Jump to content

MS Juan and MS Track System won't remove


Recommended Posts

Hi,

My name is Mark and I just recently registered on malwarebytes.org. Yesterday I downloaded what appeared to be a windows media player 11 add-on or plug-in called HDTV Networks. My computer was instantly overcome with popups saying I had been infected and needed to sign up for so and so spyware removal programs.

I ran spybot search & destroy once already and I disabled teatimer. I read the correct format for posting all the logs, hopefully I will do everything right so that someone can help me clear up my PC. If I need to specify more about what happened please let me know. Thank you.

FROM MALWAREBYTES SCAN:

Malwarebytes' Anti-Malware 1.28

Database version: 1266

Windows 5.1.2600 Service Pack 3

10/13/2008 8:32:22 PM

mbam-log-2008-10-13 (20-32-22).txt

Scan type: Quick Scan

Objects scanned: 47626

Time elapsed: 2 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

FROM PANDA ACTIVESCAN:

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-10-13 22:02:54

PROTECTIONS: 1

MALWARE: 4

SUSPECTS: 3

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

AVG Anti-Virus Free 8.0 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm.adm.1

00029258 application/altnet HackTools No 0 Yes No c:\program files\altnet

00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{5830698F-7FC0-40CD-A453-9A0CAFDF3A64}

00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\AppID\{8B0FEF15-54DC-49F5-8377-8172DE975F75}

00029258 application/altnet HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8}

00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}

00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\altnet signing module.exe

00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}

00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}

00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\signingmodule.signingmodule.1

00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{E79DADC6-18D0-4A2A-831F-D196D41F8438}

00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\signingmodule.signingmodule.1

00064489 adware/rxtoolbar Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}

00169752 application/need2find HackTools No 0 Yes No hkey_classes_root\need2findbar.toolbarplugin.1

00169752 application/need2find HackTools No 0 Yes No hkey_classes_root\need2findbar.settingsplugin.1

00169752 application/need2find HackTools No 0 Yes No hkey_classes_root\need2findbar.settingsplugin

00169752 application/need2find HackTools No 0 Yes No hkey_classes_root\clsid\{630d6140-04c5-4db0-b27a-020d766ff09b}

00169752 application/need2find HackTools No 0 Yes No hkey_local_machine\software\need2find

00169752 application/need2find HackTools No 0 Yes No hkey_current_user\software\need2find

00169752 application/need2find HackTools No 0 Yes No c:\program files\need2find

00169752 application/need2find HackTools No 0 Yes No hkey_classes_root\need2findbar.toolbarplugin

00169752 application/need2find HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}

00169752 application/need2find HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}

03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\Mark\Local Settings\Temp\.tt165.tmp.vbs

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

No C:\Documents and Settings\Mark\Local Settings\Temp\.tt16D.tmp

No C:\Documents and Settings\Mark\Local Settings\Temp\.tt56.tmp

No C:\Documents and Settings\Mark\My Documents\Battlefield 2142\HttpCache\eapusher.dice.se\BF2142EANews\War3 Backup\worldedit.exe

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

FROM HIJACK THIS SCAN:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:07:18 PM, on 10/13/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\vsnpstd.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O2 - BHO: (no name) - {34DB4D93-58B2-47D9-A8CF-195A947C8908} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: {b4294889-4f9a-f0ba-0804-5fba0ac29ad7} - {7da92ca0-abf5-4080-ab0f-a9f49884924b} - C:\WINDOWS\system32\gfoeff.dll

O3 - Toolbar: rosqxvmn - {E01D0ACE-25AC-4353-87EF-6CB2B368E3C7} - C:\WINDOWS\rosqxvmn.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - Global Startup: Digital Line Detect.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,geuhuv.dll,avgrsstx.dll gfoeff.dll

O21 - SSODL: ngwstxfd - {D6B12FF6-ACEB-4F1E-AD04-992DED3EA854} - C:\WINDOWS\ngwstxfd.dll (file missing)

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Intel

Link to post
Share on other sites

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hi markk521 and welcome to the Malwarebytes Security Forums :blink:

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.

  • The fixes are specific to your problem and should only be used for this issue on this machine!.

  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.

  • If you don't know, stop and ask! Don't keep going on.

  • Please reply to this thread. Do not start a new topic.

  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

  • Your security programs may give warnings for some of the tools I will ask you to use.

    Be assured, any links I give are safe

Extra note: Please be aware as I am still in training all of my fixes/posts require prior checking by a Expert. So some delays may be inevitable, please be patient and I will reply again asap.

Next:

In the meantime I would like to view a list of currently installed software applications on you're PC. How to provide as follows:

Run HijackThis and click on Open the Misc Tools section.

  • Click Open Uninstall Manager...

  • Click Save list... and save it to your Desktop.

  • Copy and paste the file uninstall_list.txt into your next reply.

Link to post
Share on other sites

Hi Dakeyras, thank you for your help. Here is the list of programs you asked for:

924PLC32

Adobe Flash Player Plugin

Adobe Shockwave Player 11

AIM 6

AOL Coach Version 1.0(Build:20040229.1 en)

AOL Connectivity Services

AOL Uninstaller (Choose which Products to Remove)

AOLIcon

Apple Software Update

ArcSoft VideoImpression 1.6

AusLogics Disk Defrag

AVG Free 8.0

Azureus

CCleaner (remove only)

Comcast High-Speed Internet Install Wizard

Conexant D850 56K V.9x DFVc Modem

Corel Photo Album 6

Dell CinePlayer

Dell Digital Jukebox Driver

Dell Driver Reset Tool

DellSupport

Digital Content Portal

Digital Line Detect

DivX Codec

DivX Content Uploader

DivX Converter

DivX Player

DivX Web Player

Documentation & Support Launcher

EarthLink setup files

EducateU

ELIcon

High Definition Audio Driver Package - KB835221

HijackThis 2.0.2

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Intel Matrix Storage Manager

Intel® PRO Network Connections Drivers

Intel® PROSet for Wired Connections

Intel® Quick Resume Technology Drivers

Intel® Quick Resume Technology Drivers

Intel

Link to post
Share on other sites

Hi :blink:

Before commencing with any of the below please make sure you are logged into the Computer Administrator account for this machine.

From researching your Hijack This log there is evidence that Internet Explorer Restrictions have been enabled:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Did you set this yourself with Spybot S&D?

Next:

Advised Optional Removal:

You have installed Viewpoint Media Player, I advise you uninstall this application for the reasons stated here.

Next:

Also old installations of Java are present, these older applications when left installed can be used as a back-door for malware to infect a computer. These are not a optional removal but rather a necessity and will not impact upon your presently installed up-to date Java version.

Note: The optional removal will be highlighted in Red.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

J2SE Runtime Environment 5.0 Update 6

Java

Link to post
Share on other sites

Hi Dakeyras.

I made sure to use the 'Computer Administrator' account when performing all the actions you asked me to do. I don't recall ever specifically setting restrictions to IE through Spybot S&D. In fact, I don't even recall the last time I used IE, I just use Firefox.

I uninstalled all the old Java updates and Viewpoint Media Player with no problems. Then I downloaded Combofix from that website you gave me and ran it on my computer. I'm posting the logs you asked for below. Thanks.

From Combofix:

ComboFix 08-10-15.08 - Mark 2008-10-16 14:44:26.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1589 [GMT -4:00]

Running from: C:\Documents and Settings\Mark\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\LocalService\Application Data\twain_32

C:\Documents and Settings\LocalService\Application Data\twain_32\user.ds

C:\Program Files\Altnet

C:\Program Files\Altnet\DBBackup\Sigfiles.db

C:\Program Files\Altnet\Download Manager\dminfo3.cab

C:\Program Files\Altnet\Download Manager\dminstall7.cab

C:\Program Files\Altnet\Download Manager\dmsetup.bmp

C:\Program Files\Altnet\Download Manager\dmsetupbig.bmp

C:\Program Files\Altnet\Download Manager\jsinstall.cab

C:\Program Files\Altnet\Download Manager\jslegals.txt

C:\Program Files\Altnet\Download Manager\selectdir.txt

C:\Program Files\Altnet\Download Manager\selectdir1st.txt

C:\Program Files\Need2Find

C:\Program Files\Need2Find\bar\2.bin\N2FFXTBR.JAR

C:\Program Files\Need2Find\bar\2.bin\N2NTSTBR.JAR

C:\Program Files\Need2Find\bar\2.bin\PARTNER.DAT

C:\Program Files\Need2Find\bar\Cache\000F8747

C:\Program Files\Need2Find\bar\Cache\000F889F

C:\Program Files\Need2Find\bar\Cache\000F8E1D

C:\Program Files\Need2Find\bar\Cache\files.ini

C:\Program Files\Need2Find\bar\History\search

C:\Program Files\Need2Find\bar\Settings\prevcfg.htm

C:\WINDOWS\system32\gfoeff.dll

C:\WINDOWS\system32\rkqssvhx.dll

C:\WINDOWS\twain_16.dll

.

((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))

.

2008-10-14 17:12 . 2008-09-08 06:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-14 17:11 . 2008-08-14 06:11 2,189,184 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-14 17:11 . 2008-08-14 06:09 2,145,280 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-14 17:11 . 2008-08-14 05:33 2,066,048 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-14 17:11 . 2008-08-14 05:33 2,023,936 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-14 17:11 . 2008-09-15 08:12 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-13 20:34 . 2008-10-13 20:34 <DIR> d-------- C:\Program Files\Panda Security

2008-10-13 20:34 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-10-13 20:18 . 2008-10-14 18:03 1,393 --a------ C:\WINDOWS\imsins.BAK

2008-10-13 18:44 . 2008-10-13 18:51 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-10-13 18:44 . 2008-10-13 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-10-13 15:28 . 2008-10-13 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\klaruncb

2008-10-13 14:32 . 2008-10-13 14:32 <DIR> d-------- C:\Program Files\Auslogics

2008-10-13 14:32 . 2008-10-13 14:32 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Auslogics

2008-10-13 14:26 . 2008-10-16 14:37 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-10-13 14:26 . 2008-10-13 14:26 <DIR> d-------- C:\Program Files\AVG

2008-10-13 14:26 . 2008-10-13 14:26 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-10-13 14:26 . 2008-10-13 14:26 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-10-13 14:26 . 2008-10-13 14:26 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-10-13 02:45 . 2008-10-13 02:45 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

2008-10-13 02:45 . 2008-10-13 02:45 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

2008-10-13 00:50 . 2008-10-13 01:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\luvyzgly

2008-10-12 23:19 . 2008-10-12 23:19 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\5

2008-10-12 23:09 . 2008-10-13 15:47 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\sp2

2008-10-12 23:09 . 2008-10-12 23:09 2 --a------ C:\-859445260

2008-10-08 14:51 . 2008-10-08 14:51 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared

2008-10-08 11:51 . 2008-10-08 11:51 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-09-26 15:20 . 2008-09-26 15:20 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-26 15:20 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-26 15:20 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-25 00:10 . 2008-10-14 13:04 <DIR> d--h----- C:\$AVG8.VAULT$

2008-09-24 21:55 . 2008-09-24 21:55 10,520 --------- C:\WINDOWS\system32\avgrsstx.dll.install_backup

2008-09-24 20:49 . 2008-10-13 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8

2008-09-24 20:43 . 2008-09-24 20:43 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Malwarebytes

2008-09-24 20:43 . 2008-09-24 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-09-24 17:12 . 2008-09-24 17:13 <DIR> d-------- C:\Program Files\Common Files\BitDefender

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-16 18:39 --------- d-----w C:\Program Files\Java

2008-10-16 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint

2008-10-13 21:53 --------- d-----w C:\Program Files\Trend Micro

2008-10-13 21:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft

2008-10-13 20:53 --------- d-----w C:\Program Files\NetZeroInstallers

2008-10-13 18:55 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-10-13 06:40 356 ----a-w C:\drmHeader.bin

2008-10-13 03:02 --------- d-----w C:\Documents and Settings\Mark\Application Data\Azureus

2008-09-24 23:31 --------- d-----w C:\Program Files\BitDefender

2008-09-18 23:02 --------- d-----w C:\Program Files\LimeWire

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-09-06 23:33 --------- d-----w C:\Program Files\Azureus

2008-08-27 21:02 --------- d-----w C:\Program Files\support.com

2008-08-25 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3

2008-08-25 14:34 --------- d-----w C:\Program Files\Microsoft Games

2008-02-17 19:11 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2006-09-12 20:40 56 --sh--r C:\WINDOWS\system32\EF141A1731.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 7323648]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]

"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 256576]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 40960]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-13 1234712]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-27 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1guxx.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"C:\\Program Files\\America Online 9.0\\waol.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"C:\\Program Files\\Common Files\\AOL\\1158816691\\ee\\aolsoftware.exe"=

"C:\\Program Files\\Common Files\\AOL\\1158816691\\ee\\aim6.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\AIM6\\aim6.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"19550:TCP"= 19550:TCP:BitComet 19550 TCP

"19550:UDP"= 19550:UDP:BitComet 19550 UDP

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-13 97928]

R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-13 875288]

R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-13 231704]

R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-13 76040]

S0 ati1guxx;ati1guxx;C:\WINDOWS\system32\Drivers\ati1guxx.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44ef5717-6c60-11dc-9d36-00038a000015}]

\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd8e66da-4f93-11dc-9d0d-00038a000015}]

\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd8e66db-4f93-11dc-9d0d-00038a000015}]

\Shell\AutoRun\command - H:\LaunchU3.exe

.

Contents of the 'Scheduled Tasks' folder

2008-10-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

.

- - - - ORPHANS REMOVED - - - -

BHO-{34DB4D93-58B2-47D9-A8CF-195A947C8908} - (no file)

BHO-{7da92ca0-abf5-4080-ab0f-a9f49884924b} - C:\WINDOWS\system32\gfoeff.dll

HKCU-Run-DellSupport - C:\Program Files\Dell Support\DSAgnt.exe

HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

HKLM-Run-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

HKLM-Run-DAEMON Tools-1033 - C:\Program Files\D-Tools\daemon.exe

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\u1521313.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig

FF -: plugin - C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\u1521313.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll

FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll

FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-16 14:47:49

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\WINDOWS\ehome\ehrecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

C:\Program Files\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\ehome\ehmsas.exe

.

**************************************************************************

.

Completion time: 2008-10-16 14:56:11 - machine was rebooted

ComboFix-quarantined-files.txt 2008-10-16 18:56:07

Pre-Run: 44,262,567,936 bytes free

Post-Run: 44,277,108,736 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

221 --- E O F --- 2008-10-14 22:03:10

From HiJack This:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:11:55 PM, on 10/16/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\vsnpstd.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Intel

Link to post
Share on other sites

HI :blink:

Hi Dakeyras.

I made sure to use the 'Computer Administrator' account when performing all the actions you asked me to do. I don't recall ever specifically setting restrictions to IE through Spybot S&D. In fact, I don't even recall the last time I used IE, I just use Firefox.

I uninstalled all the old Java updates and Viewpoint Media Player with no problems. Then I downloaded Combofix from that website you gave me and ran it on my computer. I'm posting the logs you asked for below. Thanks.

Nicely done and you're welcome!

Next:

Before commencing with any of the below please make sure you are logged into the Computer Administrator account for this machine.

Launch Malwarebytes' Anti-Malware:

  • Once the program has loaded, click on the Update tab and check for any updates.
  • Close the application, do not use this yet!

Note: If you have uninstalled this application prior to reading this, inform myself please.

Next:

Make sure Hidden Files are visible:

  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

There is a file I do not recorgnise, please carry out the following:

Note: Internet Explorer is the browser to use for best results.

  • Please go to VirSCAN.org free on-line scan service.
  • Copy and paste the following file path into the "Suspicious files to scan" box at the top of the page:
    C:\-859445260
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply. (Ctrl & V)

Next:

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

  • Please open Notepad (Start -> Run... -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    DirLook::C:\-859445260
    Folder::C:\Program Files\BitDefenderC:\Program Files\Adobe\Acrobat 7.0C:\Program Files\ViewpointC:\Program Files\Common Files\BitDefenderC:\Program Files\Common Files\Symantec SharedC:\Documents and Settings\All Users\Application Data\klaruncbC:\Documents and Settings\All Users\Application Data\luvyzglyC:\Documents and Settings\All Users\Application Data\Viewpoint
    Registry::O8 - Extra context menu item: &Search -


  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Next:

Launch Malwarebytes' Anti-Malware:

  • Now click on the Scanner tab and select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Copy and paste the log into your next reply.

The log can also be found here:

1. Launch Malwarebytes' Anti-Malware

2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following:

  • Inform myself how your computer is performing.
  • VirSCAN.org Scan Report
  • ComboFix report.
  • Malwarebytes Anti-Malware Log.
  • A new HijackThis Log.
Link to post
Share on other sites

Hi Dakeyras.

I'm sorry for the wait. Yes, I still need and greatly appreciate your help with my PC. I think I managed to follow all the steps properly. By this I mean that I didn't face any complications, but please let me know if I didn't do something to your specifications.

My computer seems to be performing well. I have not had any pop-ups and the PC is operating noticeably faster. Here is the info you asked for:

From VirSCAN.org:

VirSCAN.org Scanned Report :

Scanned time : 2008/10/17 15:06:57 (EDT)

Scanner results: All Scanners reported not find malware!

File Name : -859445260

File Size : 2 byte

File Type : ASCII text, with no line terminators

MD5 : 444bcb3a3fcf8389296c49467f27e1d6

SHA1 : 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb

Online report : http://virscan.org/report/444bcb3a3fcf8389...467f27e1d6.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 4.0.0.16 2008.10.16 2008-10-16 1.60 -

AhnLab V3 2008.10.18.00 2008.10.18 2008-10-18 2.93 -

AntiVir 7.9.0.5 7.0.7.56 2008-10-17 2.41 -

Antiy 2.0.18 20081016.1488960 2008-10-16 0.12 -

Arcavir 1.0.5 200810171137 2008-10-17 1.18 -

Authentium 5.1.1 200810150216 2008-10-15 1.06 -

AVAST! 3.0.1 081015-0 2008-10-15 0.70 -

AVG 7.5.52.442 270.8.1/1730 2008-10-17 1.70 -

BitDefender 7.60825.1882655 7.21308 2008-10-17 3.14 -

CA (VET) 9.0.0.143 31.6.6154 2008-10-17 3.72 -

ClamAV 0.94 8439 2008-10-17 0.00 -

Comodo 2.11 2.0.0.678 2008-10-16 1.91 -

CP Secure 1.1.0.715 2008.10.17 2008-10-17 6.19 -

Dr.Web 4.44.0.9170 2008.10.17 2008-10-17 3.30 -

ewido 4.0.0.2 2008.10.17 2008-10-17 3.29 -

F-Prot 4.4.4.56 20081016 2008-10-16 1.04 -

F-Secure 5.51.6100 2008.10.17.07 2008-10-17 0.02 -

Fortinet 2.81-3.113 9.649 2008-10-17 0.14 -

GData 19.1058/19.65 20081016 2008-10-16 3.08 -

ViRobot 20081016 2008.10.16 2008-10-16 0.40 -

Ikarus T3.1.01.44 2008.10.17.71669 2008-10-17 3.02 -

JiangMin 11.0.706 2008.10.17 2008-10-17 1.26 -

Kaspersky 5.5.10 2008.10.17 2008-10-17 0.01 -

KingSoft 2008.9.8.18 2008.10.17.20 2008-10-17 0.72 -

McAfee 5.3.00 5407 2008-10-16 2.10 -

Microsoft 1.4005 2008.10.17 2008-10-17 4.24 -

mks_vir 2.01 2008.10.17 2008-10-17 2.62 -

Norman 5.93.01 5.93.00 2008-10-16 5.29 -

Panda 9.05.01 2008.10.17 2008-10-17 2.11 -

Trend Micro 8.700-1004 5.606.17 2008-10-17 0.02 -

Quick Heal 9.50 2008.10.17 2008-10-17 2.12 -

Rising 20.0 20.66.32.00 2008-10-16 0.70 -

Sophos 2.79.0 4.34 2008-10-17 1.86 -

Sunbelt 3.1.1730.1 2320 2008-10-16 0.44 -

Symantec 1.3.0.24 20081016.004 2008-10-16 0.26 -

nProtect 2008-10-17.00 2255828 2008-10-17 5.68 -

The Hacker 6.3.1.0 v00117 2008-10-17 0.40 -

VBA32 3.12.8.7 20081016.1009 2008-10-16 1.22 -

VirusBuster 4.5.11.10 10.90.5/651677 2008-10-17 0.84 -

From Combofix:

ComboFix 08-10-16.08 - Mark 2008-10-17 16:13:18.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1485 [GMT -4:00]

Running from: C:\Documents and Settings\Mark\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Mark\Desktop\CFScript.txt.txt

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Application Data\klaruncb

C:\Documents and Settings\All Users\Application Data\luvyzgly

C:\Documents and Settings\All Users\Application Data\Viewpoint

C:\Program Files\Adobe\Acrobat 7.0

C:\Program Files\BitDefender

C:\Program Files\BitDefender\BitDefender 2008\NAG\Close2Exp\about_to_expire.jpg

C:\Program Files\BitDefender\BitDefender 2008\NAG\Close2Exp\bgd_gas.jpg

C:\Program Files\BitDefender\BitDefender 2008\NAG\Close2Exp\btn.jpg

C:\Program Files\BitDefender\BitDefender 2008\NAG\Close2Exp\btn_black.png

C:\Program Files\BitDefender\BitDefender 2008\NAG\Close2Exp\btn_red.png

C:\Program Files\BitDefender\BitDefender 2008\NAG\Close2Exp\check.gif

C:\Program Files\BitDefender\BitDefender 2008\NAG\Close2Exp\main_bgd.png

C:\Program Files\BitDefender\BitDefender 2008\NAG\Close2Exp\nag_bgd.jpg

C:\Program Files\BitDefender\BitDefender 2008\NAG\Close2Exp\restricted.gif

C:\Program Files\BitDefender\BitDefender 2008\NAG\Close2Exp\style2.css

C:\Program Files\BitDefender\BitDefender 2008\NAG\Expired\bgd_expired.jpg

C:\Program Files\BitDefender\BitDefender 2008\NAG\Expired\btn.jpg

C:\Program Files\BitDefender\BitDefender 2008\NAG\Expired\btn_black.png

C:\Program Files\BitDefender\BitDefender 2008\NAG\Expired\btn_red.png

C:\Program Files\BitDefender\BitDefender 2008\NAG\Expired\check.gif

C:\Program Files\BitDefender\BitDefender 2008\NAG\Expired\expired.jpg

C:\Program Files\BitDefender\BitDefender 2008\NAG\Expired\main_bgd.png

C:\Program Files\BitDefender\BitDefender 2008\NAG\Expired\nag_bgd.jpg

C:\Program Files\BitDefender\BitDefender 2008\NAG\Expired\restricted.gif

C:\Program Files\BitDefender\BitDefender 2008\NAG\Expired\style2.css

C:\Program Files\BitDefender\BitDefender 2008\NAG\Invalid\bgd_invalid.jpg

C:\Program Files\BitDefender\BitDefender 2008\NAG\Invalid\btn.jpg

C:\Program Files\BitDefender\BitDefender 2008\NAG\Invalid\btn_black.png

C:\Program Files\BitDefender\BitDefender 2008\NAG\Invalid\btn_red.png

C:\Program Files\BitDefender\BitDefender 2008\NAG\Invalid\check.gif

C:\Program Files\BitDefender\BitDefender 2008\NAG\Invalid\invalid_key.jpg

C:\Program Files\BitDefender\BitDefender 2008\NAG\Invalid\main_bgd.png

C:\Program Files\BitDefender\BitDefender 2008\NAG\Invalid\nag_bgd.jpg

C:\Program Files\BitDefender\BitDefender 2008\NAG\Invalid\restricted.gif

C:\Program Files\BitDefender\BitDefender 2008\NAG\Invalid\style2.css

C:\Program Files\BitDefender\BitDefender 2008\NAG\Trial\bgd_expired.jpg

C:\Program Files\BitDefender\BitDefender 2008\NAG\Trial\bgd_gas.jpg

C:\Program Files\BitDefender\BitDefender 2008\NAG\Trial\bgd_ts.jpg

C:\Program Files\BitDefender\BitDefender 2008\NAG\Trial\box_ts.png

C:\Program Files\BitDefender\BitDefender 2008\NAG\Trial\btn.jpg

C:\Program Files\BitDefender\BitDefender 2008\NAG\Trial\btn_black.png

C:\Program Files\BitDefender\BitDefender 2008\NAG\Trial\btn_red.png

C:\Program Files\BitDefender\BitDefender 2008\NAG\Trial\check.gif

C:\Program Files\BitDefender\BitDefender 2008\NAG\Trial\expired.html

C:\Program Files\BitDefender\BitDefender 2008\NAG\Trial\expired.jpg

C:\Program Files\BitDefender\BitDefender 2008\NAG\Trial\expired_trial.html

C:\Program Files\BitDefender\BitDefender 2008\NAG\Trial\main_bgd.png

C:\Program Files\BitDefender\BitDefender 2008\NAG\Trial\nag_bgd.jpg

C:\Program Files\BitDefender\BitDefender 2008\NAG\Trial\restricted.gif

C:\Program Files\BitDefender\BitDefender 2008\NAG\Trial\style2.css

C:\Program Files\BitDefender\BitDefender 2008\NAG\Trial\trial.jpg

C:\Program Files\BitDefender\BitDefender 2008\NAG\Trial\trial_d1.html

C:\Program Files\BitDefender\BitDefender 2008\NAG\Trial\trial_d2_d22.html

C:\Program Files\BitDefender\BitDefender 2008\NAG\Trial\trial_d23_d30.html

C:\Program Files\BitDefender\BitDefender 2008\tbextension\chrome.manifest

C:\Program Files\BitDefender\BitDefender 2008\tbextension\content\addenemy.png

C:\Program Files\BitDefender\BitDefender 2008\tbextension\content\addFriend.png

C:\Program Files\BitDefender\BitDefender 2008\tbextension\content\bdToolbar.js

C:\Program Files\BitDefender\BitDefender 2008\tbextension\content\bdToolbar.xul

C:\Program Files\BitDefender\BitDefender 2008\tbextension\content\isspam.png

C:\Program Files\BitDefender\BitDefender 2008\tbextension\content\logo.png

C:\Program Files\BitDefender\BitDefender 2008\tbextension\content\manageenemies.png

C:\Program Files\BitDefender\BitDefender 2008\tbextension\content\managefriends.png

C:\Program Files\BitDefender\BitDefender 2008\tbextension\content\notspam.png

C:\Program Files\BitDefender\BitDefender 2008\tbextension\content\settings.png

C:\Program Files\BitDefender\BitDefender 2008\tbextension\content\wizard.png

C:\Program Files\BitDefender\BitDefender 2008\tbextension\install.rdf

C:\Program Files\BitDefender\BitDefender 2008\tbextension\locale\en-US\bdtoolbar.dtd

C:\Program Files\Common Files\BitDefender

C:\Program Files\Common Files\Symantec Shared

.

((((((((((((((((((((((((( Files Created from 2008-09-17 to 2008-10-17 )))))))))))))))))))))))))))))))

.

2008-10-16 20:12 . 2008-10-16 20:12 <DIR> d-------- C:\Program Files\THQ

2008-10-14 17:12 . 2008-09-08 06:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-14 17:11 . 2008-08-14 06:11 2,189,184 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-14 17:11 . 2008-08-14 06:09 2,145,280 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-14 17:11 . 2008-08-14 05:33 2,066,048 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-14 17:11 . 2008-08-14 05:33 2,023,936 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-14 17:11 . 2008-09-15 08:12 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-13 20:34 . 2008-10-13 20:34 <DIR> d-------- C:\Program Files\Panda Security

2008-10-13 20:34 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-10-13 20:18 . 2008-10-14 18:03 1,393 --a------ C:\WINDOWS\imsins.BAK

2008-10-13 18:44 . 2008-10-13 18:51 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-10-13 18:44 . 2008-10-13 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-10-13 14:32 . 2008-10-13 14:32 <DIR> d-------- C:\Program Files\Auslogics

2008-10-13 14:32 . 2008-10-13 14:32 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Auslogics

2008-10-13 14:26 . 2008-10-17 11:43 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-10-13 14:26 . 2008-10-13 14:26 <DIR> d-------- C:\Program Files\AVG

2008-10-13 14:26 . 2008-10-13 14:26 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-10-13 14:26 . 2008-10-13 14:26 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-10-13 14:26 . 2008-10-13 14:26 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-10-13 02:45 . 2008-10-13 02:45 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

2008-10-13 02:45 . 2008-10-13 02:45 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

2008-10-12 23:19 . 2008-10-12 23:19 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\5

2008-10-12 23:09 . 2008-10-13 15:47 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\sp2

2008-10-12 23:09 . 2008-10-12 23:09 2 --a------ C:\-859445260

2008-10-08 11:51 . 2008-10-08 11:51 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-09-26 15:20 . 2008-10-17 15:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-26 15:20 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-26 15:20 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-25 00:10 . 2008-10-17 13:37 <DIR> d--h----- C:\$AVG8.VAULT$

2008-09-24 21:55 . 2008-09-24 21:55 10,520 --------- C:\WINDOWS\system32\avgrsstx.dll.install_backup

2008-09-24 20:49 . 2008-10-13 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8

2008-09-24 20:43 . 2008-09-24 20:43 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Malwarebytes

2008-09-24 20:43 . 2008-09-24 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-16 18:39 --------- d-----w C:\Program Files\Java

2008-10-16 03:50 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-10-13 21:53 --------- d-----w C:\Program Files\Trend Micro

2008-10-13 21:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft

2008-10-13 20:53 --------- d-----w C:\Program Files\NetZeroInstallers

2008-10-13 18:55 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-10-13 06:40 356 ----a-w C:\drmHeader.bin

2008-10-13 03:02 --------- d-----w C:\Documents and Settings\Mark\Application Data\Azureus

2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

2008-09-24 23:31 81,984 ----a-w C:\WINDOWS\system32\bdod.bin

2008-09-18 23:02 --------- d-----w C:\Program Files\LimeWire

2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-09-06 23:33 --------- d-----w C:\Program Files\Azureus

2008-08-27 21:02 --------- d-----w C:\Program Files\support.com

2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-08-25 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3

2008-08-25 14:34 --------- d-----w C:\Program Files\Microsoft Games

2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-08-25 08:37 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys

2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll

2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll

2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll

2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll

2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll

2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

2008-02-17 19:11 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2006-09-12 20:40 56 --sh--r C:\WINDOWS\system32\EF141A1731.sys

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of C:\-859445260 ----

C:\-859445260\

((((((((((((((((((((((((((((( snapshot@2008-10-16_14.55.42.15 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-10-17 00:24:54 7,358 ----a-r C:\WINDOWS\Installer\{BA801B94-C28D-46EE-B806-E1E021A3D519}\ARPPRODUCTICON.exe

+ 2006-03-31 16:40:58 2,388,176 ----a-w C:\WINDOWS\system32\d3dx9_30.dll

+ 2006-03-31 16:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll

+ 2006-03-31 16:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 7323648]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]

"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 256576]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 40960]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-13 1234712]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-27 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1guxx.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"C:\\Program Files\\America Online 9.0\\waol.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"C:\\Program Files\\Common Files\\AOL\\1158816691\\ee\\aolsoftware.exe"=

"C:\\Program Files\\Common Files\\AOL\\1158816691\\ee\\aim6.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\AIM6\\aim6.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"19550:TCP"= 19550:TCP:BitComet 19550 TCP

"19550:UDP"= 19550:UDP:BitComet 19550 UDP

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-13 97928]

R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-13 875288]

R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-13 231704]

R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-13 76040]

S0 ati1guxx;ati1guxx;C:\WINDOWS\system32\Drivers\ati1guxx.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44ef5717-6c60-11dc-9d36-00038a000015}]

\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd8e66da-4f93-11dc-9d0d-00038a000015}]

\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd8e66db-4f93-11dc-9d0d-00038a000015}]

\Shell\AutoRun\command - H:\LaunchU3.exe

.

Contents of the 'Scheduled Tasks' folder

2008-10-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-17 16:14:53

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-10-17 16:16:33

ComboFix-quarantined-files.txt 2008-10-17 20:16:17

ComboFix2.txt 2008-10-16 18:56:14

Pre-Run: 40,014,336,000 bytes free

Post-Run: 40,003,649,536 bytes free

259 --- E O F --- 2008-10-14 22:03:10

From Malwarebytes:

Malwarebytes' Anti-Malware 1.29

Database version: 1279

Windows 5.1.2600 Service Pack 3

10/17/2008 6:10:00 PM

mbam-log-2008-10-17 (18-10-00).txt

Scan type: Full Scan (C:\|D:\|E:\|)

Objects scanned: 92089

Time elapsed: 31 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

From Hijack This:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:44:09 PM, on 10/20/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\vsnpstd.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Intel

Link to post
Share on other sites

Hi :)

I'm sorry for the wait. Yes, I still need and greatly appreciate your help with my PC. I think I managed to follow all the steps properly. By this I mean that I didn't face any complications, but please let me know if I didn't do something to your specifications.

My computer seems to be performing well. I have not had any pop-ups and the PC is operating noticeably faster.

No problem and you're welcome!

Before commencing with any of the below please make sure you are logged into the Computer Administrator account for this machine.

Please re-open HiJackThis and select Scan. Check the boxes next to all the entries listed below (if present):

O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM

Now click on Fix Checked. Close HiJackThis.

Next click Start >> Run and type cleanmgr in the box and press OK.

  • Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
  • You can choose to check other boxes if you wish but they are not required.
  • Click on OK then Yes.
  • Now Reboot(restart) your computer.

When completed the above, please post back the following:

  • Is your computer is running fine still?
  • A new HijackThis Log.
Link to post
Share on other sites

Ok, I deleted that file and the other temporary files. Computer is still running fine. Here is the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:16:24 PM, on 10/21/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\vsnpstd.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Digital Line Detect.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Intel

Link to post
Share on other sites

Hi :)

Congratulations your computer appears to be malware free.

I just have a few tasks for your good self to carry out and some advice about online safety/security etc and you are good to go.

Time for some housecleaning:

Uninstall ComboFix

  • Click on Start >> Run...
  • Now type in Combofix /u in the and click OK.
  • Note the space between the X and the U, it needs to be there.
  • CF_Cleanup.png

You can also delete any logs we have produced, and empty your Recycle Bin.

Reset the system restore points:

  • Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >> System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:

  • Next click Start >> Run... and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Hide system files:

  • Open My Computer.
  • Go to Tools > Folder Options.
  • Select the View tab.
  • Scroll down to Hidden files and folders.
  • Select Do not show hidden files and folders.
  • Check (tick) Hide extensions of known file types.
  • Check (tick) Hide protected operating system files (Recommended).
  • Click OK.
  • Close My Computer.

Next:

There is no sign of a software firewall installed on your system. Regardless if using a hardware type and or using the inbuilt Windows Service Pack 3 firewall this is a necessary application as it will also provide outbound protection where as the aforementioned do not..

I highly advise you download ONE of the following firewalls and install it. Restart the computer for changes to take effect.

This article is a excellent resource regarding the aforementioned firewalls: Understanding and Using Firewalls

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Also please make sure that you check for updates for your AVG Antivirus regularly and run the appropriate scans once a week.

Keep your system updated:

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows

Go to Start > All Programs > Windows Update

To update Office

Open up any Office program.

Go to Help > Check for Updates

Alternatively, you can visit the links below to update Windows and Office products.

Windows Update

Office Update

Be careful when opening attachments and downloading files:

  • Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  • Never open emails from unknown senders.
  • Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  • Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Backup regularly:

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

Make your Internet Explorer safer:

For Internet Explorer 7

Please read this article to configure Internet Explorer 7 properly.

Avoid Peer to Peer software:

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.

Prevent a re-infection:

  • Winpatrol
    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.
    You can get a free copy of Winpatrol or use the Plus version for more features.
    You can read Winpatrol's FAQ if you run into problems.
  • Hosts File:
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.
    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.
    Here are some Hosts files:
  • MVPS Hosts File
  • Bluetack's Hosts File
  • Bluetack's Host Manager
  • hpHosts.

Only use one of the above.

Finally a educational source:

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Link to post
Share on other sites

Well, I guess my next post came faster than I thought :) I followed all of the above steps that you gave me with no problems. I also updated my computer with windows update. Then I also updated my windows media player from 10 to 11. After a restart, I ran a Malwarebytes quick scan and I got the following results:

From Malwarebytes:

Malwarebytes' Anti-Malware 1.30

Database version: 1310

Windows 5.1.2600 Service Pack 3

10/23/2008 4:54:58 PM

mbam-log-2008-10-23 (16-54-58).txt

Scan type: Quick Scan

Objects scanned: 48346

Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

From Hijack This:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:07:18 PM, on 10/23/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Tall Emu\Online Armor\oacat.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\vsnpstd.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Tall Emu\Online Armor\oahlp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Digital Line Detect.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Intel

Link to post
Share on other sites

Hi :)

Hi :)

Well, I guess this is my last reply! Thank you so much! I'll be sure to follow your safety tips and hopefully I won't ever have to post on this topic again. Bye!

You're welcome!

Well, I guess my next post came faster than I thought :) I followed all of the above steps that you gave me with no problems. I also updated my computer with windows update. Then I also updated my windows media player from 10 to 11. After a restart, I ran a Malwarebytes quick scan and I got the following results:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

I'll get back to yo your good self about this.

Link to post
Share on other sites

Hi :)

Before commencing with any of the below please make sure you are logged into the Computer Administrator account for this machine.

Please go to Kaspersky website and perform an online antivirus scan.

Note: You must use Internet Explorer to carry out this scan and make sure you are logged into the Computer Administrator account for this machine.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

[*]Please post this log in your next reply.

When completed the above, please post back the following:

  • Kaspersky Report.
  • A new HijackThis Log.
Link to post
Share on other sites

Hi Dakeyras!

The Kaspersky scan results say that I dont have malware. I also ran a full scan on Malwarebytes scan and there was no malware detected. I'm posting below:

From Kaspersky:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Friday, October 24, 2008

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Friday, October 24, 2008 12:13:08

Records in database: 1341958

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

Scan statistics:

Files scanned: 59400

Threat name: 0

Infected objects: 0

Suspicious objects: 0

Duration of the scan: 01:01:25

No malware has been detected. The scan area is clean.

The selected area was scanned.

From Hijack This:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:14:03 PM, on 10/24/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Tall Emu\Online Armor\oacat.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\vsnpstd.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Tall Emu\Online Armor\oahlp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Mark\Local Settings\temp\jkos-Mark\binaries\ScanningProcess.exe

C:\Documents and Settings\Mark\Local Settings\temp\jkos-Mark\binaries\ScanningProcess.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Digital Line Detect.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Intel

Link to post
Share on other sites

Hi :)

The results are good and you appear to be malware free again, congratulations!

I have just one task for your good self to carry out:

Reset the system restore points:

  • Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >> System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like Clean Point then press the Create button and once it's done press Close

Now remove old, infected System Restore points:

  • Next click Start >> Run... and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

If any questions feel free to ask :D

Link to post
Share on other sites

  • Root Admin

At this time your system appears to be clean. Nothing else in the logs indicates that you are still infected.

Now that you appear to be clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP

This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore

  • On the Desktop, right-click My Computer.
  • Click Properties.

  • Click the System Restore tab.

  • Check Turn off System Restore.

  • Click Apply, and then click OK.

  • Reboot.

Turn ON System Restore

  • On the Desktop, right-click My Computer.
  • Click Properties.

  • Click the System Restore tab.

  • UN-Check *Turn off System Restore*.

  • Click Apply, and then click OK.

This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy

Download it from
here
. Just choose a mirror and off you go.

Find here the tutorial on how to use Spybot properly
here

Install SpyWare Blaster

Download it from
here

Find here the tutorial on how to use Spyware Blaster
here

Install WinPatrol

Download it from
here

Here you can find information about how WinPatrol works
here

Install FireTrust SiteHound

You can find information and download it from
here

Install hpHosts

Download it from
here

hpHosts is a community managed and maintained hosts file that allows an additional layer of protection against access to ad,

tracking and malicious websites. This prevents your computer from connecting to these untrusted sites

by redirecting them to 127.0.0.1 which is your own local computer.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

You can use one of these sites to check if any updates are needed for your pc.

Visit Microsoft often to get the latest updates for your computer.

The windows firewall is not sufficient to protect your system. It doesn't monitor outgoing traffic and this is a must.

I recommend
Online Armor Free

A little outdated but good reading on

how to prevent Malware

Keep safe online and happy surfing.

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you
Fully Understand

how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting
Pre- HJT Post Instructions

Also don't forget that we offer
FREE
assistance with General PC questions and repair here
PC Help

If you're pleased with the product
Malwarebytes
and the service provided you, please let your friends, family, and co-workers know.
http://www.malwarebytes.org

.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.