Jump to content

Internet-capability component hijacked?


Recommended Posts

Hi all,

Working on my parents' computer. It was littered with viruses and malware so I ran MBAM on it. Afterwards, internet capability seemed to be disabled - loading any browser would prompt a blank white page with "Done" in the status bar. For all intents and purposes, the computer couldn't connect to the internet. I played around with system restore quite a bit to no avail, then thought maybe one of the removed infections was attached to a component key to the computer accessing the internet. I restored the malware that MBAM caught (quite a lot) and sure enough I could start accessing websites again.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

6/8/2010 4:42:37 PM

mbam-log-2010-06-08 (16-42-37).txt

Scan type: Quick scan

Objects scanned: 114481

Time elapsed: 3 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 32

Registry Values Infected: 4

Registry Data Items Infected: 7

Folders Infected: 1

Files Infected: 22

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\srv.coreservices (Adware.Softomate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Softomate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\seekmosa (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe nynw.wmo mynleeq) Good: (Explorer.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.

Files Infected:

C:\RECYCLER\S-1-5-21-1757981266-113007714-682003330-500\Dc67.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1757981266-113007714-682003330-500\Dc26.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\1.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\9D.tmp (Trojan.Oficla) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\9E.tmp (Trojan.Oficla) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\9F.tmp (Trojan.Oficla) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\3.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\5.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\6.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\7.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\8.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\9.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\C.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\D.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\E.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\mspdb35.dll (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Administrator\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

So I'm assuming one of these infections is the issue, and I'm hoping it's not one of the many trojans or anything. What can I do to eliminate the infection causing the issue while still restoring normal operating ability to the computer?

Thanks a lot in advance, any help is greatly appreciated! :)

Attach.zip

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log

Link to post
Share on other sites

Hi Elise, thanks for the assistance. Here is the updated log, along with the reports.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4185

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

6/10/2010 8:27:16 PM

mbam-log-2010-06-10 (20-27-16).txt

Scan type: Quick scan

Objects scanned: 120108

Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 33

Registry Values Infected: 5

Registry Data Items Infected: 7

Folders Infected: 1

Files Infected: 25

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\ro.dll (Spyware.OnlineGames) -> No action taken.

Registry Keys Infected:

HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\srv.coreservices (Adware.Softomate) -> No action taken.

HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Softomate) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{1dbd6574-d6d0-4782-94c3-69619e719765} (Spyware.OnlineGames) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> No action taken.

HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\seekmosa (Adware.Seekmo) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1dbd6574-d6d0-4782-94c3-69619e719765} (Spyware.OnlineGames) -> No action taken.

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> No action taken.

HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe nynw.wmo mynleeq) Good: (Explorer.exe) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

Folders Infected:

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken.

Files Infected:

C:\WINDOWS\Help\F3C74E3FA248.dll (Spyware.OnlineGames) -> No action taken.

C:\RECYCLER\S-1-5-21-1757981266-113007714-682003330-500\Dc26.exe (Rogue.Installer) -> No action taken.

C:\RECYCLER\S-1-5-21-1757981266-113007714-682003330-500\Dc67.exe (Trojan.DNSChanger) -> No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temp\1.tmp (Rogue.Agent) -> No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temp\9D.tmp (Trojan.Oficla) -> No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temp\9E.tmp (Trojan.Oficla) -> No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temp\9F.tmp (Trojan.Oficla) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\mspdb35.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\ro.dll (Spyware.OnlineGames) -> No action taken.

C:\Documents and Settings\Administrator\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\3.tmp (Trojan.Dropper) -> No action taken.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\4.tmp (Trojan.Dropper) -> No action taken.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\5.tmp (Trojan.Dropper) -> No action taken.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\6.tmp (Trojan.Dropper) -> No action taken.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\7.tmp (Trojan.Dropper) -> No action taken.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\8.tmp (Trojan.Dropper) -> No action taken.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\9.tmp (Trojan.Dropper) -> No action taken.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\A.tmp (Trojan.Dropper) -> No action taken.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\B.tmp (Trojan.Dropper) -> No action taken.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\C.tmp (Trojan.Dropper) -> No action taken.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\D.tmp (Trojan.Dropper) -> No action taken.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\E.tmp (Trojan.Dropper) -> No action taken.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\F.tmp (Trojan.Dropper) -> No action taken.

C:\WINDOWS\Help\F3C74E3FA248.exe (Trojan.Agent) -> No action taken.

OTL.txt:

OTL logfile created on: 6/10/2010 7:11:38 PM - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 512.00 Mb Available Physical Memory | 50.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48.83 Gb Total Space | 39.68 Gb Free Space | 81.27% Space Free | Partition Type: NTFS

Drive D: | 137.44 Gb Total Space | 137.33 Gb Free Space | 99.92% Space Free | Partition Type: FAT32

Drive E: | 76.69 Gb Total Space | 75.53 Gb Free Space | 98.49% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: X6X8-20090115ZV

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/10 19:11:23 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe

PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2010/04/06 05:04:54 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/03/09 23:33:15 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2010/03/09 23:33:15 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2008/08/04 07:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

PRC - [2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/04/14 20:00:00 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe

PRC - [2007/04/16 15:28:22 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe

PRC - [2002/10/15 18:00:20 | 001,818,624 | R--- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe

========== Modules (SafeList) ==========

MOD - [2010/06/10 19:11:23 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe

MOD - [2008/04/14 20:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (tomcat6)

SRV - [2010/03/09 23:33:15 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2009/09/28 22:41:12 | 000,024,645 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\hosting\apache\bin\httpd.exe -- (Apache2.2)

========== Driver Services (SafeList) ==========

DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2009/07/28 23:35:49 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2008/04/14 20:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)

DRV - [2008/04/14 08:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2008/04/13 22:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2008/04/13 11:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2007/10/03 16:22:10 | 000,018,944 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2007/10/03 16:00:38 | 000,322,560 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2007/05/25 09:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)

DRV - [2007/05/25 09:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)

DRV - [2007/01/12 15:36:00 | 000,047,616 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2006/10/19 00:39:58 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)

DRV - [2006/07/02 05:43:02 | 000,041,984 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2006/06/16 10:04:38 | 000,035,712 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)

DRV - [2006/02/26 23:03:02 | 000,045,056 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\agpkx.sys -- (uliagpkx)

DRV - [2005/04/20 06:14:00 | 000,014,671 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)

DRV - [2005/03/29 00:12:42 | 000,033,408 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ULiAGP.sys -- (ULiAGP)

DRV - [2004/10/18 17:12:00 | 000,027,648 | ---- | M] (Transmeta Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tmagp.sys -- (tmagp)

DRV - [2004/06/29 20:25:26 | 000,007,680 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\DontGo.sys -- (dontgo)

DRV - [2004/04/02 15:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)

DRV - [2003/11/05 14:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)

DRV - [2003/07/09 08:12:54 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)

DRV - [2002/12/10 11:54:34 | 000,009,809 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\hptpro.sys -- (hptpro)

DRV - [2002/11/18 15:51:40 | 000,377,358 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)

DRV - [2001/08/17 20:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)

DRV - [1999/10/30 04:35:08 | 000,024,348 | R--- | M] (Compaq Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EAWDMFD.SYS -- (eawdmfd)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1757981266-113007714-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1757981266-113007714-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.fntlaorders.com/login.aspx?ReturnUrl=%2fDefault.aspx"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..keyword.URL: "http://search.alot.com/web?&src_id=11077&client_id=2828564809175848a1b9dc28&camp_id=172&install_time=2009-04-06T08:09:09Z&tb_version=2.1.1%28F%29pr=auto&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/10 12:49:15 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 05:05:04 | 000,000,000 | ---D | M]

[2009/01/25 20:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2010/02/13 02:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cn6le3zt.default\extensions

[2009/04/06 16:09:26 | 000,002,094 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cn6le3zt.default\searchplugins\alot-search.xml

[2010/06/10 15:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [siSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HostingClientShortcut.lnk = C:\hosting\client\HostingClient.exe (HostingClient)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1757981266-113007714-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\ro.dll ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\ro.dll ()

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb35.dll) - C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\mspdb35.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found

O20 - HKLM Winlogon: Shell - (nynw.wmo) - File not found

O20 - HKLM Winlogon: Shell - (mynleeq) - File not found

O28 - HKLM ShellExecuteHooks: {1dbd6574-d6d0-4782-94c3-69619e719765} - C:\WINDOWS\Help\F3C74E3FA248.dll ()

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/08/14 13:57:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/07/13 15:24:47 | 000,000,000 | RHS- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "%1" %* ()

O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2010/06/09 21:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/06/09 21:45:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

[2010/06/08 15:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2010/06/08 15:54:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/06/08 15:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/06/08 15:54:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/06/08 15:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2010/06/09 23:13:30 | 000,003,837 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Attach.zip

[2010/06/09 21:54:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable

[2010/06/09 21:48:36 | 000,002,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk

[2010/06/09 21:45:34 | 000,192,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ave.exe

[2010/06/09 21:45:34 | 000,133,632 | ---- | M] () -- C:\WINDOWS\System32\ro.dll

[2010/06/09 21:38:52 | 000,462,168 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/06/09 21:38:52 | 000,395,336 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/06/09 21:38:52 | 000,059,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/06/09 21:34:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/09 21:34:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/09 21:25:12 | 002,752,512 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat

[2010/06/09 21:13:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/09 14:42:28 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk

[2010/06/08 23:33:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/06/08 20:03:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini

[2010/06/08 15:54:29 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2010/06/09 23:13:30 | 000,003,837 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Attach.zip

[2010/06/09 21:54:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable

[2010/06/09 21:48:36 | 000,002,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk

[2010/06/09 21:45:34 | 000,192,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ave.exe

[2010/06/09 21:45:34 | 000,133,632 | ---- | C] () -- C:\WINDOWS\System32\ro.dll

[2010/06/09 21:25:12 | 002,752,512 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat

[2010/06/09 14:42:28 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk

[2010/06/08 15:54:29 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/02/22 13:21:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2009/01/25 21:25:24 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2009/01/25 21:07:06 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI

[2009/01/25 21:07:06 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI

[2009/01/25 21:07:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini

[2009/01/25 21:07:04 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll

[2009/01/16 05:22:33 | 000,040,960 | R--- | C] () -- C:\WINDOWS\LoadDll.dll

[2009/01/15 13:25:12 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini

[2008/08/30 12:31:43 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\property.dll

[2008/08/30 12:31:43 | 000,048,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\3waregsm.sys

[2008/08/30 12:31:43 | 000,034,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\mv614x.sys

[2008/08/30 12:31:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/08/30 12:31:27 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\OEMInfo.ini

< End of report >

Extras.txt:

OTL Extras logfile created on: 6/10/2010 7:11:38 PM - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 512.00 Mb Available Physical Memory | 50.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48.83 Gb Total Space | 39.68 Gb Free Space | 81.27% Space Free | Partition Type: NTFS

Drive D: | 137.44 Gb Total Space | 137.33 Gb Free Space | 99.92% Space Free | Partition Type: FAT32

Drive E: | 76.69 Gb Total Space | 75.53 Gb Free Space | 98.49% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: X6X8-20090115ZV

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

.exe [@ = secfile] -- C:\WINDOWS\System32\config\systemprofile\Local Settings\Application Data\ave.exe ()

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

.exe [@ = secfile] -- C:\WINDOWS\System32\config\systemprofile\Local Settings\Application Data\ave.exe ()

[HKEY_USERS\S-1-5-21-1757981266-113007714-682003330-500\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found

"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Disabled:File Transfer Program -- (Microsoft Corporation)

"C:\hosting\client\HostingClient.exe" = C:\hosting\client\HostingClient.exe:*:Enabled:HostingClient 1.0.0 ? HostingClient, Inc, 2010 -- (HostingClient)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 17

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{52D97366-9779-43AB-98A2-91600DCD9102}" = Enterprise

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007

"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan

"{AC1314E7-D28C-40A1-B322-80D2868D35CE}" = HP PSC & Officejet 4.2 Corporate Edition

"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"Ad-Aware" = Ad-Aware

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)

"MSNINST" = MSN

"PCI Audio Driver" = PCI Audio Driver

"PROR" = Microsoft Office Professional 2007 Trial

"U.S. Legal Forms, Inc. Pleading Macro" = U.S. Legal Forms, Inc. Pleading Macro

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format Runtime

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1757981266-113007714-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ System Events ]

Error - 6/9/2010 9:10:15 AM | Computer Name = X6X8-20090115ZV | Source = Service Control Manager | ID = 7000

Description = The Apache2.2 service failed to start due to the following error:

%%1053

Error - 6/9/2010 9:10:15 AM | Computer Name = X6X8-20090115ZV | Source = Service Control Manager | ID = 7023

Description = The IPSEC Services service terminated with the following error: %%10044

Error - 6/9/2010 9:12:24 AM | Computer Name = X6X8-20090115ZV | Source = Service Control Manager | ID = 7024

Description = The Apache2.2 service terminated with service-specific error 1 (0x1).

Error - 6/9/2010 9:14:54 AM | Computer Name = X6X8-20090115ZV | Source = Service Control Manager | ID = 7024

Description = The Apache2.2 service terminated with service-specific error 1 (0x1).

Error - 6/9/2010 9:24:21 AM | Computer Name = X6X8-20090115ZV | Source = Service Control Manager | ID = 7024

Description = The Apache2.2 service terminated with service-specific error 1 (0x1).

Error - 6/9/2010 9:26:42 AM | Computer Name = X6X8-20090115ZV | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Apache2.2 service to

connect.

Error - 6/9/2010 9:26:42 AM | Computer Name = X6X8-20090115ZV | Source = Service Control Manager | ID = 7000

Description = The Apache2.2 service failed to start due to the following error:

%%1053

Error - 6/9/2010 9:26:42 AM | Computer Name = X6X8-20090115ZV | Source = Service Control Manager | ID = 7023

Description = The IPSEC Services service terminated with the following error: %%10044

Error - 6/9/2010 9:34:51 AM | Computer Name = X6X8-20090115ZV | Source = Service Control Manager | ID = 7024

Description = The Apache2.2 service terminated with service-specific error 1 (0x1).

Error - 6/10/2010 6:21:08 AM | Computer Name = X6X8-20090115ZV | Source = SiSRaid2 | ID = 262153

Description =

< End of report >

Link to post
Share on other sites

Hello again,

First of all, your MBAM log shows "no action taken". Did you remove all found threats after saving the log? If not, please do so.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Hi Elise,

I didn't remove the infections because as mentioned earlier, I think one or many of the infections are attached to certain components necessary for the computer to be able to access the internet. Of course this is just a speculation, but removing said infections does indeed remove internet access from the computer. Regardless, I have removed the infections and still maintain the same issue. I ran ComboFix but its default language seemed to be in Chinese, which is a little strange. Hopefully it shouldn't make that big of a deal. As requested, here is the ComboFix Log. Anywhere you see random ASCII jibberish is the result of Chinese text/unicode not translating properly when I transferred the log file to my computer (from which I am posting this reply).

ComboFix 10-06-11.01 - Administrator 1/2010 Fri 23:12:20.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.1023.641 [GMT 8:00]

ִ

Link to post
Share on other sites

Here you go :P First log is right before I ran ComboFix, 2nd log is after you've requested for another full scan.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4185

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

6/11/2010 11:04:54 PM

mbam-log-2010-06-11 (23-04-54).txt

Scan type: Quick scan

Objects scanned: 120151

Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 33

Registry Values Infected: 5

Registry Data Items Infected: 7

Folders Infected: 1

Files Infected: 25

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\Help\F3C74E3FA248.dll (Spyware.OnlineGames) -> Delete on reboot.

C:\WINDOWS\system32\ro.dll (Spyware.OnlineGames) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\srv.coreservices (Adware.Softomate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Softomate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1dbd6574-d6d0-4782-94c3-69619e719765} (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\seekmosa (Adware.Seekmo) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1dbd6574-d6d0-4782-94c3-69619e719765} (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe nynw.wmo mynleeq) Good: (Explorer.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\Help\F3C74E3FA248.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1757981266-113007714-682003330-500\Dc26.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1757981266-113007714-682003330-500\Dc67.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\1.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\9D.tmp (Trojan.Oficla) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\9E.tmp (Trojan.Oficla) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\9F.tmp (Trojan.Oficla) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\mspdb35.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\ro.dll (Spyware.OnlineGames) -> Delete on reboot.

C:\Documents and Settings\Administrator\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\3.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\5.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\6.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\7.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\8.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\9.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\C.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\D.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\E.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\Help\F3C74E3FA248.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4185

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

6/12/2010 12:59:40 AM

mbam-log-2010-06-12 (00-59-40).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 147088

Time elapsed: 12 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

D:\Program Files\Tencent\QQ\FinePlusShell.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{D9350BC7-2916-4898-9A8A-328405A8DFAE}\RP210\A0040330.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{D9350BC7-2916-4898-9A8A-328405A8DFAE}\RP212\A0040410.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\find.exe (Malware.Tool) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\wupdmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\mspdb35.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

MBAM reports no infections, but the problems remain :P. Instead of a blank "Done" page now, I get the usual error one would receive if they had no internet connectivity whatsoever. I checked the network connection, and it's not receiving any packets at all (literally 0 packets received). I'm quite sure this isn't a simple case of "forgot to plug in the cat5 cable" or the ISP is just down, as both the affected computer and the computer I'm using to type this reply are on the same network hardlined to the same router.

Link to post
Share on other sites

I was not suggesting malware wasn't responsible for this :P

Its quite common for malware to meddle with internet settings, to make life harder for us.

Please try the following first:

Click Start > Run, type services.msc in the runbox and press enter.

Scroll to the DHCP service in the list and see if it is started and set to Automated. If not, let me know what happens when you attempt to start it.

If this didn't do the trick, please rerun OTL and post me the resulting OTL.txt

And no worries, usually these things aren't so hard to fix :P

Link to post
Share on other sites

Hehe I know, I just wanted to get those formalities out of the way to save a bit of time (was unsure if you were going to ask those questions or not). Anyway, the DHCP service was already Started and set to Automatic, so I made no changes there. I ran OTL and the log is below. Thanks a lot for your help Elise :P.

OTL logfile created on: 6/12/2010 3:35:47 AM - Run 2

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 733.00 Mb Available Physical Memory | 72.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48.83 Gb Total Space | 40.53 Gb Free Space | 83.00% Space Free | Partition Type: NTFS

Drive D: | 137.44 Gb Total Space | 137.33 Gb Free Space | 99.92% Space Free | Partition Type: FAT32

Drive E: | 76.69 Gb Total Space | 75.53 Gb Free Space | 98.49% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: X6X8-20090115ZV

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/10 19:11:23 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe

PRC - [2010/03/23 19:16:48 | 000,081,920 | ---- | M] (HostingClient) -- C:\hosting\client\HostingClient.exe

PRC - [2010/03/09 23:33:15 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2010/03/09 23:33:15 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2008/08/04 07:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

PRC - [2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/04/16 15:28:22 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe

PRC - [2002/10/15 18:00:20 | 001,818,624 | R--- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe

========== Modules (SafeList) ==========

MOD - [2010/06/10 19:11:23 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe

MOD - [2008/04/14 20:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (tomcat6)

SRV - [2010/03/09 23:33:15 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2009/09/28 22:41:12 | 000,024,645 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\hosting\apache\bin\httpd.exe -- (Apache2.2)

========== Driver Services (SafeList) ==========

DRV - [2009/07/28 23:35:49 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2008/04/14 20:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)

DRV - [2008/04/14 08:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2008/04/13 22:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2008/04/13 11:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2007/10/03 16:22:10 | 000,018,944 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2007/10/03 16:00:38 | 000,322,560 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2007/05/25 09:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)

DRV - [2007/05/25 09:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)

DRV - [2007/01/12 15:36:00 | 000,047,616 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2006/10/19 00:39:58 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)

DRV - [2006/07/02 05:43:02 | 000,041,984 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2006/06/16 10:04:38 | 000,035,712 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)

DRV - [2006/02/26 23:03:02 | 000,045,056 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\agpkx.sys -- (uliagpkx)

DRV - [2005/04/20 06:14:00 | 000,014,671 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)

DRV - [2005/03/29 00:12:42 | 000,033,408 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ULiAGP.sys -- (ULiAGP)

DRV - [2004/10/18 17:12:00 | 000,027,648 | ---- | M] (Transmeta Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\tmagp.sys -- (tmagp)

DRV - [2004/06/29 20:25:26 | 000,007,680 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\DontGo.sys -- (dontgo)

DRV - [2004/04/02 15:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)

DRV - [2003/11/05 14:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)

DRV - [2003/07/09 08:12:54 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)

DRV - [2002/12/10 11:54:34 | 000,009,809 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\hptpro.sys -- (hptpro)

DRV - [2002/11/18 15:51:40 | 000,377,358 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)

DRV - [2001/08/17 20:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)

DRV - [1999/10/30 04:35:08 | 000,024,348 | R--- | M] (Compaq Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EAWDMFD.SYS -- (eawdmfd)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1757981266-113007714-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1757981266-113007714-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.fntlaorders.com/login.aspx?ReturnUrl=%2fDefault.aspx"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..keyword.URL: "http://search.alot.com/web?&src_id=11077&client_id=2828564809175848a1b9dc28&camp_id=172&install_time=2009-04-06T08:09:09Z&tb_version=2.1.1%28F%29pr=auto&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/11 23:14:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 05:05:04 | 000,000,000 | ---D | M]

[2009/01/25 20:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2010/02/13 02:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cn6le3zt.default\extensions

[2009/04/06 16:09:26 | 000,002,094 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cn6le3zt.default\searchplugins\alot-search.xml

[2010/06/10 15:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/11 23:14:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [siSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HostingClientShortcut.lnk = C:\hosting\client\HostingClient.exe (HostingClient)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1757981266-113007714-682003330-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1757981266-113007714-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1757981266-113007714-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1757981266-113007714-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/08/14 13:57:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/07/13 15:24:47 | 000,000,000 | RHS- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "%1" %* File not found

O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/06/11 23:17:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/06/11 23:11:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/06/11 23:11:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/06/11 23:11:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/06/11 23:11:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/06/11 23:11:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/06/11 23:11:27 | 000,000,000 | ---D | C] -- C:\ComboFix

[2010/06/11 23:11:20 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/06/09 21:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/06/08 15:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2010/06/08 15:54:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/06/08 15:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/06/08 15:54:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/06/08 15:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2010/06/12 03:18:59 | 000,462,168 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/06/12 03:18:59 | 000,395,336 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/06/12 03:18:59 | 000,059,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/06/12 03:14:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/12 03:14:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/12 03:13:57 | 002,752,512 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat

[2010/06/12 03:13:57 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini

[2010/06/11 23:14:32 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/06/11 23:14:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/06/11 22:34:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/09 23:13:30 | 000,003,837 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Attach.zip

[2010/06/09 21:54:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable

[2010/06/09 21:48:36 | 000,002,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk

[2010/06/09 14:42:28 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk

[2010/06/08 23:33:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/06/08 15:54:29 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2010/06/11 23:11:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/06/11 23:11:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/06/11 23:11:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/06/11 23:11:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/06/11 23:11:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/06/09 23:13:30 | 000,003,837 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Attach.zip

[2010/06/09 21:54:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable

[2010/06/09 21:48:36 | 000,002,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk

[2010/06/09 21:25:12 | 002,752,512 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat

[2010/06/09 14:42:28 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk

[2010/06/08 15:54:29 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/02/22 13:21:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2009/01/25 21:25:24 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2009/01/25 21:07:06 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI

[2009/01/25 21:07:06 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI

[2009/01/25 21:07:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini

[2009/01/25 21:07:04 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll

[2009/01/16 05:22:33 | 000,040,960 | R--- | C] () -- C:\WINDOWS\LoadDll.dll

[2009/01/15 13:25:12 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini

[2008/08/30 12:31:43 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\property.dll

[2008/08/30 12:31:43 | 000,048,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\3waregsm.sys

[2008/08/30 12:31:43 | 000,034,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\mv614x.sys

[2008/08/30 12:31:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/08/30 12:31:27 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\OEMInfo.ini

< End of report >

Link to post
Share on other sites

Hello again,

as both the affected computer and the computer I'm using to type this reply are on the same network hardlined to the same router.
Just to doublecheck, the internet on the computer that also connects to the router is working just fine?

Click Start > Run, type cmd in the runbox and press enter.

At the command prompt type ipconfig /flushdns and press enter.

Exit the command prompt and see if that made any difference.

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :otl
    O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "%1" %* File not found
    O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "%1" %* File not found

    :commands
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

If after these steps the internet still doesn't work, please rerun Combofix and post me the log.

Link to post
Share on other sites

Hi Elise,

Yes the other computer works just fine. As for the steps, ipconfig /flushdns didn't fix it. I ran the custom OTL Fix and nothing changed as well, ran ComboFix and both logs are below:

OTL:

All processes killed

========== OTL ==========

Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.

Registry key HKEY_USERS\.DEFAULT\Software\Classes\secfile\ deleted successfully.

HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.

Registry key HKEY_USERS\S-1-5-18\Software\Classes\secfile\ not found.

HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 66342 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 56221351 bytes

->FireFox cache emptied: 34829044 bytes

->Flash cache emptied: 72026 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 16384 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 42343972 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 127.00 mb

OTL by OldTimer - Version 3.2.6.0 log created on 06122010_135533

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\hsperfdata_Administrator\1684 not found!

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_cc.dat not found!

Registry entries deleted on Reboot...

ComboFix:

ComboFix 10-06-11.01 - Administrator 2/2010 Sat 13:58:44.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.1023.618 [GMT 8:00]

ִ

Link to post
Share on other sites

Hello again, first lets make sure the Recovery Console gets installed.

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.

---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

RC1-4.gif

  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
    whatnext.png
  • At the next prompt, click 'Yes' to run the full ComboFix scan.
  • When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Hello there,

Lets try resetting both TCP/IP and Winsock on your computer to help with your troubles.

To successfully complete this, you will need to be at a command prompt.

Click Start > Run. In the Run box type CMD and press enter.

You will now see a black window with one line of text and a blinking cursor.

Next type the following bolded line and press enter:

netsh int ip reset tcp.log

This will reset your TCP/IP settings.

Next we will reset Winsock:

Type the following line and press enter.

netsh winsock reset sock.log

When the Winsock is finished you will be directed to restart your computer. Type exit in the window and press enter.

From here you can do a normal restart on your computer and retest your network connection.

Link to post
Share on other sites

Hi there,

Thats good news :)

Now a few final steps to make sure everything is up to date and clean.

INSTALL ANTIVIRUS

---------------------------

I don't see an Anti Virus Program running on your machine

Download and install an antivirus program, and make sure that you keep it updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Three good antivirus programs free for non-commercial home use are Avast!, Antivir and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

UPDATE JAVA

------------------

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Now please, using the Antivirus program you just installed, run a full system scan and let me know what was detected.

Let me also know if you have any problems left.

Link to post
Share on other sites

Hello again, if you removed all found items, you're fine :)

Unless you have any problems left, you're good to go!

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS, GMER (this is a random named file) and OTL.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.