View Full Version : Need help with Virtumonde
badgers19
2009-03-03, 04:18
Please find attached my log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:41 PM, on 3/2/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\EZBackitup\EZBkuptray.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\badgers19.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AD576B0E-1D65-41D3-8D03-16ECA27F25BD} - C:\WINNT\system32\qoMcbcYO.dll (file missing)
O2 - BHO: {443f95f3-d471-2d7a-5344-c569053c2cad} - {dac2c350-965c-4435-a7d2-174d3f59f344} - C:\WINNT\system32\qutjbm.dll (file missing)
O2 - BHO: (no name) - {DD3EC823-D3A1-48B3-A18A-A1958795A18A} - C:\WINNT\system32\mlJApNeF.dll (file missing)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [EZBack-it-up Tray Scheduler] C:\Program Files\EZBackitup\EZBkuptray.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - .DEFAULT Startup: Create Notes Icon.lnk = C:\Documents and Settings\All Users\Personal\NotesIcon.exe (User 'Default user')
O4 - .DEFAULT User Startup: Create Notes Icon.lnk = C:\Documents and Settings\All Users\Personal\NotesIcon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182652901809
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{069E1ED2-634C-484A-9D44-35A62E45685E}: NameServer = 68.87.75.194,68.87.64.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{46A880B8-39D2-440B-A7C0-5F981D08D34C}: NameServer = 68.87.75.194,68.87.64.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{069E1ED2-634C-484A-9D44-35A62E45685E}: NameServer = 68.87.75.194,68.87.64.196
O17 - HKLM\System\CS2\Services\Tcpip\..\{069E1ED2-634C-484A-9D44-35A62E45685E}: NameServer = 68.87.75.194,68.87.64.196
O20 - Winlogon Notify: mlJApNeF - mlJApNeF.dll (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: User Time Control service (UserTimeControl) - Unknown owner - C:\Program Files\PC Time Limit\utccsr.exe (file missing)
--
End of file - 6761 bytes
pskelley
2009-03-04, 15:54
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Pinned (sticky) to the top of this forum, and posted above are the directions, make sure you have read and followed them.
Shaba responded to you here:
http://forums.spybot.info/showthread.php?t=46092
and you never bothered to respond. You must respond to the same topic I am posting in now and on a timely basis.
1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.
2) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use
Download ComboFix from here:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
Thanks
badgers19
2009-03-07, 05:20
Thanks for the help!!! Please find enclosed the combofix.txt, hijackthis.log, and uninstall_list.txt.
Combofix.txt
ComboFix 09-03-04.01 - Administrator 03/06/2009 21:28:46.2 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.638.447 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINNT: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Start Menu\Programs\videosoft
c:\documents and settings\Administrator\Start Menu\Programs\videosoft\Uninstall.lnk
c:\program files\videosoft
c:\program files\videosoft\Uninstall.exe
.
((((((((((((((((((((((((( Files Created from 2009-02-07 to 2009-03-07 )))))))))))))))))))))))))))))))
.
2009-03-06 21:40 . 09-03-06 21:40 16,384 --a----t- c:\winnt\system32\Perflib_Perfdata_218.dat
2009-03-06 07:09 . 03-06-19 15:05 30,768 --a------ c:\winnt\system32\drivers\disk.sys
2009-02-26 22:04 . 09-02-26 22:04 <DIR> d-------- c:\program files\Avira
2009-02-26 22:04 . 09-02-26 22:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-02-23 21:01 . 09-02-23 21:01 <DIR> d-------- c:\program files\ERUNT
2009-02-23 20:41 . 09-02-23 20:41 <DIR> d-------- C:\rsit
2009-02-21 12:06 . 09-02-21 12:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\GARMIN
2009-02-21 11:40 . 09-03-06 21:16 <DIR> d-------- C:\Garmin Unlock Tools
2009-02-20 23:26 . 09-02-20 23:26 54,156 --ah----- c:\winnt\QTFont.qfn
2009-02-20 23:26 . 09-02-20 23:26 1,409 --a------ c:\winnt\QTFont.for
2009-02-20 21:49 . 09-02-21 22:56 <DIR> d-------- C:\Garmin
