Jump to content

Help needed, multiple popups!


Chris
 Share

Recommended Posts

Hi there,

I've been having problems for days now with popups. One reads:

"Worm.Win32.Netsky detected on your machine...." etc.... and says click yes to remove it from my PC immediately. I don't trust this message, and the other one says Windows Security Alert trying to get me to download spyware remover for total protection. My active windows are also being minimized and internet explorer keeps trying to open to a site.

Would anyone be able to help me - i would be most greatful? I have hijack this v2, should i post a log off that?

Thanks,

Chris

Link to post
Share on other sites

Hi Chris, and welcome to Malwarebytes. You have a Smitfraud infection and most likely some others. Please follow these instructions and post your reply in this forum as a new topic. http://www.malwarebytes.org/forums/index.php?showforum=7

Please set your system to show

all files; Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

If you haven't already, please get these programs, update and run a complete scan removing all items found.

Spybot Search & Destroy Be sure to use the immunize feature.

AVG AntiSpyware Be sure to "take action"

Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum.

Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This!

You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth.

I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Link to post
Share on other sites

Hi Jean, thanks very much for responding, i really appreciate it.

Apologies for not responding with the precise logs you asked for. I ran an AVG scan and it resulted in No Threats Found, but did not give me the option of producing a log. The panda scan refuses to work for me at the moment but i will try and post that as soon as it does.

For now I have the hijackthis log, let me know if you need anything additional.

Thanks again...

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 18:41:11, on 31/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Citrix\ICA Client\ssonsvr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\hphmon06.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe

C:\Program Files\InterVideo\Common\Bin\WinRemote.exe

C:\WINDOWS\system32\keyhook.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\WINDOWS\ALCMTR.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\JOHNHI~1\wp.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\WINDOWS\kdx\KHost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\HiJackThis_v2.exe

C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: MSVPS System - {90CF5384-7C70-4CD6-A30D-B2F14537B5C3} - C:\WINDOWS\movctrlwxq.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: The nssfrch - {7D61C1B5-86AF-439F-9ACF-D19FDB5F55CC} - C:\WINDOWS\nssfrch.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"

O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [dmpti.exe] C:\WINDOWS\system32\dmpti.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [WP.exe] C:\PROGRA~1\JOHNHI~1\wp.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-3317490835-1029835935-1643116051-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Angela')

O4 - HKUS\S-1-5-21-3317490835-1029835935-1643116051-1009\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all (User 'Angela')

O4 - HKUS\S-1-5-21-3317490835-1029835935-1643116051-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe (User 'Angela')

O4 - HKUS\S-1-5-21-3317490835-1029835935-1643116051-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Angela')

O4 - HKUS\S-1-5-21-3317490835-1029835935-1643116051-1009\..\Run: [spywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot (User 'Angela')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6E47008E-3D23-4842-BEF5-3A651A331128}: NameServer = 85.255.114.21 85.255.112.190

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O21 - SSODL: bxsbang - {F4768BAB-F2E0-4107-8B3D-4AEEC5891A10} - C:\WINDOWS\bxsbang.dll

O21 - SSODL: ocgrep - {FB107018-1C90-42A5-ADDE-A6459FAD8E0F} - C:\WINDOWS\ocgrep.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--

End of file - 16843 bytes

Link to post
Share on other sites

Sorry for the delay Chris. You are using a beta version of HJT. Please get the version from the link in my initial instructions uninstall the beta and delete the program files.

Now go to Add/Remove programs and uninstall SpywareBot. This is not Spybot Search & Destroy. SpywareBot is a rogue program and has also installed at least one trojan maybe more. Disable the TeaTimer option in Spybot S&D as it might interfere with the cleanup process.

Now please get this program:

Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix.

Download:

Use this URL to download the latest version (the file contains both English and French versions):

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

* Double-click SmitfraudFix.exe

* Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

Clean:

* Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)

* Double-click SmitfraudFix.exe

* Select 2 and hit Enter to delete infect files.

* You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

* The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.

* A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

* Optional:

o To restore Trusted and Restricted site zone, select 3 and hit Enter.

o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.

Note:

process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

Please post the results of the Smitfraud scan and a new HJT log using the program you get from the link in my post here http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

Link to post
Share on other sites

Hi Jean,

Spywarebot isn't showing in my Add/Remove Programs. My new logs are below,

Many thanks,

Chris

SmitFraudFix v2.195

Scan done at 19:03:37.09, 04/11/2007

Run from C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

Link to post
Share on other sites

OK Chris still work to do. You need to turn off the TeaTimer feature in Sbybot Search & Destroy, so it doesn't interfere with the fixes. Did you run Smitfraud before the HJT log? To turn off TeaTimer open Spybot S&D and under Mode go to Advanced. Then under tools, go to Resident and uncheck the box next to TeaTimer.

You will need to uninstall the two poker programs PokerStars & PartyPoker. Make sure you disable TeaTimer. Let's try this tool to get the Zlob.

1. Download this file :

http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply Be sure the Combofix is run before another HJT.

Note:

Do not mouseclick combofix's window while its running. That may cause it to stall

Link to post
Share on other sites

Jean thank you so much - The popups have disappeared, that program worked magic - my logs are below. How is it looking now?:

ComboFix 07-11-01.1** - Christopher 2007-11-05 18:17:02.1 - NTFSx86

Running from: C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\ComboFix(2).exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Angela\Desktop\Error Cleaner.url

C:\Documents and Settings\Angela\Desktop\Privacy Protector.url

C:\Documents and Settings\Angela\Favorites\Error Cleaner.url

C:\Documents and Settings\Angela\Favorites\Privacy Protector.url

C:\Documents and Settings\Angela\Favorites\Spyware&Malware Protection.url

C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\Error Cleaner.url

C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\Privacy Protector.url

C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\Spyware&Malware Protection.url

C:\Documents and Settings\Christopher.NOVEMBER2004\Favorites\Error Cleaner.url

C:\Documents and Settings\Christopher.NOVEMBER2004\Favorites\Privacy Protector.url

C:\Documents and Settings\Christopher.NOVEMBER2004\Favorites\Spyware&Malware Protection.url

C:\Documents and Settings\HP_Owner\Desktop\Error Cleaner.url

C:\Documents and Settings\HP_Owner\Desktop\Privacy Protector.url

C:\Documents and Settings\HP_Owner\Desktop\Spyware&Malware Protection.url

C:\Documents and Settings\HP_Owner\Favorites\Error Cleaner.url

C:\Documents and Settings\HP_Owner\Favorites\Privacy Protector.url

C:\Documents and Settings\HP_Owner\Favorites\Spyware&Malware Protection.url

C:\Program Files\SC

C:\WINDOWS\dat.txt

C:\WINDOWS\movctrlwxq.dll

C:\WINDOWS\nssfrch.dll

C:\WINDOWS\privacy_danger

C:\WINDOWS\privacy_danger\images\capt.gif

C:\WINDOWS\privacy_danger\images\danger.jpg

C:\WINDOWS\privacy_danger\images\down.gif

C:\WINDOWS\privacy_danger\images\spacer.gif

C:\WINDOWS\privacy_danger\index.htm

C:\WINDOWS\rs.txt

C:\WINDOWS\search_res.txt

C:\WINDOWS\system32\u2g.f

.

((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 )))))))))))))))))))))))))))))))

.

2007-11-05 18:16 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-04 18:53 <DIR> d-------- C:\Program Files\Trend Micro

2007-10-30 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-10-30 18:08 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-10-29 14:40 <DIR> d-------- C:\Documents and Settings\Angela\Application Data\vlc

2007-10-29 14:37 <DIR> d-------- C:\Documents and Settings\Angela\Application Data\AVG7

2007-10-29 07:43 <DIR> d-------- C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\AVG7

2007-10-28 21:00 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AVG7

2007-10-28 20:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

2007-10-28 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2007-10-28 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7

2007-10-27 00:08 274,432 --a------ C:\WINDOWS\ocgrep.dll

2007-10-27 00:08 221,184 --a------ C:\WINDOWS\bxsbang.dll

2007-10-27 00:08 107,520 --a------ C:\WINDOWS\kthemup.exe

2007-10-25 22:24 <DIR> d-------- C:\Documents and Settings\Angela\Application Data\Sports Interactive

2007-10-25 22:23 <DIR> dr-h----- C:\Documents and Settings\Angela\Application Data\SecuROM

2007-10-17 17:08 <DIR> dr-h----- C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\SecuROM

2007-10-17 02:55 <DIR> d-------- C:\PollManager

2007-10-15 19:57 <DIR> d-------- C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Move Networks

2007-10-13 14:26 <DIR> d-------- C:\Program Files\Windows Live

2007-10-13 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2007-10-07 19:41 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-10-07 19:02 <DIR> d--h----- C:\Program Files\Zero G Registry

2007-10-07 19:02 <DIR> d--h----- C:\Documents and Settings\Christopher.NOVEMBER2004\InstallAnywhere

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-05 18:13 --------- d-----w C:\Program Files\PartyGaming

2007-11-05 18:12 --------- d-----w C:\Program Files\PokerStars

2007-11-03 13:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-11-02 18:36 --------- d-----w C:\Program Files\Norton Internet Security

2007-11-01 00:43 --------- d-----w C:\Program Files\Windows Live Toolbar

2007-10-30 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2007-10-30 19:05 --------- d-----w C:\Program Files\Bonjour

2007-10-30 19:02 --------- d-----w C:\Program Files\QuickTime

2007-10-30 19:02 --------- d-----w C:\Program Files\John Hinde

2007-10-30 19:02 --------- d-----w C:\Program Files\iTunes

2007-10-28 19:17 --------- d-----w C:\Program Files\RogueRemover

2007-10-28 15:42 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-10-28 15:42 123,952 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-10-28 15:42 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-10-28 15:42 --------- d-----w C:\Program Files\Symantec

2007-10-25 19:16 --------- d-----w C:\Program Files\ArtMoney

2007-10-23 00:24 471,040 ----a-w C:\WINDOWS\queensaver.scr

2007-10-23 00:24 12,288 ----a-w C:\WINDOWS\impborl.dll

2007-10-17 17:09 --------- d-----w C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Sports Interactive

2007-10-17 17:03 --------- d-----w C:\Program Files\Sports Interactive

2007-10-01 14:49 98,184 ----a-w C:\WINDOWS\system32\drivers\symfw.sys

2007-10-01 14:49 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys

2007-10-01 14:49 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys

2007-10-01 14:49 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys

2007-10-01 14:49 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys

2007-10-01 14:48 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys

2007-09-15 19:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-02 01:46]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]

"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53]

"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:42]

"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02]

"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-07-30 10:34]

"WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" [2004-07-30 10:41]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]

"VTTimer"="VTTimer.exe" []

"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-05-20 09:47]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57]

"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 C:\WINDOWS\AGRSMMSG.exe]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 21:10]

"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-05-03 10:40]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-11-26 23:11]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:00 C:\WINDOWS\system32\bthprops.cpl]

"SoundMan"="SOUNDMAN.EXE" [2005-04-06 17:57 C:\WINDOWS\SOUNDMAN.EXE]

"AlcWzrd"="ALCWZRD.EXE" [2005-04-06 17:53 C:\WINDOWS\ALCWZRD.EXE]

"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 11:31]

"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 11:24]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19]

"RegistryMechanic"="" []

"dmpti.exe"="C:\WINDOWS\system32\dmpti.exe" []

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05]

"WP.exe"="C:\PROGRA~1\JOHNHI~1\wp.exe" [2001-11-10 15:07]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-29 19:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="" []

"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe" [2004-01-02 03:14]

"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 11:06]

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 16:34]

"kdx"="C:\WINDOWS\kdx\KHost.exe" [2005-12-12 11:23]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-09-15 15:53:06]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 16:34:39]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 08:15:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"bxsbang"= {F4768BAB-F2E0-4107-8B3D-4AEEC5891A10} - C:\WINDOWS\bxsbang.dll [2007-10-26 17:20 221184]

"ocgrep"= {FB107018-1C90-42A5-ADDE-A6459FAD8E0F} - C:\WINDOWS\ocgrep.dll [2007-10-26 17:20 274432]

R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys

R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys

S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94db7b77-4ad1-11db-ada5-0090d0766074}]

\Shell\AutoRun\command - G:\wd_windows_tools\setup.exe

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2007-11-05 18:23:10 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

"2005-01-23 20:55:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"

- C:\Program Files\Easy Internet signup\HPSdpApp.exe

"2007-11-03 00:21:07 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Owner.job"

- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe

.

**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-05 18:28:31

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-05 18:31:39 - machine was rebooted

.

--- E O F ---

---------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:33:31, on 05/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Citrix\ICA Client\ssonsvr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\cmd.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\hphmon06.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe

C:\Program Files\InterVideo\Common\Bin\WinRemote.exe

C:\WINDOWS\system32\keyhook.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\JOHNHI~1\wp.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\WINDOWS\kdx\KHost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"

O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [dmpti.exe] C:\WINDOWS\system32\dmpti.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [WP.exe] C:\PROGRA~1\JOHNHI~1\wp.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O21 - SSODL: bxsbang - {F4768BAB-F2E0-4107-8B3D-4AEEC5891A10} - C:\WINDOWS\bxsbang.dll

O21 - SSODL: ocgrep - {FB107018-1C90-42A5-ADDE-A6459FAD8E0F} - C:\WINDOWS\ocgrep.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--

End of file - 15100 bytes

Link to post
Share on other sites

OK please run HJT and put a check next to these items below:

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O21 - SSODL: bxsbang - {F4768BAB-F2E0-4107-8B3D-4AEEC5891A10} - C:\WINDOWS\bxsbang.dll

O21 - SSODL: ocgrep - {FB107018-1C90-42A5-ADDE-A6459FAD8E0F} - C:\WINDOWS\ocgrep.dll

Then let's run Smitfraud again.

Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix.

Download:

Use this URL to download the latest version (the file contains both English and French versions):

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

* Double-click SmitfraudFix.exe

* Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

Clean:

* Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)

* Double-click SmitfraudFix.exe

* Select 2 and hit Enter to delete infect files.

* You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

* The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.

* A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

* Optional:

o To restore Trusted and Restricted site zone, select 3 and hit Enter.

o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.

Note:

process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

Post the Smitfraud log and a new HJT log.

Link to post
Share on other sites

Chris your not running Smitfraud in safe mode. You have to follow the instructions exactly as they are written for the fix. To boot to safe mode begin tapping the F8 key as soon as you restart the PC and follow the prompts to boot to XP safe mode.

Please run Smitfraud again in Safe Mode and post the log and a new HJT also.

Link to post
Share on other sites

Hi Jean, my new logs are below:

SmitFraudFix v2.195

Scan done at 20:13:26.96, 11/11/2007

Run from C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

Link to post
Share on other sites

Hi Chris, we still have work to do. Please run HJT again and put a check next to the following items and click fix.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O21 - SSODL: bxsbang - {687F46AC-C1B3-408E-8AF0-2D314D90BA07} - C:\WINDOWS\bxsbang.dll

Please also get this program:

1. Download this file :

http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply.

Note:

Do not mouseclick combofix's window while its running. That may cause it to stall

You have two seriously outdated programs that are known security risks. Adobe Acrobat Reader should be version 8 and Java should be 1.6 update 3 Please uninstall the old versions of those programs, delete all program files and install the newest version.

ttp://www.java.com/en/download/manual.jsp and install the correct version for your system. Choose the offline installation.

Link to post
Share on other sites

ComboFix 07-11-08.1 - Christopher 2007-11-12 19:27:00.5 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.114 [GMT 0:00]Running from: C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\ComboFix(2).exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Angela\Desktop\Error Cleaner.url

C:\Documents and Settings\Angela\Desktop\Privacy Protector.url

C:\Documents and Settings\Angela\Favorites\Error Cleaner.url

C:\Documents and Settings\Angela\Favorites\Privacy Protector.url

C:\Documents and Settings\Angela\Favorites\Spyware&Malware Protection.url

C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\Error Cleaner.url

C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\Privacy Protector.url

C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\Spyware&Malware Protection.url

C:\Documents and Settings\Christopher.NOVEMBER2004\Favorites\Error Cleaner.url

C:\Documents and Settings\Christopher.NOVEMBER2004\Favorites\Privacy Protector.url

C:\Documents and Settings\Christopher.NOVEMBER2004\Favorites\Spyware&Malware Protection.url

C:\WINDOWS\bxsbang.dll

C:\WINDOWS\kthemup.exe

C:\WINDOWS\ocgrep.dll

.

((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))))

.

2007-11-09 23:02 <DIR> d-------- C:\Program Files\XoftSpySE

2007-11-07 21:11 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Teleca

2007-11-06 21:06 <DIR> d-------- C:\Documents and Settings\Angela\Application Data\Teleca

2007-11-06 19:35 <DIR> d-------- C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Teleca

2007-11-06 19:33 <DIR> d-------- C:\Program Files\Sony Ericsson

2007-11-06 19:33 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared

2007-11-06 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca

2007-11-06 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

2007-11-06 19:28 94,064 --a------ C:\WINDOWS\system32\drivers\w810mdm.sys

2007-11-06 19:28 8,336 --a------ C:\WINDOWS\system32\drivers\w810mdfl.sys

2007-11-06 18:52 <DIR> d-------- C:\Program Files\iTunes

2007-11-06 18:52 <DIR> d-------- C:\Program Files\iPod

2007-11-06 18:43 <DIR> d-------- C:\Program Files\QuickTime

2007-11-06 18:38 <DIR> d-------- C:\Program Files\Apple Software Update

2007-11-06 18:38 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys

2007-11-06 18:37 <DIR> d-------- C:\Program Files\Common Files\Apple

2007-11-06 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2007-11-05 18:16 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-04 18:53 <DIR> d-------- C:\Program Files\Trend Micro

2007-10-30 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-10-30 18:08 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-10-29 14:40 <DIR> d-------- C:\Documents and Settings\Angela\Application Data\vlc

2007-10-29 14:37 <DIR> d-------- C:\Documents and Settings\Angela\Application Data\AVG7

2007-10-29 07:43 <DIR> d-------- C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\AVG7

2007-10-28 21:00 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AVG7

2007-10-28 20:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

2007-10-28 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2007-10-28 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7

2007-10-25 22:24 <DIR> d-------- C:\Documents and Settings\Angela\Application Data\Sports Interactive

2007-10-25 22:23 <DIR> dr-h----- C:\Documents and Settings\Angela\Application Data\SecuROM

2007-10-17 17:08 <DIR> dr-h----- C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\SecuROM

2007-10-17 02:55 <DIR> d-------- C:\PollManager

2007-10-15 19:57 <DIR> d-------- C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Move Networks

2007-10-13 14:26 <DIR> d-------- C:\Program Files\Windows Live

2007-10-13 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-12 18:12 --------- d-----w C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Apple Computer

2007-11-11 11:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-11-06 19:28 6,176 ----a-w C:\WINDOWS\system32\drivers\w810cmnt.sys

2007-11-06 19:28 6,176 ----a-w C:\WINDOWS\system32\drivers\w810cm.sys

2007-11-05 18:13 --------- d-----w C:\Program Files\PartyGaming

2007-11-05 18:12 --------- d-----w C:\Program Files\PokerStars

2007-11-02 18:36 --------- d-----w C:\Program Files\Norton Internet Security

2007-11-01 00:43 --------- d-----w C:\Program Files\Windows Live Toolbar

2007-10-30 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2007-10-30 19:05 --------- d-----w C:\Program Files\Bonjour

2007-10-30 19:02 --------- d-----w C:\Program Files\John Hinde

2007-10-28 19:17 --------- d-----w C:\Program Files\RogueRemover

2007-10-28 15:42 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-10-28 15:42 123,952 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-10-28 15:42 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-10-28 15:42 --------- d-----w C:\Program Files\Symantec

2007-10-25 19:16 --------- d-----w C:\Program Files\ArtMoney

2007-10-23 00:24 471,040 ----a-w C:\WINDOWS\queensaver.scr

2007-10-23 00:24 12,288 ----a-w C:\WINDOWS\impborl.dll

2007-10-17 17:09 --------- d-----w C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Sports Interactive

2007-10-17 17:03 --------- d-----w C:\Program Files\Sports Interactive

2007-10-07 19:03 --------- d--h--w C:\Program Files\Zero G Registry

2007-10-01 14:49 98,184 ----a-w C:\WINDOWS\system32\drivers\symfw.sys

2007-10-01 14:49 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys

2007-10-01 14:49 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys

2007-10-01 14:49 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys

2007-10-01 14:49 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys

2007-10-01 14:48 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys

2007-09-15 19:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-02 01:46]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]

"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53]

"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:42]

"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02]

"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-07-30 10:34]

"WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" [2004-07-30 10:41]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]

"VTTimer"="VTTimer.exe" []

"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-05-20 09:47]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57]

"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 C:\WINDOWS\AGRSMMSG.exe]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 21:10]

"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-05-03 10:40]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-11-26 23:11]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:00 C:\WINDOWS\system32\bthprops.cpl]

"SoundMan"="SOUNDMAN.EXE" [2005-04-06 17:57 C:\WINDOWS\SOUNDMAN.EXE]

"AlcWzrd"="ALCWZRD.EXE" [2005-04-06 17:53 C:\WINDOWS\ALCWZRD.EXE]

"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 11:31]

"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 11:24]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19]

"RegistryMechanic"="" []

"dmpti.exe"="C:\WINDOWS\system32\dmpti.exe" []

"WP.exe"="C:\PROGRA~1\JOHNHI~1\wp.exe" [2001-11-10 15:07]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-29 19:40]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="" []

"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe" [2004-01-02 03:14]

"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 11:06]

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 16:34]

"kdx"="C:\WINDOWS\kdx\KHost.exe" [2005-12-12 11:23]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-09-15 15:53:06]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 16:34:39]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 08:15:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"bxsbang"= {91830368-16EB-4EA3-A745-D88E72F87BAD} - C:\WINDOWS\bxsbang.dll [ ]

R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys

R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys

S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94db7b77-4ad1-11db-ada5-0090d0766074}]

\Shell\AutoRun\command - G:\wd_windows_tools\setup.exe

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2007-11-12 19:23:10 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

"2005-01-23 20:55:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"

- C:\Program Files\Easy Internet signup\HPSdpApp.exe

"2007-11-09 20:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Owner.job"

- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe

"2007-11-12 19:38:31 C:\WINDOWS\Tasks\XoftSpySE 2.job"

- C:\Program Files\XoftSpySE\XoftSpy.exe

"2007-11-09 23:02:53 C:\WINDOWS\Tasks\XoftSpySE.job"

- C:\Program Files\XoftSpySE\XoftSpy.exe

.

**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-12 19:39:15

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-12 19:44:03 - machine was rebooted

C:\ComboFix2.txt ... 2007-11-11 20:41

C:\ComboFix3.txt ... 2007-11-07 18:50

.

--- E O F ---

-----------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:46:50, on 12/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Citrix\ICA Client\ssonsvr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\hphmon06.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe

C:\Program Files\InterVideo\Common\Bin\WinRemote.exe

C:\WINDOWS\system32\keyhook.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\PROGRA~1\JOHNHI~1\wp.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\WINDOWS\kdx\KHost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"

O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [dmpti.exe] C:\WINDOWS\system32\dmpti.exe

O4 - HKLM\..\Run: [WP.exe] C:\PROGRA~1\JOHNHI~1\wp.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6E47008E-3D23-4842-BEF5-3A651A331128}: NameServer = 85.255.114.21 85.255.112.190

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O21 - SSODL: bxsbang - {91830368-16EB-4EA3-A745-D88E72F87BAD} - C:\WINDOWS\bxsbang.dll (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--

End of file - 15496 bytes

I have uninstalled the two programs you note, although these scans were run before these actions were taken. Thanks

Link to post
Share on other sites

Ok Chris did you just install these programs?

2007-11-05 18:13 --------- d-----w C:\Program Files\PartyGaming

2007-11-05 18:12 --------- d-----w C:\Program Files\PokerStars

Please uninstall if they are still present on your system. I would like to see a log from a Panda on line scan also. You never did run that. How is the machine running now? Also clean this up with HJT

O21 - SSODL: bxsbang - {91830368-16EB-4EA3-A745-D88E72F87BAD} - C:\WINDOWS\bxsbang.dll (file missing)

Link to post
Share on other sites

Hi Jean, apologies have been out of the country for the week.

The computer seems to be running much better now, the popups have disappeared. Although Norton comes up with Virus messages about Trojan.Packed.7 now and again. Just now for instance it came up with about 10 messages in a row saying a virus file had just been deleted. I did uninstall the poker programs and they no longer appear in my add/remove programs or applications list.

Here are my new logs for Panda Activescan and HJT

Incident Status Location

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.2o7.net/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.112.2o7.net/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.2o7.net/]

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.apmebf.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.bs.serving-sys.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.advertising.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.adviva.net/]

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.adrevolver.com/]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.perf.overture.com/]

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[statse.webtrendslive.com/]

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.ehg-dig.hitbox.com/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Angela\Cookies\angela@advertising[1].txt

Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Angela\Cookies\angela@anm.co[1].txt

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Angela\Cookies\angela@apmebf[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Angela\Cookies\angela@atdmt[2].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Angela\Cookies\angela@atwola[1].txt

Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Angela\Cookies\angela@azjmp[1].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Angela\Cookies\angela@bs.serving-sys[2].txt

Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Angela\Cookies\angela@did-it[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Angela\Cookies\angela@doubleclick[1].txt

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Angela\Cookies\angela@drivecleaner[2].txt

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Angela\Cookies\angela@go[1].txt

Spyware:Cookie/Malwarewipe Not disinfected C:\Documents and Settings\Angela\Cookies\angela@malwarewiped[1].txt

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Angela\Cookies\angela@media.adrevolver[3].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Angela\Cookies\angela@mediaplex[2].txt

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Angela\Cookies\angela@questionmarket[2].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Angela\Cookies\angela@serving-sys[1].txt

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Angela\Cookies\angela@stats.drivecleaner[2].txt

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Angela\Cookies\angela@xiti[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.adtech.de/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.advertising.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.bs.serving-sys.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.xiti.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.adultfriendfinder.com/]

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.go.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.atwola.com/]

Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.anm.co.uk/]

Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.errorsafe.com/]

Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.adserver.easyad.info/]

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Cookies\christopher@ads.pointroll[2].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Cookies\christopher@advertising[2].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Cookies\christopher@atdmt[2].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Cookies\christopher@bs.serving-sys[1].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Cookies\christopher@serving-sys[1].txt

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\ComboFix(2).exe[nircmd.exe]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\ComboFix(2).exe[nircmd.cfexe]

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\SmitfraudFix\Process.exe

Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\SmitfraudFix\Reboot.exe

Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\SmitfraudFix\restart.exe

Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\SmitfraudFix.exe

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.adultfriendfinder.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.2o7.net/]

Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.sexlist.com/]

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.sextracker.com/]

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[counter9.sextracker.com/]

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[counter12.sextracker.com/]

Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.yadro.ru/]

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[counter16.sextracker.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.revenue.net/]

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.toplist.cz/]

Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.paycounter.com/]

Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.clickbank.net/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[searchportal.information.com/]

Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.gostats.com/]

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.xiti.com/]

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[statse.webtrendslive.com/]

Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.hotlog.ru/]

Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.adtech.de/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.bs.serving-sys.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.adrevolver.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.com.com/]

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.ads.pointroll.com/]

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\HP_Owner\Application Data\SpywareBot\Quarantine\07-04-2007-23-33-33\10004.qit

Adware:Adware/VideoActiveXObject Not disinfected C:\Documents and Settings\HP_Owner\Application Data\SpywareBot\Quarantine\14-04-2007-08-58-07\10056.qit

Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-3983298d-520ad264.zip[bnnnnBaa.class]

Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-3983298d-520ad264.zip[VaannnaaBaa.class]

Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-3983298d-520ad264.zip[bnnnnn.class]

Spyware:Cookie/66.246.209 Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@66.246.209[1].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[1].txt

Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@anm.co[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[2].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atwola[2].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bs.serving-sys[2].txt

Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ccbill[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[1].txt

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@drivecleaner[2].txt

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@go.drivecleaner[1].txt

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@klik.klikadvertising[1].txt

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@media.adrevolver[3].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediaplex[1].txt

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@questionmarket[2].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@serving-sys[1].txt

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stats.drivecleaner[2].txt

Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@systemdoctor[2].txt

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@winantivirus[2].txt

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.drivecleaner[1].txt

Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.systemdoctor[2].txt

Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\John\Cookies\john@anm.co[2].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\John\Cookies\john@atdmt[2].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John\Cookies\john@belnk[1].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\John\Cookies\john@bs.serving-sys[2].txt

Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\John\Cookies\john@c.fsx[2].txt

Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\John\Cookies\john@ccbill[2].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John\Cookies\john@dist.belnk[2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\John\Cookies\john@doubleclick[1].txt

Spyware:Cookie/FreshAuditionsDating Not disinfected C:\Documents and Settings\John\Cookies\john@freshauditionsdating[1].txt

Spyware:Cookie/Powerscan Not disinfected C:\Documents and Settings\John\Cookies\john@gammae[2].txt

Spyware:Cookie/GangbangSquad Not disinfected C:\Documents and Settings\John\Cookies\john@gangbangsquad[1].txt

Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\John\Cookies\john@gostats[2].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\John\Cookies\john@serving-sys[2].txt

Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\John\Cookies\john@teensforcash[2].txt

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\John\Cookies\john@xiti[1].txt

Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\John\Cookies\john@xmts[1].txt

Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe

Adware:Adware/Itbill Not disinfected C:\Program Files\fsupport\notifier.exe

Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\HaxFix\Process.exe

Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe

Virus:Trj/Rebooter.J Disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe

Potentially unwanted tool:Application/SuperFast Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe

Virus:Trj/Zlob.GW Disinfected C:\qoobox\Quarantine\C\WINDOWS\kthemup.exe.vir

Adware:Adware/SecurityError Not disinfected C:\RECYCLER\S-1-5-21-3317490835-1029835935-1643116051-1007\Dc1.exe[

Link to post
Share on other sites

OK let's fix this line:

O17 - HKLM\System\CCS\Services\Tcpip\..\{6E47008E-3D23-4842-BEF5-3A651A331128}: NameServer = 85.255.114.21 85.255.112.190

Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.

Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.

Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.

A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient.

Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.

SpywareBlaster from Javacool Software

WinPatrol by BillPStudios

SiteHound by FireTrust

RogueRemover

hpHosts

For an excellent list of reliable free firewalls and antivirus programs see here .

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.