Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Trojan/worm introduced thru Facebook

  1. 2009-09-05, 22:15 #11
    Glennsco
    Glennsco is offline
    Member Glennsco's Avatar
    Join Date
    Jul 2008
    Posts
    35

    Default Answer to ??, esetlog, hjt log, performance

    1-AVAST did give a warning when I was running my last HJT. It was related to that webserver.exe file.
    2-No I do not know that file/program or anything related to it.

    esetlog

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=6
    # iexplore.exe=7.00.6000.16876 (vista_gdr.090625-2339)
    # OnlineScanner.ocx=1.0.0.6050
    # api_version=3.0.2
    # EOSSerial=eda49a953d1d8a46a015d34c0f0c0d31
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2009-09-05 07:59:19
    # local_time=2009-09-05 03:59:20 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=769 21 100 100 68884951696
    # scanned=74142
    # found=4
    # cleaned=0
    # scan_time=5028
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinKoobface1.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinKoobface3.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinVirutmtt1.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
    C:\Program Files\webserver\webserver.exe probably a variant of Win32/TrojanProxy.Small.NCJ trojan 00000000000000000000000000000000 I


    hjt log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:05:34 PM, on 9/5/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\QuickTime\qttask.exe
    E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\Acrotray.exe
    E:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    C:\Documents and Settings\mc\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Acronis*True*Image Monitor] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [AdobeVersionCue] E:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\mc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to existing PDF - res://E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Web-Based Email Tools - http://email04.secureserver.net/Download.CAB
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...0Installer.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/50.13/uploader2.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.evite.com/html/imageUploa...eUploader5.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1055142896196
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1228828719226
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c9c14e60a312e0) (gupdate1c9c14e60a312e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: webserver - Unknown owner - C:\Program Files\webserver\webserver.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 12931 bytes

    Behavior

    Internet Explorer was sluggish in general and it the would becomputer "running hot" as it does when it's trying to do something (for example I've noticed this behavior when it has security updates ready to install and yet some other action is preventing it like it goes to "sleep" before the update happens)
    It's not doing that now but it was before the scan.

    The warning came after the scan, though. Maybe because the AVAST had been turned off to do the scan?
  2. 2009-09-06, 11:36 #12
    Bio-Hazard
    Bio-Hazard is offline
    Emeritus- Malware Team
    Join Date
    Oct 2008
    Location
    Cornwall, UK
    Posts
    592

    Default

    Hello!

    We are almost done.

    You need to empty this folder (Do NOT delete it): C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery


    Run CFScript


    • Close any open browsers.
    • Open Notepad by click start
    • Click Run
    • Type notepad into the box and click enter
    • Notepad will open
    • Copy and Paste everything from the Code box into Notepad:



    Code:
    Driver::
webserver

Folder::
C:\Program Files\webserver
    • Save this as CFScript.txt, in the same location as ComboFix.exe (on your desktop)

    • Refering to the picture below, drag CFScript into ComboFix.exe

    • When finished, it shall produce a log for you at C:\ComboFix.txt



    NOTE: Do not mouseclick combofix's window whilst it's running. That may cause it to stall it.



    Logs/Information to Post in Next Reply

    Please post the following logs/Information in your reply:

    • ComboFix log (found at C:\Combofix.txt)
    • A fresh HijackThis Log ( after all the above has been done)
    • A description of how your computer is behaving
    MRU Master of Malware Removal University

    Member of UNITE and ASAP
  3. 2009-09-06, 14:37 #13
    Glennsco
    Glennsco is offline
    Member Glennsco's Avatar
    Join Date
    Jul 2008
    Posts
    35

    Default Combofix, HJTLog

    COMBOFIX

    ComboFix 09-09-05.03 - mc 09/06/2009 7:25.3.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.639.344 [GMT -4:00]
    Running from: c:\documents and settings\mc\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\mc\Desktop\CFScript.txt
    AV: avast! antivirus 4.8.1351 [VPS 090905-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\webserver
    c:\program files\webserver\webserver.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_WEBSERVER
    -------\Service_webserver


    ((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
    .

    2009-09-05 18:29 . 2009-09-05 18:29 -------- d-----w- c:\program files\ESET
    2009-09-05 18:00 . 2009-09-05 18:00 -------- d-----w- c:\program files\Java
    2009-09-05 03:02 . 2009-09-05 03:02 -------- d-----w- c:\documents and settings\mc\Application Data\Malwarebytes
    2009-09-05 03:02 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-05 03:02 . 2009-09-05 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-09-05 03:02 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-09-05 03:02 . 2009-09-05 03:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-09-03 11:12 . 2009-09-05 18:00 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-08-29 23:56 . 2009-08-29 23:56 -------- d-----w- c:\program files\WOT
    2009-08-29 13:51 . 2009-08-29 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-08-29 13:51 . 2009-08-29 13:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-08-29 13:45 . 2009-08-29 13:45 -------- d-----w- c:\program files\Trend Micro
    2009-08-29 03:38 . 2007-10-09 17:13 38144 ----a-w- c:\windows\system32\drivers\EAPPkt.sys
    2009-08-13 02:12 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2009-08-12 02:22 . 2009-08-26 19:27 -------- d-----w- c:\documents and settings\mc\Local Settings\Application Data\Temp

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-29 03:54 . 2008-11-12 01:45 -------- d-----w- c:\program files\REALTEK
    2009-08-29 03:49 . 2008-06-07 19:44 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-08-24 03:09 . 2008-11-02 19:09 -------- d-----w- c:\documents and settings\mc\Application Data\U3
    2009-08-17 16:10 . 2003-05-20 17:13 1279456 ----a-w- c:\windows\system32\aswBoot.exe
    2009-08-17 16:06 . 2003-05-20 17:14 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2009-08-17 16:06 . 2003-05-20 17:14 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2009-08-17 16:05 . 2003-05-20 17:14 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-08-17 16:05 . 2003-05-20 17:14 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-08-17 16:04 . 2003-05-20 17:14 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-08-17 16:04 . 2003-05-20 17:14 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-08-17 16:03 . 2003-05-20 17:14 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2009-08-17 16:02 . 2003-05-20 17:14 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-12 03:01 . 2008-11-06 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
    2009-07-10 09:30 . 2009-01-24 22:04 -------- d-----w- c:\documents and settings\mc\Application Data\AdobeUM
    2009-06-29 16:12 . 2004-08-04 12:00 827392 ------w- c:\windows\system32\wininet.dll
    2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-29 16:12 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
    2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
    2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
    2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
    2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
    2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
    2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-10 13:19 . 2003-06-09 06:55 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-09-03_00.11.15 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-09-05 18:03 . 2009-09-05 18:03 16384 c:\windows\Temp\Perflib_Perfdata_668.dat
    + 2009-09-06 11:36 . 2009-09-06 11:36 16384 c:\windows\Temp\Perflib_Perfdata_11c.dat
    - 2004-08-04 12:00 . 2009-09-02 23:51 72248 c:\windows\system32\perfc009.dat
    + 2004-08-04 12:00 . 2009-09-05 22:29 72248 c:\windows\system32\perfc009.dat
    + 2009-09-03 00:11 . 2008-10-16 19:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
    + 2009-09-03 00:11 . 2008-04-14 00:12 13824 c:\windows\system32\dllcache\cache\wscntfy.exe
    + 2009-09-03 00:11 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
    + 2009-09-03 00:11 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
    + 2009-09-03 00:11 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
    + 2009-09-03 00:11 . 2008-04-14 00:12 71680 c:\windows\system32\dllcache\cache\ssdpsrv.dll
    + 2009-09-03 00:11 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
    + 2009-09-03 00:11 . 2008-04-14 00:12 59904 c:\windows\system32\dllcache\cache\regsvc.dll
    + 2009-09-03 00:11 . 2008-04-14 00:12 88576 c:\windows\system32\dllcache\cache\rasauto.dll
    + 2009-09-03 00:11 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
    + 2009-09-03 00:11 . 2006-10-19 02:47 27136 c:\windows\system32\dllcache\cache\mspmsnsv.dll
    + 2009-09-03 00:11 . 2008-04-14 00:11 33792 c:\windows\system32\dllcache\cache\msgsvc.dll
    + 2009-09-03 00:11 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
    + 2009-09-03 00:11 . 2008-04-14 00:11 22016 c:\windows\system32\dllcache\cache\lpk.dll
    + 2009-09-03 00:11 . 2008-04-14 00:11 19968 c:\windows\system32\dllcache\cache\linkinfo.dll
    + 2009-09-03 00:11 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
    + 2009-09-03 00:11 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
    + 2009-09-03 00:11 . 2008-04-14 00:11 56320 c:\windows\system32\dllcache\cache\eventlog.dll
    + 2009-09-03 00:11 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
    + 2009-09-03 00:11 . 2008-04-14 00:11 62464 c:\windows\system32\dllcache\cache\cryptsvc.dll
    + 2009-09-03 00:11 . 2008-04-14 00:11 77824 c:\windows\system32\dllcache\cache\browser.dll
    + 2009-09-03 00:11 . 2008-04-13 18:57 14336 c:\windows\system32\dllcache\cache\asyncmac.sys
    + 2009-09-03 00:11 . 2004-08-04 12:00 11648 c:\windows\system32\dllcache\cache\acpiec.sys
    + 2009-09-03 00:11 . 2008-04-14 00:12 5120 c:\windows\system32\dllcache\cache\sfc.dll
    + 2009-09-03 00:11 . 2004-08-04 12:00 2944 c:\windows\system32\dllcache\cache\null.sys
    + 2009-09-03 00:11 . 2004-08-04 12:00 4224 c:\windows\system32\dllcache\cache\beep.sys
    + 2004-08-04 12:00 . 2009-09-05 22:29 444156 c:\windows\system32\perfh009.dat
    - 2004-08-04 12:00 . 2009-09-02 23:51 444156 c:\windows\system32\perfh009.dat
    + 2009-09-05 18:01 . 2009-09-05 18:00 149280 c:\windows\system32\javaws.exe
    + 2009-09-05 18:01 . 2009-09-05 18:00 145184 c:\windows\system32\javaw.exe
    + 2009-09-05 18:01 . 2009-09-05 18:00 145184 c:\windows\system32\java.exe
    + 2009-09-03 00:11 . 2008-04-14 00:12 129024 c:\windows\system32\dllcache\cache\xmlprov.dll
    + 2009-09-03 00:11 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
    + 2009-09-03 00:11 . 2009-06-29 16:12 827392 c:\windows\system32\dllcache\cache\wininet.dll
    + 2009-09-03 00:11 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
    + 2009-09-03 00:11 . 2008-04-14 00:12 185856 c:\windows\system32\dllcache\cache\upnphost.dll
    + 2009-09-03 00:11 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
    + 2009-09-03 00:11 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
    + 2009-09-03 00:11 . 2008-04-14 00:12 249856 c:\windows\system32\dllcache\cache\tapisrv.dll
    + 2009-09-03 00:11 . 2008-04-14 00:12 171008 c:\windows\system32\dllcache\cache\srsvc.dll
    + 2009-09-03 00:11 . 2008-04-14 00:12 135168 c:\windows\system32\dllcache\cache\shsvcs.dll
    + 2009-09-03 00:11 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
    + 2009-09-03 00:11 . 2008-04-14 00:12 192512 c:\windows\system32\dllcache\cache\schedsvc.dll
    + 2009-09-03 00:11 . 2008-04-14 00:12 181248 c:\windows\system32\dllcache\cache\scecli.dll
    + 2009-09-03 00:11 . 2009-02-09 12:10 401408 c:\windows\system32\dllcache\cache\rpcss.dll
    + 2009-09-03 00:11 . 2008-04-14 00:12 409088 c:\windows\system32\dllcache\cache\qmgr.dll
    + 2009-09-03 00:11 . 2008-04-14 00:12 435200 c:\windows\system32\dllcache\cache\ntmssvc.dll
    + 2009-09-03 00:11 . 2008-04-13 19:15 574976 c:\windows\system32\dllcache\cache\ntfs.sys
    + 2009-09-03 00:11 . 2008-04-14 00:12 198144 c:\windows\system32\dllcache\cache\netman.dll
    + 2009-09-03 00:11 . 2008-04-14 00:12 407040 c:\windows\system32\dllcache\cache\netlogon.dll
    + 2009-09-03 00:11 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
    + 2009-09-03 00:11 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\cache\mswsock.dll
    + 2009-09-03 00:11 . 2008-04-14 00:11 927504 c:\windows\system32\dllcache\cache\mfc40u.dll
    + 2009-09-03 00:11 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
    + 2009-09-03 00:11 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
    + 2009-09-03 00:11 . 2008-07-07 20:26 253952 c:\windows\system32\dllcache\cache\es.dll
    + 2009-09-03 00:11 . 2008-04-14 00:11 792064 c:\windows\system32\dllcache\cache\comres.dll
    + 2009-09-03 00:11 . 2008-04-14 00:11 617472 c:\windows\system32\dllcache\cache\comctl32.dll
    + 2009-09-03 00:11 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
    + 2009-09-03 00:11 . 2008-04-13 16:39 142592 c:\windows\system32\dllcache\cache\aec.sys
    + 2009-09-03 00:11 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
    + 2009-09-03 00:11 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\cache\ntoskrnl.exe
    + 2009-09-03 00:11 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
    + 2009-09-03 00:11 . 2009-07-19 13:33 3597824 c:\windows\system32\dllcache\cache\mshtml.dll
    + 2009-09-03 00:11 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
    - 2009-01-24 21:45 . 2009-08-31 00:19 3817472 c:\windows\Installer\5ca4d1.msi
    + 2009-01-24 21:45 . 2009-09-05 00:44 3817472 c:\windows\Installer\5ca4d1.msi
    + 2009-09-05 18:00 . 2009-09-05 18:00 1757696 c:\windows\Installer\17459a.msi
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-04 39408]
    "Google Update"="c:\documents and settings\mc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-30 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-13 335872]
    "Acronis*True*Image Monitor"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2008-06-07 471637]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-06-07 65536]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
    "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "Acrobat Assistant 8.0"="e:\program files\Adobe\Acrobat 8 Standard\Acrobat\Acrotray.exe" [2008-10-15 623992]
    "AdobeVersionCue"="e:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-13 1732608]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-05 149280]
    "ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
    "PCTVOICE"="pctspk.exe" - c:\windows\system32\pctspk.exe [2002-07-18 163840]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-24 110592]
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-7-7 282624]
    Microtek Scanner Finder.lnk - c:\program files\Microtek\ScanWizard 5\ScannerFinder.exe [2009-1-5 344064]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "53:TCP"= 53:TCP:webserver

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/20/2003 1:14 PM 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/20/2003 1:14 PM 20560]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [8/28/2009 11:38 PM 38144]
    S2 gupdate1c9c14e60a312e0;Google Update Service (gupdate1c9c14e60a312e0);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2009 8:24 PM 133104]
    S3 SCM488C;SCM Microsystems SCR120 PCMCIA Smart Card Reader;c:\windows\system32\drivers\pscr.sys [5/15/2003 3:13 PM 16128]
    S3 wldel48b;Dell TrueMobile 1150 Series PCCard Driver;c:\windows\system32\drivers\wldel48b.sys [11/24/2008 11:46 AM 171520]
    S4 Usrmic;Usrmic;c:\windows\system32\drivers\ptilink.sys [8/4/2004 8:00 AM 17792]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 00:24]

    2009-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 00:24]

    2009-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1060284298-1957994488-1003Core.job
    - c:\documents and settings\mc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 23:32]

    2009-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1060284298-1957994488-1003UA.job
    - c:\documents and settings\mc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 23:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to existing PDF - e:\program files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - e:\program files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - e:\program files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - e:\program files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - e:\program files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - e:\program files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - e:\program files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - e:\program files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    DPF: Web-Based Email Tools - hxxp://email04.secureserver.net/Download.CAB
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    FF - ProfilePath - c:\documents and settings\mc\Application Data\Mozilla\Firefox\Profiles\j5gsmim8.default\
    FF - plugin: c:\documents and settings\mc\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-09-06 07:36
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-515967899-1060284298-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F862D6E-AF30-1B61-CFCD-1A2EC8579B38}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "oadilggdmaaedbgfhpfchablidkihp"=hex:6a,61,70,69,69,70,6c,6a,6b,66,63,64,66,70,
    69,6d,63,67,63,63,00,f5
    "nabjbglpgjahpoejijcomoolbcin"=hex:6a,61,70,69,69,70,6c,6a,6b,66,63,64,66,70,
    69,6d,63,67,63,63,00,f5

    [HKEY_USERS\S-1-5-21-515967899-1060284298-1957994488-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
    "Name"="ActiveSync"
    "DisplayName"="Microsoft ActiveSync"
    "Param1"="ActiveSync"
    "Type"="wellknown"
    "Order"=dword:00000001
    "State"=dword:0000000b

    [HKEY_USERS\S-1-5-21-515967899-1060284298-1957994488-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
    "Name"="IESettings"
    "Type"="IESettings"
    "Order"=dword:00000004
    "State"=dword:00000003

    [HKEY_USERS\S-1-5-21-515967899-1060284298-1957994488-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
    "Name"="MediaFiles"
    "Type"="MediaFiles"
    "Order"=dword:00000003
    "State"=dword:00000003

    [HKEY_USERS\S-1-5-21-515967899-1060284298-1957994488-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
    "Name"="NPW"
    "Param1"="NPW"
    "Type"="wellknown"
    "Order"=dword:00000002
    "State"=dword:00000007

    [HKEY_USERS\S-1-5-21-515967899-1060284298-1957994488-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\Outlook]
    "Name"="Outlook"
    "DisplayName"="Microsoft Outlook"
    "Param1"="Outlook"
    "Type"="wellknown"
    "Order"=dword:00000000
    "State"=dword:00000020
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(780)
    c:\windows\System32\BCMLogon.dll

