PDA

View Full Version : My computer has Virtumonde



Austin8289
2008-05-25, 20:56
So yeah. As you can see from my title, my computer has been infected with Virtumonde. Any help with removal would be greatly appreciated.

km2357
2008-05-25, 22:48
Hello and welcome to Safer Networking Forums.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.


Step # 1: Download and Run HijackThis
Download HJTInstall.exe (http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe) to your Desktop.


Doubleclick HJTInstall.exe to install it.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Copy/Paste the log to your next reply please.

Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


Step # 2 Download CCleaner

Download CCleaner from here (http://www.ccleaner.com/) to clean temp files from your computer.

Double click on the ccsetup.exe file to start the installation of the program.
Select your language and click OK, then next.
Read the license agreement and click I Agree.
Click next to use the default install location.
Under Install Options, choose all the default settings except I would recommend that you unclick/untick install the Yahoo! Toolbar, unless you want it. You can also Uncheck the 'Automatically check for updates' box.
Click Install then finish to complete installation.


Step # 3 Retrieve the Installed Programs List from CCleaner

Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.


In your next post/reply, I need to see the following:

1. HiJackThis Log
2. CCleaner Install List

Austin8289
2008-05-26, 18:05
HJT Log
==========================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:34 AM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\PROGRA~1\COMMON~1\AOL\121077~1\EE\AOLHOS~1.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\PROGRA~1\COMMON~1\AOL\121077~1\EE\AOLServiceHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\New Folder (3)\Pokemon Maker for Diamond and Pearl\pokesav_english_version.exe
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\New Folder\Documents and Settings\Owner.YOUR-2F085352E9\My Documents\All\akshld\ResizeEnable\ResizeEnableRunner.exe
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\New Folder(2)\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6956
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: (no name) - {E707216F-6AFF-4BD4-962D-EC5CDBA812A1} - C:\WINDOWS\system32\byXRijhh.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210776190\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Spybot - S&D.lnk = C:\Program Files\Spybot - Search & Destroy\SDMain.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: byXRijhh - C:\WINDOWS\SYSTEM32\byXRijhh.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

--
End of file - 9686 bytes



CCleaner Log
==========================================================
µTorrent
Adobe Reader 7.0
America Online (Choose which version to remove)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Bejeweled 2 Deluxe
BigFix
Blackhawk Striker 2
Blasterball 2 Revolution
Bonjour
Browser Address Error Redirector
CCleaner (remove only)
Diner Dash
Diner Dash
DVD Solution
DVD43 v4.0.0
FATE
Gateway Game Console
Google Desktop
Google Toolbar for Internet Explorer
gtw_logo
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hometown Hero
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
iTunes
J2SE Runtime Environment 5.0 Update 2
LADSPA_plugins-win-0.4.15
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Starter Edition 2006
Microsoft Money 2006
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Motorola SM56 Data Fax Modem
Napster
Napster Burn Engine
Penguins!
Pinnacle Hollywood FX
Polar Bowler
Polar Golfer
Power2Go 4.0
PowerDVD
Pure Networks Port Magic
QuickTime
Rainlendar (remove only)
RealPlayer Basic
Recovery Software Suite Gateway
SCRABBLE
Serious Samurize
SigmaTel Audio
Sonic Encoders
Studio 9
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
Tradewinds
Trend Micro Antivirus
Viewpoint Media Player
WildTangent Web Driver
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools

km2357
2008-05-26, 23:19
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

µTorrent

I'd like you to read the Guidelines for P2P Programs (http://spywarewarrior.com/viewtopic.php?t=26216) where we explain why it's not a good idea to have them.

Also available here (http://forum.malwareremoval.com/viewtopic.php?t=23812&sid=a609c56441d8a2e5dc8d24e3e96420cc).

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Disable Windows Defender until the computer is clean


Windows Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

- Open Windows Defender
- Select Tools and then General Settings
- Under Real Time Protection Options uncheck Turn on real-time protection
- Select Save


Step # 1 Remove WildTangent

I see you are using Wild Tangent. It is not malware, but is sometimes thought to bring malware along. Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although it’s not technically considered spyware, it does have built in components to update itself and gather information about the computer system including Operating System Version CPU Type and Speed Memory Amount
Video Card type and Driver Version Sound Card type and Driver Version DirectX Version
Location that the Web Driver was installed from It is also a MAJOR resource hog.

For more information, see WildTangent Removal Instructions and Help (http://www.pchell.com./support/wildtangent.shtml) and Inside Wild Tangent-Delivering High-End 3-D Content To A Web Site Near You (http://www.computerpoweruser.com/editorial/article.asp?article=articles/archive/c0101/47c01/47c01.asp&guid=).
Unless you are an extremely avid games player, I recommend you uninstall Wild Tangent: To uninstall Wild Tangent:

Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight WildTangent Web Driver, click Remove.
Close the Add or Remove Programs and the Control Panel windows.


Step # 2: Download and Run: VundoFix
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) by Atribune from Atribune and save it to your desktop.
Double click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Fix Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HijackThis log.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

If you receive this error - "Run-time error '339': Component 'comdlg32.ocx' or one its dependencies not correctly registered: a file is missing or invalid" , please download this file (http://windowsxp.mvps.org/utils/Comdlg32.zip) and save it to your desktop.

Right click on Comdlg32.zip and select Extract All....
Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
On the text box above the Browse button, copy and paste in C:\Windows\system32.
Click OK.
Uncheck (untick) the Show extracted files box and click Finish.
Click on Start > Run and copy and paste in the following into the Run box:

REGSVR32 C:\Windows\system32\comdlg32.ocx


Press Enter.
You should receive this message - "DllRegisterServer in C:\Windows\system32\comdlg32.ocx succeeded."
Click OK and restart your computer. Then try running VundoFix again.


In your next post/reply, I need to see the following:

1. VundoFix Log
2. A fresh HiJackThis Log

Austin8289
2008-05-27, 01:22
VundoFix did not find any traces, but I will post the log anyway.
==========================================================
VundoFix V7.0.5

Scan started at 6:09:34 PM 5/26/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

==========================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:00 PM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\PROGRA~1\COMMON~1\AOL\121077~1\EE\AOLHOS~1.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\PROGRA~1\COMMON~1\AOL\121077~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\New Folder\Documents and Settings\Owner.YOUR-2F085352E9\My Documents\All\akshld\ResizeEnable\ResizeEnableRunner.exe
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\New Folder(2)\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6956
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: (no name) - {E707216F-6AFF-4BD4-962D-EC5CDBA812A1} - C:\WINDOWS\system32\byXRijhh.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210776190\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Spybot - S&D.lnk = C:\Program Files\Spybot - Search & Destroy\SDMain.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: byXRijhh - C:\WINDOWS\SYSTEM32\byXRijhh.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

--
End of file - 9441 bytes

km2357
2008-05-27, 02:06
Since VundoFix didn't work, let's try another tool to help take out Virtumonde.

Step # 1 Update Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6u6 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications.".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Remove the following old versions of Java:


J2SE Runtime Environment 5.0 Update 2


Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.

From your desktop double-click on the download to install the newest version.


Step # 2: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Be sure to save ComboFix.exe to your Desktop

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleaning the system:

C:\ComboFix.txt
New HijackThis log.

Use multiple posts if you can't fit everything into one post.

Austin8289
2008-05-27, 23:55
Unfortunatly, I have Dial-Up, so I can't really download anyhting over about 6mb. Can I use ComboFix without installing the Java Update?

km2357
2008-05-28, 01:18
Go ahead and download and run ComboFix.

Do you have access to a computer with a DSL or Cable connection? You have a really old version of Java and the quicker it is updated the better. If you can get access to a computer with DSL/Cable, just use it to download the latest version of Java and then transfer it over to your computer via a USB Stick/Flash Drive.

Austin8289
2008-05-28, 15:48
I will try to get an update for Java soon. The computer is a laptop, so I can get wireless High-speed tommorrow. I will run ComboFix in a little while.