2009-02-20 21:44 . 09-02-20 21:44 <DIR> d-------- c:\program files\Garmin GPS Plugin
2009-02-19 21:55 . 09-02-19 21:55 <DIR> d-------- c:\program files\Garmin
2009-02-19 21:55 . 09-02-19 21:55 <DIR> d-------- c:\program files\DIFX
2009-02-19 21:55 . 09-02-21 12:06 <DIR> d-------- c:\documents and settings\Administrator\Application Data\GARMIN
2009-02-16 17:20 . 09-02-16 17:20 42,505 --a------ c:\winnt\system32\02_16_2009.SCR
2009-02-16 17:20 . 09-03-06 21:11 23,634 --a------ c:\winnt\system32\02_16_2009.PSS
2009-02-14 21:11 . 09-02-14 21:11 42,505 --a------ c:\winnt\system32\02_14_09.SCR
2009-02-14 21:11 . 09-02-16 16:56 23,500 --a------ c:\winnt\system32\02_14_09.PSS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 02:12 --------- d-----w c:\documents and settings\Administrator\Application Data\ComcastToolbar
2009-03-04 12:21 --------- d-----w c:\documents and settings\Administrator\Application Data\Azureus
2009-03-04 02:39 --------- d---a-r c:\program files\Azureus
2009-02-28 02:00 --------- d-----w c:\documents and settings\All Users\Application Data\mapi nurb bat remote
2009-02-21 14:47 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-12 21:30 --------- d-----w c:\program files\exPressit S.E. 2.2
2009-02-02 04:11 --------- d-----w c:\documents and settings\All Users\Application Data\VSO
2009-01-17 22:40 --------- d---a-w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-01-17 22:39 --------- d-----w c:\program files\NCH Swift Sound
2009-01-17 22:27 --------- d-----w c:\documents and settings\Administrator\Application Data\Roxio
2009-01-17 22:20 --------- d-----w c:\documents and settings\Administrator\Application Data\Vso
2008-12-22 20:06 47,360 ----a-w c:\documents and settings\Administrator\Application Data\pcouffin.sys
2003-01-27 20:12 271 ---h--w c:\program files\desktop.ini
2003-01-27 20:12 21,952 ---h--w c:\program files\folder.htt
.
------- Sigcheck -------
02-07-24 08:00 7952 9e64ad53cfd9da2d22e8a924f8c6e62c c:\winnt\system32\svchost.exe
02-07-24 08:00 7952 9e64ad53cfd9da2d22e8a924f8c6e62c c:\winnt\system32\dllcache\svchost.exe
02-07-24 08:00 68368 30cd43c6903f8e9829871e9eeb6babf5 c:\winnt\$NtServicePackUninstall$\ws2_32.dll
03-06-19 14:05 69904 0190c62de42396d78db9be771cf2403e c:\winnt\ServicePackFiles\i386\ws2_32.dll
03-06-19 14:05 69904 0190c62de42396d78db9be771cf2403e c:\winnt\system32\ws2_32.dll
02-07-24 08:00 167344 880e0a9b181c05ab45f282ceec47b6b4 c:\winnt\$NtServicePackUninstall$\ndis.sys
03-06-19 14:05 170928 fb4f2d0595bd3546a4dd915e4a9b4809 c:\winnt\ServicePackFiles\i386\ndis.sys
03-06-19 14:05 170928 fb4f2d0595bd3546a4dd915e4a9b4809 c:\winnt\system32\dllcache\ndis.sys
03-06-19 14:05 170928 fb4f2d0595bd3546a4dd915e4a9b4809 c:\winnt\system32\drivers\ndis.sys
03-06-19 14:05 243472 59cf2b7dced9111f48f51b4b570e672d c:\winnt\explorer.exe
02-07-24 08:00 242960 51794d917250081ab41a77950cee481d c:\winnt\$NtServicePackUninstall$\explorer.exe
03-06-19 14:05 243472 59cf2b7dced9111f48f51b4b570e672d c:\winnt\ServicePackFiles\i386\explorer.exe
02-07-24 08:00 17680 d2c7c9f5c2623f6f7814231e278de9ff c:\winnt\$NtServicePackUninstall$\userinit.exe
03-06-19 14:05 17680 bf179c5b8a722cc79aef1ca90d6c7d48 c:\winnt\ServicePackFiles\i386\userinit.exe
03-06-19 14:05 17680 bf179c5b8a722cc79aef1ca90d6c7d48 c:\winnt\system32\USERINIT.EXE
03-06-19 14:05 17680 bf179c5b8a722cc79aef1ca90d6c7d48 c:\winnt\system32\dllcache\userinit.exe
02-07-24 08:00 13584 66fbe4b4ece98daf4cbaeec55536ccec c:\winnt\$NtServicePackUninstall$\powrprof.dll
03-06-19 14:05 13584 0a35f356726069b95f4bb2a99203fdd4 c:\winnt\ServicePackFiles\i386\powrprof.dll
03-06-19 14:05 13584 0a35f356726069b95f4bb2a99203fdd4 c:\winnt\system32\powrprof.dll
03-06-19 14:05 13584 0a35f356726069b95f4bb2a99203fdd4 c:\winnt\system32\dllcache\powrprof.dll
02-07-24 08:00 96016 f1bdfee375dec136dac53255dfca6d1c c:\winnt\$NtServicePackUninstall$\imm32.dll
03-06-19 14:05 96528 873794ce17dd72420d9c4072d4d112e5 c:\winnt\ServicePackFiles\i386\imm32.dll
03-06-19 14:05 96528 873794ce17dd72420d9c4072d4d112e5 c:\winnt\system32\imm32.dll
.
((((((((((((((((((((((((((((( snapshot@Wed 2008-12-31_13.25.13.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 13:00:00 28,672 ----a-w c:\winnt\NIRCMD.exe
+ 2000-08-31 13:00:00 29,696 ----a-w c:\winnt\NIRCMD.exe
+ 2008-05-09 17:14:43 64,448 ----a-w c:\winnt\system32\drivers\avgntdd.sys
+ 2008-01-21 22:11:27 18,496 ----a-w c:\winnt\system32\drivers\avgntmgr.sys
+ 2008-10-30 15:21:03 75,072 ----a-w c:\winnt\system32\drivers\avipbb.sys
+ 2007-03-01 14:34:22 28,352 ----a-w c:\winnt\system32\drivers\ssmdrv.sys
+ 2007-03-08 21:18:00 18,432 -c--a-w c:\winnt\system32\DRVSTORE\grmnusb_09F3E629557EBE4D2BA1A9469BDAE635AC0807AE\I386\grmngen.sys
+ 2007-03-08 21:18:00 8,320 -c--a-w c:\winnt\system32\DRVSTORE\grmnusb_09F3E629557EBE4D2BA1A9469BDAE635AC0807AE\I386\grmnusb.sys
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\winnt\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:04 235,936 ----a-w c:\winnt\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-01-28 03:09:27 84,661 ----a-w c:\winnt\system32\Macromed\Flash\uninstall_plugin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EZBack-it-up Tray Scheduler"="c:\program files\EZBackitup\EZBkuptray.exe" [04-06-03 16:30 631808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [08-04-25 12:31 333120]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [03-07-26 09:08 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [08-10-15 01:04 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [08-06-12 13:28 266497]
"Synchronization Manager"="mobsync.exe" [03-06-19 14:05 111376 c:\winnt\system32\mobsync.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 14:05 186640]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Create Notes Icon.lnk - c:\documents and settings\All Users\Personal\NotesIcon.exe [2002-10-11 459669]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=c:\winnt\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\winnt\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=c:\winnt\pss\Kodak software updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCSService]
--a------ 03-08-21 16:12 32768 c:\program files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 03-05-28 16:37 394240 c:\winnt\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 03-07-26 09:08 77824 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 06-06-15 13:48 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracks Eraser Pro]
--a------ 07-01-16 21:56 1335296 c:\program files\Acesoft\Tracks Eraser Pro\te.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 06-11-30 21:49 4662776 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\winnt\System32\hkcmd.exe
"MS Config Loader"=MSWin32bck.exe
"IgfxTray"=c:\winnt\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Windows Security Assistant"=c:\winnt\system32\rundll32.vbe
"MS Config Loader"=MSWin32bck.exe
R0 AFPAnsi;Alfa File Protector Ansi;c:\winnt\system32\drivers\AFPAnsi.sys [2008-06-25 39456]
R0 amd751;AMD AGP Bus Filter;c:\winnt\system32\drivers\amd751.sys [1999-09-28 22064]
R3 IPN2220;Wireless-G Notebook Adapter ver.4.0 Driver;c:\winnt\system32\drivers\i2220ntx.sys [2006-12-01 117248]
S1 FtsSerial;FTSSerial;c:\winnt\system32\drivers\FtsSer2k.Sys [2003-11-13 93938]
S2 UserTimeControl;User Time Control service;c:\program files\PC Time Limit\utccsr.exe --> c:\program files\PC Time Limit\utccsr.exe [?]
S3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A;c:\winnt\system32\drivers\vch.sys [2005-01-02 20533]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\winnt\system32\drivers\A3AB.sys [2003-09-09 323008]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90Xbc5.SYS [2002-10-07 69555]
S3 MotDev;Motorola Inc. USB Device;c:\winnt\system32\drivers\motodrv.sys [2007-03-16 40832]
S3 niserial;niserial;c:\winnt\system32\DRIVERS\niserial.sys --> c:\winnt\system32\DRIVERS\niserial.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-14 24652]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{91EDB667-5EF1-83C7-8CA3-99E5B83246BE}]
c:\winnt\system32:winsock32.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{AD576B0E-1D65-41D3-8D03-16ECA27F25BD} - c:\winnt\system32\qoMcbcYO.dll
BHO-{dac2c350-965c-4435-a7d2-174d3f59f344} - c:\winnt\system32\qutjbm.dll
Notify-mlJApNeF - mlJApNeF.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = www.comcast.net
mWindow Title = Hello
uInternet Settings,ProxyOverride = <local>
LSP: %SystemRoot%\system32\msafd.dll
TCP: {069E1ED2-634C-484A-9D44-35A62E45685E} = 68.87.75.194,68.87.64.196
TCP: {46A880B8-39D2-440B-A7C0-5F981D08D34C} = 68.87.75.194,68.87.64.146
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8je625t4.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-06 21:43:48
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(200)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Completion time: 2009-03-06 21:51:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-07 02:50:40
ComboFix2.txt 2008-12-31 18:29:17
Pre-Run: 5,316,348,928 bytes free
Post-Run: 5,344,596,992 bytes free
200 --- E O F --- 2008-11-12 09:25:02
hijackthis.log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:30 PM, on 3/6/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\EZBackitup\EZBkuptray.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\badgers19.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [EZBack-it-up Tray Scheduler] C:\Program Files\EZBackitup\EZBkuptray.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - .DEFAULT Startup: Create Notes Icon.lnk = C:\Documents and Settings\All Users\Personal\NotesIcon.exe (User 'Default user')
O4 - .DEFAULT User Startup: Create Notes Icon.lnk = C:\Documents and Settings\All Users\Personal\NotesIcon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182652901809
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{069E1ED2-634C-484A-9D44-35A62E45685E}: NameServer = 68.87.75.194,68.87.64.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{46A880B8-39D2-440B-A7C0-5F981D08D34C}: NameServer = 68.87.75.194,68.87.64.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{069E1ED2-634C-484A-9D44-35A62E45685E}: NameServer = 68.87.75.194,68.87.64.196
O17 - HKLM\System\CS2\Services\Tcpip\..\{069E1ED2-634C-484A-9D44-35A62E45685E}: NameServer = 68.87.75.194,68.87.64.196
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: User Time Control service (UserTimeControl) - Unknown owner - C:\Program Files\PC Time Limit\utccsr.exe (file missing)
--
End of file - 6186 bytes
_
uninstall_list.txt
@Winspy v2.03
AC3Filter (remove only)
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Media Player
Adobe Media Player
Adobe Reader 8.1.3
Adobe Shockwave Player
AirXpert Utility
ANIO Service
ANIWZCS Service
AnyDVD
ATI Display Driver
AutoCAD LT 2000i
AutoSketch Release 9
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Azureus
Cablenut 4.08
CloneDVD2
CodeWright 7.0
CodeWright Libraries
Comcast Toolbar
ConvertXtoDVD 3.3.3.104
Diskeeper Professional Edition
DivX
DivX Player
Driver Magician 3.1
ERUNT 1.1j
EVEREST Ultimate Edition v3.50
Express Burn
exPressit S.E. 2.2
EZBack-it-up 2.0.1
FileAlyzer
Garmin Communicator Plugin
Garmin MapSource
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
Google Earth
Google SketchUp 6
Google SketchUp 6
HijackThis 2.0.2
Inno Setup QuickStart Pack version 5.1.6
Intel Application Accelerator
Intel(R) Extreme Graphics Driver
IsoBuster 1.9
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
KC Softwares VideoInspector
Lyra Digital Audio Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Hotfix (KB947742)
Microsoft .NET Framework 2.0
Microsoft Clipart Extra
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 97, Professional Edition
Microsoft Visio Viewer 2002
Microsoft Visual Basic 6.0 Professional Edition
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.53