    - - - - - - - > 'explorer.exe'(3332)
    c:\windows\system32\WININET.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\wpdshext.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\Audiodev.dll
    c:\windows\system32\WMVCore.DLL
    c:\windows\system32\WMASF.DLL
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\WLTRYSVC.EXE
    c:\windows\system32\BCMWLTRY.EXE
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\windows\system32\scardsvr.exe
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    c:\progra~1\MI3AA1~1\rapimgr.exe
    c:\documents and settings\mc\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    .
    **************************************************************************
    .
    Completion time: 2009-09-06 7:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-09-06 11:42
    ComboFix2.txt 2009-09-03 06:23
    ComboFix3.txt 2009-09-03 00:13

    Pre-Run: 3,295,920,128 bytes free
    Post-Run: 3,269,332,992 bytes free

    319 --- E O F --- 2009-08-30 02:46


    HJT LOG

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:44:30 AM, on 9/6/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\QuickTime\qttask.exe
    E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\Acrotray.exe
    E:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Documents and Settings\mc\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Acronis*True*Image Monitor] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [AdobeVersionCue] E:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\mc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to existing PDF - res://E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8 Standard\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Web-Based Email Tools - http://email04.secureserver.net/Download.CAB
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...0Installer.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/50.13/uploader2.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.evite.com/html/imageUploa...eUploader5.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1055142896196
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1228828719226
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c9c14e60a312e0) (gupdate1c9c14e60a312e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 12702 bytes


    PERFORMANCE

    Appears to be acting normal
    No AVAST warnings
  4. 2009-09-06, 14:53 #14
    Bio-Hazard
    Bio-Hazard is offline
    Emeritus- Malware Team
    Join Date
    Oct 2008
    Location
    Cornwall, UK
    Posts
    592

    Default

    Your log now appears to be clean. Congratulations!

    You can get rid of the tools we used:

    • DDS - (You can just delete the exe file from your desktop)
    • SysProt - (You can just delete the exe file from your desktop)
    • ATF cleaner - (You can just delete the exe file from your desktop)




    Delete ComboFix and Clean Up
    Click Start > Run > type combofix /u > OK (Note the space between combofix and /u)

    Please advise if this step is missed for any reason as it performs some important actions.

    OTC

    Download OTC by Old Timer and save it to your Desktop.


    • Double-click OTC.exe
    • Click the CleanUp! button
    • Select Yes when the Begin cleanup Process? Prompt appears
    • If you are prompted to Reboot during the cleanup, select Yes
    • The tool will delete itself once it finishes, if not delete it by yourself



    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


    General Security and Computer Health
    Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.


    • Make sure that you keep your antivirus updated
      New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
      NOTE: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    • Security Updates for Windows, Internet Explorer & Microsoft Office
      Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
      NOTE: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
    • Update Non-Microsoft Programs
      Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector or F-secure Health Check. I suggest that you run one of them at least once a month.
    • Make Internet Explorer More Secure
      You are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE




    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.


    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
    • SpywareBlaster
      SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.
    • Malwarebytes' Anti-Malware
      Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. Here are two tutorials: Malwarebytes' Anti-Malware Setup Guide and Malwarebytes' Anti-Malware Scanning Guide.
    • Hosts File
      For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
    • Use an alternative Internet Browser
      Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead: Firefox or Opera or Google Chrome



    Here is a great article by miekiemoes How to prevent Malware.

    Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.


    Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.


    I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

    Happy surfing and stay clean!

    Bio-Hazard
    MRU Master of Malware Removal University

    Member of UNITE and ASAP
  5. 2009-09-07, 03:54 #15
    Glennsco
    Glennsco is offline
    Member Glennsco's Avatar
    Join Date
    Jul 2008
    Posts
    35

    Default Thank You!!

    Thank you Bio-Hazard. You guys are the best! All appears to be well and I have no more questions. I will try to be more careful in the future. I love being able to resolve these from the comfort of my home and not having to take it to someone and not have access to it for unknown amounts of time. My donation is on its way!!
  6. 2009-09-07, 23:29 #16
    Bio-Hazard
    Bio-Hazard is offline
    Emeritus- Malware Team
    Join Date
    Oct 2008
    Location
    Cornwall, UK
    Posts
    592

    Default

    Thank you for your kind words and donation.

    Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

    Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
    MRU Master of Malware Removal University

    Member of UNITE and ASAP
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules