Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus Alert! SpywareQuake [RESOLVED]

Started by shinjirod , Mar 25 2006 03:44 PM

This topic is locked

#1
shinjirod

Posted 25 March 2006 - 03:44 PM

Member

Member
12 posts

Hi.

My mom for some reason installed a codec called emedia or ecodec.

The thing installed at the same time some adware. It puts an icon on the right part of the toolbar ( where the clock and all that is ).

The icon is a green handicaped icon that switches to a "no" sign, and frequently pops up an alert that says

"your computer is infected!
Critical system error. System detected virus activities, bla bla bla. click to get all available results."

When clicked, it send to the spywarequake website. Also, the spywarequake install without me telling it to do so, even if i dont visit the website or click on this thing. And even if i delete it, it keeps coming up if i leave the computer for a couple of minutes. The icon itself has the name "Virus Alert!".

It also installed me a couple of shortcut links in my desktop called security online guide which redirects to http://securitylist.net/ and one called security troubleshooting which links to http://testsecurityo.../php/index.html.

ive got AVG free, which hasnt detected anything. Spybot doesnt show it. Adaware didnt either as did ewido.

Here´s my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 03:33:07 p.m., on 25/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Sony\VAIO Media Music Server\SSSvr.exe
C:\Archivos de programa\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Archivos de programa\Sony\Keyboard Closure Setup\KSWServ.exe
C:\Archivos de programa\Sony\VAIO Action Setup\VAServ.exe
C:\ARCHIV~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\nvctrl.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Documents and Settings\Shinjirod\Escritorio\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony-lati...gistration/vaio
O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hp55D.tmp
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SpywareQuake] C:\Archivos de programa\SpywareQuake\SpywareQuake.exe /h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Keyboard Closure Setup.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{443882FF-AD64-44C5-944C-976754A46956}: NameServer = 200.33.146.194 200.33.146.202
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\ARCHIV~1\ARCHIV~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Archivos de programa\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Archivos de programa\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\UPnPFramework.exe

I dunno if theres anything else i can say to describe the problem. thanks in advance. :whistling:

#2
Flrman1

Posted 25 March 2006 - 05:48 PM

Malware Assassin

Retired Staff
6,596 posts

Hi shinjirod

Welcome to G2G! :whistling:

* Click here to download smitRem.exe.

Save the file to your desktop.
It is a self extracting file.
Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.
If the link to SmitRem above is not working try this one.

* Download the trial version of Ewido Security Suite here.

Install ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet. You will do that later in safe mode.

* Click Here and download Killbox and save it to your desktop.

* Click here to download FixSQ.zip and save it to your desktop.
Unzip it to extract the FixSF.reg file it contains.

* Click here for info on how to boot to safe mode if you don't already know how.

* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

* Restart your computer into safe mode now. Perform the following steps in safe mode:

* Go to Add/Remove programs and uninstall SpywareQuake if it is there. Do not restart your computer if it asks you to do so.

* Doublclick on the FixSQ.reg file to add it to the registry.
Answer yes to confirm the merge.

* Double-click on Killbox.exe to run it.

Put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

C:\WINDOWS\system32\stickrep.dll

C:\Program Files\SpywareQuake
Click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
Killbox may tell you that one or more files do not exist.
If that happens, just continue on with all the files. Be sure you don't miss any.
Exit the Killbox.

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

* Run Ewido:

Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop

* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.

* Restart back into Windows normally now.

* Run ActiveScan online virus scan here

When the scan is finished, save the results from the scan!

SmitRem creates a log file with the results of it's fix in C:\smitfiles.txt. Go to your C drive and locate the smitfiles.txt file. Copy and paste the contents of the smitfiles.txt file in your next reply here along with a new HiJackThis log and the results from ActiveScan

#3
shinjirod

Posted 26 March 2006 - 11:24 AM

Member

Topic Starter
Member
12 posts

ok here are the logs and reports.

Hijack this

Logfile of HijackThis v1.99.1
Scan saved at 11:21:44 a.m., on 26/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Sony\VAIO Media Music Server\SSSvr.exe
C:\Archivos de programa\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Sony\Keyboard Closure Setup\KSWServ.exe
C:\Archivos de programa\Sony\VAIO Action Setup\VAServ.exe
C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Shinjirod\Escritorio\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xbox.ign.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony-lati...gistration/vaio
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Keyboard Closure Setup.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{443882FF-AD64-44C5-944C-976754A46956}: NameServer = 200.33.146.194 200.33.146.202
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\ARCHIV~1\ARCHIV~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Archivos de programa\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Archivos de programa\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\UPnPFramework.exe

smitfiles

smitRem © log file
version 2.8

by noahdfear

Microsoft Windows XP [Versi¢n 5.1.2600]

Running from
C:\Documents and Settings\Shinjirod\Escritorio\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precargador Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demonio de caché de las categorías de componente"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

Antivirus Test Online.url

~~~ system32 folder ~~~

1024 dir
ld****.tmp
ncompat.tlb
nvctrl.exe
hp***.tmp

~~~ Icons in System32 ~~~

ts.ico
ot.ico

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 672 'explorer.exe'
Killing PID 672 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precargador Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demonio de caché de las categorías de componente"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN! :whistling:

ewido report

---------------------------------------------------
ewido anti-malware - Report de exploración
---------------------------------------------------------

+ Creado en: 10:33:48 a.m., 26/03/2006
+ Report-Checksum: B1A84CDB

+ Scan result:

C:\Documents and Settings\Shinjirod\Cookies\shinjirod@2o7[2].txt -> TrackingCookie.2o7 : Limpio con backup
C:\Documents and Settings\Shinjirod\Cookies\shinjirod@atdmt[1].txt -> TrackingCookie.Atdmt : Limpio con backup
C:\Documents and Settings\Shinjirod\Cookies\shinjirod@doubleclick[2].txt -> TrackingCookie.Doubleclick : Limpio con backup
C:\Documents and Settings\Shinjirod\Cookies\shinjirod@mediaplex[2].txt -> TrackingCookie.Mediaplex : Limpio con backup
C:\Documents and Settings\Shinjirod\Cookies\shinjirod@questionmarket[1].txt -> TrackingCookie.Questionmarket : Limpio con backup
:mozilla.28:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Atdmt : Limpio con backup
:mozilla.34:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.2o7 : Limpio con backup
:mozilla.73:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Hitbox : Limpio con backup
:mozilla.74:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Hitbox : Limpio con backup
:mozilla.75:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Hitbox : Limpio con backup
:mozilla.76:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Hitbox : Limpio con backup
:mozilla.77:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Hitbox : Limpio con backup
:mozilla.78:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Hitbox : Limpio con backup
:mozilla.79:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Hitbox : Limpio con backup
:mozilla.80:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Hitbox : Limpio con backup
:mozilla.81:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Hitbox : Limpio con backup
:mozilla.83:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Doubleclick : Limpio con backup
:mozilla.87:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Questionmarket : Limpio con backup
:mozilla.88:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Questionmarket : Limpio con backup
:mozilla.89:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Bluestreak : Limpio con backup
:mozilla.99:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Clickzs : Limpio con backup
:mozilla.100:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Clickzs : Limpio con backup
:mozilla.101:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Clickzs : Limpio con backup
:mozilla.102:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Clickzs : Limpio con backup
:mozilla.103:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Clickzs : Limpio con backup
:mozilla.104:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Clickzs : Limpio con backup
:mozilla.105:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Casalemedia : Limpio con backup
:mozilla.109:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Statcounter : Limpio con backup
:mozilla.117:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Ru4 : Limpio con backup
:mozilla.118:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Ru4 : Limpio con backup
:mozilla.121:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Advertising : Limpio con backup
:mozilla.122:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Advertising : Limpio con backup
:mozilla.124:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Advertising : Limpio con backup
:mozilla.125:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Advertising : Limpio con backup
:mozilla.130:C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt -> TrackingCookie.Paycounter : Limpio con backup

::Fin Report

active scan results

Incident Status Location

Adware:adware/emediacodec Not disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\ESCRITORIO\Online Security Guide.url
Spyware:Cookie/Admotion Not disinfected C:\Documents and Settings\Shinjirod\Cookies\[email protected][2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Shinjirod\Cookies\shinjirod@adultfriendfinder[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Shinjirod\Cookies\shinjirod@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Shinjirod\Cookies\[email protected][2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Shinjirod\Cookies\shinjirod@go[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[.go.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[.888.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[.bannerlandia.com.ar/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[.belnk.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[.seeq.com/]
Spyware:Cookie/Clicktracks Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[.stats1.clicktracks.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[.terra.com.br/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Admotion Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[admotion.com.ar/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Netster Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[lb1.netster.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[www.advnt01.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[www48.seeq.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Shinjirod\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\Cache\3EFBEAA3d01[Process.exe]
Spyware:Cookie/Admotion Not disinfected C:\Documents and Settings\Shinjirod\Cookies\[email protected][2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Shinjirod\Cookies\shinjirod@adultfriendfinder[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Shinjirod\Cookies\shinjirod@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Shinjirod\Cookies\[email protected][2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Shinjirod\Cookies\shinjirod@go[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Shinjirod\Datos de programa\Mozilla\Firefox\Profiles\6qya96f9.default\cookies.txt[]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Shinjirod\Escritorio\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Shinjirod\Escritorio\smitRem(2).exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Shinjirod\Escritorio\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/SpyFalcon Not disinfected

#4
Flrman1

Posted 26 March 2006 - 06:09 PM

Malware Assassin

Retired Staff
6,596 posts

* Click here to download ATF Cleaner by Atribune and save it to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

[*]Click Exit on the Main menu to close the program.
[/list]
* Double-click on Killbox.exe to run it.

Put a tick by Delete on Reboot.
In the "Full Path of File to Delete" box, copy and paste the following line:

C:\DOCUMENTS AND SETTINGS\ALL USERS\ESCRITORIO\Online Security Guide.url
Click on the button that has the red circle with the X in the middle.
It will ask for confimation to delete the file on next reboot and ask you if you want to reboot now.
Click Yes and let the computer reboot.

* After it reboots, run Kaspersky online virus scan here.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan

#5
shinjirod

Posted 28 March 2006 - 07:17 PM

Member

Topic Starter
Member
12 posts

Logfile of HijackThis v1.99.1
Scan saved at 07:14:16 p.m., on 28/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Sony\VAIO Media Music Server\SSSvr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Sony\Keyboard Closure Setup\KSWServ.exe
C:\Archivos de programa\Sony\VAIO Action Setup\VAServ.exe
C:\Archivos de programa\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\ARCHIV~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Shinjirod\Escritorio\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xbox.ign.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony-lati...gistration/vaio
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Archivos de programa\GetRight\xx2gr.dll (file missing)
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Keyboard Closure Setup.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{443882FF-AD64-44C5-944C-976754A46956}: NameServer = 200.33.146.194 200.33.146.202
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\ARCHIV~1\ARCHIV~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Archivos de programa\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Archivos de programa\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\UPnPFramework.exe

KASPERSKY ON-LINE SCANNER REPORT
Monday, March 27, 2006 9:53:31 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 28/03/2006
Kaspersky Anti-Virus database records: 173271
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 44081
Number of viruses found 4
Number of infected objects 16
Number of suspicious objects 0
Duration of the scan process 01:01:08

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Shinjirod\Escritorio\eCodec-v4.286.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.jj skipped
C:\Documents and Settings\Shinjirod\Escritorio\eCodec-v4.286.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.jl skipped
C:\Documents and Settings\Shinjirod\Escritorio\eCodec-v4.286.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Shinjirod\Escritorio\eCodec-v4.286.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{27F284C4-A584-49BA-8703-3F1042882CDF}\RP85\A0041297.tlb Infected: Trojan.Win32.AI.c skipped
C:\System Volume Information\_restore{27F284C4-A584-49BA-8703-3F1042882CDF}\RP85\A0041303.tlb Infected: Trojan.Win32.AI.c skipped
C:\System Volume Information\_restore{27F284C4-A584-49BA-8703-3F1042882CDF}\RP85\A0043421.tlb Infected: Trojan.Win32.AI.c skipped
C:\System Volume Information\_restore{27F284C4-A584-49BA-8703-3F1042882CDF}\RP85\A0043428.tlb Infected: Trojan.Win32.AI.c skipped
C:\System Volume Information\_restore{27F284C4-A584-49BA-8703-3F1042882CDF}\RP85\A0043476.exe Infected: Trojan.Win32.AI.c skipped
C:\System Volume Information\_restore{27F284C4-A584-49BA-8703-3F1042882CDF}\RP85\A0043477.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.jj skipped
C:\System Volume Information\_restore{27F284C4-A584-49BA-8703-3F1042882CDF}\RP85\A0043477.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.jl skipped
C:\System Volume Information\_restore{27F284C4-A584-49BA-8703-3F1042882CDF}\RP85\A0043477.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{27F284C4-A584-49BA-8703-3F1042882CDF}\RP85\A0043477.exe UPX: infected - 2 skipped
C:\WINDOWS\system32\dfrgsrv.exe Infected: Trojan-Downloader.Win32.Zlob.jl skipped
C:\WINDOWS\system32\interf.tlb Infected: Trojan.Win32.AI.c skipped
C:\WINDOWS\system32\stickrep.dll Infected: Trojan.Win32.Agent.qf skipped
Scan process completed.

#6
Flrman1

Posted 29 March 2006 - 09:22 AM

Malware Assassin

Retired Staff
6,596 posts

* Double-click on Killbox.exe to run it.

Put a tick by Delete on Reboot.
Copy the following list of files to clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Documents and Settings\Shinjirod\Escritorio\eCodec-v4.286.exe
C:\WINDOWS\system32\dfrgsrv.exe
C:\WINDOWS\system32\interf.tlb
C:\WINDOWS\system32\stickrep.dll
Next in Killbox go to File > Paste from clipboard
Click on the All Files button.
Next click on the button that has the red circle with the white X in the middle.
It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now.
Click Yes and let the computer reboot.

* After it reboots, go here and do the BitDefender online virus scan.

Click "I Agree" to agree to the EULA.
Allow the ActiveX control to install when prompted.
Click "Click here to scan" to begin the scan.
Please refrain from using the computer until the scan is finished.
When the scan is finished, click on "Click here to export the scan results"
Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..

#7
shinjirod

Posted 31 March 2006 - 12:55 PM

Member

Topic Starter
Member
12 posts

Logfile of HijackThis v1.99.1
Scan saved at 12:53:32 p.m., on 31/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Sony\VAIO Media Music Server\SSSvr.exe
C:\Archivos de programa\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Sony\Keyboard Closure Setup\KSWServ.exe
C:\Archivos de programa\Sony\VAIO Action Setup\VAServ.exe
C:\ARCHIV~1\MOZILL~1\FIREFOX.EXE
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Shinjirod\Escritorio\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xbox.ign.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony-lati...gistration/vaio
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Archivos de programa\GetRight\xx2gr.dll (file missing)
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Keyboard Closure Setup.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{443882FF-AD64-44C5-944C-976754A46956}: NameServer = 200.33.146.194 200.33.146.202
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\ARCHIV~1\ARCHIV~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Archivos de programa\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Archivos de programa\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Archivos de programa\Archivos comunes\Sony Shared\VAIO Media Platform\UPnPFramework.exe

Attached Files

report.html 21.58KB 59 downloads

#8
Flrman1

Posted 31 March 2006 - 07:21 PM

Malware Assassin

Retired Staff
6,596 posts

How is your computer running now?

Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.

#9
shinjirod

Posted 31 March 2006 - 09:41 PM

Member

Topic Starter
Member
12 posts

Actualización de seguridad para el Reproductor de Windows Media (KB911564)
Actualización de seguridad para Step by Step Interactive Training (KB898458)
Actualización de seguridad para Windows XP (KB890046)
Actualización de seguridad para Windows XP (KB893756)
Actualización de seguridad para Windows XP (KB896358)
Actualización de seguridad para Windows XP (KB896422)
Actualización de seguridad para Windows XP (KB896423)
Actualización de seguridad para Windows XP (KB896424)
Actualización de seguridad para Windows XP (KB896428)
Actualización de seguridad para Windows XP (KB899587)
Actualización de seguridad para Windows XP (KB899591)
Actualización de seguridad para Windows XP (KB900725)
Actualización de seguridad para Windows XP (KB901017)
Actualización de seguridad para Windows XP (KB901214)
Actualización de seguridad para Windows XP (KB902400)
Actualización de seguridad para Windows XP (KB905414)
Actualización de seguridad para Windows XP (KB905495)
Actualización de seguridad para Windows XP (KB905749)
Actualización de seguridad para Windows XP (KB908519)
Actualización de seguridad para Windows XP (KB911927)
Actualización de seguridad para Windows XP (KB912919)
Actualización de seguridad para Windows XP (KB913446)
Actualización para Windows XP (KB835409)
Actualización para Windows XP (KB898461)
Actualización para Windows XP (KB910437)
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Photoshop Elements 2.0
Adobe Premiere Pro 1.5 Tryout
Agere Systems AC'97 Modem
AVG Free Edition
AVI Codec Pack
AVS VideoConverter 3.1.1.152
DVgate
Efficient Networks SpeedStream DSL
ewido anti-malware
Experience VAIO LA
GetRight
HijackThis 1.99.1
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 6
Kaspersky On-line Scanner
Kazaa Lite K++ v2.4.3
Keyboard Closure Setup 1.2.01
LimeWire 4.10.9
Macromedia Flash Player 8
Microsoft Learning and Research Plus Support Files
Microsoft Office XP Professional
Microsoft Picture It! Express 7.0
MovieShaker 3.3
Mozilla Firefox (1.5.0.1)
MSN Internet Software
MSN Messenger 7.5
Music Visualizer Library 1.4.00
Network Smart Capture
OpenMG Limited Patch 3.1-02-10-22-01
OpenMG Limited Patch 3.1-02-10-23-01
OpenMG Secure Module 3.1
Panda ActiveScan
Paquete de revisión de Windows XP [Consulte Q329115 para obtener más información ]
Paquete de revisión de Windows XP [Consulte Q329390 para obtener más información ]
PictureGear Studio 1.0
QuickTime
RealOne Player
RealProducer Basic 8.5
Reproductor de Windows Media 10
Revisión de Windows XP - KB823559
Revisión de Windows XP - KB823182
Revisión de Windows XP - KB824105
Revisión de Windows XP - KB828035
Revisión de Windows XP - KB833987
Revisión de Windows XP - KB835732
Revisión de Windows XP - KB837001
Revisión de Windows XP - KB839643
Revisión de Windows XP - KB839645
Revisión de Windows XP - KB840374
Revisión de Windows XP - KB840987
Revisión de Windows XP - KB841356
Revisión de Windows XP - KB841533
Revisión de Windows XP - KB841873
Revisión de Windows XP - KB842773
Revisión de Windows XP - KB871250
Revisión de Windows XP - KB873339
Revisión de Windows XP - KB873376
Revisión de Windows XP - KB885250
Revisión de Windows XP - KB885835
Revisión de Windows XP - KB885836
Revisión de Windows XP - KB888113
Revisión de Windows XP - KB888302
Revisión de Windows XP - KB890859
Revisión de Windows XP - KB891781
Revisión de Windows XP - KB897715
Revisión de Windows XP - KB905915
Revisión de Windows XP (SP2) Q329170
Revisión de Windows XP (SP2) Q329441
Revisión de Windows XP (SP2) Q810565
Revisión de Windows XP (SP2) Q810833
Revisión de Windows XP (SP2) Q814033
Revisión de Windows XP (SP2) Q817606
Revisión del DirectX 9 - KB839643
Revisión del Reproductor de Windows Media [consulte Q828026 para obtener más información]
Shareaza version 2.2.1.0
Shockwave
SiS Audio Driver
SiS Compatible VGA V2.09aLVS1
SonicStage 1.5.05
Sony DV Shared Library
Spybot - Search & Destroy 1.4
VAIO Action Setup
VAIO LA Survey
VAIO Media 2.0
VAIO Media Installer 2.0
VAIO Media Music Server 2.0
VAIO Media Photo Server 2.0
VAIO Media Platform 2.0
VAIO Mono Wallpaper
VAIO Registration
VAIO System Information
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
WinZip

#10
Flrman1

Posted 01 April 2006 - 03:23 PM

Malware Assassin

Retired Staff
6,596 posts

Everything looks good. How is the computer running now?

#11
shinjirod

Posted 01 April 2006 - 07:23 PM

Member

Topic Starter
Member
12 posts

good. it starts a bit slower than usual since i have everything running to get the most accurate details on HJT. i usually have a lot of those things removed with msconfig.

#12
Flrman1

Posted 02 April 2006 - 08:18 AM

Malware Assassin

Retired Staff
6,596 posts

* Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.

* Go to Windows update and install all "High Priority Updates".

* Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

#13
shinjirod

Posted 03 April 2006 - 07:50 PM

Member

Topic Starter
Member
12 posts

theres a weird thing going on. today it got really slow while working on photoshop. theres a process called inactive system process on task manager that useas a huge percentage of my processing power. any ideas whats going on?

#14
Flrman1

Posted 03 April 2006 - 08:28 PM

Malware Assassin

Retired Staff
6,596 posts

Did you disable the unnecessary startups again? Photoshop requires a lot of memory to run. How much RAM do you have installed?

#15
shinjirod

Posted 03 April 2006 - 08:30 PM

Member

Topic Starter
Member
12 posts

512. Its never had trouble before. I use a lot of heavy programs, like premiere pro, flash or photoshop, and its never run as slow as it did today. i did work on a very big file, but dont think it was reason enough for how slow it got.