Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

spylocked.com

Started by OCman , Apr 22 2007 01:02 PM

  • This topic is locked This topic is locked

#1
OCman
Posted 22 April 2007 - 01:02 PM

OCman

    Member

  • Member
  • PipPipPip
  • 130 posts
I keep getting this alert in the system tray with the blinking blue question mark and the red circled slash mark. I can't right click it and disable it.

I ran the following:

ATF Cleaner
System Restore (new restore point)
Adaware
Search and Destroy
AVG
Super AntiSpyware
Panda Activescan

I have the following scan logs at the end of the hijack file

AVG
Super AntiSpyware
Panda

---------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:55:17 AM, on 4/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\AOL\1163211950\ee\AOLSoftware.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Starfish\Sidekick 98\program\sidekick.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe
C:\Program Files\Common Files\ACD Systems\IDBSvr.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jerry\Desktop\INTERNET\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061103
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061103
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1163211950\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member....s/sbc/yinst.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe

-----------------------------

HiJack uninstall list

ACDSee 5.0 Standard
Ad-Aware SE Personal
Adobe Download Manager 2.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Spyware Protection
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
AVG Anti-Spyware 7.5
Backup Plus v7.0
Broadcom Advanced Control Suite
CinepPlayer 30 Update
Corel Paint Shop Pro X
Corel Snapfire Plus
Creative MediaSource
Dell CinePlayer
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
DellConnect
Digital Content Portal
DISC TITLE PRINTER
Documentation & Support Launcher
Downloader Pro v1.4.2
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD2one 1.5.1
EasyRecovery Professional
EducateU
Games, Music, & Photos Launcher
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
hp LaserJet-all-in-one
HP Software Update
Internet Service Offers Launcher
J2SE Runtime Environment 5.0 Update 6
LaserAIO
LG USB Modem driver (ver 3.0)
Logitech® Camera Driver
McAfee Uninstaller
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
MSXML 4.0 SP2 (KB927978)
Nero 6 Ultra Edition
NVIDIA Drivers
OrderReminder hp LaserJet 3015/3020/3030/3380
Outlook Express Quick Backup
Panda ActiveScan
PSPad editor
Quicken 2007
QuickLink Mobile Phonebook
QuickTime
Readiris Pro 9
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Sidekick 98
Sonic Activation Module
Sonic Advanced Decoder
Sonic Update Manager
Sound Blaster X-Fi
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
Time Zone Data Update Tool for Microsoft Office Outlook
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
URL Assistant
Viewpoint Media Player
Virtual Earth 3D (Beta)
WexTech AnswerWorks
WildTangent Web Driver
Windows Imaging Component
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Yahoo! Install Manager
Yahoo! Music Jukebox
----------------------------------

END OF HIJACK

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:47:49 AM 4/22/2007

+ Scan result:



C:\Program Files\Video AX Object\smmon.exe -> Downloader.Zlob.ava : Cleaned.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2\A0000014.exe -> Downloader.Zlob.ava : Cleaned.
C:\Program Files\Video AX Object\smunst.exe -> Downloader.Zlob.avb : Cleaned.
C:\Program Files\Video AX Object\spunst.exe -> Downloader.Zlob.bsi : Cleaned.
C:\Program Files\Backup Plus\Backup Sets\Full Backup After New System.bac/Documents and Settings/Jerry/Local Settings/Temp/Cookies/jerry@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Backup Plus\Backup Sets\Full Backup After New System.bac/Documents and Settings/Jerry/Local Settings/Temp/Cookies/[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Program Files\Backup Plus\Backup Sets\Full Backup After New System.bac/Documents and Settings/Jerry/Local Settings/Temp/Cookies/jerry@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Backup Plus\Backup Sets\Full Backup After New System.bac/Documents and Settings/Jerry/Local Settings/Temp/Cookies/jerry@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.


::Report end
---------------------

SUPERAntiSpyware Scan Log
Generated 04/22/2007 at 10:45 AM

Application Version : 3.6.1000

Core Rules Database Version : 3222
Trace Rules Database Version: 1233

Scan type : Complete Scan
Total Scan Time : 00:38:45

Memory items scanned : 413
Memory threats detected : 0
Registry items scanned : 6118
Registry threats detected : 30
File items scanned : 55435
File threats detected : 77

Trojan.Media-Codec/V2
HKLM\Software\Classes\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}
HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}
HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}
HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}\InprocServer32
HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO AX OBJECT\BPVOL.DLL
HKLM\Software\Classes\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}
HKCR\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}
HKCR\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}
HKCR\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}\Implemented Categories
HKCR\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}\InprocServer32
HKCR\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO AX OBJECT\SPLUG.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{F0993251-2512-4710-AF6E-0A13EA199D02}
HKU\S-1-5-21-1592073290-2001170567-2129649398-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{F0993251-2512-4710-AF6E-0A13EA199D02}
HKU\S-1-5-21-1592073290-2001170567-2129649398-1006\Software\Protection Tools
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Protection Volume
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Protection Volume#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Protection Volume#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Plug-in
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Plug-in#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Plug-in#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Messenger
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Messenger#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Messenger#UninstallString

Adware.Tracking Cookie
C:\Documents and Settings\Jerry\Cookies\[email protected][2].txt
C:\Documents and Settings\Jerry\Cookies\jerry@malwarewiped[1].txt

Trojan.Media-Codec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll [ C:\Program Files\Video AX Object\bpmon.exe ]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#rare [ C:\Program Files\Video AX Object\smmain.exe ]

Malware.SpyLocked
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#UninstallString

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2\A0000055.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2\A0000057.ICO

Trace.Known Threat Sources
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\JNPRJPKW\slogan[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\2TBS5KNQ\navv_bg[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\0F77EKH5\log2[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\2TBS5KNQ\screen[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\0F77EKH5\btn_buynow[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\JNPRJPKW\how[2].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\2TBS5KNQ\icon_help[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\JNPRJPKW\btn_order[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\PSOR5TKX\icon_ignore[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\2TBS5KNQ\newspaper[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\JNPRJPKW\btn_freescan[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\PSOR5TKX\bot_bg[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\0F77EKH5\b_l[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\0F77EKH5\btn_home[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\PSOR5TKX\b_b[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\2TBS5KNQ\box[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\0F77EKH5\logo_top[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\0F77EKH5\btn_company[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\2TBS5KNQ\bul[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\0F77EKH5\l[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\0F77EKH5\h2_bg[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\2TBS5KNQ\news_top1[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\2TBS5KNQ\btn_features[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\JNPRJPKW\main_bg[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\JNPRJPKW\logotype[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\PSOR5TKX\f_bg[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\0F77EKH5\t_l[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\0F77EKH5\blur[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\0F77EKH5\logo_bot[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\PSOR5TKX\btn_win[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\2TBS5KNQ\menu_right[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\PSOR5TKX\h[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\0F77EKH5\btn_download1[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\PSOR5TKX\b_company[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\JNPRJPKW\nav_bg[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\2TBS5KNQ\sep[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\JNPRJPKW\fl_r[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\PSOR5TKX\bot_r[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\2TBS5KNQ\b_affiliates[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\2TBS5KNQ\what[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\0F77EKH5\fl_sep[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\2TBS5KNQ\btn_features[2].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\PSOR5TKX\nav_r[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\PSOR5TKX\slogan[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\PSOR5TKX\fl_btn[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\0F77EKH5\btn_support[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\PSOR5TKX\btn_download[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\JNPRJPKW\main_bg[2].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\JNPRJPKW\btn_affiliates[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\0F77EKH5\fl_l[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\JNPRJPKW\h1_bg[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\PSOR5TKX\btn_company[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\JNPRJPKW\protect[1].png
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\PSOR5TKX\t_r[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\2TBS5KNQ\main[1].css
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\JNPRJPKW\flag_fr[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\JNPRJPKW\btn_get[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\2TBS5KNQ\main[4].css
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\JNPRJPKW\copy_left[2].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\PSOR5TKX\news_bottom1[2].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\PSOR5TKX\block_bg[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\0F77EKH5\box[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\JNPRJPKW\btn_buy[2].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\PSOR5TKX\btn_buy[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\2TBS5KNQ\btn_overview[1].jpg
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\2TBS5KNQ\btn_end[2].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\0F77EKH5\menu_bg[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\JNPRJPKW\copy_right[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\0F77EKH5\sep1[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\JNPRJPKW\anim[1].gif
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\2TBS5KNQ\r[1].jpg

----------------------------------------
Panda Scan Log

Incident Status Location

Potentially unwanted tool:Application/ServUBased.A Not disinfected C:\cave\ServU25f.zip[Setup.exe][SERV-U32.EXE]
Adware:Adware/PestTrap Not disinfected C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\0F77EKH5\aprotectservice[1].htm
  • 0

Advertisements

#2
Noviciate
Posted 22 April 2007 - 03:29 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
1) Download SmitfraudFix.exe by S!Ri from here and save it to your Desktop.

2) Double click SmitfraudFix.exe - this will open a Command Window and also create the SmitfraudFix folder on your Desktop. Once you have read the information, "press any key to continue..."
Press "1" and then <ENTER> to start the search process.
When the search has completed, a text file, rapport.txt, will open with the results in - Copy and paste this report into your next reply.

A copy of the report can be found in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.
For most, this file can be found by double-clicking My Computer and then Local Disk (C:)

IMPORTANT: Do NOT run any other options until you are asked to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#3
OCman
Posted 22 April 2007 - 03:40 PM

OCman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
Here's the file, but the alert is gone now.


SmitFraudFix v2.171

Scan done at 14:35:27.35, Sun 04/22/2007
Run from C:\Documents and Settings\Jerry\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\AOL\1163211950\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Starfish\Sidekick 98\program\sidekick.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe
C:\Program Files\Common Files\ACD Systems\IDBSvr.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Quicken\qw.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe
C:\WINDOWS\system32\imapi.exe
C:\WINVN\WINVN.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jerry


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jerry\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jerry\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=" "


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5B87F599-5665-46E0-A320-338F7ECB608E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5B87F599-5665-46E0-A320-338F7ECB608E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5B87F599-5665-46E0-A320-338F7ECB608E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#4
Noviciate
Posted 22 April 2007 - 03:55 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Looks like you got it all with your scanners. You can delete this folder if it still exists: C:\Program Files\Video AX Object.

You are running an old version of Sun Java which needs updating:
  • Go here and click on the Download button to the right of Java Runtime Environment (JRE) 6u1.
  • Accept the license agreement by clicking the appropriate radio button and then continue.
  • Under Windows Platform - Java™ SE Runtime Environment 6 Update 1, click the Windows Offline Installation, Multi-language link.
  • Go to Add/Remove Programs and remove any entries that refer to Java 2 Runtime Environment and then reboot your PC.
  • Navigate to and delete the following folder, if it exists: C:\Program Files\Java.
  • Finally double click the installation file that you downloaded earlier.
If your version of AVG A-S is now the end-of-trial stand-alone scanner, you need do the following:
  • Go to Start > Run, enter services.msc and hit OK.
  • Locate and right click AVG Anti-Spyware Guard
  • Select Properties from the menu.
  • Under the General Tab, change the Service status: to Stopped and then the Startup type: to Disabled.
This service is of no use to you if you can't, or don't, use the Resident Shield.
  • 0

#5
OCman
Posted 22 April 2007 - 04:28 PM

OCman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
Done, cool.

thanks!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP