Help, many viruses!
Seems like I have tons of viruses on my computer. I can't get Internet Explorer to work at all. I can get online through AOL. My old anti virus program messed up and I can't download a new one, it just keeps messing up. I have no idea what to do now. Any help would be appreciated. I've ran the Kaspersky and HJT. Here are the logs. Thanks in advance for any help.
Sam
Ok, my Kaspersky report is too long to post into one post. What should I do? Here is the first part where it shows how many viruses were found. Let me know what to do, and I'll do it.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 05, 2008 1:42:27 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/02/2008
Kaspersky Anti-Virus database records: 549931
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 127461
Number of viruses found: 18
Number of infected objects: 34
Number of suspicious objects: 0
Duration of the scan process: 02:00:09
HJT report
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:38:09 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\AOL\1132592936\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInput.exe
C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInputUa.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Palm\Hotsync.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\U3\U3Launcher\LaunchU3.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8010
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;setup.msn.com;memberservices.msn.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\22.bin\ND2FNBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1132592936\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [STOPzilla] /autostart
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [Free Key Logger] "C:\Program Files\Free Key Logger\FreeKeyLogger.exe" minimized
O4 - HKCU\..\Run: [059be] C:\Program Files\059bef567-anaid\csrss.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\RegClean.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Consumer Input Rewarded with MyPoints, Consumer Input] C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInput.exe
O4 - HKCU\..\Run: [Consumer Input Rewarded with MyPoints, Consumer Input Update] C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInputUa.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - Startup: ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - file://E:\GAMES\msjavx86_3805.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.ma...ointsSetup.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1202237281064
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Seek...2353a7de83076e
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...loader_v10.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - file://E:\games\WebDriverFullInstall.exe
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O22 - SharedTaskScheduler: AppManager - {64ba30a2-811a-4597-b0af-d551128be340} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9562 bytes
Run - ATF Cleaner instructions here.
------------------------------------
Then download Malwarebytes' Anti-Malware to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
MS-MVP Windows Security 2006,2007,2008 & 2009
ASAP member since 2004
Thanks for your help! I ran ATF cleaner and the Malwarebytes' Anti-Malware. Here is the log after that. What should I do next? Thanks again!
Malwarebytes' Anti-Malware 1.03
Database version: 337
Scan type: Full Scan (C:\|)
Objects scanned: 134476
Time elapsed: 25 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\IEControl.DLL (Rogue.ContraVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Failed to delete.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\Diana Allen\Start Menu\Programs\WhenU (Adware.WhenUSave) -> Quarantined and deleted successfully.
Files Infected:
(No malicious items detected)
Run this online scan from ESET
You will need to use Internet explorer for this scan!
- First, accept the Terms of Use
- Click: Start
- When asked, allow the ActiveX control to install
- Click: Start
- Make sure the options:
Remove found threats, and Scan unwanted applications
are both checked!- Click: Scan
When the scan finishes, use Notepad to open the ESET report.
It will be located here C:\Program Files\EsetOnlineScanner\log.txt
MS-MVP Windows Security 2006,2007,2008 & 2009
ASAP member since 2004
Download ComboFix from Here or Here to your Desktop.
In the event you already have Combofix, this is a new version that I need you to download.
It must be saved directly to your desktop.
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Temporarily disable your anti-virus, and any anti-malware real-time protection before performing a scan.
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Remember to re enable the protection again afterwards before connecting to the net
2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
- IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
- If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
3. Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.
MS-MVP Windows Security 2006,2007,2008 & 2009
ASAP member since 2004
ComboFix 08-02-21 - Owner 2008-02-20 22:12:00.1 - NTFSx86
Running from: C:\Documents and Settings\Owner.DIANA-765FEB950\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\companion wizard
C:\Program Files\oemji
C:\Program Files\oemji\OemjiSearchPlus\Unreg.bat
C:\Program Files\oemji\Thumbs.db
C:\Program Files\oemji\Uninstall.exe
C:\Program Files\oemji\UNWISE.EXE
C:\Program Files\oemji\watermark.bmp
C:\Program Files\outlook
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\stera.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_FOPN
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK
((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.
2008-02-15 17:24 . 2008-02-15 18:28 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-02-15 12:56 . 2008-02-15 12:56 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-15 12:56 . 2008-02-15 12:56 <DIR> d-------- C:\Documents and Settings\Owner.DIANA-765FEB950\Application Data\Malwarebytes
2008-02-15 12:56 . 2008-02-15 12:56 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-02-11 09:40 . 2008-02-11 09:40 2,715,648 --a------ C:\WINDOWS\SYSTEM32\OnlineScanner.ocx
2008-02-11 09:39 . 2008-02-11 09:39 253,952 --a------ C:\WINDOWS\SYSTEM32\OnlineScannerDLLA.dll
2008-02-11 09:39 . 2008-02-11 09:39 237,568 --a------ C:\WINDOWS\SYSTEM32\OnlineScannerDLLW.dll
2008-02-08 13:53 . 2008-02-08 13:53 110,592 --a------ C:\WINDOWS\SYSTEM32\OnlineScannerLang.dll
2008-02-05 16:37 . 2008-02-05 16:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-05 14:52 . 2008-02-05 14:52 <DIR> d-------- C:\Program Files\Sun
2008-02-05 14:52 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-02-05 13:52 . 2008-02-18 13:07 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-05 13:50 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-02-05 13:50 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-02-05 11:28 . 2008-02-05 11:28 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-02-05 11:28 . 2008-02-05 11:28 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-02-05 08:48 . 2008-02-05 08:48 77,824 --a------ C:\WINDOWS\SYSTEM32\OnlineScannerUninstaller.exe
2008-02-02 06:14 . 2008-02-02 06:14 <DIR> d-------- C:\Program Files\MySurvey Messenger
2008-01-22 20:04 . 2008-01-22 20:04 34 --a------ C:\WINDOWS\Tiny_Run.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 03:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
2008-02-17 01:46 --------- d-----w C:\Documents and Settings\Owner.DIANA-765FEB950\Application Data\mypoints
2008-02-15 22:22 --------- d-----w C:\Documents and Settings\Owner.DIANA-765FEB950\Application Data\LimeWire
2008-02-05 19:52 --------- d-----w C:\Program Files\Java
2008-02-05 19:27 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-02-03 14:27 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-02-03 11:48 --------- d-----w C:\Program Files\CleanUp!
2008-02-01 11:31 --------- d-----w C:\Program Files\mypoints
2008-01-01 23:58 --------- d-----w C:\Program Files\Coupons
2007-12-26 21:41 --------- d-----w C:\Program Files\LimeWire
2007-12-24 17:05 --------- d-----w C:\Documents and Settings\Owner.DIANA-765FEB950\Application Data\Panasonic
2007-12-24 17:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-24 17:03 --------- d-----w C:\Program Files\Panasonic
2007-12-24 17:03 --------- d-----w C:\Documents and Settings\Owner.DIANA-765FEB950\Application Data\InstallShield
2007-12-21 00:37 --------- d-----w C:\Documents and Settings\Owner.DIANA-765FEB950\Application Data\U3
2007-06-19 00:32 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2005-02-08 01:10 0 -c-ha-w C:\Documents and Settings\Diana Allen\hpothb07.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CEC4-75A487FD6484}]
2007-10-02 15:31 1909248 --a------ C:\PROGRA~1\mypoints\mypoints.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{5CBE2611-C31B-401F-89BC-4CBB25E853D7}
{A057A204-BACC-4D26-CEC4-75A487FD6484}
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= C:\PROGRA~1\mypoints\mypoints.dll [2007-10-02 15:31 1909248]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Key Logger"="C:\Program Files\Free Key Logger\FreeKeyLogger.exe" [ ]
"059be"="C:\Program Files\059bef567-anaid\csrss.exe" [2006-02-23 12:41 1136090]
"Registry Cleaner"="C:\Program Files\Registry Cleaner Trial\RegClean.exe" [ ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [ ]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [2007-04-18 01:49 50736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1132592936\ee\AOLSoftware.exe" [2006-09-25 19:52 50736]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50 71216]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 04:01 110592]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42 1404928]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-17 00:12 180269]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 12:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 12:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 12:36 114688]
"STOPzilla"=" /autostart" []
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-18 16:00 8192]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 16:03 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-21 12:11 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 22:20:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
.
**************************************************************************
.
Completion time: 2008-02-20 22:25:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-21 03:25:22
.
2008-02-20 23:48:40 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:27 PM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\1132592936\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInput.exe
C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInputUa.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AOL 9.0\shellmon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8010
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;setup.msn.com;memberservices.msn.com
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\22.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1132592936\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [STOPzilla] /autostart
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [Free Key Logger] "C:\Program Files\Free Key Logger\FreeKeyLogger.exe" minimized
O4 - HKCU\..\Run: [059be] C:\Program Files\059bef567-anaid\csrss.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\RegClean.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Consumer Input Rewarded with MyPoints, Consumer Input] C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInput.exe
O4 - HKCU\..\Run: [Consumer Input Rewarded with MyPoints, Consumer Input Update] C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInputUa.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - Startup: ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - file://E:\GAMES\msjavx86_3805.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.ma...ointsSetup.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1202237281064
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...loader_v10.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - file://E:\games\WebDriverFullInstall.exe
O22 - SharedTaskScheduler: AppManager - {64ba30a2-811a-4597-b0af-d551128be340} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8887 bytes
In add and remove programs remove these
C:\Program Files\059bef567-anaid
C:\Program Files\Registry Cleaner Trial
Close all programs leaving only HijackThis running. Place a check against each of the following,
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\22.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O4 - HKCU\..\Run: [059be] C:\Program Files\059bef567-anaid\csrss.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\RegClean.exe"
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.ma...ointsSetup.exe
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - file://E:\games\WebDriverFullInstall.exe
Click on Fix Checked when finished and exit HijackThis.
Reboot and rescan with HiJackThis and post a new log here.
Also please describe how your computer behaves at the moment.
MS-MVP Windows Security 2006,2007,2008 & 2009
ASAP member since 2004
Posting Permissions
