Possible Virtumonde... My logs.

E

ebedgert

New member
I think my mom picked up a Virtumonde infection on Wednesday. SpyBot removed a great deal of bad stuff but Virtumonde keeps showing up. SpyBot also couldn't remove something called Command Service, although I understand, that may be a false positive.

Here are my logs.

Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:56 PM, on 9/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Internet Explorer\horymyze22011.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\VSTASCAN\vsaccess.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\lntnhncc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


Kaspersky Log in next post.
 
kaspersky log - first half

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, September 14, 2007 10:17:49 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 15/09/2007
Kaspersky Anti-Virus database records: 418721
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 85745
Number of viruses found: 51
Number of infected objects: 103
Number of suspicious objects: 11
Duration of the scan process: 02:44:56

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.3/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Barbara\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Barbara\Application Data\Microsoft\Windows\jxhytuy.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\Documents and Settings\Barbara\Application Data\Mozilla\Profiles\default\edrzvixr.slt\Mail\pop-server.twcny.rr.com\eBay/[From Jennifer Edgerton <jedgert2@twcny.rr.com>][Date Thu, 04 Mar 2004 06:23:15 -0500]/UNNAMED/[From Nicole Paciello <nicolepaciello@yahoo.com>][Date Fri, 23 Jul 2004 12:49:30 -0700 (PDT)]/UNNAMED/[From PayPal <paypal@email.paypal.com>][Date Sun, 26 Jun 2005 11:39:39 -0700 (PDT)]/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Barbara\Application Data\Mozilla\Profiles\default\edrzvixr.slt\Mail\pop-server.twcny.rr.com\eBay/[From Jennifer Edgerton <jedgert2@twcny.rr.com>][Date Thu, 04 Mar 2004 06:23:15 -0500]/UNNAMED/[From Nicole Paciello <nicolepaciello@yahoo.com>][Date Fri, 23 Jul 2004 12:49:30 -0700 (PDT)]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Barbara\Application Data\Mozilla\Profiles\default\edrzvixr.slt\Mail\pop-server.twcny.rr.com\eBay/[From Jennifer Edgerton <jedgert2@twcny.rr.com>][Date Thu, 04 Mar 2004 06:23:15 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Barbara\Application Data\Mozilla\Profiles\default\edrzvixr.slt\Mail\pop-server.twcny.rr.com\eBay Mail Berkeley mbox: infected - 3 skipped
C:\Documents and Settings\Barbara\Application Data\Mozilla\Profiles\default\edrzvixr.slt\Mail\pop-server.twcny.rr.com\Inbox/[From listingconfirm@ebay.com][Date Sun, 22 Feb 2004 20:50:47 -0800]/UNNAMED/[From endofauction@ebay.com][Date Mon, 23 Feb 2004 09:32:40 -0800]/UNNAMED/[From Melanie A Nelson <mnelson@wlgore.com>][Date Mon, 23 Feb 2004 12:39:21 -0700]/text/[From fsullivan4824@wideopenwest.com][Date Mon, 23 Feb 2004 16:02:10 -0800 (PST)]/text/[From Barbara Edgerton <bedgerto@twcny.rr.com>][Date Mon, 23 Feb 2004 19:10:25 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Barbara\Application Data\Mozilla\Profiles\default\edrzvixr.slt\Mail\pop-server.twcny.rr.com\Inbox/[From listingconfirm@ebay.com][Date Sun, 22 Feb 2004 20:50:47 -0800]/UNNAMED/[From endofauction@ebay.com][Date Mon, 23 Feb 2004 09:32:40 -0800]/UNNAMED/[From Melanie A Nelson <mnelson@wlgore.com>][Date Mon, 23 Feb 2004 12:39:21 -0700]/text/[From fsullivan4824@wideopenwest.com][Date Mon, 23 Feb 2004 16:02:10 -0800 (PST)]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Barbara\Application Data\Mozilla\Profiles\default\edrzvixr.slt\Mail\pop-server.twcny.rr.com\Inbox/[From listingconfirm@ebay.com][Date Sun, 22 Feb 2004 20:50:47 -0800]/UNNAMED/[From endofauction@ebay.com][Date Mon, 23 Feb 2004 09:32:40 -0800]/UNNAMED/[From Melanie A Nelson <mnelson@wlgore.com>][Date Mon, 23 Feb 2004 12:39:21 -0700]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Barbara\Application Data\Mozilla\Profiles\default\edrzvixr.slt\Mail\pop-server.twcny.rr.com\Inbox/[From listingconfirm@ebay.com][Date Sun, 22 Feb 2004 20:50:47 -0800]/UNNAMED/[From endofauction@ebay.com][Date Mon, 23 Feb 2004 09:32:40 -0800]/UNNAMED/[From Aaron Brown <mailings@mail.cnn.com>][Date Fri, 27 Feb 2004 19:17:05 -0500]/text/[From Postmaster <postprogram@rocketmail.net>][Date Mon, 01 Mar 2004 10:23:35 -0500 (EST)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Barbara\Application Data\Mozilla\Profiles\default\edrzvixr.slt\Mail\pop-server.twcny.rr.com\Inbox/[From listingconfirm@ebay.com][Date Sun, 22 Feb 2004 20:50:47 -0800]/UNNAMED/[From endofauction@ebay.com][Date Mon, 23 Feb 2004 09:32:40 -0800]/UNNAMED/[From Aaron Brown <mailings@mail.cnn.com>][Date Fri, 27 Feb 2004 19:17:05 -0500]/text/[From Postmaster <postprogram@rocketmail.net>][Date Mon, 01 Mar 2004 10:23:35 -0500 (EST)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Barbara\Application Data\Mozilla\Profiles\default\edrzvixr.slt\Mail\pop-server.twcny.rr.com\Inbox/[From listingconfirm@ebay.com][Date Sun, 22 Feb 2004 20:50:47 -0800]/UNNAMED/[From endofauction@ebay.com][Date Mon, 23 Feb 2004 09:32:40 -0800]/UNNAMED/[From Aaron Brown <mailings@mail.cnn.com>][Date Fri, 27 Feb 2004 19:17:05 -0500]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Barbara\Application Data\Mozilla\Profiles\default\edrzvixr.slt\Mail\pop-server.twcny.rr.com\Inbox/[From listingconfirm@ebay.com][Date Sun, 22 Feb 2004 20:50:47 -0800]/UNNAMED/[From endofauction@ebay.com][Date Mon, 23 Feb 2004 09:32:40 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Barbara\Application Data\Mozilla\Profiles\default\edrzvixr.slt\Mail\pop-server.twcny.rr.com\Inbox/[From listingconfirm@ebay.com][Date Sun, 22 Feb 2004 20:50:47 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Barbara\Application Data\Mozilla\Profiles\default\edrzvixr.slt\Mail\pop-server.twcny.rr.com\Inbox Mail Berkeley mbox: suspicious - 8 skipped
C:\Documents and Settings\Barbara\Application Data\Mozilla\Profiles\default\edrzvixr.slt\parent.lock Object is locked skipped
C:\Documents and Settings\Barbara\Application Data\WinTouch\WTUninstaller.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\Documents and Settings\Barbara\Cookies\INDEX.DAT Object is locked skipped


(second half follows)
 
kaspersky log - second half

C:\Documents and Settings\Barbara\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\History\History.IE5\MSHist012007091420070915\index.dat Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Temp\ICD1.tmp\UDC6_0001_D19M1908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.m skipped
C:\Documents and Settings\Barbara\Local Settings\Temp\snapsnet.exe/data0005 Infected: Trojan-Downloader.Win32.VB.bgd skipped
C:\Documents and Settings\Barbara\Local Settings\Temp\snapsnet.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Barbara\Local Settings\Temp\temp.fr25F8\istsvc.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Documents and Settings\Barbara\Local Settings\Temp\temp.frB3F7 Infected: not-a-virus:AdWare.Win32.180Solutions.j skipped
C:\Documents and Settings\Barbara\Local Settings\Temp\thinksnet.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\Documents and Settings\Barbara\Local Settings\Temp\WinAntiSpyware2007Setup.exe/file03 Infected: Trojan-Downloader.Win32.Agent.dhj skipped
C:\Documents and Settings\Barbara\Local Settings\Temp\WinAntiSpyware2007Setup.exe/file05/file2 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Documents and Settings\Barbara\Local Settings\Temp\WinAntiSpyware2007Setup.exe/file05 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Documents and Settings\Barbara\Local Settings\Temp\WinAntiSpyware2007Setup.exe/file26 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Documents and Settings\Barbara\Local Settings\Temp\WinAntiSpyware2007Setup.exe/file39 Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\Documents and Settings\Barbara\Local Settings\Temp\WinAntiSpyware2007Setup.exe Inno: infected - 5 skipped
C:\Documents and Settings\Barbara\Local Settings\Temp\winaspsnet.exe Infected: not-a-virus:Downloader.Win32.WinFixer.w skipped
C:\Documents and Settings\Barbara\Local Settings\Temp\~DF5FFD.tmp Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Temp\~DFB264.tmp Object is locked skipped
C:\Documents and Settings\Barbara\Local Settings\Temporary Internet Files\Content.IE5\HJ0N84II\a8f5a020e4b833865a1034489887c8b9[1].zip/b122.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\Documents and Settings\Barbara\Local Settings\Temporary Internet Files\Content.IE5\HJ0N84II\a8f5a020e4b833865a1034489887c8b9[1].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Barbara\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Barbara\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Barbara\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ellen\Local Settings\Temp\iinstall.exe Infected: Trojan-Downloader.Win32.IstBar.lz skipped
C:\Documents and Settings\Ellen\Local Settings\Temp\res3E.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.g skipped
C:\Documents and Settings\Ellen\Local Settings\Temp\ysb.dll Infected: Trojan-Downloader.Win32.IstBar.ms skipped
C:\Documents and Settings\Ellen\Local Settings\Temp\~apropos0\CxtPls.exe Infected: Trojan-Downloader.Win32.Apropo.x skipped
C:\Documents and Settings\Ellen\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\ysa[1].chm/ysb_regular.cab/ysbactivex.dll Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Documents and Settings\Ellen\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\ysa[1].chm/ysb_regular.cab Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Documents and Settings\Ellen\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\ysa[1].chm CHM: infected - 2 skipped
C:\Documents and Settings\Ellen\Local Settings\Temporary Internet Files\Content.IE5\8TKHM3OX\ysb_regular[1].cab/ysbactivex.dll Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Documents and Settings\Ellen\Local Settings\Temporary Internet Files\Content.IE5\8TKHM3OX\ysb_regular[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Ellen\Local Settings\Temporary Internet Files\Content.IE5\AT0BUDU5\istrecover[1].exe Infected: Trojan-Downloader.Win32.IstBar.ij skipped
C:\Documents and Settings\Ellen\Local Settings\Temporary Internet Files\Content.IE5\IFQ7EPMN\istsvc[1].exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Documents and Settings\Ellen\Local Settings\Temporary Internet Files\Content.IE5\KXI30HYN\joysaver[1].cab/mm81.ocx Infected: Trojan-Downloader.Win32.VB.ov skipped
C:\Documents and Settings\Ellen\Local Settings\Temporary Internet Files\Content.IE5\KXI30HYN\joysaver[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Ellen\Local Settings\Temporary Internet Files\Content.IE5\XCKFPX41\lca[1].chm/bridge-c18.cab/MediaPassX.dll Infected: not-a-virus:AdWare.Win32.WinAD.w skipped
C:\Documents and Settings\Ellen\Local Settings\Temporary Internet Files\Content.IE5\XCKFPX41\lca[1].chm/bridge-c18.cab Infected: not-a-virus:AdWare.Win32.WinAD.w skipped
C:\Documents and Settings\Ellen\Local Settings\Temporary Internet Files\Content.IE5\XCKFPX41\lca[1].chm CHM: infected - 2 skipped
C:\Documents and Settings\Ellen\Local Settings\Temporary Internet Files\Content.IE5\ZJLBZ14W\mma[1].chm/joysaver.cab/mm81.ocx Infected: Trojan-Downloader.Win32.VB.ov skipped
C:\Documents and Settings\Ellen\Local Settings\Temporary Internet Files\Content.IE5\ZJLBZ14W\mma[1].chm/joysaver.cab Infected: Trojan-Downloader.Win32.VB.ov skipped
C:\Documents and Settings\Ellen\Local Settings\Temporary Internet Files\Content.IE5\ZJLBZ14W\mma[1].chm CHM: infected - 2 skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Aprps\ace.dll Infected: Trojan.Win32.Crypt.t skipped
C:\Program Files\Aprps\CxtPls.dll Infected: Trojan-Downloader.Win32.Apropo.ad skipped
C:\Program Files\Aprps\CxtPls.exe Infected: Trojan-Downloader.Win32.Apropo.ag skipped
C:\Program Files\Aprps\libexpat.dll Infected: Trojan.Win32.Crypt.t skipped
C:\Program Files\Aprps\plg0\cxtpls.dll Infected: Trojan-Downloader.Win32.Apropo.ag skipped
C:\Program Files\Aprps\ProxyStub.dll Infected: Trojan.Win32.Crypt.t skipped
C:\Program Files\Aprps\pstub0\proxystub.dll Infected: Trojan.Win32.Crypt.t skipped
C:\Program Files\Aprps\uninstaller.exe Infected: Trojan.Win32.Crypt.t skipped
C:\Program Files\Aprps\WinGenerics.dll Infected: Trojan.Win32.Crypt.t skipped
C:\Program Files\Internet Explorer\horymyze22011.exe Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\Program Files\Media Pass\MediaPassC.dll Infected: not-a-virus:AdWare.Win32.WinAD.af skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\385E7D79/counter.exe Infected: Trojan-Dropper.Win32.Agent.az skipped
C:\Program Files\Norton AntiVirus\Quarantine\385E7D79 CAB: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\385E7D79 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4B7323CD Infected: Email-Worm.Win32.Sober.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\5EF830AE Infected: Trojan-Downloader.Win32.Agent.am skipped
C:\Program Files\Norton AntiVirus\Quarantine\628C6655 Infected: Trojan-Downloader.Win32.Agent.gg skipped
C:\Program Files\Outerinfo\OiUninstaller.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\Program Files\Outerinfo\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\Outerinfo\OiUninstaller.exe NSIS: infected - 2 skipped
C:\Program Files\WinAble\UnInstall.exe Infected: Trojan.Win32.Small.oa skipped
C:\Program Files\WinAble\winable.exe Infected: Trojan-Downloader.Win32.Adload.lj skipped
C:\Program Files\Words\Words.exe Infected: not-a-virus:AdWare.Win32.Agent.dn skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1170\A0078630.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1171\A0079642.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1171\A0079659.exe/file2 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1171\A0079659.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1171\A0079661.exe Infected: Trojan-Downloader.Win32.Agent.dhj skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1171\A0079680.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1171\A0079705.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1171\A0079729.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1171\A0079746.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1171\A0079751.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1171\A0079752.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1171\A0079753.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1171\A0079756.exe Infected: Trojan-Downloader.Win32.Agent.djj skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1171\A0079757.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1171\A0079817.exe Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1172\change.log Object is locked skipped
C:\WINDOWS\b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\WINDOWS\b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b104.exe NSIS: infected - 3 skipped
C:\WINDOWS\b122.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\WINDOWS\b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\MediaPassX.dll Infected: not-a-virus:AdWare.Win32.WinAD.w skipped
C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.m skipped
C:\WINDOWS\ffrg.exe Infected: Backdoor.Win32.Agent.bg skipped
C:\WINDOWS\QmFyYmFyYSA\asappsrv.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\QmFyYmFyYSA\command.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\abeubxlx.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\SYSTEM32\bomwsjan.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\SYSTEM32\capcon\son22011.exe/data0004 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\WINDOWS\SYSTEM32\capcon\son22011.exe NSIS: infected - 1 skipped
C:\WINDOWS\SYSTEM32\cf2\mac33p.exe Infected: Trojan-Downloader.Win32.Small.fox skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\dbl22\mano2cep.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\WINDOWS\SYSTEM32\f02WtR\f02WtR1065.exe Infected: Trojan-Downloader.Win32.VB.bgd skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\kaajf4nk.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\SYSTEM32\kjberup.exe Infected: Backdoor.Win32.Agent.bg skipped
C:\WINDOWS\SYSTEM32\nnnnopm.dll_old Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\SYSTEM32\pusherman.exe Infected: Trojan-Dropper.Win32.Agent.cj skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\Міcrosoft\ѕνchost.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped
C:\WINDOWS\tk58.exe Infected: Trojan.Win32.BHO.ab skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\ѕystem32\tracert.exe Infected: Trojan-Downloader.Win32.PurityScan.dx skipped

Scan process completed.
 
Hi

Your hjt log is only partial. Could you post a complete one?
 
sorry - full log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:56 PM, on 9/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Internet Explorer\horymyze22011.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\VSTASCAN\vsaccess.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\lntnhncc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.catster.com/pet_page.php?i=57025&j=t"); (C:\Documents and Settings\BARBARA\Application Data\Mozilla\Profiles\default\edrzvixr.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\BARBARA\Application Data\Mozilla\Profiles\default\edrzvixr.slt\prefs.js)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [hoadgbw] C:\WINDOWS\kjberup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [{27-74-43-3A-ZN}] C:\Documents and Settings\Barbara\Local Settings\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [horymyze] C:\Program Files\Internet Explorer\horymyze22011.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\System32\ifcacmfk.dll",forkonce
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.3\webbuying.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Barbara\Local Settings\Temp\thinksnet.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/065514a43cd61c289418/netzip/RdxIE601.cab
O16 - DPF: {E10C53CE-D6AF-11D5-98F2-005004054266} (eGPS Class) - http://www.lostoutdoors.com/controls/eGPS.ocx
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\lntnhncc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9136 bytes
 
Hi

Rename HijackThis.exe file-> something.exe and post a fresh hjt log. Renaming must be done to make hidden malware entries visible.
 
Sorry, I must have missed that part in the instructions.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:27 PM, on 9/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Internet Explorer\horymyze22011.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\VSTASCAN\vsaccess.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\WINDOWS\System32\tbvqmoba.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\something.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.catster.com/pet_page.php?i=57025&j=t"); (C:\Documents and Settings\BARBARA\Application Data\Mozilla\Profiles\default\edrzvixr.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\BARBARA\Application Data\Mozilla\Profiles\default\edrzvixr.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {28B4371F-ABC8-4625-83A7-8CAF03EEDAE6} - C:\WINDOWS\System32\mljgd.dll
O2 - BHO: (no name) - {521EDC2D-E05A-4EB6-9E1B-B1CCBB9C7FC0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {b14037d8-b112-412c-9b77-60bd2af8d2ba} - C:\WINDOWS\System32\twwnitx.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\System32\cbcmoxyn.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\nnnnopm.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [hoadgbw] C:\WINDOWS\kjberup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [{27-74-43-3A-ZN}] C:\Documents and Settings\Barbara\Local Settings\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [horymyze] C:\Program Files\Internet Explorer\horymyze22011.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\System32\ifcacmfk.dll",forkonce
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.3\webbuying.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Barbara\Local Settings\Temp\thinksnet.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/065514a43cd61c289418/netzip/RdxIE601.cab
O16 - DPF: {E10C53CE-D6AF-11D5-98F2-005004054266} (eGPS Class) - http://www.lostoutdoors.com/controls/eGPS.ocx
O20 - Winlogon Notify: mljgd - C:\WINDOWS\System32\mljgd.dll
O20 - Winlogon Notify: nnnnopm - nnnnopm.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10324 bytes
 
Hi

1. Download this file -
combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your
next reply with a fresh hjt log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause
it to stall
 
ComboFix log:

ComboFix 07-09-18.4 - "Barbara" 2007-09-19 19:27:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.46 [GMT -4:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\Barbara\APPLIC~1\WinTouch
C:\DOCUME~1\Barbara\APPLIC~1\WinTouch\wintouch.cfg
C:\DOCUME~1\Barbara\APPLIC~1\WinTouch\WinTouch.exe
C:\DOCUME~1\Barbara\APPLIC~1\WinTouch\WTUninstaller.exe
C:\DOCUME~1\Barbara\err.log
C:\DOCUME~1\Barbara\STARTM~1\Programs\Outerinfo
C:\DOCUME~1\Barbara\STARTM~1\Programs\Outerinfo\Terms.lnk
C:\DOCUME~1\Barbara\STARTM~1\Programs\Outerinfo\Uninstall.lnk
C:\DOCUME~1\Barbara\STARTM~1\Programs\Startup.\TA_Start.lnk
C:\DOCUME~1\Barbara\STARTM~1\Programs\Startup\ta_start.lnk
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\b103.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\DOWNLO~1\UDC6_0001_D19M1908NetInstaller.exe
C:\WINDOWS\system32\abeubxlx.exe
C:\WINDOWS\SYSTEM32\aetujyeu.ini
C:\WINDOWS\SYSTEM32\bokwrnuv.ini
C:\WINDOWS\system32\bomwsjan.exe
C:\WINDOWS\system32\cbcmoxyn.dll
C:\WINDOWS\system32\crosof~1
C:\WINDOWS\system32\crosof~1\??chost.exe
C:\WINDOWS\SYSTEM32\dgjlm.bak1
C:\WINDOWS\SYSTEM32\dgjlm.bak2
C:\WINDOWS\SYSTEM32\dgjlm.ini
C:\WINDOWS\SYSTEM32\dgjlm.ini2
C:\WINDOWS\SYSTEM32\dgjlm.tmp
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\egqaylwy.dll
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\SYSTEM32\fpbofbsv.ini
C:\WINDOWS\system32\iqggnoxy.dll
C:\WINDOWS\SYSTEM32\iuoaqlgt.ini
C:\WINDOWS\system32\lntnhncc.exe
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\saalvhee.exe
C:\WINDOWS\system32\tbvqmoba.exe
C:\WINDOWS\system32\tglqaoui.dll
C:\WINDOWS\system32\twwnitx.dll
C:\WINDOWS\system32\ueyjutea.dll
C:\WINDOWS\system32\uhxsgwel.exe
C:\WINDOWS\system32\V1
C:\WINDOWS\system32\vsbfobpf.dll
C:\WINDOWS\system32\vunrwkob.dll
C:\WINDOWS\system32\wnstssv.exe
C:\WINDOWS\system32\xqefykpb.exe
C:\WINDOWS\system32\yilqrtu.dll
C:\WINDOWS\SYSTEM32\ywlyaqge.ini
C:\WINDOWS\SYSTEM32\yxonggqi.ini
C:\WINDOWS\tk58.exe
C:\WINDOWS\ystem3~1
C:\WINDOWS\ystem3~1\?ystem32\
C:\WINDOWS\ystem3~1\tracert.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2007-08-19 to 2007-09-19 )))))))))))))))))))))))))))))))
.

2007-09-19 19:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-15 13:57 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-15 07:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-09-15 07:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-09-15 07:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2007-09-15 07:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
2007-09-15 07:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Gtek
2007-09-14 19:18 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-09-14 19:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-13 19:35 <DIR> d-------- C:\Program Files\RogueRemover PRO
2007-09-13 16:56 <DIR> d-------- C:\Program Files\Words
2007-09-13 16:51 <DIR> d-------- C:\Program Files\Insider
2007-09-13 16:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-12 13:38 109,600 --a------ C:\WINDOWS\SYSTEM32\sptll.dll
2007-09-12 10:58 <DIR> d-------- C:\Program Files\WinAble
2007-09-12 10:54 <DIR> d--hs---- C:\WINDOWS\QmFyYmFyYSA
2007-09-12 10:54 <DIR> d-------- C:\WINDOWS\SYSTEM32\dbl22
2007-09-12 10:54 <DIR> d-------- C:\WINDOWS\SYSTEM32\cf2
2007-09-12 10:54 <DIR> d-------- C:\WINDOWS\SYSTEM32\capcon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-19 19:47 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-13 19:35 2014 -rah----- C:\WINDOWS\system32\drivers\hosts
2007-09-13 09:03 --------- d-------- C:\Program Files\Symantec
2007-08-05 16:25 --------- d-------- C:\DOCUME~1\Barbara\APPLIC~1\HP
2007-08-05 16:16 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-05 16:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-08-05 16:15 --------- d-------- C:\Program Files\Common Files\HP
2007-08-05 16:12 --------- d-------- C:\Program Files\HP
2007-08-05 16:12 --------- d-------- C:\Program Files\Hewlett-Packard
2007-08-05 16:11 --------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-08-05 16:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-07-22 14:17 --------- d-------- C:\Program Files\Nortel Networks
2006-04-22 20:21 2338 --a------ C:\Program Files\uninstal.log
2006-02-19 03:28 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
2005-08-02 20:46:54 187,904 --sha-r C:\WINDOWS\QmFyYmFyYSA\asappsrv.dll
2005-08-02 20:58:38 293,888 --sha-r C:\WINDOWS\QmFyYmFyYSA\command.exe
2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\QmFyYmFyYSA\kAIVsAIVsmE.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{521EDC2D-E05A-4EB6-9E1B-B1CCBB9C7FC0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 02:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 02:07]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 03:04]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 03:01]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 21:47]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-12-02 16:11]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-12-02 16:11]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 12:05]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-10-06 12:05]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-06 00:08]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-12 20:50]
"hoadgbw"="C:\WINDOWS\kjberup.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-09 19:44]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-03-01 14:53]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-18 14:54]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"{27-74-43-3A-ZN}"="C:\Documents and Settings\Barbara\Local Settings\Temp\thinksnet.exe" [2007-09-12 10:53]
"horymyze"="C:\Program Files\Internet Explorer\horymyze22011.exe" [2007-08-07 16:30]
"IST Service"="C:\Program Files\ISTsvc\istsvc.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 17:08]
"Mozilla Quick Launch"="C:\Program Files\Netscape\Netscape\Netscp.exe" [2003-06-24 13:09]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 14:00]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 08:51]
"Insider"="C:\Program Files\Insider\Insider.exe" [2007-09-13 16:51]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"RogueMonitor"="C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe" [2007-09-09 15:36]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 11:00:00]

C:\DOCUME~1\Barbara\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 11:00:00]
Script execution time was exceeded on script "C:\ComboFix\lnkread.vbs".
Script execution was terminated.

C:\DOCUME~1\Ellen\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 11:00:00]
PowerReg Scheduler V3.exe [2004-09-30 19:24:04]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 11:00:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnopm]
nnnnopm.dll

S1 AEC671X;AEC671X;C:\WINDOWS\System32\drivers\AEC671X.SYS
S1 DMX3191;DMX3191;C:\WINDOWS\System32\drivers\DMX3191.SYS
S1 UMAXIS11;UMAXIS11;C:\WINDOWS\System32\drivers\UMAXIS11.SYS
S2 UDNT;UDNT;C:\WINDOWS\System32\drivers\UDNT.sys
S2 UMAXDRV;UMAXDRV;C:\WINDOWS\System32\drivers\UMAXDRV.sys
S2 UMAXPCLS;Print Port Scanner Driver;C:\WINDOWS\System32\DRIVERS\umaxpcls.sys
S3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\System32\DRIVERS\ipsecw2k.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 00:03:47 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exe
"2007-09-19 20:29:18 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-19 19:46:25
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-19 19:52:26 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-19 19:51
.
--- E O F ---


HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:34 PM, on 9/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\CMD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\VSTASCAN\vsaccess.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Trend Micro\HijackThis\something.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.catster.com/pet_page.php?i=57025&j=t"); (C:\Documents and Settings\BARBARA\Application Data\Mozilla\Profiles\default\edrzvixr.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\BARBARA\Application Data\Mozilla\Profiles\default\edrzvixr.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2856EBF6-47B3-4CBD-AAEA-B4DFA17E1A3C} - (no file)
O2 - BHO: (no name) - {521EDC2D-E05A-4EB6-9E1B-B1CCBB9C7FC0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {b14037d8-b112-412c-9b77-60bd2af8d2ba} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [hoadgbw] C:\WINDOWS\kjberup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [{27-74-43-3A-ZN}] C:\Documents and Settings\Barbara\Local Settings\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [horymyze] C:\Program Files\Internet Explorer\horymyze22011.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Barbara\Local Settings\Temp\thinksnet.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/065514a43cd61c289418/netzip/RdxIE601.cab
O16 - DPF: {E10C53CE-D6AF-11D5-98F2-005004054266} (eGPS Class) - http://www.lostoutdoors.com/controls/eGPS.ocx
O20 - Winlogon Notify: nnnnopm - nnnnopm.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9466 bytes
 
Hi


Disable Spybot's TeaTimer to make sure it won't interfere fixing.
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
     and OK any prompts.
  • Restart your computer


Start hjt, click do a system scan only, check:
02 - BHO: (no name) - {2856EBF6-47B3-4CBD-AAEA-B4DFA17E1A3C} - (no file)
O2 - BHO: (no name) - {521EDC2D-E05A-4EB6-9E1B-B1CCBB9C7FC0} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {b14037d8-b112-412c-9b77-60bd2af8d2ba} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hoadgbw] C:\WINDOWS\kjberup.exe
O4 - HKLM\..\Run: [{27-74-43-3A-ZN}] C:\Documents and Settings\Barbara\Local Settings\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [horymyze] C:\Program Files\Internet Explorer\horymyze22011.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Barbara\Local Settings\Temp\thinksnet.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/065514a4...p/RdxIE601.cab
O20 - Winlogon Notify: nnnnopm - nnnnopm.dll (file missing)

Close browsers and other windows. Click fix checked.

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\WINDOWS\SYSTEM32\sptll.dll
C:\Documents and Settings\Barbara\Local Settings\Temp\thinksnet.exe
C:\Program Files\Internet Explorer\horymyze22011.exe
c:\windows\system32\nnnnopm.dll

Folder::
C:\Program Files\WinAble
C:\WINDOWS\QmFyYmFyYSA
C:\WINDOWS\SYSTEM32\dbl22
C:\WINDOWS\SYSTEM32\cf2
C:\WINDOWS\SYSTEM32\capcon


Save this as
CFScript


CFScript.gif


Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & a fresh hjt log.
 
Thank you. My new logs:

ComboFix log

ComboFix 07-09-18.4 - "Barbara" 2007-09-21 19:17:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.53 [GMT -4:00]
* Created a new restore point

FILE::
C:\WINDOWS\SYSTEM32\sptll.dll
C:\Documents and Settings\Barbara\Local Settings\Temp\thinksnet.exe
C:\Program Files\Internet Explorer\horymyze22011.exe
c:\windows\system32\nnnnopm.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Internet Explorer\horymyze22011.exe
C:\Program Files\WinAble
C:\Program Files\WinAble\UnInstall.exe
C:\Program Files\WinAble\winable.exe
C:\WINDOWS\QmFyYmFyYSA
C:\WINDOWS\QmFyYmFyYSA\asappsrv.dll
C:\WINDOWS\QmFyYmFyYSA\command.exe
C:\WINDOWS\QmFyYmFyYSA\kAIVsAIVsmE.vbs
C:\WINDOWS\SYSTEM32\capcon
C:\WINDOWS\SYSTEM32\capcon\son22011.exe
C:\WINDOWS\SYSTEM32\cf2
C:\WINDOWS\SYSTEM32\cf2\mac33p.exe
C:\WINDOWS\SYSTEM32\dbl22
C:\WINDOWS\SYSTEM32\dbl22\mano2cep.exe
C:\WINDOWS\SYSTEM32\sptll.dll
C:\WINDOWS\tk58.exe

.
((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.

2007-09-19 19:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-15 13:57 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-15 07:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-09-15 07:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-09-15 07:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2007-09-15 07:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
2007-09-15 07:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Gtek
2007-09-14 19:18 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-09-14 19:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-13 19:35 <DIR> d-------- C:\Program Files\RogueRemover PRO
2007-09-13 16:56 <DIR> d-------- C:\Program Files\Words
2007-09-13 16:51 <DIR> d-------- C:\Program Files\Insider
2007-09-13 16:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-21 19:26 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-19 20:03 --------- d-------- C:\Program Files\Western Civilisation
2007-09-19 20:03 --------- d-------- C:\Program Files\Terragen
2007-09-19 20:01 --------- d-------- C:\Program Files\FlexiMusic Wave Editor
2007-09-19 20:01 --------- d-------- C:\Program Files\ConnectedText
2007-09-13 19:35 2014 -r-h----- C:\WINDOWS\system32\drivers\hosts
2007-09-13 09:03 --------- d-------- C:\Program Files\Symantec
2007-08-05 16:25 --------- d-------- C:\DOCUME~1\Barbara\APPLIC~1\HP
2007-08-05 16:16 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-05 16:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-08-05 16:15 --------- d-------- C:\Program Files\Common Files\HP
2007-08-05 16:12 --------- d-------- C:\Program Files\HP
2007-08-05 16:12 --------- d-------- C:\Program Files\Hewlett-Packard
2007-08-05 16:11 --------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-08-05 16:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-07-22 14:17 --------- d-------- C:\Program Files\Nortel Networks
2006-04-22 20:21 2338 --a------ C:\Program Files\uninstal.log
2006-02-19 03:28 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot_2007-09-19_194748.15 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 262,144 2007-09-21 23:17:17 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT
----a-w 16,384 2007-09-21 20:29:12 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
----a-w 32,768 2007-09-21 20:29:12 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
----a-w 32,768 2007-09-21 20:29:12 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
----a-w 25,088 2002-08-29 11:00:00 C:\WINDOWS\SYSTEM32\DLLCACHE\findstr.exe
.
----a-w 262,144 2007-09-19 23:25:15 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT
----a-w 16,384 2007-09-19 20:29:13 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
----a-w 32,768 2007-09-19 20:29:13 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
----a-w 32,768 2007-09-19 20:29:13 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 02:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 02:07]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 03:04]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 03:01]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 21:47]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-12-02 16:11]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-12-02 16:11]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 12:05]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-10-06 12:05]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-06 00:08]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-12 20:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-09 19:44]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-03-01 14:53]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-18 14:54]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 17:08]
"Mozilla Quick Launch"="C:\Program Files\Netscape\Netscape\Netscp.exe" [2003-06-24 13:09]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 14:00]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 08:51]
"Insider"="C:\Program Files\Insider\Insider.exe" [2007-09-13 16:51]
"RogueMonitor"="C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe" [2007-09-09 15:36]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-10 18:55:34]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-02-18 09:30:06]
DESKTOP.INI [2002-09-03 11:00:00]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-02-18 09:28:26]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-11-27 19:50:48]

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 11:00:00]

C:\DOCUME~1\Barbara\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 11:00:00]
UMAX VistaAccess.lnk - C:\VSTASCAN\vsaccess.exe [2007-01-31 19:04:25]

C:\DOCUME~1\Ellen\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 11:00:00]
PowerReg Scheduler V3.exe [2004-09-30 19:24:04]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 11:00:00]

S1 AEC671X;AEC671X;C:\WINDOWS\System32\drivers\AEC671X.SYS
S1 DMX3191;DMX3191;C:\WINDOWS\System32\drivers\DMX3191.SYS
S1 UMAXIS11;UMAXIS11;C:\WINDOWS\System32\drivers\UMAXIS11.SYS
S2 UDNT;UDNT;C:\WINDOWS\System32\drivers\UDNT.sys
S2 UMAXDRV;UMAXDRV;C:\WINDOWS\System32\drivers\UMAXDRV.sys
S2 UMAXPCLS;Print Port Scanner Driver;C:\WINDOWS\System32\DRIVERS\umaxpcls.sys
S3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\System32\DRIVERS\ipsecw2k.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 00:03:47 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exe
"2007-09-21 20:29:15 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-21 19:26:06
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-21 19:30:22 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-21 19:29
C:\ComboFix2.txt ... 2007-09-19 19:52
.
--- E O F ---


HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:07 PM, on 9/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\VSTASCAN\vsaccess.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\something.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.catster.com/pet_page.php?i=57025&j=t"); (C:\Documents and Settings\BARBARA\Application Data\Mozilla\Profiles\default\edrzvixr.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\BARBARA\Application Data\Mozilla\Profiles\default\edrzvixr.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {E10C53CE-D6AF-11D5-98F2-005004054266} (eGPS Class) - http://www.lostoutdoors.com/controls/eGPS.ocx
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8004 bytes
 
Delete c:\QooBox folder now.

Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis


Replace vulnerable MS Java with Sun Java. Instructions here.



UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

If the service pack 2 download is too large, you can order a copy on cd from microsoft here

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
Change the allow paste operations via script to Disable
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
  • Download Adaware
    Adaware is a free program. It scans for known spyware on your computer. These scans should be run at least once every two weeks. For more information, see this tutorial
    The program is available for download here
  • Download SpywareBlaster
    Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
    kill bits
    in the registry, so that certain activex controls can't install.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster here here
    SpywareBlaster tutorial
  • Download iespyad
    It puts many bad webpages on your restricted zones list. This means that you can still view the
    bad
    webpages, but the webpages cannot do certain things (such as use javascripts and cookies).
    If you need help understanding how it works, there is a tutorial here
    Download it here
  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
    See here to choose one


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Run the spybot and adaware regularly. (Once or twice a week minimum.)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:
 
"Please note you need Administrator Access to do clean the restore points."

I am not sure how to check if I have Administrator access. I usually just boot the computer and sign on to my regular user profile. Do I have to do anything special to have administrator access?
 
Hi

If you're only user then you should have those admin rights. :)
 
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
 
You must log in or register to reply here.
Back
Top