bestrevenue.net AND ad.yieldmanager POP-UP ads [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

3 Pages

< 1 2 3 >

bestrevenue.net AND ad.yieldmanager POP-UP ads [RESOLVED]

Options

juiicy27 View Member Profile	Feb 25 2008, 07:14 PM Post #16
Member Posts: 17 OS: XP	ComboFix 08-02-25.3 - Janine 2008-02-25 20:11:31.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.612 [GMT -5:00] Running from: C:\Documents and Settings\Janine\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 ))))))))))))))))))))))))))))))) . 2008-02-25 12:51 . 2008-02-25 12:51 <DIR> d-------- C:\Program Files\Sibelius Software 2008-02-25 12:51 . 2008-02-25 12:51 <DIR> d-------- C:\Documents and Settings\Janine\Application Data\Sibelius Software 2008-02-24 23:57 . 2005-10-14 13:49 94,208 --a------ C:\WINDOWS\SYSTEM32\igfxtray.exe 2008-02-23 19:05 . 2008-02-23 19:05 <DIR> d-------- C:\Deckard 2008-02-20 18:15 . 2008-02-20 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Musicnotes 2008-02-17 19:59 . 2008-02-25 20:05 27,684 --a------ C:\WINDOWS\SYSTEM32\Config.MPF 2008-02-17 19:56 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys 2008-02-17 19:56 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys 2008-02-17 19:56 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys 2008-02-17 19:56 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys 2008-02-17 19:56 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys 2008-02-17 19:56 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys 2008-02-17 19:55 . 2008-02-17 20:08 <DIR> d-------- C:\Program Files\Common Files\McAfee 2008-02-17 19:52 . 2008-02-17 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2008-02-17 13:07 . 2008-02-17 13:10 <DIR> d-------- C:\WINDOWS\SYSTEM32\mclsphlr 2008-02-17 13:07 . 2004-09-28 10:43 114,688 --------- C:\WINDOWS\SYSTEM32\mclsp.dll 2008-02-17 13:07 . 2004-09-28 10:43 32,768 --a------ C:\WINDOWS\SYSTEM32\instlsp.exe 2008-02-17 13:07 . 2004-09-28 10:43 11,264 --a------ C:\WINDOWS\SYSTEM32\sporder.dll 2008-02-08 17:12 . 2008-02-08 17:12 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-08 13:47 . 2008-02-17 17:54 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-02-08 13:47 . 2008-02-08 13:47 <DIR> d-------- C:\Documents and Settings\Janine\Application Data\SUPERAntiSpyware.com 2008-02-08 13:47 . 2008-02-08 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-02-08 13:46 . 2008-02-08 13:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-02 18:08 . 2008-02-02 18:08 <DIR> d-------- C:\WINDOWS\aolshare 2008-02-02 18:08 . 2008-02-02 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP 2008-01-30 22:35 . 2008-02-02 18:05 <DIR> d-------- C:\Program Files\AOL 9.1 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-25 22:21 --------- d-----w C:\Program Files\QuickTime 2008-02-25 22:21 --------- d-----w C:\Program Files\AOL 9.0vr 2008-02-20 03:22 --------- d-----w C:\Program Files\abrViewer.NET 2008-02-18 01:15 --------- d-----w C:\Program Files\McAfee 2008-02-18 00:55 --------- d-----w C:\Program Files\McAfee.com 2008-02-18 00:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com 2008-02-08 22:40 --------- d-----w C:\Program Files\Java 2008-02-08 21:50 --------- d-----w C:\Program Files\Sonic 2008-02-02 23:08 --------- d-----w C:\Program Files\Common Files\AOL 2008-02-02 23:07 --------- d-----w C:\Program Files\Last.fm 2008-02-02 23:07 --------- d-----w C:\Program Files\Audio Recorder for FREE 2008-02-02 23:04 --------- d-----w C:\Program Files\Common Files\aolshare 2008-01-31 07:07 --------- d-----w C:\Documents and Settings\Janine\Application Data\U3 2008-01-31 03:37 --------- d-----w C:\Documents and Settings\Janine\Application Data\AOL 2008-01-31 03:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-01-31 03:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2008-01-23 10:16 499,712 ----a-w C:\WINDOWS\SYSTEM32\msvcp71.dll 2008-01-23 10:16 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys 2007-12-06 10:05 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\oleaut32.dll 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll 2006-12-08 19:05 36 -c--a-w C:\Documents and Settings\Janine\klextlock.dat 2005-06-15 16:24 88 -csh--r C:\WINDOWS\SYSTEM32\ED7C8B6987.sys 2005-06-15 16:24 3,766 -csha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\bak\MskAgent.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 13:49 94208] "HostManager"="C:\Program Files\Common Files\AOL\1185132300\ee\AOLSoftware.exe" [2007-05-25 12:16 42032] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 02:24 282624] C:\Documents and Settings\Janine\Start Menu\Programs\Startup\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-12-21 07:44:18 106496] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Janine^Start Menu^Programs^Startup^Last.fm Helper.lnk] path=C:\Documents and Settings\Janine\Start Menu\Programs\Startup\Last.fm Helper.lnk backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2004-08-23 19:19 57344 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] --a------ 2007-08-18 03:12 394576 C:\PROGRA~1\mcafee.com\agent\McUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] --a------ 2004-04-19 15:45 53248 c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --------- 2004-04-11 21:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --a------ 2004-01-07 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask] c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\iTunes\\iTunes.exe"= R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-11-16 14:35] R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 04:00] S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2006-01-20 10:32] . Contents of the 'Scheduled Tasks' folder "2008-02-18 00:55:43 C:\WINDOWS\Tasks\McDefragTask.job" - c:\program files\mcafee\mqc\QcConsol.exe' "2008-02-18 00:55:41 C:\WINDOWS\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-25 20:13:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-02-25 20:13:56 ComboFix-quarantined-files.txt 2008-02-26 01:13:54 ComboFix2.txt 2008-02-26 01:03:34 ComboFix3.txt 2008-02-24 05:41:52 ComboFix4.txt 2008-02-19 01:52:34 . 2008-02-12 20:30:07 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:07:53 PM, on 2/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Canon\CAL\CALMAIN.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\1185132300\ee\AOLSoftware.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.livejournal.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1185132300\ee\AOLSoftware.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\bak\MskAgent.exe O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe -- End of file - 6318 bytes

andrewuk View Member Profile	Feb 26 2008, 02:43 PM Post #17
Trusted Helper Posts: 4,592 From: London, UK OS: XP	in this post we will clear some malware out of your logs, flush your temp folders and do a couple of scans to see what else is lurking on your machine. i suspect we will find a few infected files which we can clear in the following post and then your machine should hopefully be much better. firstly, i see that you have disabled the startups of a couple of McAfee components McUpdate.exe (which ensures your McAfee is kept up to date) and mcmnhdlr.exe (which allows automatic scanning). you should re-enable them to allow McAfee to give your full protection. also, that AWF infection has most likely compromised McAfee's ability to block spam emails. could you check that this still works, if not, you may have to re-install McAfee, or at least that component of McAfee. ====STEP 1==== Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\bak\MskAgent.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.Net\PartyPokerNet\RunPF.exe (file missing) Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. ====STEP 2==== flushing your temp folders..... Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. ====STEP 3==== i see you already have SUPERantispyware on your machine, so we will run it now. Double-click the SUPERantispyware icon to launch the program. If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.) Under "*Configuration and Preferences", click the Preferences* button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked (leave all others unchecked): Close browsers before scanning. Scan for tracking cookies. Terminate memory threats before quarantining. Click the "Close" button to leave the control center screen. Back on the main screen, under "*Scan for Harmful Software" click Scan your computer. On the left, make sure you check C:\Fixed Drive. On the right, under "Complete Scan", choose Perform Complete Scan. Click "Next" to start the scan. Please be patient while it scans your computer. After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". Make sure everything has a checkmark next to it and click "Next". A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. If asked if you want to reboot, click "Yes". To retrieve the removal information after reboot, launch SUPERAntispyware again. Click Preferences, then click the Statistics/Logs tab.* Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. Please copy and paste the Scan Log results in your next reply. Click Close to exit the program. ====STEP 4==== Please do an online scan with Kaspersky WebScanner Click on Accept You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. In your next reply could i see: 1. what you did with McAfee 2. the SUPERantispyware scan 3. the kaspersky scan log 4. a new hijackthis log andrewuk

juiicy27 View Member Profile	Feb 28 2008, 08:19 PM Post #18
Member Posts: 17 OS: XP	sorry to keep you waiting. Please give me a few days to look over these steps. I have been swamped with midterm exams and lab reports this week. I will try to get to this tomorrow afternoon. & Thanks again for helping me thus far!