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Napster
Napster Burn Engine
neroxml
Odyssey Client
Paint Shop Pro 7
PC Pitstop Optimize 1.0t
PCTEL 2304WT V.9x MDC Modem Drivers
Peter's XML Editor
PhotoShow Deluxe 4
QuickTime
ratDVD 0.78.1444
RealPlayer
RegDoctor 1.73
Registry Mechanic 5.1
Remove on Reboot Shell Extension
ScreensaverMaker Desktop 2.3
Security Update for DirectX 9 (KB941568)
Security Update for DirectX 9 (KB951698)
Security Update for Microsoft .NET Framework 2.0 (KB947746)
Security Update for Windows 2000 (KB904706)
Security Update for Windows 2000 (KB923689)
Security Update for Windows 2000 (KB941569)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Spybot - Search & Destroy
Tracks Eraser Pro v6.0
Update Rollup 1 for Windows 2000 SP4
USB Driver for Panasonic DVC
Videora iPod Converter 3.07
Viewpoint Media Player
VSO CopyToDVD 4
WebCam Driver for Panasonic DVC
WIBU-KEY Setup (WIBU-KEY Remove)
WinAVI Video Converter
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB889293
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB890923
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB921503
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923694
Windows 2000 Hotfix - KB923810
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924191
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926122
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB927891
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB929969
Windows 2000 Hotfix - KB930178
Windows 2000 Hotfix - KB931784
Windows 2000 Hotfix - KB932168
Windows 2000 Hotfix - KB933566
Windows 2000 Hotfix - KB933729
Windows 2000 Hotfix - KB935839
Windows 2000 Hotfix - KB935840
Windows 2000 Hotfix - KB936021
Windows 2000 Hotfix - KB937143
Windows 2000 Hotfix - KB937894
Windows 2000 Hotfix - KB938127
Windows 2000 Hotfix - KB938464
Windows 2000 Hotfix - KB938827
Windows 2000 Hotfix - KB938829
Windows 2000 Hotfix - KB939653
Windows 2000 Hotfix - KB941202
Windows 2000 Hotfix - KB941644
Windows 2000 Hotfix - KB941693
Windows 2000 Hotfix - KB942615
Windows 2000 Hotfix - KB943055
Windows 2000 Hotfix - KB943485
Windows 2000 Hotfix - KB944338
Windows 2000 Hotfix - KB944533
Windows 2000 Hotfix - KB945553
Windows 2000 Hotfix - KB947864
Windows 2000 Hotfix - KB948590
Windows 2000 Hotfix - KB948881
Windows 2000 Hotfix - KB950749
Windows 2000 Hotfix - KB950759
Windows 2000 Hotfix - KB950760
Windows 2000 Hotfix - KB950974
Windows 2000 Hotfix - KB951066
Windows 2000 Hotfix - KB951748
Windows 2000 Hotfix - KB952954
Windows 2000 Hotfix - KB953838
Windows 2000 Hotfix - KB953839
Windows 2000 Hotfix - KB954211
Windows 2000 Hotfix - KB955069
Windows 2000 Hotfix - KB956390
Windows 2000 Hotfix - KB956391
Windows 2000 Hotfix - KB957095
Windows 2000 Hotfix - KB957097
Windows 2000 Hotfix - KB958644
Windows 2000 Service Pack 4
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
WinPatrol 2008
WinRAR archiver
Wireless-G Notebook Adapter
Xilisoft Video Converter 3
Xvid 1.2.1 final uninstall
Yahoo! Messenger
pskelley
2009-03-07, 13:12
This can be done as time permits, but it is important, and may be why you are infected.
Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87
http://www.adobe.com/support/security/bulletins/apsb09-01.html
Adobe Reader 8.1.3 <<< out of date and unsafe, see this:
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 2.3 for Windows (make sure to uncheck any toolbars)
http://www.foxitsoftware.com/pdf/rd_intro.php
Azureus <<< uninstall all p2p programs, see this:
http://forums.spybot.info/showthread.php?t=282
If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
all out of date and unsafe:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php
Spybot - Search & Destroy
Please be sure Spybot S&D is up to date and fully immunized.
http://www.safer-networking.org/en/
http://www.safer-networking.org/en/news/2008-07-08.html
http://www.safer-networking.org/en/faq/index.html
http://www.safer-networking.org/en/tutorial/index.html
Viewpoint Media Player <<< suggested uninstall:
For your information, Viewpoint is installed by aol probably without your knowledge.
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546
http://vil.nai.com/vil/content/v_137262.htm
Let's do some cleaning and another check for malware...
Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html
How is the computer running now?
Thanks
pskelley
2009-03-14, 16:13
09-03-07, 07:12 <<< last post?
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.