Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: I think I'm Being Hijacked Again

  1. #1
    Member
    Join Date
    May 2008
    Posts
    60

    Default I think I'm Being Hijacked Again

    I have tried to access Google and I keep getting either page can't be displayed or soem other error. I have an Adsense account and when I attempted to go to that page I was unable to access it. That is when I next tried Google's homepage getting the same result. Then I tried typing in Google on yahoo's search engine. I was taken to a site that LOOKED like Google but the Google logo which looms so prominently on the browser was not visible. When I moved my cursor over the place that the logo should be, I knew something was there although not visible. I then went to an ebusiness forum that discusses Google etc. to inquire if there were problems with Google. I submitted my post but the screen hasn't even loaded and it has been 30 minutes-never this slow. I suspect I've been hijacked. Also, I'm getting a heck of a lot of spam in my yahoo folder, this although I've set up my yahoo account to immediately delete all spam. The spam is now shoiwing up in my inbox. :( I'm mostly concerned, though, because I do not need someone hacking my computer, interfering with my Google account and particularly click bombing my site. Spybot says that there are no problems with my computer but I know there is a something wrong.

    Lately I have been receiving offline Windows Messenger messages from an email address that belongs to one of my friends.The thing is that these messages ALWAYS come from the account offline. The "messages" are nothing more than links to various sites. One link per offline message. The first time I was naive and clicked and clicked on it and was taken to a strange site. I then tried to email my friend and she said she hadn't sent anything. Then I got a second offline message a few days later which I clicked on. When I did, I was told that I had LOGGED OUT of MSN Messenger and had to log back in again. That, I now believe was a phishing scam because thereafter I would be logged out of Windows Messenger-never of my own action, though. By this I mean, I would see that I have been logged out of MSN Messenger and would be told that I had logged out because I had logged in at another location. But this is the only computer that I use. Because of this problem I changed my Windows Messenger password. Around that time I also got an offline message from another friend via yahoo Instant Messenger, again with a link to another website. So yesterday I received another Windows Messenger offline message from the account that the two previous Windows Messenger offline messages originated from (if I can even say "originated"). I did not click on the link this time, of course. Some of this I may have mentioned in a previous thread regarding problem with Google, but what I'm experiencing today has me greatly concerned. I hope that you can follow what I wrote above. I'm posting my hijack logs below. Thank you.

    HJT report:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:50:27 AM, on 6/15/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-66bc51101b02e482.spaces.l...d/MsnPUpld.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=19588
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    --
    End of file - 6777 bytes

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Log looks ok. Let's check with another tool.

    Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
    1. Close all applications and windows.
    2. Double-click on dss.exe to run it, and follow the prompts.
    3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply



    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Please post contents of that file in your next reply.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Member
    Join Date
    May 2008
    Posts
    60

    Default

    Hi,

    How will I know if I have administrator priveleges on my computer?
    Quote Originally Posted by Blade81 View Post
    Hi

    Log looks ok. Let's check with another tool.

    Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
    1. Close all applications and windows.
    2. Double-click on dss.exe to run it, and follow the prompts.
    3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply



    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Please post contents of that file in your next reply.

  4. #4
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    If you're able to install programs then you have administrator rights For example I asked you to install Malwarebytes' Anti-Malware. If you're able to do that then you have administrator access.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Member
    Join Date
    May 2008
    Posts
    60

    Default

    Hi,

    Here are the results of the Deckard System Scan.

    Thanks

    Deckard's System Scanner v20071014.68
    Run by Joseph Martin on 2008-06-18 18:34:47
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    48: 2008-06-18 23:36:16 UTC - RP348 - Deckard's System Scanner Restore Point
    47: 2008-06-18 11:46:14 UTC - RP347 - Software Distribution Service 3.0
    46: 2008-06-17 18:34:10 UTC - RP346 - System Checkpoint
    45: 2008-06-16 15:33:48 UTC - RP345 - System Checkpoint
    44: 2008-06-15 14:36:26 UTC - RP344 - System Checkpoint


    -- First Restore Point --
    1: 2008-05-06 16:31:59 UTC - RP301 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.

    Percentage of Memory in Use: 77% (more than 75%).
    Total Physical Memory: 384 MiB (512 MiB recommended).


    -- HijackThis (run as Joseph Martin.exe) ---------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:49:58 PM, on 6/18/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Documents and Settings\Joseph Martin\Local Settings\Temporary Internet Files\Content.IE5\U3W96Z6T\dss[1].exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Joseph Martin.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-66bc51101b02e482.spaces.l...d/MsnPUpld.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=19588
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    --
    End of file - 6834 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    S3 JL2005C (Dual Mode Camera) - c:\windows\system32\drivers\jl2005c.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    All services whitelisted.


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Multimedia Audio Controller
    Device ID: PCI\VEN_13F6&DEV_0111&SUBSYS_011113F6&REV_10\4&1351887D&0&50F0
    Manufacturer:
    Name: Multimedia Audio Controller
    PNP Device ID: PCI\VEN_13F6&DEV_0111&SUBSYS_011113F6&REV_10\4&1351887D&0&50F0
    Service:


    -- Scheduled Tasks -------------------------------------------------------------

    2008-06-18 06:55:33 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


    -- Files created between 2008-05-18 and 2008-06-18 -----------------------------

    2008-06-04 10:45:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2008-05-29 11:14:17 0 d-------- C:\Program Files\Trend Micro


    -- Find3M Report ---------------------------------------------------------------

    Nothing modified in this timespan.


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [11/30/2006 09:50 AM]
    "McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [11/17/2006 02:39 PM]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/13/2004 04:49 PM]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 08:20 PM]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 06:43 PM]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2/28/2008 7:29:12 PM]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 8:28:24 PM]
    HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 8:50:52 PM]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"




    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 007guard.com
    127.0.0.1 www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 www.032439.com

    7899 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2008-06-18 18:52:44 ------------

  6. #6
    Member
    Join Date
    May 2008
    Posts
    60

    Default

    Hi,

    Here's the Deckard System Scan for extra.txt

    Thanks

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Pentium(R) 4 CPU 1.50GHz
    Percentage of Memory in Use: 80%
    Physical Memory (total/avail): 383.53 MiB / 74.31 MiB
    Pagefile Memory (total/avail): 922.27 MiB / 371.94 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1938.88 MiB

    C: is Fixed (NTFS) - 19.53 GiB total, 12.11 GiB free.
    D: is Fixed (FAT32) - 17.72 GiB total, 14.83 GiB free.
    E: is CDROM (CDFS)
    F: is Removable (No Media)

    \\.\PHYSICALDRIVE0 - ST340016A - 37.27 GiB - 2 partitions
    \PARTITION0 (bootable) - Installable File System - 19.53 GiB - C:
    \PARTITION1 - Extended w/Extended Int 13 - 17.73 GiB - D:

    \\.\PHYSICALDRIVE1 - HP PSC 1610 USB Device



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    AV: VirusScan Enterprise + AntiSpyware Enterprise v8.5.0.781 (McAfee, Inc.)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Joseph Martin\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=JOSEPH
    ComSpec=C:\WINDOWS\system32\cmd.exe
    DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Joseph Martin
    LOGONSERVER=\\JOSEPH
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0102
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\JOSEPH~1\LOCALS~1\Temp
    TMP=C:\DOCUME~1\JOSEPH~1\LOCALS~1\Temp
    USERDOMAIN=JOSEPH
    USERNAME=Joseph Martin
    USERPROFILE=C:\Documents and Settings\Joseph Martin
    VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    Joseph Martin (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
    Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
    Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
    Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    HP Extended Capabilities 4.7 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
    HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
    HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
    Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    McAfee AntiSpyware Enterprise Module --> "C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS
    McAfee VirusScan Enterprise --> MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    PhoTags Express --> C:\PROGRA~1\PHOTAG~1\Setup.exe /remove /q0
    Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Total Commander (Remove or Repair) --> C:\Program Files\totalcmd\tcuninst.exe
    Uninstall Dual Mode Camera --> "C:\Program Files\JL2005D\unins000.exe"
    Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
    Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
    Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
    Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type20821 / Warning
    Event Submitted/Written: 06/18/2008 11:12:20 AM
    Event ID/Source: 258 / McLogEvent
    Event Description:
    The file C:\Documents and Settings\Joseph Martin\Cookies\joseph martin@advertising[2].txt\00000000.ie contains Cookie-Advertising '_'. The file was successfully deleted.

    Event Record #/Type20795 / Warning
    Event Submitted/Written: 06/17/2008 07:03:36 PM
    Event ID/Source: 258 / McLogEvent
    Event Description:
    The file C:\Documents and Settings\Joseph Martin\Cookies\joseph martin@advertising[2].txt\00000000.ie contains Cookie-Advertising '_'. The file was successfully deleted.

    Event Record #/Type20794 / Warning
    Event Submitted/Written: 06/17/2008 07:03:36 PM
    Event ID/Source: 258 / McLogEvent
    Event Description:
    The file C:\Documents and Settings\Joseph Martin\Cookies\joseph martin@advertising[1].txt\00000000.ie contains Cookie-Advertising '_'. The file was successfully deleted.

    Event Record #/Type20792 / Warning
    Event Submitted/Written: 06/17/2008 07:03:19 PM
    Event ID/Source: 258 / McLogEvent
    Event Description:
    The file C:\Documents and Settings\Joseph Martin\Cookies\joseph martin@2o7[2].txt\00000000.ie contains Cookie-2O7 '_'. The file was successfully deleted.

    Event Record #/Type20791 / Warning
    Event Submitted/Written: 06/17/2008 07:03:17 PM
    Event ID/Source: 258 / McLogEvent
    Event Description:
    The file C:\Documents and Settings\Joseph Martin\Cookies\joseph martin@advertising[2].txt\00000000.ie contains Cookie-Advertising '_'. The file was successfully deleted.



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type35873 / Warning
    Event Submitted/Written: 06/18/2008 06:50:42 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %JOSEPH27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JOSEPH27 can't undo changes that you allow.

    For more information please see the following:
    %JOSEPH275

    Scan ID: {C7A2DF38-F808-4BE1-94A6-B70098E85730}

    User: JOSEPH\Joseph Martin

    Name: %JOSEPH271

    ID: %JOSEPH272

    Severity: 1.1.1593.05

    Category: 1.1.1593.06

    Path Found: %JOSEPH276

    Alert Type: %JOSEPH278

    Detection Type: 1.1.1593.02

    Event Record #/Type35872 / Warning
    Event Submitted/Written: 06/18/2008 06:50:42 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %JOSEPH27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JOSEPH27 can't undo changes that you allow.

    For more information please see the following:
    %JOSEPH275

    Scan ID: {FFB13983-B433-4CDD-B569-D5AB6A51543A}

    User: JOSEPH\Joseph Martin

    Name: %JOSEPH271

    ID: %JOSEPH272

    Severity: 1.1.1593.05

    Category: 1.1.1593.06

    Path Found: %JOSEPH276

    Alert Type: %JOSEPH278

    Detection Type: 1.1.1593.02

    Event Record #/Type35871 / Warning
    Event Submitted/Written: 06/18/2008 06:50:42 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %JOSEPH27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JOSEPH27 can't undo changes that you allow.

    For more information please see the following:
    %JOSEPH275

    Scan ID: {CB52FCF1-E055-4D38-87EB-184FA4436803}

    User: JOSEPH\Joseph Martin

    Name: %JOSEPH271

    ID: %JOSEPH272

    Severity: 1.1.1593.05

    Category: 1.1.1593.06

    Path Found: %JOSEPH276

    Alert Type: %JOSEPH278

    Detection Type: 1.1.1593.02

    Event Record #/Type35870 / Warning
    Event Submitted/Written: 06/18/2008 06:50:36 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %JOSEPH27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JOSEPH27 can't undo changes that you allow.

    For more information please see the following:
    %JOSEPH275

    Scan ID: {22D4DC9D-0BC9-4473-9EE5-41B0802E35D2}

    User: JOSEPH\Joseph Martin

    Name: %JOSEPH271

    ID: %JOSEPH272

    Severity: 1.1.1593.05

    Category: 1.1.1593.06

    Path Found: %JOSEPH276

    Alert Type: %JOSEPH278

    Detection Type: 1.1.1593.02

    Event Record #/Type35869 / Warning
    Event Submitted/Written: 06/18/2008 06:50:36 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %JOSEPH27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JOSEPH27 can't undo changes that you allow.

    For more information please see the following:
    %JOSEPH275

    Scan ID: {87FFC1ED-953A-4959-A36B-5AD771826D25}

    User: JOSEPH\Joseph Martin

    Name: %JOSEPH271

    ID: %JOSEPH272

    Severity: 1.1.1593.05

    Category: 1.1.1593.06

    Path Found: %JOSEPH276

    Alert Type: %JOSEPH278

    Detection Type: 1.1.1593.02



    -- End of Deckard's System Scanner: finished at 2008-06-18 18:52:44 ------------

  7. #7
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Did you make Malwarebytes' Anti-Malware scan? Could you post its report too, please?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #8
    Member
    Join Date
    May 2008
    Posts
    60

    Default

    Hi,

    It appears that nothing was found, I'll take that as a good thing.

    Thanks

    Malwarebytes' Anti-Malware 1.17
    Database version: 869

    9:07:31 AM 6/19/2008
    mbam-log-6-19-2008 (09-07-31).txt

    Scan type: Full Scan (C:\|D:\|E:\|)
    Objects scanned: 88569
    Time elapsed: 1 hour(s), 0 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  9. #9
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Yes, both DSS and MBAM report look ok. How's your system running now?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  10. #10
    Member
    Join Date
    May 2008
    Posts
    60

    Default

    Quote Originally Posted by Blade81 View Post
    Hi

    Yes, both DSS and MBAM report look ok. How's your system running now?

    Well, since I had made my original post in this thread I had learned that my ISP was experiencing difficulty which could explain why I was unable to access Google those few hours last Sunday. But there is still the issue of "white screen" as I put it. I have a website that is hosted on what they call a secure server. However when I go in to my website's office and attempt to load and access pages, the browser goes white for at least 30 seconds. The cursor also becomes an hour glass. I have a lot of Adsense on my pages and Double Click affiliate ads, too. (Google owns DoubleClick Performics). I'm aware of tracking on my computer but I also know spy ware can be installed on it. Last summer my computer became infected with WinPro2006 (or 2007) which is the winfixer trojan. I had McAfee but it could not remove the virus, and actually caused more problems. I had a friend who downloaded some anti-virus/anti-spyware software to my computer and as far as we were able to tell, winfixer was finally removed. But it did take effort. And the $65.00 I paid to McAfee's tech support for the removal of winfixer was a waste of money since they had been unable to do anything about it. Because of the winfixer incident which also included a fake browser, I'm very suspicious of what I see on the computer and any activity or slow responses that my computer experiences. It's not a matter of cry wolf but a real concern for the safety of my computer and passwords.

    I'm glad that you're taking the time to help me with this, and I'm glad that your tests do not show anything (as I hope there is nothing on my computer), but how do you explain the white screen that I mentioned above?

    Thanks.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •