I think this is right [Archive] - Safer-Networking Forums

View Full Version : I think this is right

justime8

2008-01-09, 21:32

please let me know if this is right i am new to this forum but have used spybot to fix my computer befor but now spybot says there is no prob kaspersky says I am infested

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:45 AM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\justin2\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mtasolutions.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtasolutions.com/
O2 - BHO: (no name) - {134C4F85-AA35-8ECE-1E64-FB8DCB2386E8} - C:\WINDOWS\system32\qzuoshi.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Start EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\PROGRA~1\EASYWE~1\easywebcam.exe
O9 - Extra 'Tools' menuitem: &EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\PROGRA~1\EASYWE~1\easywebcam.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: Yahoo! Pyramids - http://download2.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6737CD6-3AB7-42ED-BDC7-800E554D9B42}: NameServer = 12.6.42.1 12.6.42.2
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe

--
End of file - 4059 bytes

justime8

2008-01-09, 23:16

Hi my kaspersky says

KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 09, 2008 10:16:08 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/01/2008
Kaspersky Anti-Virus database records: 504494

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 32117
Number of viruses found 15
Number of infected objects 25
Number of suspicious objects 2
Duration of the scan process 00:24:27

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\Incomplete\T-1667963-TOTALLY HIP TRACK.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Administrator\Incomplete\T-4076126-Top of Charts - 2005.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip/Yazzle1552OinUninstaller.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\justin2\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\justin2\Desktop\Unused Desktop Shortcuts\MagicJellybean Keyfinder and Changer.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\justin2\Desktop\Unused Desktop Shortcuts\MagicJellybean Keyfinder and Changer.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\justin2\Desktop\Unused Desktop Shortcuts\MagicJellybean Keyfinder and Changer.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\justin2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\justin2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\justin2\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\justin2\Local Settings\History\History.IE5\MSHist012008010820080109\index.dat Object is locked skipped

C:\Documents and Settings\justin2\Local Settings\History\History.IE5\MSHist012008010920080110\index.dat Object is locked skipped

C:\Documents and Settings\justin2\Local Settings\Temp\nsyCB.tmp\Install.dll Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped

C:\Documents and Settings\justin2\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\justin2\ntuser.dat Object is locked skipped

C:\Documents and Settings\justin2\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\qoobox\Quarantine\C\2.tmp.vir/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\qoobox\Quarantine\C\2.tmp.vir NSIS: infected - 1 skipped

C:\qoobox\Quarantine\C\3.tmp.vir Infected: Trojan-Downloader.Win32.Small.eqn skipped

C:\qoobox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\qoobox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\qoobox\Quarantine\C\WINDOWS\b104.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\qoobox\Quarantine\C\WINDOWS\b104.exe.vir NSIS: infected - 3 skipped

C:\qoobox\Quarantine\C\WINDOWS\b136.exe.vir/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped

C:\qoobox\Quarantine\C\WINDOWS\b136.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\qoobox\Quarantine\C\WINDOWS\b136.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\qoobox\Quarantine\C\WINDOWS\b136.exe.vir NSIS: infected - 3 skipped

C:\qoobox\Quarantine\C\WINDOWS\FNTS~1\nоpdb.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped

C:\qoobox\Quarantine\C\WINDOWS\IA\asappsrv.dll.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\qoobox\Quarantine\C\WINDOWS\IA\command.exe.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\WNSXS~1\chkntfs.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.fe skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP359\A0044941.dll Infected: not-a-virus:AdWare.Win32.Shopper.q skipped

C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP359\A0044942.dll Infected: not-a-virus:AdTool.Win32.Zango.e skipped

C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP359\A0044943.exe Infected: not-a-virus:AdTool.Win32.Zango.e skipped

C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP361\change.log Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{57B1CCC6-94AA-401B-9B48-864007C46D99}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped

C:\WINDOWS\system32\qzuoshi.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\TEMP\Perflib_Perfdata_3dc.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

katana

2008-01-11, 15:32

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

VundoFix
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Download and Run ComboFix
I see you have already used ComboFix, please can you delete the copy you have and download the updated version.

Download Combofix from one of the links below :

ComboFix.exe 1 (http://subs.geekstogo.com/ComboFix.exe)
ComboFix.exe 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
ComboFix.exe 3 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper

justime8

2008-01-11, 18:27

Ok here there they are I think. i hope I did it right!

ComboFix 08-01-11.1 - justin2 2008-01-11 8:11:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.689 [GMT -9:00]
Running from: C:\Documents and Settings\justin2\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\justin2\Application Data\ShoppingReport
C:\Documents and Settings\justin2\Application Data\ShoppingReport\cs\Config.xml

.
((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.

2008-01-11 07:55 . 2008-01-11 07:55 <DIR> d-------- C:\VundoFix Backups
2008-01-11 01:57 . 2008-01-11 02:09 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-10 22:09 . 2008-01-10 22:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-10 21:39 . 2008-01-10 21:39 <DIR> d-------- C:\KAV
2008-01-10 20:09 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-10 20:08 . 2008-01-10 20:09 <DIR> d-------- C:\Program Files\Java
2008-01-10 20:08 . 2008-01-10 20:08 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-10 13:27 . 2008-01-10 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-10 12:14 . 2008-01-10 13:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-10 12:14 . 2008-01-10 12:14 <DIR> d-------- C:\Documents and Settings\justin2\Application Data\SUPERAntiSpyware.com
2008-01-10 12:14 . 2008-01-10 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-10 12:11 . 2008-01-10 12:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-10 11:14 . 2008-01-10 11:14 <DIR> d-------- C:\Documents and Settings\justin2\Application Data\Grisoft
2008-01-10 11:14 . 2008-01-10 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-08 15:57 . 2008-01-08 15:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-31 12:16 . 2007-12-31 12:16 <DIR> d-------- C:\Documents and Settings\justin2\Application Data\Apple Computer
2007-12-31 12:11 . 2008-01-11 00:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-31 12:11 . 2007-12-31 12:11 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-31 12:07 . 2008-01-07 23:56 <DIR> d-------- C:\Program Files\QuickTime
2007-12-31 12:07 . 2007-12-31 12:07 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-31 12:07 . 2007-12-31 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-31 12:07 . 2007-12-31 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-28 20:55 . 2007-12-28 20:55 <DIR> d-------- C:\Documents and Settings\justin2\Application Data\Talkback
2007-12-12 11:40 . 2008-01-07 14:22 <DIR> d-------- C:\Documents and Settings\justin2\Application Data\FrostWire
2007-12-12 11:39 . 2007-12-12 11:39 <DIR> d-------- C:\Program Files\FrostWire
2007-12-12 11:39 . 2007-12-12 11:39 <DIR> d-------- C:\Program Files\AskSBar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 18:46 73,728 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
2007-12-14 06:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 23:35 --------- d-----w C:\Program Files\Ubi Soft
2007-12-03 03:33 --------- d-----w C:\Program Files\ApexDC++
2007-11-27 19:10 --------- d--h--r C:\Documents and Settings\justin2\Application Data\yahoo!
2007-11-27 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-27 18:03 --------- d-----w C:\Program Files\Realtek AC97
2007-11-27 18:03 --------- d-----w C:\Program Files\PC Drivers HeadQuarters(2)
2007-11-27 18:03 --------- d-----w C:\Program Files\PC Drivers HeadQuarters
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:16 3,058,688 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-28 02:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-28 02:40 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:36 8,454,656 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-11 06:13 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:13 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-11 06:13 659,456 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:13 615,424 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:13 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:13 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:13 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:13 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:13 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:13 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:13 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:13 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:13 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:13 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:13 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:13 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:13 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:13 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-12 11:39 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-12-12 11:39 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 22:56 53760 C:\WINDOWS\system32\narrator.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkAdmin]
--a------ 2002-01-24 17:03 81920 C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
--a------ 2003-05-08 10:34 69632 C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrust PestPatrol Active Protection]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-11-02 07:59 126976 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-11-02 08:03 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--ahs---- 2007-06-12 05:08 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 11:22 7700480 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 11:22 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 2003-05-05 07:57 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WIN32SL"=2 (0x2)
"SoundMAX Agent Service (default)"=2 (0x2)
"NVSvc"=2 (0x2)
"gusvc"=3 (0x3)
"cpqWebDmi"=2 (0x2)
"cpqdmi"=2 (0x2)
"CpqDfwWebAgent"=2 (0x2)
"CPQALERT"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EasyFreeWebCam"=
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"nwiz"=nwiz.exe /install
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"CPQDFWAG"=C:\WINDOWS\Cpqdiag\CpqDfwAg.exe

R1 ClntMgmt;Compaq Client Management Driver;C:\WINDOWS\system32\Drivers\ClntMgmt.sys [2002-01-16 13:48]
S3 DoradoPC;Conexant VGA Camera;C:\WINDOWS\system32\DRIVERS\drdvid40.sys [2001-12-16 17:33]
S4 CpqDfwWebAgent;Compaq Remote Diagnostics Enabling Agent;C:\WINDOWS\Cpqdiag\Cpqdfwag.exe [2001-10-25 16:56]
S4 cpqWebDmi;Compaq DMI Web Agent;C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe [2002-01-24 17:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9636d46-2b44-11dc-a62b-806d6172696f}]
\shell\AutoRun\command - D:\autorun.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 08:13:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-11 8:13:41
ComboFix-quarantined-files.txt 2008-01-11 17:13:25
ComboFix2.txt 2007-10-20 22:16:05
.
2008-01-10 12:01:06 --- E O F ---

AND

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:44 AM, on 1/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\justin2\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mtasolutions.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtasolutions.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Start EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\PROGRA~1\EASYWE~1\easywebcam.exe
O9 - Extra 'Tools' menuitem: &EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\PROGRA~1\EASYWE~1\easywebcam.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: Yahoo! Pyramids - http://download2.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6737CD6-3AB7-42ED-BDC7-800E554D9B42}: NameServer = 12.6.42.1 12.6.42.2
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe

--
End of file - 4134 bytes

katana

2008-01-11, 19:26

That log looks fine, are you still having problems ?

Did you deliberately install Ask Toolbar ?
Do you have the VundoFix Log please.

TotalScan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Please go to this site Link >> TotalScan (http://www.nanoscan.com/as/v1/?) << LINK

Under Scan Now click the Full Scan button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small Save button and save the report to your desktop.
Please post the report in your reply.

justime8

2008-01-11, 22:11

no I did not install ask Toolbar and that vundofix log i dont know it found no files or probs it could fix but I do have a kaspersky log that says that i have a virus called yazzlesdoku and i think its a key logger my porb is that i click on a link or site and i have to click 3 or 4 times befor it responds or it flashes the page then goes away.so yes i am still having a small prob. but it is much better than it was!

justime8

2008-01-11, 22:13

*yazzlesudoku*

katana

2008-01-11, 22:26

please can you post the total scan log.

justime8

2008-01-11, 23:21

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-01-11 13:16:51
PROTECTIONS: 0
MALWARE: 2
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00363040 Dialer.ITJ Dialers No 1 Yes No C:\Program Files\Easy Web Cam\dialler.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\justin2\Local Settings\Application Data\Mozilla\Firefox\Profiles\7gvp34rb.default\Cache\C2152591d01[nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\justin2\Local Settings\Application Data\Mozilla\Firefox\Profiles\7gvp34rb.default\Cache\C2152591d01[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\justin2\Desktop\ComboFix.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP367\A0047294.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP368\A0047336.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\justin2\Desktop\ComboFix.exe[nircmd.com]
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================

justime8

2008-01-11, 23:41

katana

2008-01-11, 23:47

there is nothing to worry about there :bigthumb:

Let me have another look at your logs, and I will see if there is any other reason for your problems.

I'll be back :D:

katana

2008-01-12, 02:41

No Antivirus
I can see no indication of any Antivirus software.

Use an AntiVirus Software - It is very important that you have anti-virus software running on your machine.
This alone can save you a lot of trouble with malware in the future.
Free AV list
AVG Free (http://free.grisoft.com/doc/downloads-products/us/frt/0?prd=aff)
Avira AntiVir (http://www.free-av.com/)
Avast (http://www.avast.com/eng/products.html)

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week.
If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Antivirus is a MUST

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

File::
C:\Documents and Settings\Administrator\Incomplete\T-1667963-TOTALLY HIP TRACK.wma
C:\Documents and Settings\Administrator\Incomplete\T-4076126-Top of Charts - 2005.wma
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip
C:\Documents and Settings\justin2\Desktop\Unused Desktop Shortcuts\MagicJellybean Keyfinder and Changer.exe
C:\Program Files\Easy Web Cam\dialler.exe
C:\WINDOWS\system32\qzuoshi.dll
Folder::
C:\Documents and Settings\justin2\Local Settings\Temp\nsyCB.tmp
C:\Program Files\AskSBar

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

Save this as CFScript.txt and place it on your desktop.

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Installed Programs
Please could you give me a list of the programs that are installed.
Start HijackThis
Click on the Config button
Click on the Misc Tools button
Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

justime8

2008-01-13, 02:50

sorry about the pause in our thing here. I did not see that it went into 2 pages but I'm here now

ComboFix 08-01-11.1 - justin2 2008-01-12 16:32:02.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.672 [GMT -9:00]
Running from: C:\Documents and Settings\justin2\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\justin2\Desktop\CFScript.txt C:\Documents and Settings\justin2\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Administrator\Incomplete\T-1667963-TOTALLY HIP TRACK.wma
C:\Documents and Settings\Administrator\Incomplete\T-4076126-Top of Charts - 2005.wma
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip
C:\Documents and Settings\justin2\Desktop\Unused Desktop Shortcuts\MagicJellybean Keyfinder and Changer.exe
C:\Program Files\Easy Web Cam\dialler.exe
C:\WINDOWS\system32\qzuoshi.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip
C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\bar\Cache\01EE48FC
C:\Program Files\AskSBar\bar\Cache\01EE4C38
C:\Program Files\AskSBar\bar\Cache\01EE4DAF.bin
C:\Program Files\AskSBar\bar\Cache\01EE4F75.bin
C:\Program Files\AskSBar\bar\Cache\01EE511A.bin
C:\Program Files\AskSBar\bar\Cache\01EE536C.bin
C:\Program Files\AskSBar\bar\Cache\01EE55ED.bin
C:\Program Files\AskSBar\bar\Cache\01EE57E1.bin
C:\Program Files\AskSBar\bar\Cache\files.ini
C:\Program Files\AskSBar\bar\History\search2
C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm
C:\Program Files\Easy Web Cam\dialler.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-11 12:21 . 2008-01-11 12:21 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-11 12:16 . 2008-01-11 12:21 <DIR> d-------- C:\Program Files\Panda Security
2008-01-11 08:28 . 2007-05-30 03:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-11 07:55 . 2008-01-11 07:55 <DIR> d-------- C:\VundoFix Backups
2008-01-11 01:57 . 2008-01-11 02:09 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-10 22:09 . 2008-01-10 22:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-10 21:39 . 2008-01-10 21:39 <DIR> d-------- C:\KAV
2008-01-10 20:09 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-10 20:08 . 2008-01-10 20:09 <DIR> d-------- C:\Program Files\Java
2008-01-10 20:08 . 2008-01-10 20:08 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-10 13:27 . 2008-01-10 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-10 12:14 . 2008-01-10 13:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-10 12:14 . 2008-01-10 12:14 <DIR> d-------- C:\Documents and Settings\justin2\Application Data\SUPERAntiSpyware.com
2008-01-10 12:14 . 2008-01-10 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-10 12:11 . 2008-01-10 12:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-10 11:14 . 2008-01-10 11:14 <DIR> d-------- C:\Documents and Settings\justin2\Application Data\Grisoft
2008-01-10 11:14 . 2008-01-10 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-08 15:57 . 2008-01-08 15:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-31 12:16 . 2007-12-31 12:16 <DIR> d-------- C:\Documents and Settings\justin2\Application Data\Apple Computer
2007-12-31 12:11 . 2008-01-11 00:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-31 12:11 . 2007-12-31 12:11 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-31 12:07 . 2008-01-07 23:56 <DIR> d-------- C:\Program Files\QuickTime
2007-12-31 12:07 . 2007-12-31 12:07 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-31 12:07 . 2007-12-31 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-31 12:07 . 2007-12-31 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-28 20:55 . 2007-12-28 20:55 <DIR> d-------- C:\Documents and Settings\justin2\Application Data\Talkback

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 01:33 --------- d-----w C:\Program Files\Easy Web Cam
2008-01-07 23:22 --------- d-----w C:\Documents and Settings\justin2\Application Data\FrostWire
2007-12-20 18:46 73,728 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
2007-12-14 06:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-12 20:39 --------- d-----w C:\Program Files\FrostWire
2007-12-04 23:35 --------- d-----w C:\Program Files\Ubi Soft
2007-12-03 03:33 --------- d-----w C:\Program Files\ApexDC++
2007-11-27 19:10 --------- d--h--r C:\Documents and Settings\justin2\Application Data\yahoo!
2007-11-27 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-27 18:03 --------- d-----w C:\Program Files\Realtek AC97
2007-11-27 18:03 --------- d-----w C:\Program Files\PC Drivers HeadQuarters(2)
2007-11-27 18:03 --------- d-----w C:\Program Files\PC Drivers HeadQuarters
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:16 3,058,688 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-28 02:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-28 02:40 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:36 8,454,656 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-11_ 8.13.10.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-11 17:11:43 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-13 01:31:40 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-11 17:11:43 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-13 01:31:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-11 17:11:44 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-13 01:31:41 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-11 17:11:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-13 01:31:41 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-11 17:11:44 3,284,992 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-13 01:31:41 3,284,992 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-11 17:11:44 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-13 01:31:41 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-11 17:19:14 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_3fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 00:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 22:56 53760 C:\WINDOWS\system32\narrator.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkAdmin]
--a------ 2002-01-24 17:03 81920 C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
--a------ 2003-05-08 10:34 69632 C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrust PestPatrol Active Protection]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-11-02 07:59 126976 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-11-02 08:03 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--ahs---- 2007-06-12 05:08 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 11:22 7700480 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 11:22 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 2003-05-05 07:57 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WIN32SL"=2 (0x2)
"SoundMAX Agent Service (default)"=2 (0x2)
"NVSvc"=2 (0x2)
"gusvc"=3 (0x3)
"cpqWebDmi"=2 (0x2)
"cpqdmi"=2 (0x2)
"CpqDfwWebAgent"=2 (0x2)
"CPQALERT"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EasyFreeWebCam"=
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"nwiz"=nwiz.exe /install
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"CPQDFWAG"=C:\WINDOWS\Cpqdiag\CpqDfwAg.exe

R1 ClntMgmt;Compaq Client Management Driver;C:\WINDOWS\system32\Drivers\ClntMgmt.sys [2002-01-16 13:48]
S3 DoradoPC;Conexant VGA Camera;C:\WINDOWS\system32\DRIVERS\drdvid40.sys [2001-12-16 17:33]
S4 CpqDfwWebAgent;Compaq Remote Diagnostics Enabling Agent;C:\WINDOWS\Cpqdiag\Cpqdfwag.exe [2001-10-25 16:56]
S4 cpqWebDmi;Compaq DMI Web Agent;C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe [2002-01-24 17:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9636d46-2b44-11dc-a62b-806d6172696f}]
\shell\AutoRun\command - D:\autorun.exe

*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
*Newly Created Service* - RKPAVPROC
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 16:33:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-12 16:34:23
ComboFix-quarantined-files.txt 2008-01-13 01:34:13
ComboFix2.txt 2008-01-11 17:13:42
ComboFix3.txt 2007-10-20 22:16:05
.
2008-01-10 12:01:06 --- E O F ---
and

Adobe Acrobat 4.0
Adobe Flash Player ActiveX
ApexDC++ 0.4.0
Apple Software Update
AVG Anti-Spyware 7.5
CA eTrust PestPatrol
Chessmaster 9000
Compaq Management Agents
Compaq Remote Diagnostics Enabling Agent
Diskeeper Professional Edition
Disney's Active Play, A Bug's Life
Driver Detective
Easy Web Cam
FrostWire 4.13.3
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
HP Product Detection
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Connections 12.1.12.0
Java(TM) 6 Update 3
Kaspersky Online Scanner
Macromedia Shockwave Player
Microsoft .NET Framework 2.0
Mozilla Firefox (2.0.0.11)
NetInfo
Neverwinter Nights Platinum Edition
NVIDIA Drivers
Opera 9.23
Panda TotalScan
QuickTime
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Setup Compaq Software
SiSoftware Sandra Professional 2005 (Win64/32/CE)
SoundMAX
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
Tweak UI
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinZip
Yahoo! Install Manager
Yahoo! Internet Mail

katana

2008-01-13, 03:12

Well, there is nothing showing
Are you still having the problems with links ?

justime8

2008-01-13, 03:24

well it seems to be cleared up. maybe it was just reloading the pages I do have a question I have a very slow desktop loading time after windows is loaded and desk is showing is there a way to see what its loading and maybe select which ones I want to load.

katana

2008-01-13, 03:38

I do have a question I have a very slow desktop loading time after windows is loaded and desk is showing is there a way to see what its loading and maybe select which ones I want to load.

There is a link to Winpatrol later in this post (under Prevention) , It is an excellent startup manager :bigthumb:

Congratulations your logs look clean

Let's see if I can help you keep it that way

First lets tidy up

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png

You can also delete any logs we have produced, and empty your Recycle bin.

The following is some info to help you stay safe and clean.

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.nanoscan.com
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.kaspersky.com/virusscanner

AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
All the programs in this list have a free version.
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
AVG Anti-Spyware 7.5 (http://www.ewido.net/en/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Ad-Aware 2007 Free (http://www.lavasoftusa.com/products/ad_aware_free.php) <<< A good "realtime" or "on demand" scanner

Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 3.5.1 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/content/view/15/33/) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections

Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/content/view/19/2/) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.......So How Did I Get Infected In The First Place (http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=4959)

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :p:

If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

justime8

2008-01-13, 03:45

and what is this program? Apple Software Update

justime8

2008-01-13, 03:46

thank you so much you rule!!!

katana

2008-01-13, 03:57

and what is this program? Apple Software Update

It comes bundled with I-Tunes, and other Apple products.
You can remove it if you choose :cool: