malware infected laptop

Status
Not open for further replies.
DrWeb shows Virut, if I had seen signs of this before I would have recommended a reformat.

Please do the following



Download and Run ComboFix
Please delete the copy of ComboFix that you have and download an updated copy from one of the links below

  • ComboFix.exe 1
    ComboFix.exe 2
    ComboFix.exe 3
  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
 
ComboFix, HJT and KAS Logs

ComboFix 09-05-02.4 - Shiva 05/03/2009 10:39.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.325 [GMT 5.5:30]
Running from: c:\documents and settings\Shiva\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - The cat ate it :)
.
((((((((((((((((((((((((( Files Created from 2009-04-03 to 2009-05-03 )))))))))))))))))))))))))))))))
.

2009-05-02 17:28 . 2009-04-06 10:02 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-02 17:28 . 2009-04-06 10:02 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-02 17:28 . 2009-05-02 17:28 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-02 11:55 . 2009-05-02 12:01 -------- d-----w c:\documents and settings\Shiva\DoctorWeb
2009-05-02 11:28 . 2009-05-02 11:28 -------- d-----w C:\_OTMoveIt
2009-04-26 12:36 . 2009-05-03 05:16 85884 ----a-w c:\windows\system32\drivers\glaide32.sys
2009-04-14 10:53 . 2009-04-14 10:53 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-14 10:52 . 2009-04-14 10:52 -------- d-----w c:\program files\Java
2009-04-08 04:06 . 2009-05-02 11:42 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-08 04:06 . 2009-05-02 11:42 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-08 04:06 . 2009-05-02 17:21 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-08 04:05 . 2009-04-08 04:05 -------- d-----w c:\program files\AVG
2009-04-08 04:05 . 2009-04-08 04:05 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-07 15:07 . 2009-04-07 15:09 -------- d-----w c:\program files\VirtualDub-1.8.8
2009-04-07 14:55 . 2009-04-07 14:55 58652 ----a-w c:\program files\AMVapp-uninst.exe
2009-04-07 14:54 . 2009-04-07 14:54 67895 ----a-w c:\program files\Premiere AVS Plugin uninst.exe
2009-04-07 14:42 . 2009-04-07 14:42 -------- d-----w c:\documents and settings\Shiva\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-04-07 14:40 . 2009-04-07 14:40 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-07 14:15 . 2008-06-19 10:54 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-04-07 07:49 . 2009-04-07 14:15 -------- d-----w c:\program files\Panda Security
2009-04-06 06:42 . 2009-04-06 06:42 -------- d-----w c:\documents and settings\Shiva\Local Settings\Application Data\Mozilla
2009-04-05 04:11 . 2009-05-02 15:42 -------- d--h--w C:\$AVG8.VAULT$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 05:13 . 2005-03-17 20:29 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-03 05:08 . 2005-03-17 19:06 182912 ----a-w c:\windows\system32\drivers\ndis.sys
2009-05-02 12:52 . 2005-03-17 22:09 79144 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-02 08:47 . 2005-05-30 23:15 -------- d-----w c:\program files\Quicken
2009-04-30 02:41 . 2008-12-14 08:17 -------- d-----w c:\program files\iTunes
2009-04-27 16:31 . 2008-10-12 13:41 -------- d-----w c:\program files\VideoReDoTVSuite
2009-04-27 16:05 . 2008-08-11 05:20 -------- d-----w c:\program files\DVD Decrypter
2009-04-26 12:36 . 2009-04-26 12:36 0 ----a-w c:\windows\system32\1E.tmp
2009-04-26 12:36 . 2009-04-26 12:35 152064 ----a-w c:\windows\system32\1B.tmp
2009-04-26 12:35 . 2009-04-26 12:35 84 ----a-w c:\windows\system32\17.tmp
2009-04-09 09:57 . 2005-03-17 21:38 -------- d-----w c:\program files\Common Files\Adobe
2009-04-07 14:59 . 2008-04-22 08:49 -------- d-----w c:\program files\AviSynth 2.5
2009-04-07 14:55 . 2008-07-01 12:58 35365 ----a-w c:\windows\system32\uninstHelixYUV.exe
2009-04-07 14:54 . 2008-04-22 08:49 -------- d-----w c:\program files\AMVapp
2009-04-05 05:44 . 2008-12-14 08:15 -------- d-----w c:\program files\QuickTime
2009-04-05 05:37 . 2005-05-30 23:03 -------- d-----w c:\program files\Microsoft Works
2009-04-05 05:25 . 2005-03-17 21:39 -------- d-----w c:\program files\Google
2009-04-05 05:12 . 2006-11-25 04:39 -------- d-----w c:\program files\Apple Software Update
2009-04-05 05:12 . 2005-03-17 12:18 -------- d-----w c:\program files\Apoint
2009-04-05 04:52 . 2006-04-08 16:05 27648 -c--a-w c:\documents and settings\Shiva\g2mdlhlpx.exe
2009-04-05 04:24 . 2009-03-04 14:55 -------- d-----w c:\program files\GordianKnot
2009-03-29 14:15 . 2008-05-01 08:33 -------- d-----w c:\program files\Xvid
2009-03-26 14:51 . 2008-12-14 08:13 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-03-24 04:00 . 2005-05-30 22:50 98304 ----a-w c:\windows\DUMP7213.tmp
2009-03-18 04:11 . 2009-03-12 14:55 -------- d-----w c:\program files\ffdshow
2004-05-08 06:41 . 2004-05-08 06:41 53361 ----a-w c:\program files\Premiere AVS GUI.exe
2004-05-06 21:57 . 2004-05-06 21:57 57344 ----a-w c:\program files\IM-Avisynth.prm
.

((((((((((((((((((((((((((((( SnapShot@2009-04-14_10.28.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-03 05:15 . 2009-05-03 05:15 16384 c:\windows\Temp\Perflib_Perfdata_cc.dat
+ 2005-03-17 20:21 . 2004-08-04 12:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
+ 2009-04-08 04:06 . 2009-05-02 11:42 27784 c:\windows\system32\drivers\avgmfx86.sys
+ 2005-03-17 19:07 . 2004-08-04 12:00 13824 c:\windows\system32\dllcache\wscntfy.exe
+ 2005-03-17 20:22 . 2004-08-04 12:00 73728 c:\windows\system32\dllcache\wmplayer.exe
+ 2005-03-17 19:06 . 2004-08-04 12:00 42496 c:\windows\system32\dllcache\net.exe
+ 2005-03-17 19:05 . 2004-08-04 12:00 2589 c:\windows\I386\RUNW32.BAT
+ 2009-04-14 10:53 . 2009-04-14 10:53 148888 c:\windows\system32\javaws.exe
+ 2009-04-14 10:53 . 2009-04-14 10:53 144792 c:\windows\system32\javaw.exe
+ 2009-04-14 10:53 . 2009-04-14 10:53 144792 c:\windows\system32\java.exe
+ 2005-03-17 12:14 . 2009-05-02 12:46 279744 c:\windows\system32\FNTCACHE.DAT
- 2005-03-17 12:14 . 2009-04-06 17:29 279744 c:\windows\system32\FNTCACHE.DAT
+ 2005-03-17 19:07 . 2004-08-04 12:00 135680 c:\windows\system32\dllcache\taskmgr.exe
+ 2005-03-17 19:06 . 2004-08-04 12:00 514560 c:\windows\system32\dllcache\logonui.exe
- 2007-08-13 13:13 . 2007-12-06 11:01 625664 c:\windows\system32\dllcache\iexplore.exe
+ 2005-03-17 20:22 . 2007-12-06 11:01 625664 c:\windows\system32\dllcache\iexplore.exe
+ 2005-03-17 19:06 . 2004-08-04 12:00 388608 c:\windows\system32\dllcache\cmd.exe
+ 2008-12-14 08:18 . 2009-04-30 02:42 102400 c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe
- 2008-12-14 08:18 . 2008-12-14 08:18 102400 c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-02 1947928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-17 5406720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-02 11:42 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-01-18 20:48 73728 ----a-w c:\windows\system32\VESWinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Shiva^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Shiva\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Shiva^Start Menu^Programs^Startup^Screen Saver Control.lnk]
path=c:\documents and settings\Shiva\Start Menu\Programs\Startup\Screen Saver Control.lnk
backup=c:\windows\pss\Screen Saver Control.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\AxCmd.bin"=
"c:\\Program Files\\DAEMON Tools Lite\\daemon.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Program Files\\Adobe\\Adobe Audition 3.0\\Audition.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R1 ethektiy;ethektiy; [x]
R3 DCamUSBSony4;Sony Visual Communication Camera;c:\windows\system32\DRIVERS\snyucam4.sys [2003-01-17 424127]
R3 DCamUSBSonyA4;Sony USB Microphone;c:\windows\system32\drivers\snyuflt4.sys [2003-01-17 6019]
R3 mlnxfltr;mlnxfltr;c:\windows\system32\drivers\mlnxfltr.sys [2004-07-22 9984]
R3 MultiLINX;MultiLINX;c:\windows\system32\drivers\mltlnx.sys [2004-07-22 11811]
R3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
R3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
R3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
R3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
R3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-05-02 325896]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-05-02 298776]
S2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 3744]
S2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 3904]
S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2003-06-19 71961]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57b64336-239d-11de-8c38-00014a829daa}]
\shell\autorun\command - D:\zoylxz.exe
\shell\explore\command - D:\zoylxz.exe
\shell\open\command - D:\zoylxz.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://gmail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Shiva\Application Data\Mozilla\Firefox\Profiles\g2mddhrr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 10:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\s-1-5-21-1482251334-1830561315-212462575-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b4,6a,23,32,f6,90,d5,4b,23,be,b6,60,9a,05,ec,4d,e6,39,cf,71,06,97,67,
23,fc,7f,e4,9b,63,96,18,d9,71,08,da,36,0b,68,a2,17,48,87,96,27,19,25,17,68,\
"??"=hex:cc,f4,94,dc,38,7e,ce,e1,4d,0b,ff,0c,d9,86,71,4c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(3040)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-03 10:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-03 05:19
ComboFix2.txt 2009-04-14 10:31

Pre-Run: 11,106,656,256 bytes free
Post-Run: 11,105,730,560 bytes free

228 --- E O F --- 2008-01-09 06:04


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:48 AM, on 5/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163548670578
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/...6u13-windows-i586-jc.cab&BHost=javadl.sun.com
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Unknown owner - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Unknown owner - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (file missing)
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (file missing)
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 9907 bytes


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, May 4, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, May 04, 2009 03:41:21
Records in database: 2125641
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
E:\
F:\
R:\

Scan statistics:
Files scanned: 98009
Threat name: 3
Infected objects: 9
Suspicious objects: 0
Duration of the scan: 02:28:15


File name / Threat name / Threats count
C:\Documents and Settings\Shiva\DoctorWeb\Quarantine\A0194214.exe Infected: Packed.Win32.Klone.bj 1
C:\Documents and Settings\Shiva\DoctorWeb\Quarantine\csrcs.exe Infected: Packed.Win32.Klone.bj 1
C:\Documents and Settings\Shiva\DoctorWeb\Quarantine\ientqu.exe Infected: Trojan.Win32.Midgare.uik 1
C:\Documents and Settings\Shiva\DoctorWeb\Quarantine\ientqu_0.exe Infected: Trojan.Win32.Midgare.uik 1
C:\Documents and Settings\Shiva\DoctorWeb\Quarantine\ientqu_1.exe Infected: Trojan.Win32.Midgare.uik 1
C:\Documents and Settings\Shiva\DoctorWeb\Quarantine\zoylxz.exe Infected: Packed.Win32.Klone.bj 1
C:\Documents and Settings\Shiva\DoctorWeb\Quarantine\zoylxz_0.exe Infected: Packed.Win32.Klone.bj 1
C:\Documents and Settings\Shiva\DoctorWeb\Quarantine\zoylxz_1.exe Infected: Packed.Win32.Klone.bj 1
C:\WINDOWS\system32\1B.tmp Infected: Backdoor.Win32.IEbooot.bwg 1