Austin8289
2008-05-28, 23:46
ComboFix 08-05-27.4 - Owner 2008-05-28 16:29:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.554 [GMT -4:00]
Running from: F:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\byXRijhh.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))))
.

2008-05-26 23:00 . 2008-05-26 23:00 <DIR> d-------- C:\Program Files\UltraSurf
2008-05-26 23:00 . 2008-05-26 23:05 <DIR> d-------- C:\Program Files\Pocket Tanks Deluxe 1.3
2008-05-26 18:09 . 2008-05-26 18:09 <DIR> d-------- C:\VundoFix Backups
2008-05-26 11:20 . 2007-05-31 08:44 740,442 --a------ C:\WINDOWS\system32\divx.dll
2008-05-26 11:20 . 2007-07-29 17:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-26 11:20 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-26 11:00 . 2008-05-26 11:00 <DIR> d-------- C:\Program Files\CCleaner
2008-05-22 16:52 . 2008-05-22 16:52 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\AdobeUM
2008-05-21 22:21 . 2008-05-21 22:21 139 --a------ C:\WINDOWS\wininit.ini
2008-05-21 21:32 . 2004-03-29 04:06 90,464 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2008-05-21 21:32 . 2002-03-19 10:29 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2008-05-21 21:29 . 2002-01-05 04:48 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL
2008-05-21 21:28 . 2008-05-21 21:30 <DIR> d-------- C:\Program Files\Pinnacle
2008-05-21 21:28 . 2008-05-21 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-05-21 16:07 . 2008-05-21 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-20 13:39 . 2008-05-20 13:39 18,816 --a------ C:\WINDOWS\system32\drivers\dvd43llh.sys
2008-05-20 13:38 . 2008-05-20 22:18 181 --a------ C:\WINDOWS\system32\sam.ini
2008-05-20 13:24 . 2008-05-20 13:24 <DIR> d-------- C:\New Folder
2008-05-17 10:09 . 2008-05-17 10:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-16 19:51 . 2008-05-21 21:11 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\Apple Computer
2008-05-16 19:51 . 2008-05-28 16:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-16 19:51 . 2008-05-16 19:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-16 19:50 . 2008-05-16 19:51 <DIR> d-------- C:\Program Files\iTunes
2008-05-16 19:50 . 2008-05-16 19:50 <DIR> d-------- C:\Program Files\iPod
2008-05-16 19:46 . 2008-05-16 19:46 <DIR> d-------- C:\Program Files\QuickTime
2008-05-16 19:46 . 2008-05-16 19:46 <DIR> d-------- C:\Program Files\Bonjour
2008-05-16 19:46 . 2008-05-16 19:46 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\Media Player Classic
2008-05-16 19:46 . 2008-05-16 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-16 19:45 . 2008-05-16 19:45 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-16 19:45 . 2008-05-16 19:45 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-16 19:45 . 2008-05-16 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-16 17:04 . 2008-05-16 19:50 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\McAfee.com Personal Firewall
2008-05-16 17:04 . 2008-05-16 17:04 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2008-05-15 22:24 . 2008-05-21 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-15 21:38 . 2008-05-15 21:38 <DIR> d-------- C:\Program Files\ZUMA
2008-05-15 21:38 . 2008-05-15 21:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-05-15 21:37 . 2008-05-15 21:37 <DIR> d-------- C:\Program Files\Webroot
2008-05-15 21:37 . 2008-05-15 21:37 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-15 21:37 . 2008-05-15 21:37 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-05-15 21:36 . 2008-05-15 21:36 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-15 21:35 . 2008-05-15 21:35 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-15 21:35 . 2008-05-15 21:35 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-15 21:35 . 2008-05-15 21:35 <DIR> d-------- C:\Program Files\MSBuild
2008-05-15 21:34 . 2008-05-15 21:35 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-05-15 21:32 . 2008-05-15 21:32 <DIR> d-------- C:\Program Files\Microsoft Web Designer Tools
2008-05-15 21:22 . 2008-05-15 21:32 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-15 21:22 . 2008-05-15 21:22 <DIR> d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2008-05-15 21:22 . 2008-05-15 21:22 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-05-15 21:22 . 2008-05-15 21:22 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-15 21:18 . 2008-05-15 21:21 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-05-15 21:17 . 2008-05-15 21:17 <DIR> d-------- C:\Program Files\Microsoft Small Business
2008-05-15 21:17 . 2008-05-15 21:17 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-15 21:13 . 2008-05-15 21:13 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-05-15 21:08 . 2008-05-15 21:08 <DIR> d-------- C:\Program Files\MagicISO
2008-05-15 21:08 . 2008-05-26 11:21 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-15 21:06 . 2008-05-15 21:06 <DIR> d-------- C:\Program Files\GGE909 PC Recoil Pad
2008-05-15 21:00 . 2008-05-15 21:00 <DIR> d-------- C:\Program Files\Game Elements
2008-05-15 21:00 . 2008-05-15 21:00 <DIR> d-------- C:\Program Files\Free DVD MP3 Ripper
2008-05-15 21:00 . 2008-05-20 13:39 <DIR> d-------- C:\Program Files\dvd43
2008-05-15 21:00 . 2008-05-15 21:00 <DIR> d-------- C:\Program Files\Datel
2008-05-15 21:00 . 2008-05-15 21:00 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-15 20:55 . 2008-05-15 20:55 <DIR> d-------- C:\Program Files\CMAK
2008-05-15 20:55 . 2008-05-15 20:55 <DIR> d-------- C:\Program Files\Avanquest update
2008-05-15 20:55 . 2008-05-15 20:55 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-05-15 20:54 . 2008-05-15 20:54 <DIR> d-------- C:\Program Files\ADMIN TOOLS
2008-05-15 20:54 . 2008-05-15 20:54 <DIR> d-------- C:\Program Files\activePDF
2008-05-15 19:14 . 2008-05-15 19:14 0 --a------ C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\wklnhst.dat
2008-05-15 18:05 . 2008-05-15 18:05 <DIR> d-------- C:\Program Files\Audacity
2008-05-15 18:03 . 2008-05-15 18:03 <DIR> d-------- C:\Program Files\Windows Resource Kits
2008-05-15 17:58 . 2008-05-15 17:59 <DIR> d-------- C:\Program Files\Samurize
2008-05-15 17:57 . 2008-05-15 17:57 <DIR> d-------- C:\Program Files\Rainlendar
2008-05-15 17:57 . 2008-05-15 21:01 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\Rainlendar
2008-05-15 01:05 . 2008-05-21 21:09 26 --a------ C:\WINDOWS\popcinfo.dat
2008-05-15 00:18 . 2008-05-21 16:07 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\PlayFirst
2008-05-14 22:37 . 2008-05-14 22:37 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\WildTangent
2008-05-14 21:03 . 2008-05-14 21:03 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\CyberLink
2008-05-14 20:32 . 2006-10-04 10:06 1,197,294 --a--c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-05-14 20:32 . 2006-10-04 10:06 764,868 --a--c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-05-14 20:32 . 2006-10-04 10:06 217,118 --a--c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-05-14 20:31 . 2008-05-14 20:31 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-14 20:30 . 2008-05-14 20:30 <DIR> d-------- C:\80c8ec2e7307d5f604
2008-05-14 20:29 . 2008-05-14 20:29 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-14 20:29 . 2008-05-14 20:30 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-14 20:17 . 2008-05-14 20:17 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-05-14 20:05 . 2008-05-14 09:59 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\WINDOWS
2008-05-14 20:05 . 2008-05-14 10:44 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\You've Got Pictures Screensaver
2008-05-14 20:05 . 2008-05-14 10:46 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\SampleView
2008-05-14 20:05 . 2008-05-14 10:56 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\Intel
2008-05-14 20:05 . 2008-05-26 22:52 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN
2008-05-14 20:04 . 2008-05-14 09:59 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-05-14 20:04 . 2008-05-14 10:44 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2008-05-14 20:04 . 2008-05-14 10:46 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-05-14 11:09 . 2008-05-14 11:09 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-14 11:04 . 2008-05-14 11:04 333 --a------ C:\WINDOWS\system32\$ncsp$.inf
2008-05-14 11:04 . 2008-05-14 11:04 0 --a------ C:\WINDOWS\system32\Gateway_MX6956_Rev.1_T3A6A41004121.MRK
2008-05-14 11:03 . 2006-03-23 15:12 139,264 --a------ C:\WINDOWS\system32\igfxres.dll
2008-05-14 11:02 . 2008-05-17 09:48 34,400 --a------ C:\WINDOWS\system32\Status.MPF
2008-05-14 10:57 . 2006-04-21 02:12 332,800 --a--c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-05-14 10:57 . 2006-06-22 06:47 181,248 --a--c--- C:\WINDOWS\system32\dllcache\rasmans.dll
2008-05-14 10:57 . 2006-05-19 08:59 148,480 --a--c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-05-14 10:57 . 2006-05-19 08:59 111,616 --a--c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2008-05-14 10:57 . 2006-05-19 08:59 94,720 --a--c--- C:\WINDOWS\system32\dllcache\iphlpapi.dll
2008-05-14 10:56 . 2008-05-14 10:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-14 10:55 . 2008-05-16 19:45 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-14 10:55 . 2008-05-14 10:56 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-05-14 10:55 . 2008-05-14 10:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-14 10:55 . 2008-05-14 10:55 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-14 10:54 . 2008-05-14 10:54 <DIR> d-------- C:\Program Files\McAfee
2008-05-14 10:54 . 2008-05-16 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-05-14 10:54 . 2008-05-14 10:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-14 10:54 . 2008-05-14 10:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-14 10:52 . 2008-05-14 10:52 <DIR> d-------- C:\Program Files\gtw_logo
2008-05-14 10:52 . 2008-05-14 20:04 <DIR> d-------- C:\Documents and Settings\Owner
2008-05-14 10:52 . 2006-02-06 15:24 1,239,209 --a------ C:\WINDOWS\system32\gtw_logo.scr
2008-05-14 10:52 . 2003-07-03 18:48 23,552 --a------ C:\WINDOWS\system32\jesterss.dll
2008-05-14 10:52 . 2006-04-21 12:50 1,150 --a------ C:\WINDOWS\system32\gtw.ico
2008-05-14 10:49 . 2008-05-14 10:49 <DIR> d-------- C:\WINDOWS\tiinst
2008-05-14 10:47 . 2008-05-14 10:47 <DIR> d-------- C:\Program Files\Motorola
2008-05-14 10:46 . 2008-05-14 10:46 <DIR> d-------- C:\Program Files\SigmaTel
2008-05-14 10:46 . 2008-05-14 10:46 <DIR> d-------- C:\Program Files\Microsoft Money 2006
2008-05-14 10:46 . 2008-05-14 10:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-05-14 10:46 . 2006-06-15 18:28 1,179,784 --a------ C:\WINDOWS\system32\drivers\sthda.sys
2008-05-14 10:46 . 2006-06-15 18:24 217,088 --a------ C:\WINDOWS\system32\stacapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 14:43 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-05-14 13:59 --------- d-----w C:\Program Files\Windows Plus
2008-05-14 13:59 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-14 13:59 --------- d-----w C:\Program Files\Common Files\New Boundary
2008-05-14 13:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prism Deploy
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-20 12:34 171448]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-14 10:33 169984]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 10:47 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 10:47 688218]
"HostManager"="C:\Program Files\Common Files\AOL\1210776190\EE\AOLHostManager.exe" [2004-11-03 17:03 125528]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 20:42 79448]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 15:30 139264]
"SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 13:20 413696 C:\WINDOWS\stsystra.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-05-23 22:22 573440]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 15:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 15:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 15:17 118784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 14:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 14:56 602182]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 19:16 1121792]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 18:51 950337]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 18:51 634949]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 18:50 290816]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2007-11-20 16:40 731136]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]

C:\Documents and Settings\Owner.NON-POLITICIAN\Start Menu\Programs\Startup\
Spybot - S&D.lnk - C:\Program Files\Spybot - Search & Destroy\SDMain.exe [2008-04-07 17:55:32 414544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2008-05-14 10:37:34 2168360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1210776190\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=


.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 23:45:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-15 00:04:47 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-28 20:38:58 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 16:36:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\COMMON~1\AOL\121077~1\EE\AOLServiceHost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
.
**************************************************************************
.
Completion time: 2008-05-28 16:42:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-28 20:41:59

Pre-Run: 51,723,718,656 bytes free
Post-Run: 51,820,269,568 bytes free

275

Austin8289
2008-05-28, 23:47
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:19 PM, on 5/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\COMMON~1\AOL\121077~1\EE\AOLHOS~1.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\AOL\121077~1\EE\AOLServiceHost.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\New Folder(2)\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6956
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210776190\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Spybot - S&D.lnk = C:\Program Files\Spybot - Search & Destroy\SDMain.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

--
End of file - 8768 bytes

Austin8289
2008-05-28, 23:48
I already have the recovery console on my original Windows XP disk, so I did not have to install it on my computer.

km2357
2008-05-29, 01:40
I noticed you placed ComboFix.exe at F:\ , please move the file and place it on your Desktop for easier access and in case I need you to use it again during the time I'm helping you. Thanks. :)



Step # 1 Upload Files


Go to Jotti (http://virusscan.jotti.org)
Copy the following line into the white textbox:
C:\WINDOWS\system32\jesterss.dll
Click Submit.
Please post the results of this scan to this thread.

Repeat the above steps with the following files:

C:\WINDOWS\system32\gtw.ico

If Jotti is busy, Go to VirusTotal (http://www.virustotal.com/en/indexf.html) and scan the file(s) there.


Step # 2 Run CCleaner

CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!


Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
Then select the items you wish to clean up.

In the Windows Tab:

Clean all entries in the Internet Explorer section except Cookies
Clean all the entries in the Windows Explorer section
Clean all entries in the System section
Clean all entries in the Advanced section
Clean any others that you choose

In the Applications Tab:

Clean all except cookies in the Firefox/Mozilla section if you use it
Clean all in the Opera section if you use it
Clean Sun Java in the Internet Section
Clean any others that you choose

Click the Run Cleaner button.
A pop up box will appear advising this process will permanently delete files from your system.
Click OK and it will scan and clean your system.
Click exit when done.
If it asks you to reboot at the end, click NO


Step # 3: Remove Hijackthis Entries


Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):


O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)


Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.


Step # 4 Download and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
Next click the Scanner tab and select Perform Quick Scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
You can also access the log by doing the following:

Click on the Malwarebytes' Anti-Malware icon to launch the program.
Click on the Logs tab.
Click on the log at the bottom of those listed to highlight it.
Click Open.


In your next post/reply, I need to see the following:

1. Jotti/VirusTotal results
2. MalwareBytes' Log
3. A fresh HiJackThis log

Austin8289
2008-05-31, 00:12
File: jesterss.dll
Status: OK
MD5: bbe4d3aa47ae3bb54d04c8fa52477976
Packers detected: ASPACK

Scanner results
Scan taken on 30 May 2008 21:07:25 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

-----------------------------------------------------

File: gtw.ico
Status: OK
MD5: 0b90cfa056bb231f796d598c4cc5de54
Packers detected: -

Scanner results
Scan taken on 30 May 2008 21:10:06 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

km2357
2008-05-31, 00:47
Both files you scanned came back clean. :)

Go ahead and do Steps 2-4 from my last post (if you haven't already) and post a fresh HiJackThis Log and the MalwareBytes' Log in your next response.

Austin8289
2008-05-31, 05:10
Malwarebytes' Anti-Malware 1.14
Database version: 805

10:05:43 PM 5/30/2008
mbam-log-5-30-2008 (22-05-43).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 211080
Time elapsed: 1 hour(s), 11 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\Documents and Settings\Owner.NON-POLITICIAN\Application Data\ANTIVI~1.EXE.bak (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc73.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc74.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc54\Quarantine\C\Documents and Settings\All Users\Application Data\hevavmpk\jizgrwfy.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc54\Quarantine\C\Documents and Settings\Owner.NON-POLITICIAN\Application Data\printer.exe.vir (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc54\Quarantine\C\Program Files\tmp83116156.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc54\Quarantine\C\WINDOWS\system32\drvjux.dll.vir (Dialer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc54\Quarantine\C\WINDOWS\system32\ieupdates.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc54\Quarantine\C\WINDOWS\system32\ifilfeaf.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc54\Quarantine\C\WINDOWS\system32\ISECUR~1.CPL.vir (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc54\Quarantine\C\WINDOWS\system32\ntload.sys.vir (Backdoor.Delf) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc54\Quarantine\C\WINDOWS\system32\update32.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\My Backup\WINDOWS\system32\ntload.dll (Trojan.Qqpass) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP11\A0010538.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP11\A0010539.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

--------------------------------------------------------------------------

I am pretty sure that all of these were backups that my virus scanner made when I removed the Zlob virus :)

Austin8289
2008-05-31, 05:14
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:19 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\COMMON~1\AOL\121077~1\EE\AOLHOS~1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\AOL\121077~1\EE\AOLServiceHost.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\New Folder(2)\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6956
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210776190\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Spybot - S&D.lnk = C:\Program Files\Spybot - Search & Destroy\SDMain.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C09DEFA-98A4-4877-BA19-3D299B533F7D}: NameServer = 205.152.37.23 205.152.132.23
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

--
End of file - 8912 bytes

Austin8289
2008-05-31, 05:16
Do you have any suggestions for free virus removal software? I used to have Trend Micro, but my subscription expired. If I can find equally good software for free, I would be very happy. I can get access to DSL pretty soon so size does not matter.

km2357
2008-05-31, 11:25
Do you have any suggestions for free virus removal software? I used to have Trend Micro, but my subscription expired. If I can find equally good software for free, I would be very happy. I can get access to DSL pretty soon so size does not matter.

Here are a couple of options of free AV software for you to choose from:

1)Antivir PersonalEdition Classic (http://www.free-av.com/)
2)avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html)


Download and install only one!

Whatever one you choose be sure to uninstall Trend Micro before installing your new Anti-Virus.


Let me know when you have DSL so I can give you the next step (we are close to the end) for you to do. The next step will be for you to run an online scanner to see if there is anything else malicious on your computer.

When you first run it, you have to download its virus database and its 14MB in size and you mentioned earlier that you can't download anything over 6MB since you are on dial-up. So it'd be best to wait till you have DSL before we continue.

Austin8289
2008-05-31, 16:46
Can I download the virus database to a certain location so I can move it to another computer? If not, just go ahead and post the location and I will see if I can download it. It may take a good 2 and a half hours, but then again, some days I am on the internet I can download 7 or 8 mb. things in a little over 30 min.

Austin8289
2008-05-31, 16:49
When I said that I would have access to DSL or other fast internet, I meant that I would be going somewhere with highspeed wireless. So this will probaly be the last time I will have access to DSL for awhile.

km2357
2008-05-31, 22:07
Ok, I misunderstood you about the DSL, I thought you were getting DSL, not going someplace that has it.

Let's try the online scan and if you can't do it, then let me know:

Step # 1: Run Kaspersky Online Scan
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/kos/english/kavwebscan.html)

You must be using Internet Explorer, Kaspersky does not work with Firefox

Click Accept

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make sure that the following are selected:

Scan using the following Anti-Virus database:


Extended (if available otherwise Standard)


Scan Options:


Scan Archives Scan Mail Bases

Click OK
Now under select a target to scan:

Select My Computer

The program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Once finished, save the log to your Desktop as filename KAV.txt


Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


In your next post/reply, I need to see the following:

1. Kaspersky results (if you do the scan)
2. A fresh HiJackThis Log
3. How is your computer doing, any problems?

Use multiple posts if you can't fit everything into one post.

Austin8289
2008-06-03, 16:32
Unfortunately, I could not do the online scan. My Dial-up has been really slow lately, getting download speeds of about 1.2 kb/s.

Austin8289
2008-06-03, 16:36
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:02 AM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\COMMON~1\AOL\121077~1\EE\AOLHOS~1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\AOL\121077~1\EE\AOLServiceHost.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\New Folder(2)\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6956
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy - Actual Copy\SDHelper.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210776190\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy - Actual Copy\SpybotSD.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy - Actual Copy\TeaTimer.exe
O4 - Startup: Spybot - S&D.lnk = C:\Program Files\Spybot - Search & Destroy\SDMain.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy - Actual Copy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy - Actual Copy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

--
End of file - 9282 bytes

Austin8289
2008-06-03, 16:40
Lately, my computer has been doing just fine. I think the last reminants of Virtumonde has been removed from my computer. Thank you so much! (and thanks for the Anti-Virus programs too!)

Austin8289 :)

km2357
2008-06-03, 21:13
I have two other online scanners you can try, but since both their databases are about the same size as Kaspersky's, I think we would run into the same problem of you not being able to do them due to being on dialup.

Your latest HiJackThis Log looks clean and you report that the rest of Virtumonde has been removed from your computer, so you are good to go. :)


You can remove ComboFix by doing the following:

Go to Start > Run - type in ComboFix /u & click OK



Please take the time to read my All Clean Post.

Please follow these simple steps in order to keep your computer clean and secure:

This is a good time to clear your existing system restore points and establish a new clean restore point

Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created..

Clearing your restore points is not something you should do on a regular basis. Normally, this process only needs to be done after clearing out an infestation of malware.


Make your Internet Explorer more secure This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub frames across different domains to Prompt When all these settings have been made, click on the OK button.
If it asks you if you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Set correct settings for files that should be hidden in Windows XP
Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
If unchecked please checkHide protected operating system files (Recommended)
If necessary check "Display content of system folders"
If necessary Uncheck Hide file extensions for known file types.
Click OK

Use An Antivirus Software and Keep It Updated - It is very important that your computer has an antivirus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a day. If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out.
Visit Microsoft's Windows Update Site Frequently It is important that you visit Microsoft Windows Update (http://www.windowsupdate.com) regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install SpywareBlaster SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
Computer Safety on line Anti Malware (http://forum.malwareremoval.com/viewtopic.php?p=54#54)
Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file (http://www.mvps.org/winhelp2002/hosts.htm) Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE (http://www.bleepingcomputer.com/forums/tutorial51.html) If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button on the task bar at the bottom of your screen Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then doubleclick it. On the dropdown box, change the setting from automatic to manual. Click ok..
Use an alternative instant messenger program.Trillian (http://www.trillian.cc/) and Miranda IM (http://www.miranda-im.com/) These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
Please read Tony Klein's excellent article: How I got Infected in the First Place (http://forums.subratam.org/index.php?showtopic=5931)
Please read Understanding Spyware, Browser Hijackers, and Dialers (http://www.bleepingcomputer.com/forums/tutorial41.html)
Please read Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/tutorial82.html)
If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox (http://www.mozilla.org/products/firefox) or
Opera (http://www.opera.com/download/).
If you decide to use either FireFox or Opera, it is very important that you keep them up to date and check frequently for updates of the browser of your choice.
Update all these programs regularly Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back (http://spyware-free.us/2006/01/time-to-fight-back.html). Follow these steps and your potential for being infected again will reduce dramatically.

Here's a good website to read about Malware prevention:

http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

Good luck!


Please reply one last time so that I know you have read my post and this thread can be closed.

Austin8289
2008-06-05, 19:43
Okay, here is my final post on this thread. Thanks so much for all your help! Hopefully, you won't see me requesting for help with removal of malware again!

km2357
2008-06-05, 21:10
You're welcome. Glad I was able to help out. :)