4742FFA9863FB2
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0135023.lnk Win32/Adware.SecToolbar application 834A34E17273A3E261737EA24F5907DE
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0135024.lnk Win32/Adware.SecToolbar application F84637726C15F0B3734649705BD1D579
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0135025.lnk Win32/Adware.SecToolbar application 647B56F44E7AFB620142E2D8C40EB545
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0135026.lnk Win32/Adware.SecToolbar application 4828E784B1DA03FFCE760B7571ADEF2D
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0135027.lnk Win32/Adware.SecToolbar application 3F407BDF3E26D191F39059DA51E36C2E
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0135030.lnk Win32/Adware.SecToolbar application 6AD9E4000E59D8A4B2850B652FCD3F93
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0135910.lnk Win32/Adware.SecToolbar application 975F2377FA4E1016EF120394B80DC980
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0135911.lnk Win32/Adware.SecToolbar application 3D2249DA0E0DC1DFDA4B99E8D5AEF670
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0135912.lnk Win32/Adware.SecToolbar application 74CCF94EBC67DA1012F86EA967CBC456
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP100\A0135913.lnk Win32/Adware.SecToolbar application 3AEEB19DD25DEA860E77DD64CE6CFEA0
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0135935.lnk Win32/Adware.SecToolbar application 370799079140D99145CC1D9DB367641A
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0135936.lnk Win32/Adware.SecToolbar application C4732AD409851EF45DE847A741264171
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0135937.lnk Win32/Adware.SecToolbar application 5F1ACD6264D0CF43E6FD97C5BAF7D879
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0135938.lnk Win32/Adware.SecToolbar application 533137E58DD14C4B23137BEEF0F64658
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0136908.lnk Win32/Adware.SecToolbar application EE59ADDF1DC8E02531ED6F944C837F47
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0136909.lnk Win32/Adware.SecToolbar application 6DAB09F4E7B8ADCE147DB586232FB4B3
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0136910.lnk Win32/Adware.SecToolbar application 9E02D12542B35E92F3EB2CD7CE2D5264
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0136922.lnk Win32/Adware.SecToolbar application FADE0B66FFF5811708FD56480402242C
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0136926.lnk Win32/Adware.SecToolbar application 2F236DF8C1AB9F90B481B38C258BB9E4
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0136929.lnk Win32/Adware.SecToolbar application CCA027AEE4F5E701FDD7EDF32AC01F53
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0136930.lnk Win32/Adware.SecToolbar application 954852E61E958430FBBEE88F6546A679
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0136932.lnk Win32/Adware.SecToolbar application 8B9FE195E7A2BAE32ED568AFDCB96A18
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0136933.lnk Win32/Adware.SecToolbar application C5E7583FCF33CFB12184421239F5EB91
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0137925.lnk Win32/Adware.SecToolbar application 5A9502DCC73D2B314BC14539A9D1CF4A

herself
2007-10-22, 03:25
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0139927.lnk Win32/Adware.SecToolbar application 24FF7E78981AAA0F65187B217DA79A44
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0139928.lnk Win32/Adware.SecToolbar application 7D4D3C7E1191A3E810050F34E00A8FAE
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0139929.lnk Win32/Adware.SecToolbar application C294F1E42B75EE7CBDD509CF62FBB064
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0139930.lnk Win32/Adware.SecToolbar application 657DF83E08011672010ADB4AFA14D156
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0139931.lnk Win32/Adware.SecToolbar application 508B54A2F0C026887A2542D3E66FDDE1
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0139932.lnk Win32/Adware.SecToolbar application 84BB2914533BECD8F87226F8CDB226F3
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0139944.lnk Win32/Adware.SecToolbar application 7D157D359955325C76556F29DF1FCEF6
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP101\A0139945.lnk Win32/Adware.SecToolbar application A84950D8002550C56100D2E05E4FC162
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP102\A0139949.lnk Win32/Adware.SecToolbar application 3A1BAAEE5A5F11A1F9FAE0FC292003C6
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP102\A0139950.lnk Win32/Adware.SecToolbar application 0C3DCB764372A4BCA9A7A0E6A9CC4FA3
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP102\A0139951.lnk Win32/Adware.SecToolbar application DA442DB0904C1BF6FFD3FB43FBD3B752
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP102\A0139952.lnk Win32/Adware.SecToolbar application 490644B928F9576DB0890E0D542B770E
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP102\A0140943.lnk Win32/Adware.SecToolbar application C41900D44DE66880464F1155604409D8
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP102\A0140944.lnk Win32/Adware.SecToolbar application 884C9F3CE074E0D4FE95F00BC492531B
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP102\A0140945.lnk Win32/Adware.SecToolbar application 93AD42CA126F95981DA0B9C53579DFC2
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP102\A0140948.lnk Win32/Adware.SecToolbar application 77280F76EB6E3DA397E23BB5C6245682
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP102\A0141952.lnk Win32/Adware.SecToolbar application 1D87EF459E3EB2F5A0002C1DC60D345C
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP102\A0141953.lnk Win32/Adware.SecToolbar application DDDA174B901F427BE51358BFF36863A9
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP102\A0141954.lnk Win32/Adware.SecToolbar application 761DAACA24EB6FC3FA962CEF4AB2EBE0
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP102\A0141955.lnk Win32/Adware.SecToolbar application A63BAC4CFB9F4C5D4FC1C4D34DE8DC96
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP103\A0142069.lnk Win32/Adware.SecToolbar application 8C86C5D40F6CFE22E104F5FF5F85CAB3
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP103\A0142070.lnk Win32/Adware.SecToolbar application FC5477FA91AB408C8E390F10A6BACFD7
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP103\A0142075.dll Win32/Adware.SecToolbar application 650E83AE6756865B0570EF2C52A2507D
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP103\A0142077.lnk Win32/Adware.SecToolbar application 0981D771EF8F20738FD04CFE2DC89B1D
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP103\A0142078.lnk Win32/Adware.SecToolbar application 56D24D07AE4FFCCDD4F1516360FFC1A0
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP103\A0142079.dll Win32/Adware.SecToolbar application 650E83AE6756865B0570EF2C52A2507D
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142107.lnk Win32/Adware.SecToolbar application AB16B0D245CF6C166AB8FD0B48E45306
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142108.lnk Win32/Adware.SecToolbar application FDE9D25ADFD794E88D502D3A49FAF2D0
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142109.lnk Win32/Adware.SecToolbar application D6781C1FFA8D33FAD1356D6607F86389
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142110.lnk Win32/Adware.SecToolbar application 57F3E2194ABC43A4F5F7EB65AFEBA31E
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142111.lnk Win32/Adware.SecToolbar application 910867EE01DA700910C6920448249828
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142112.lnk Win32/Adware.SecToolbar application 2A4CC8627E6CFE4ED993A834168E5AC8
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142116.lnk Win32/Adware.SecToolbar application 0981D771EF8F20738FD04CFE2DC89B1D
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142117.lnk Win32/Adware.SecToolbar application 56D24D07AE4FFCCDD4F1516360FFC1A0
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142260.lnk Win32/Adware.SecToolbar application D9951C2B9C23C00ECD5FEA083C4144A1
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142261.lnk Win32/Adware.SecToolbar application B2ED516F83DE9C9E71FB29B04BE4E871
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142364.lnk Win32/Adware.SecToolbar application 84BB2914533BECD8F87226F8CDB226F3
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142366.lnk Win32/Adware.SecToolbar application 508B54A2F0C026887A2542D3E66FDDE1
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142399.lnk Win32/Adware.SecToolbar application C294F1E42B75EE7CBDD509CF62FBB064
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142400.lnk Win32/Adware.SecToolbar application 657DF83E08011672010ADB4AFA14D156
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142401.lnk Win32/Adware.SecToolbar application 24FF7E78981AAA0F65187B217DA79A44
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142402.lnk Win32/Adware.SecToolbar application 7D4D3C7E1191A3E810050F34E00A8FAE
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142776.lnk Win32/Adware.SecToolbar application C5E7583FCF33CFB12184421239F5EB91
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142777.lnk Win32/Adware.SecToolbar application 8B9FE195E7A2BAE32ED568AFDCB96A18
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142788.lnk Win32/Adware.SecToolbar application FADE0B66FFF5811708FD56480402242C
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142789.lnk Win32/Adware.SecToolbar application 2F236DF8C1AB9F90B481B38C258BB9E4
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142798.lnk Win32/Adware.SecToolbar application 370799079140D99145CC1D9DB367641A
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142799.lnk Win32/Adware.SecToolbar application C4732AD409851EF45DE847A741264171
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142800.lnk Win32/Adware.SecToolbar application 5F1ACD6264D0CF43E6FD97C5BAF7D879
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP104\A0142801.lnk Win32/Adware.SecToolbar application 533137E58DD14C4B23137BEEF0F64658
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP107\A0142930.lnk Win32/Adware.SecToolbar application 0B9B9CC417D16FBE6198E2FC7795C902
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP107\A0142931.lnk Win32/Adware.SecToolbar application 3CC5C26C9A7C9AE4DE2CC8974F302E82
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP107\A0142932.lnk Win32/Adware.SecToolbar application 7F683BE411E759D75D14FFE5FE393956
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP107\A0142948.lnk Win32/Adware.SecToolbar application 3FB29D717FAF743090C2E12D5C1ED489
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP107\A0142949.lnk Win32/Adware.SecToolbar application 5998994321C56491621235FCE2D7C92F
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP107\A0142950.lnk Win32/Adware.SecToolbar application 22E43204A3BBE843A8A3347951DC6203
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP107\A0142951.lnk Win32/Adware.SecToolbar application C67669FA418F43E08D398D691A8EC59D
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP107\A0143940.lnk Win32/Adware.SecToolbar application DBF8709AF2F024F8DC51DB67A09EE67B
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP107\A0143941.lnk Win32/Adware.SecToolbar application 839D4CA1FAA7256A07F2573ACC8B00E0
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP107\A0143942.lnk Win32/Adware.SecToolbar application E4FB8E31A71F0A7C654362DA343DA030
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP107\A0143943.lnk Win32/Adware.SecToolbar application 87E770DEE85E137FBB07639637DDF10B
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP107\A0145951.dll Win32/Adware.SecToolbar application 650E83AE6756865B0570EF2C52A2507D
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP108\A0146946.lnk Win32/Adware.SecToolbar application 20EFB47A5F82A06FA0E5F41D944B9EE2
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP108\A0146947.lnk Win32/Adware.SecToolbar application 05E2C0BE0BC2B62FEB385B290EF65A8F
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP108\A0146948.lnk Win32/Adware.SecToolbar application EA6099DCAF21B0098F717759EADF1880
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP108\A0146949.lnk Win32/Adware.SecToolbar application 15D6C85E89CC4C3B06CCD14D0550D2D0
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP109\A0146987.lnk Win32/Adware.SecToolbar application 5629120E8B92767B94DBB8EEE08BC44F
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP109\A0146988.lnk Win32/Adware.SecToolbar application 875A4994AA988BCF29892D201B84B60A
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP109\A0146989.lnk Win32/Adware.SecToolbar application 97A276AF90933C30F9E4C1CFC5057ABD
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP109\A0146990.lnk Win32/Adware.SecToolbar application 50EBCEEC18173C0BECEF812A9383020D
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP109\A0146992.exe Win32/Adware.SecToolbar application B3A5DBD59006EEACD58BA9D2ECC44404
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP109\A0146994.dll Win32/Adware.SecToolbar application 650E83AE6756865B0570EF2C52A2507D
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP109\A0146997.dll Win32/Adware.SecToolbar application 650E83AE6756865B0570EF2C52A2507D
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP109\A0147010.lnk Win32/Adware.SecToolbar application EA1C08BF98AD8887D807A7269F676DDD
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP109\A0147011.lnk Win32/Adware.SecToolbar application 2A32AEA1AEE9D870B69827F7B245749D
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP109\A0147012.lnk Win32/Adware.SecToolbar application 883A7CDD5E6B9D2CD1C39680D68BEDF2
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP109\A0147013.lnk Win32/Adware.SecToolbar application 94397C09372B2CD3164801F691D6910A
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP109\A0147014.lnk Win32/Adware.SecToolbar application B318CCD21574F4459F778BAF02F21E2F
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP99\A0131853.lnk Win32/Adware.SecToolbar application 03134740AB25C99845C547F4A9708CCE
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP99\A0131854.lnk Win32/Adware.SecToolbar application 24EBD57946FEEA9FC3521807ECC0B2AA
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP99\A0131856.lnk Win32/Adware.SecToolbar application 7630CFAD8A905DB9C95A4F99C34BF038
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP99\A0131857.lnk Win32/Adware.SecToolbar application F7AD4F9F00128643A0F0531E43D54EAC
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP99\A0131860.lnk Win32/Adware.SecToolbar application 7510A6E1911A25571A46C39ED7807537
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP99\A0132829.lnk Win32/Adware.SecToolbar application AE9159A276CED47046E88B672B6EE987
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP99\A0132830.lnk Win32/Adware.SecToolbar application 6B07D519E8C7E101480E428C5C0927CC
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP99\A0132832.lnk Win32/Adware.SecToolbar application 191C743859AEC596D79695C9DB5ED92A
C:\System Volume Information\_restore{38A5E0F1-B8B8-49D2-B8DE-26391444D81A}\RP99\A0132833.lnk Win32/Adware.SecToolbar application 0E296CEBE8A3CBD42CABCA297D39C683

random/random
2007-10-22, 14:47
All the malware ESET found were either in the quarantine of combofix, or system restore

We'll clean both out now

Delete the folder C:\qoobox\ and delete combofix.exe from your desktop

You now appear to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints (http://www.malwarecomplaints.info/index.php), you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
Turn System Restore off
On the Desktop, right click on the My Computer icon.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.Restart
Turn System Restore on
On the Desktop, right click on the My Computer icon.
Click Properties.
Click the System Restore tab.
Uncheck *Turn off System Restore*.
Click Apply, and then click OK.
Note: only do this once, and not on a regular basis
Make sure that you keep your antivirus updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Comodo Firewall (http://www.personalfirewall.comodo.com/)or Zonealarm (http://www.zonelabs.com/store/content/home.jsp)
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here (http://www.bleepingcomputer.com/tutorials/tutorial60.html)
Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
Go here (http://www.update.microsoft.com/microsoftupdate/v6/muoptdefault.aspx) to check for & install updates to Microsoft applications
Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
Keep your non-Microsoft applications updated as well
Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector (http://secunia.com/software_inspector) - I suggest that you run it at least once a month
Make Internet Explorer more secure
Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.
Install SpywareBlaster & make sure to update it regularly
SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
If you don't know what activex controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
You can download SpywareBlaster from here (http://www.javacoolsoftware.com/sbdownload.html)
Install and use Spybot Search & Destroy
Instructions are located here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)
Make sure you update, reimmunize & scan regularly
Make use of the HOSTS file included with Spybot Search & Destroy
Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
Run Spybot Search & Destroy
Click on Mode, and then place a tick next to Advanced mode
Click Yes
In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
Click on Add Spybot-S&D hosts listNote: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
Click Start > Run Type services.msc & click OK
In the list, find the service called DNS Client & double click on it. On the dropdown box, change the setting from automatic to manual. Click OK & then close the Services windowFor a more detailed explanation of the HOSTS file, click here (http://forum.malwareremoval.com/viewtopic.php?t=22187)
Install a-squared Free & update and scan with it regularly
a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here (http://www.emsisoft.com/en/software/free/)
Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer (http://www.emsisoft.com/en/software/antidialer/) which provides some real time protection against premium rate dialers
Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date

herself
2007-10-23, 16:51
Thankyou for your help and I will keep everything up to date from now on thankyou xx

random/random
2007-10-23, 22:46
Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.