andrewuk View Member Profile	Feb 29 2008, 06:25 AM Post #19
Trusted Helper Posts: 4,592 From: London, UK OS: XP	no problem, i will be here

juiicy27 View Member Profile	Mar 6 2008, 02:23 AM Post #20
Member Posts: 17 OS: XP	okay, sorry for taking a long time to get back to you. I was swamped with assignments before spring break. I'm not sure why McAfee shows its blocked, because it appears to be running normally. It scans on its own, and updates automatically. as far as the other programs are concerned, here are the 3 reports. Kaspersky gave me a heck of a time because it completely shut down my internet connection (on both computers!). I had to remove it after the scan to get a connection going again. Also, there is something called boonty games thats on my hijack scan & in my programs folder. i did not install that, so is it possibly spyware? ----------------------------------------------- SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/06/2008 at 00:31 AM Application Version : 4.0.1154 Core Rules Database Version : 3415 Trace Rules Database Version: 1407 Scan type : Complete Scan Total Scan Time : 00:48:30 Memory items scanned : 462 Memory threats detected : 0 Registry items scanned : 6208 Registry threats detected : 1 File items scanned : 71087 File threats detected : 2 Rogue.SysCleaner HKU\S-1-5-21-2449927989-3088459091-255223935-1006\Software\xInsiDERexe Adware.XInside C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\XINSIDE\XINSIDE.EXE.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP854\A0139176.EXE ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, March 06, 2008 2:57:41 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 6/03/2008 Kaspersky Anti-Virus database records: 601691 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 82910 Number of viruses found: 2 Number of infected objects: 20 Number of suspicious objects: 0 Duration of the scan process: 01:04:23 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\aolusers.fus Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\idb\LastLuxe\mydb.idx Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\idb\LastLuxe\toolbar.lst Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\idb\SNMaster.idx Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\organize\CACHE\lastlu01 Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\organize\lastluxe Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\organize\lastluxe.abi Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\organize\lastluxe.aby Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\aolstderr.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\aolstdout.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\cache.db Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\ncoc Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\server.lock Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{77B3BB91-C2CE-4EC8-B43D-3B7D069AEFAD}.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR161.tmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Janine\Application Data\AOL\C_AOL 9.1\IDB\Apps.Lst Object is locked skipped C:\Documents and Settings\Janine\Application Data\AOL\C_AOL 9.1\IDB\art.idx Object is locked skipped C:\Documents and Settings\Janine\Application Data\AOL\C_AOL 9.1\IDB\sap.dat Object is locked skipped C:\Documents and Settings\Janine\Application Data\AOL\C_AOL 9.1\IDB\spool.lst Object is locked skipped C:\Documents and Settings\Janine\Application Data\AOL\C_AOL 9.1\IDB\sysnews.lst Object is locked skipped C:\Documents and Settings\Janine\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Janine\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped C:\Documents and Settings\Janine\Local Settings\Application Data\Last.fm\Client\iTunesPlugin.log Object is locked skipped C:\Documents and Settings\Janine\Local Settings\Application Data\Last.fm\Client\Last.fm.log Object is locked skipped C:\Documents and Settings\Janine\Local Settings\Application Data\Last.fm\Client\lastfmhelper.log Object is locked skipped C:\Documents and Settings\Janine\Local Settings\Application Data\Last.fm\collection.db Object is locked skipped C:\Documents and Settings\Janine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Janine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Janine\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped C:\Documents and Settings\Janine\Local Settings\History\History.IE5\MSHist012008030620080307\index.dat Object is locked skipped C:\Documents and Settings\Janine\Local Settings\Temp\etilqs_a3hRIxhIG8k6QFV Object is locked skipped C:\Documents and Settings\Janine\Local Settings\Temp\etilqs_VyzlTBmEYLu01eF-journal Object is locked skipped C:\Documents and Settings\Janine\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Janine\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped C:\Documents and Settings\Janine\ntuser.dat Object is locked skipped C:\Documents and Settings\Janine\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\L2C03.tmp.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.aev skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\L2C03.tmp.vir/stream Infected: not-a-virus:AdWare.Win32.Agent.aev skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\L2C03.tmp.vir NSIS: infected - 2 skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\L4083.tmp.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.aev skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\L4083.tmp.vir/stream Infected: not-a-virus:AdWare.Win32.Agent.aev skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\L4083.tmp.vir NSIS: infected - 2 skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\L4941.tmp.vir/data0002 Infected: Trojan.Win32.Scapur.k skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\L4941.tmp.vir NSIS: infected - 1 skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\L735F.tmp.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.aev skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\L735F.tmp.vir/stream Infected: not-a-virus:AdWare.Win32.Agent.aev skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\L735F.tmp.vir NSIS: infected - 2 skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\LEE4E.tmp.vir/data0002 Infected: Trojan.Win32.Scapur.k skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\LEE4E.tmp.vir NSIS: infected - 1 skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\LEEA9.tmp.vir/data0002 Infected: Trojan.Win32.Scapur.k skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\LEEA9.tmp.vir NSIS: infected - 1 skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\LFAFD.tmp.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.aev skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\LFAFD.tmp.vir/stream Infected: not-a-virus:AdWare.Win32.Agent.aev skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\LFAFD.tmp.vir NSIS: infected - 2 skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\LFEDB.tmp.vir/data0002 Infected: Trojan.Win32.Scapur.k skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\LFEDB.tmp.vir NSIS: infected - 1 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP861\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\TEMP\mcafee_6QRPK9LNWt0Lfdg Object is locked skipped C:\WINDOWS\TEMP\mcmsc_bYkI3Zqfdk3mFJV Object is locked skipped C:\WINDOWS\TEMP\mcmsc_fmD0c892iU0MWfa Object is locked skipped C:\WINDOWS\TEMP\mcmsc_R9iWqfkeaKgW9zt Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. ------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:22:12 AM, on 3/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\WINDOWS\Explorer.EXE c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Common Files\AOL\1185132300\ee\AOLSoftware.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.livejournal.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1185132300\ee\AOLSoftware.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe -- End of file - 5985 bytes

andrewuk View Member Profile	Mar 6 2008, 02:41 PM Post #21
Trusted Helper Posts: 4,592 From: London, UK OS: XP	your logs are looking much better. QUOTE Kaspersky gave me a heck of a time because it completely shut down my internet connection (on both computers!). I had to remove it after the scan to get a connection going again. hmm....that is a first for me, i will look into that. QUOTE Also, there is something called boonty games thats on my hijack scan & in my programs folder. i did not install that, so is it possibly spyware? not spyware as far as i know, but we can remove it nonetheless. in the first intanse, could you try and remove it via add/remove programs. if that does not work, we will go down the manual route. the SUPERantispyware scan cleared a remnant of an infection we caught before and the kaspersky scan only found infections which were safely quarantined from before. so in this post we will do a final scan for malware and another scan of your machine. ====STEP 1==== Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. ====STEP 2==== Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop. Close ALL OTHER PROGRAMS. Open the WinPFind35u folder and double-click on WinPFind35u.exe to start the program. Check the box that says Scan All User Accounts Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days Under Additional Scans check the following: Reg - BotCheck Reg - Disabled MS Config Items File - Purity Scan Evnt - EventViewer Errors/Warnings (last 7 days) Now click the Run Scan button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Please attach the log in your next post. To attach a file, do the following: Click Add Reply Under the reply panel is the Attachments Panel Browse for the attachment file you want to upload, then click the green Upload button Once it has uploaded, click the Manage Current Attachments drop down box Click on to insert the attachment into your post in your next reply could i see: 1. the malwarebytes log 2. the attached winpfind file 3. some idea of how your machine is running now andrewuk

juiicy27 View Member Profile	Mar 6 2008, 07:18 PM Post #22
Member Posts: 17 OS: XP	my computer seems to be doing well, a tiny bit slow--but I think that may be from a few of the new programs. Better that then spyware! here's the first report: Malwarebytes' Anti-Malware 1.07 Database version: 461 Scan type: Quick Scan Objects scanned: 30897 Time elapsed: 8 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 16 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\AppID\{543bd811-f148-4b3a-a0b9-177014555bf9} (Adware.ISM) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bndblock5.band (Adware.ISM) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bndblock5.band.1 (Adware.ISM) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1f2f95d9-bafd-4769-85a2-4169957db67e} (Adware.ISM) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bndblock5.bho (Adware.ISM) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bndblock5.bho.1 (Adware.ISM) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d6b0c179-6343-442c-8175-9652e200cb55} (Adware.ISM) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{b0e43034-50f5-1f84-8098-824b44f2dbc3} (Adware.AdMedia) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BndBlock5.DLL (Adware.ISM) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BndBlock5.Band (Adware.ISM) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BndBlock5.Band.1 (Adware.ISM) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BndBlock5.BHO (Adware.ISM) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BndBlock5.BHO.1 (Adware.ISM) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ------------------------------------------------------------- the second program kept receiving the following error: Access violation at address 7C924D49 in module 'ntdll.dll'. Read of address 00000032. I didnt know what that meant so i just closed the program for now.

andrewuk View Member Profile	Mar 7 2008, 02:42 PM Post #23
Trusted Helper Posts: 4,592 From: London, UK OS: XP	lets see if we can get the DSS to work then: click on Start, click on Run copy and paste the following in bold in the open window and then click OK "%userprofile%\desktop\dss.exe" /config This will open up DSS configuration click on Check All click Scan DSS will now run again when finished Please post back both logs that open in notepad Main txt and extra txt andrewuk

juiicy27 View Member Profile	Mar 9 2008, 02:52 PM Post #24
Member Posts: 17 OS: XP	The DSS is still encountering errors and shutting down at the backing up hives step.

andrewuk View Member Profile	Mar 9 2008, 03:07 PM Post #25
Trusted Helper Posts: 4,592 From: London, UK OS: XP	Please run dss.exe again, but use these instructions: Click Start>Select 'Run' - then copy/paste the following text into the run box & click OK "%userprofile%\desktop\dss.exe" /config Click 'Run' In the ensuing dialog box, uncheck 'Backing up Registry Hives' Click Scan! When finished, it shall produce main.txt and extra.txt for you. andrewuk

andrewuk View Member Profile	Mar 10 2008, 03:17 PM Post #27
Trusted Helper Posts: 4,592 From: London, UK OS: XP	hi juiicy27 your logs look good, but the Boonty Games is still there, so we will remove it manually. all going well, then in the following post we will wrap up the malware fix and also see what we can do to speed up your machine. Please copy (Ctrl C) and paste (Ctrl V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop. CODE sc stop Boonty Games sc delete Boonty Games exit Double click FixServices.bat. A window will open and close. This is normal. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present): C:\Program Files\Common Files\BOONTY Shared could you post a new hijackthis log in your next reply andrewuk

juiicy27 View Member Profile	Mar 11 2008, 01:07 AM Post #28
Member Posts: 17 OS: XP	here is a new hijack this log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:08:17 AM, on 3/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\1185132300\ee\AOLSoftware.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\Program Files\AOL 9.1\waol.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AOL 9.1\shellmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Last.fm\LastFM.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.livejournal.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1185132300\ee\AOLSoftware.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe -- End of file - 6153 bytes

andrewuk View Member Profile	Mar 11 2008, 01:25 PM Post #29
Trusted Helper Posts: 4,592 From: London, UK OS: XP	hi juiicy27 congratulations, your logs are clean in this post we will clear away the fix tools, reset your restore points (there will be infections lurking in there) and i will leave you with some ideas on how to enhance the protection of your machine against future infection. i will also leave you with some ideas on how to speed up your machine. ====STEP 1==== Click START then RUN Now type Combofix /u in the runbox and click OK When shown the disclaimer, Select "2" The above procedure will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Reset System Restore. If you have trouble with this, let me know and we will clear away the fix tools and reset your restore points another way you can also clear away the other fix tools we used. ====IDEAS ON ENHANCING THE PROTECTION OF YOUR MACHINE==== The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well. SpywareBlaster - Great prevention tool to keep nasties from installing on your system. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ====IDEAS ON IMPROVING THE PERFORMANCE OF YOUR MACHINE==== there is a good page to read through here that may help andrewuk

juiicy27 View Member Profile	Mar 12 2008, 10:52 PM Post #30
Member Posts: 17 OS: XP	I still have dss, fixservices, winPFind35u, winPFind35u folder, and FindAWF on my desktop. can i just send them to the recycle bin or do i need to uninstall them too? also, i have several antispyware programs on my computer now. I would prefer to only keep two. - AVG - Ad-aware - superantispyware - spysweeper - malware bytes I will definately keep the AVG. do you have another suggestion?

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

3 Pages

< 1 2 3 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Need help removing winfixer pop up ads [RESOLVED]	8 / 1,481	6th January 2006 - 04:33 AM cookiemunsta started - last by loophole
Virus, Spyware and Trojan Removal winfixer and winanit virus pop up [RESOLVED]	4 / 456	2nd April 2006 - 02:43 PM nbbulldawg started - last by andydf
Virus, Spyware and Trojan Removal CiD Pop up ads [RESOLVED] 12	22 / 1,060	1st July 2007 - 10:21 PM mrschupa started - last by coachwife6
Virus, Spyware and Trojan Removal Problems with unwanted pop-up ads [RESOLVED]	8 / 542	21st October 2007 - 04:27 PM Marsu started - last by JSntgRvr