The selected area was scanned.
 
Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window
C:\WINDOWS\system32\1B.tmp
Click Submit/Send File
Please post back, to let me know the results.

If Virustotal is too busy please try Jotti


USBNoRisk

Please download USBNoRisk to your Desktop and run it by double-clicking the program's icon
wait a couple of seconds for initial scan to be done
connect all of the USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds
if there are more USB storage devices to scan, please take a note about the order in which these were connected
after all the devices are scanned, choose "Save log" option from right-click menu on Monitor tab. That will open the log in Notepad. Please copy/paste the log to forum

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
 
Jotti and USBNoRisk Logs

Jotti

File: 1B.tmp
Status: INFECTED/MALWARE
MD5: 81bde83952d78aa31d89954926c70548
Packers detected: -

Scan taken on 04 May 2009 15:48:10 (GMT)
A-Squared Found Trojan.Rlsloupa!IK
AntiVir Found TR/Dropper.Gen
ArcaVir Found nothing
Avast Found Win32:Trojan-gen {Other}
AVG Antivirus Found SpamTool.CSH
BitDefender Found Trojan.Rlsloupa.A
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Backdoor.Win32.IEbooot.bwg
Ikarus Found Trojan.Rlsloupa
Kaspersky Anti-Virus Found Backdoor.Win32.IEbooot.bwg
NOD32 Found a variant of Win32/SpamTool.Rlsloup.NAA
Norman Virus Control Found nothing
Panda Antivirus Found Trj/Downloader.VUF
Quick Heal Found Backdoor.IEbooot.bwg
Sophos Antivirus Found Mal/UnkPack-Fam
VirusBuster Found Backdoor.IEbooot.GG
VBA32 Found Backdoor.Win32.IEbooot.bwg

USBNoRisk 2.1 by bobby

Started at 5/5/2009 8:13:05 AM

Scanning for connected USB Mass storage...
----------------------------------------
========================================

Scanning for other storage...
----------------------------------------
C: {01069794-e8bd-11d9-86cc-806d6172696f}
========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 01069794-e8bd-11d9-86cc-806d6172696f
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 5/5/2009 8:13:43 AM

Scanning for connected USB mass storage...
----------------------------------------
D: {57b64336-239d-11de-8c38-00014a829daa}
Added D:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on D:
----------------------------------------
autorun.inf found on D:
----------------------------------------
File D:\autorun.inf renamed successfully

Content of D:\autorun.inf.blocked
----------------------------------------
;jmRXueBiAvjyhiKXMMQlmSebCmJaLMjqAyRsHaDVthDWrQhrOtMBVUGTWnKaIhnPTcJsTpz
;uPAkDGpYqNmjXlMNNahDfyasAqknEhMJHdltWWMYJUJStEdrerfxIoofbmWLQmwiS
;yBUBBbbdOsgXAlTZkjph
;nWUoZYB
;qPURmQNMrSIHVDIMhFZYKamQRiOqhewjXQQDXUIDIQOBMyE
;uAODxcRonUKcTLDTOHirRKgDmrLUmkUFZJifWNbDJYcfJVsfYSmUtpzYzrBIkiHieOCiYreejjIotRL
;rejwrwmZvKtvQqdiHApJxoKywdQKCIkXCIRlSKyFIDFkLIiombqtjkfdlzkqSloFZazaAOTGaG
;LHYB
;45F27A231FB2BAE1D86A005C0833BEDD8F8F0E9EB727D2C7BFC81571
;FYKsRxzxefgc
;RjMUmaVBxfYIBiIOdCkYKUESPgCRMvHtAYAcPkREiHHmWxWBlklKBlYmyFYXRpkcKNRnjymKliolE
;yqthjQmfDd
[AutoRun]
open=zoylxz.exe
;VdBGHhIecHAqtzkStaWgdHvODksI
;YeRssKyPobfYbuKLOFtjxtjVmazPcnrBtMJPZQhmqlyqVxpunf
;WqrRVLLxsDXOxLCdbgnupno
;OSGqFimi
;AabKoQrSJOHKVNgbrwzYzZandZiHynyELDqyzrqIqTjtvymmBxTOIwhzJCoZlQxUYiTgpSp
Icon=%system%\shell32.dll,7
;uMdsmcBLWQWCMELqZSrbMAOUmbSMcSouSRGVtHExEMJSIaNsgwGEcTC
UseAutoPlay=1
action=Open Drive
action= @zoylxz.exe
;IrRMggpZ
shell\open\Command=zoylxz.exe
;ZNzVmSJczGHGfjkzBdTpvJxIGFlO
shell\open\Default=1
;ggrObObaUPmgRZjevzHvMxYdiDwsRiMPBBqyFYyZLmklpbrtJUNHjEMV
;iWnrYPCxkISXOQ
shell\explore\Command=zoylxz.exe
;RzPGNVyYPYFqXvJjUr
----------------------------------------

Files referenced from D:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

Sanitized mountpoint for 57b64336-239d-11de-8c38-00014a829daa
----------------------------------------

No Desktop.ini files found on D:
----------------------------------------

No mimics found on drive D:
========================================

========================================
Removed D:
========================================


New device connected at 5/5/2009 8:15:59 AM

Scanning for connected USB mass storage...
----------------------------------------
S: {ea9c8f29-e84a-11dc-898e-00014a829daa}
Added S:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on S:
----------------------------------------
No Autorun.inf files found on S:
No mountpoint found for ea9c8f29-e84a-11dc-898e-00014a829daa
----------------------------------------

No Desktop.ini files found on S:
----------------------------------------

No mimics found on drive S:
========================================

========================================

========================================
========================================

========================================
========================================
Removed S:
========================================
 
I think you got very lucky !!!

How are things running now ?


OTMoveIt
  • Double-click OTMoveIt3.exe to run it.
  • Copy the lines in the codebox below. ( Make sure you include :Processes )
Code: 
:Processes
:Files
C:\Documents and Settings\Shiva\DoctorWeb\Quarantine
C:\WINDOWS\system32\1B.tmp
:Commands
  • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • - Close ALL open windows (especially Internet Explorer!)-
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
 
OTMoveIt Logs

========== PROCESSES ==========
========== FILES ==========
C:\Documents and Settings\Shiva\DoctorWeb\Quarantine moved successfully.
C:\WINDOWS\system32\1B.tmp moved successfully.
========== COMMANDS ==========

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05062009_081819
 
yukukuhi said:
And which firewall should i use for an 512 MB Ram.
Click to expand...

To be honest, I prefer not to recommend Firewalls, usefulness versus ease of use makes them a rather personal choice.


Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up

Please delete RSIT.exe and C:\RSIT (entire folder)
You can also delete any logs we have produced, and empty your Recycle bin.


Uninstall Combofix
  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • (XP) Click START then RUN
  • (Vista) Click START, type RUN into the search box, then click Enter
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    • CF_Cleanup.png

Uninstall OTMoveIt
  • Open OTMoveIt Click Cleanup,
  • When a box pops up click YES.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

  • AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

  • These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers

  • Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

  • Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
 
Status
Not open for further replies.
Back
Top