Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Error Detected Mozilla, The page at http://drivecleaner.com says:


  • This topic is locked This topic is locked

#1
Lmommy

Lmommy

    Member

  • Member
  • PipPip
  • 62 posts
Don77 or whoever is online This is what popped up before in IE, to get me infective! An ALERT box in IE, Now in Firefox - I was copying it, to write you about it -- because I did not remember if I hit the x to close it or cancel, [last time] when it auto- ran anyway.

I am using Firefox now- This popped up as a Mozilla Alert box: "Error Detected Mozilla The page at http://drivecleaner.com
says:" what I could remember of the rest is this.. -- {that I had Adult Content on my computer[even before it scanned], it said that I could get it without even going on those sites & it could tract me & get my credit card info to cause me havoc & even cost me my job or marriage} [last time it was an IE box, exact same thing but used the IE message box design] When I was typing what it said, The thing auto started all by itself -- by the time I hit cancel it had scanned my computer -- asking me to download this cleaner. I immediately shut down my Browser & at exit I have it set to clean all personal data. Then immediately ran my ATF_Cleaner. Do I need to do anything else. And why didn't AddBlockPlus block it?

I had a Firefox update earlier this evening & it had to restart the browser. When I exited then I cleared all personal data, earlier. So I knew that I did not have any Adult content on my computer! I was on Firefoxes's plugins page searching for a search engine that had the highlighter with it. I have to have a highlighter for my searching & find on new page.

Thanks!
Lmommy

Logfile of HijackThis v1.99.1
Scan saved at 12:56:29 AM, on 8/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\Copy of Owner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F3 - REG:win.ini: load=C:\HPOJTPRO\ONLREG\REMIND.EXE
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [2wSysTray] E:\Apps\2PortalMon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1182742621984
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
  • 0

Advertisements


#2
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
you missed me didn't you go ahead and admit it :whistling:


Fake warning to dup you into buying their product


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
Lmommy

Lmommy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Well of course :help: -- I just love cleaning out malware! :whistling: :help:


Well here is my dss files:
Deckard's System Scanner v20070708.52
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Architecture: X86; Language: English

Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1014.73 MiB / 555.43 MiB
Pagefile Memory (total/avail): 2442.09 MiB / 2215.34 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1980.41 MiB

C: is Fixed (NTFS) - 70.94 GiB total, 42.15 GiB free.
D: is Fixed (FAT32) - 3.58 GiB total, 1.66 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
UpdatesDisableNotify is set.

AV: AVG 7.5.476 v7.5.476 (GRISOFT)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EMACHINE1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\EMACHINE1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=EMACHINE1
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\SBC Yahoo!\umuninst.exe" /S
--> C:\PROGRA~1\Yahoo!\Common\unybase.exe
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1Click DVD Copy Pro 2.3.1.6 --> "C:\Program Files\LG Software Innovations\1Click DVD Copy Pro\unins000.exe"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Corel Painter IX --> MsiExec.exe /I{A0383B7D-81A2-49D3-BE06-C0FD9EFB9DFC}
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD43 v3.7.0 --> "C:\Program Files\dvd43\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Share-to-Web --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l9
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
IsoBuster 1.9 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Microsoft Calculator Plus --> MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.5) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Ultra Edition --> MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371033}
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Opera 9.21 --> MsiExec.exe /X{AF599832-2305-4922-9342-6FF48894E384}
Paint Shop Pro 7 --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PSP Thumbnail Handler --> C:\Program Files\PSP Thumbnail Handler\installed\Setup.exe /uninstall
Scan Manager 5.2 --> MsiExec.exe /I{E0A1559B-9886-11D4-8D06-0050DA284A39}
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Print Shop® 6.0 --> C:\WINDOWS\UNINST.EXE -f"C:\THEPRI~1\THEPRI~1.0\DeIsL1.isu" -c"C:\THEPRI~1\THEPRI~1.0\psfinst.dll"
Tube Extractor 1.0 --> "C:\Program Files\TubeEx\unins000.exe"


-- End of Deckard's System Scanner: finished at 2007-08-01 at 16:33:13 ---------

Deckard's System Scanner v20070708.52
Run by Owner on 2007-08-01 at 16:32:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; unknown error code 0x00000000


Performed disk cleanup.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:32:51 PM, on 8/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [2wSysTray] E:\Apps\2PortalMon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1182742621984
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20070706-104108-301 O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
backup-20070706-104108-438 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
backup-20070706-104108-453 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
backup-20070706-104108-485 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
backup-20070706-104108-554 O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
backup-20070706-104108-613 O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
backup-20070706-104108-619 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20070706-104108-662 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
backup-20070706-104108-673 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
backup-20070706-104108-752 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
backup-20070706-104108-756 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
backup-20070706-104108-848 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
backup-20070706-104108-914 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
backup-20070706-104108-951 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20070706-104109-277 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrai...can8/oscan8.cab
backup-20070706-104109-553 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...059/mcfscan.cab
backup-20070706-104109-602 O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
backup-20070706-104109-656 O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
backup-20070706-104109-751 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
backup-20070706-104109-774 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
backup-20070706-104109-793 O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
backup-20070706-104109-823 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
backup-20070706-104109-951 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
backup-20070710-094516-331 O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
backup-20070801-011127-437 F3 - REG:win.ini: load=C:\HPOJTPRO\ONLREG\REMIND.EXE

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-153
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-151
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-152


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Files created between 2007-07-01 and 2007-08-01 -----------------------------

2007-08-01 03:42:46 56 -r-hs---- C:\WINDOWS\system32\90CEF0ADCD.sys
2007-07-21 19:22:00 0 d-------- C:\WINDOWS\system32\COLOR
2007-07-17 19:02:33 0 d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2007-07-17 19:02:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-07-14 10:08:37 299520 --a------ C:\WINDOWS\Uninsop9.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-07-14 10:08:37 44032 --a------ C:\WINDOWS\OP9Deins.exe <Not Verified; Microsoft Corporation; Generic>
2007-07-14 10:07:37 0 d-------- C:\Program Files\OmniPagePro90
2007-07-12 17:57:52 341504 -----n--- C:\WINDOWS\system32\hpojgpwia.dll <Not Verified; Windows ® XP DDK provider; Windows ® XP DDK driver>
2007-07-12 17:57:52 69632 -----n--- C:\WINDOWS\system32\hpogpcon.exe <Not Verified; Hewlett-Packard Co.; HP TWAIN Data Source>
2007-07-12 17:33:26 0 d-------- C:\Program Files\HP Officejet 7100 Series_WebPack_English_WinXP
2007-07-11 17:09:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\Share-to-Web Upload Folder
2007-07-11 16:55:21 0 d-------- C:\Program Files\Hewlett-Packard
2007-07-11 16:18:19 97280 --a------ C:\WINDOWS\system32\opshel32.dll <Not Verified; Caere Corporation; OmniPage Pro>
2007-07-11 16:18:11 0 d-------- C:\Program Files\Common Files\Caere
2007-07-11 16:11:26 86016 --a------ C:\WINDOWS\OPDIRDEL.exe
2007-07-10 14:29:07 0 d-------- C:\Program Files\Java
2007-07-10 14:29:05 0 d-------- C:\Program Files\Common Files\Java
2007-07-10 12:01:17 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-07-10 12:00:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-07-10 12:00:12 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-07-10 09:19:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2007-07-08 23:28:45 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-07-08 23:23:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Opera
2007-07-08 23:23:34 0 d-------- C:\Program Files\Opera
2007-07-08 21:23:02 0 d-------- C:\Program Files\MSXML 4.0
2007-07-08 19:36:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\Ahead
2007-07-08 19:29:30 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2007-07-08 19:29:29 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2007-07-08 19:18:00 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-07-08 18:59:54 0 d-------- C:\WINDOWS\system32\NtmsData
2007-07-08 18:47:29 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Ahead
2007-07-06 14:47:15 0 d-------- C:\WINDOWS\system32\PreInstall
2007-07-04 19:18:25 0 d-------- C:\WINDOWS\pss
2007-07-04 19:18:06 0 d-------- C:\Program Files\Common Files\ODBC
2007-07-04 13:16:50 0 d-------- C:\VundoFix Backups


-- Find3M Report ---------------------------------------------------------------

2007-08-01 03:42:46 3506 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-01 03:41:58 0 d-------- C:\Documents and Settings\Owner\Application Data\Corel
2007-07-29 04:58:16 0 d-------- C:\Program Files\PSP Thumbnail Handler
2007-07-28 07:26:06 13155 --a------ C:\Program Files\setuplog.txt
2007-07-28 07:26:05 0 d-------- C:\Program Files\BladePro
2007-07-25 04:29:17 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-07-25 04:27:58 0 d-------- C:\Program Files\SpywareBlaster
2007-07-24 02:06:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-07-23 11:05:22 0 d-------- C:\Program Files\Corel
2007-07-21 23:49:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-07-16 18:39:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-11 17:21:40 0 d-------- C:\Program Files\TextBridge Pro 98
2007-07-10 10:41:36 0 d-------- C:\Documents and Settings\Owner\Application Data\RipIt4Me
2007-07-09 20:21:34 0 d-------- C:\Program Files\SpywareGuard
2007-07-08 21:13:48 0 d-------- C:\Program Files\Messenger
2007-07-04 15:11:03 0 d-------- C:\Program Files\Yahoo!
2007-07-04 15:08:25 118784 --a------ C:\WINDOWS\system32\pdfmona.dll
2007-07-04 15:08:25 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2007-07-04 13:37:34 0 d-------- C:\Program Files\Rainlendar
2007-06-27 13:47:24 1310 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-25 14:54:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Jasc
2007-06-25 09:09:28 0 d-------- C:\Program Files\Digital Media Reader
2007-06-25 04:36:35 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-06-25 04:35:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-18 10:12:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Motive
2007-06-09 07:28:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2007-05-15 16:36:07 24851 --a------ C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).ADR


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"2wSysTray"="E:\\Apps\\2PortalMon.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
Notification Packages REG_MULTI_SZ scecli\


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
WudfServiceGroup REG_MULTI_SZ WUDFSvc\


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87b61228-bd44-11db-a95e-806d6172696f}]
Shell\AutoRun\command E:\setup.exe
Shell\english\command E:\setup.exe lang=enu
Shell\french\command E:\setup.exe lang=fra
Shell\nocheck\command E:\setup.exe nocheck
Shell\noprompt\command E:\setup.exe q
Shell\spanish\command E:\setup.exe lang=esn


-- End of Deckard's System Scanner: finished at 2007-08-01 at 16:33:13 ---------

Well -- here we go round the malware bush, the malware bush, the malware bush... early in the evening. :blink: [good thing you can't hear me sing!]
Thanks AGAIN,
Lmommy
  • 0

#4
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
looks clean Mommy
Kaspersky scan

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#5
Lmommy

Lmommy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
It takes forever to scan. :whistling:
Well it found something. I was trying to reinstall some psp images from a disk & it was taking forever so I put all file into a folder to add images from there. Could they hurt not even being unzipped? I didn't even install them the 1st time - because I saw them bundled with another program -- I love themes & screensavers, but, for the last 2 yrs. have not even tried to get any. I guess I'll just have to learn how to do them myself, my next project. :help:

But for that same box to pop up & scan my computer, was really weird. Today I was looking up something on Yaholigans with my 9yo daughter & a popup came up that was soooo bad it offended me & for her to see it made me mad! I [45] have never seen something like that before. I felt like it put something in there to make its popup seem valified...can it do that? If so I really want to know how to protect myself & daughter from ever seeing that again!

Now I had immediately closed my browser & ran ATF_Cleaner, then full computer scan with AVG-Antivirus (it found nothing).
This is the report from Kaspersky online scan: [I have already deleted those themes & screen savers]. I still have not been able to do a windows restore. Or install from CD.

Kaspersky Online Scanner
Wednesday, August 01, 2007 11:18:14 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 2/08/2007
Kaspersky Anti-Virus database records: 370666


Scan complete.
Verdict: Your computer is infected
The following infected files/objects were detected:

Total number of scanned objects: 154004
Number of viruses found: 5
Number of infected objects: 37
Number of suspicious objects: 0
Duration of the scan process: 02:33:05


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics
Total number of scanned objects 154004
Number of viruses found 5
Number of infected objects 37
Number of suspicious objects 0
Duration of the scan process 02:33:05

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p8lcrf9t.default\cert8.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p8lcrf9t.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p8lcrf9t.default\history.dat Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p8lcrf9t.default\key3.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p8lcrf9t.default\parent.lock Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p8lcrf9t.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p8lcrf9t.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped

C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Desktop\--Old PSP File on disk\installed\screensavers\wrapped w other programs did not install\124829.exe/WISE0018.BIN Infected: Trojan-Downloader.Win32.Small.bke skipped

C:\Documents and Settings\Owner\Desktop\--Old PSP File on disk\installed\screensavers\wrapped w other programs did not install\124829.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\Documents and Settings\Owner\Desktop\--Old PSP File on disk\installed\screensavers\wrapped w other programs did not install\124829.exe WiseSFX: infected - 2 skipped

C:\Documents and Settings\Owner\Desktop\--Old PSP File on disk\installed\screensavers\wrapped w other programs did not install\124829.exe WiseSFX Dropper: infected - 2 skipped

C:\Documents and Settings\Owner\Desktop\--Old PSP File on disk\installed\Themes\installed\alwaysthankful.exe/WISE0017.BIN Infected: Trojan-Downloader.Win32.Small.bke skipped

C:\Documents and Settings\Owner\Desktop\--Old PSP File on disk\installed\Themes\installed\alwaysthankful.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\Documents and Settings\Owner\Desktop\--Old PSP File on disk\installed\Themes\installed\alwaysthankful.exe WiseSFX: infected - 2 skipped

C:\Documents and Settings\Owner\Desktop\--Old PSP File on disk\installed\Themes\installed\alwaysthankful.exe WiseSFX Dropper: infected - 2 skipped

C:\Documents and Settings\Owner\Desktop\DOWNLOADS\ATT_SST_Installer.exe/WISE0107.BIN/WISE0008.BIN Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped

C:\Documents and Settings\Owner\Desktop\DOWNLOADS\ATT_SST_Installer.exe/WISE0107.BIN/WISE0009.BIN Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped

C:\Documents and Settings\Owner\Desktop\DOWNLOADS\ATT_SST_Installer.exe/WISE0107.BIN Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped

C:\Documents and Settings\Owner\Desktop\DOWNLOADS\ATT_SST_Installer.exe WiseSFX: infected - 3 skipped

C:\Documents and Settings\Owner\Desktop\DOWNLOADS\ATT_SST_Installer.exe WiseSFX Dropper: infected - 3 skipped

C:\Documents and Settings\Owner\Desktop\DOWNLOADS\Geeks to Go\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Owner\Desktop\DOWNLOADS\Geeks to Go\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Owner\Desktop\DOWNLOADS\Geeks to Go\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Owner\Desktop\DOWNLOADS\Geeks to Go\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\Owner\Desktop\DOWNLOADS\Majic jellybean key extractor\kf151.zip/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Owner\Desktop\DOWNLOADS\Majic jellybean key extractor\kf151.zip/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Owner\Desktop\DOWNLOADS\Majic jellybean key extractor\kf151.zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Owner\Desktop\DOWNLOADS\Majic jellybean key extractor\kf151.zip ZIP: infected - 3 skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\OneNote\12.0\OneNoteOfflineCache.onecache Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\p8lcrf9t.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\p8lcrf9t.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\p8lcrf9t.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\p8lcrf9t.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\p8lcrf9t.default\XUL.mfl Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\BCGBCA.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\BCGBCB.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\BCGBCC.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\BCGBCD.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\BCGBCE.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\BCGBCF.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\BCGBD0.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\BCGBD1.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\BCGBD2.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\BCGBD3.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\BCGBD4.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\BCGBD9.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\BCGBDA.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\BCGBDB.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\BCGBDC.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\BCGBDD.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\~DF614.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\~DF96D.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\My Documents\Computer Fix Advice\GEEKS TO GO ~AntiVirus Programs\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Owner\My Documents\Computer Fix Advice\GEEKS TO GO ~AntiVirus Programs\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Owner\My Documents\Computer Fix Advice\GEEKS TO GO ~AntiVirus Programs\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Owner\My Documents\Computer Fix Advice\GEEKS TO GO ~AntiVirus Programs\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\catalog.wci000002.ps1 Object is locked skipped

C:\System Volume Information\catalog.wci000002.ps2 Object is locked skipped

C:\System Volume Information\catalog.wci010005.ci Object is locked skipped

C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped

C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped

C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped

C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped

C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000193.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000193.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000193.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000194.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0020038.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0020046.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0020046.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0020046.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0020133.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0020133.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0020133.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0020143.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP42\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{FC5420DE-D06D-4BAB-9A9B-5A98A8AD9EAF}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP42\change.log Object is locked skipped

Scan process completed.

Ok -- well what do I do now?? I know your not online, work how inconvenient :blink: I'll be checking your reply tomorrow morning.
Lmommy
  • 0

#6
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts

Ok -- well what do I do now?? I know your not online, work how inconvenient I'll be checking your reply tomorrow morning.
Lmommy

Oh boy I see I spoiled you I went to bed early and slept late :blink:

Lets get rid of this
C:\Documents and Settings\Owner\Desktop\DOWNLOADS\Majic jellybean key extractor

I m not sure why ATT is throwing fits :whistling:

Create a new System Restore point, and flush old.
  • Create a New System Restore Point:
  • Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  • On the Welcome page, click Create a restore point.
  • On the Create a Restore Point page, enter a descriptive name for your restore point, and then click Create.
  • Flush All Previous System Restore Points:
  • Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Disk Cleanup.
  • Click the More Options tab, and then under System Restore, click Clean up.
  • Click Yes to remove all but the most recent restore point. Click OK, click Yes to proceed with this action, and then click OK.
Next
Download and scan with SUPERAntiSypware Free for Home Users
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

lets see what it comes back with


  • 0

#7
Lmommy

Lmommy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hey Don,

I probably missed you being online today all together. I had a headache [not just a computer headache :whistling: but, a migraine :help: – so I took meds & laid down]. Well I ended up taking a late afternoon nap. Better now, So I guess today was a day to catch up on sleep . :help:

I guess my teacher radar on little things made me see your schedule. Sorry! :blink: I know Att is my dsl – it shouldn’t be having problems. But, what do I know?? I still can’t install anything that requires the Windows Installer. I have gotten my printer to print, but without the software,[& not very good quality] I cannot scan or fax. So I guess putting off going to the winxp help forum is now not an option. The jellybean thing I deleted last night. I guess one of my college kids put that in ?why? I thought it had to do with my youngest[9]…her nickname is Jellybean. When my son[19] comes home in 2wks. after spending the summer working in Alaska, I’ll ask him what it was. Talk about time difference [5 hrs. for us – you would be 6 hrs.] I am truly wanting to band them from my computer, but being Mom I probably won’t. My oldest daughter[21] will probably show up after her summer internship is done.Ihad to deal with multiple timezones this summer.. she was in Europe 17hrs ahead of us] They both will be going back to college [out of state – different ones] I wish they were computer savvy! My little one seems to lean more to computer workings..I’m keeping my fingers crossed. It does not come natural or easy to me – but being a teacher I set myself to learning it.

Running on at the mouth AGAIN – SORRY! I am waiting for my SuperAntiSpyware scan to finish. They all seem to take about 2 hours each. But, very much worth it if I get my computer fixed!
Much Thanks,
Lmommy

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/02/2007 at 11:26 PM

Application Version : 3.9.1008

Core Rules Database Version : 3278
Trace Rules Database Version: 1289

Scan type : Complete Scan
Total Scan Time : 01:50:59

Memory items scanned : 404
Memory threats detected : 0
Registry items scanned : 7148
Registry threats detected : 0
File items scanned : 137369
File threats detected : 0
  • 0

#8
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
:whistling: no worries

Thats clean is the machine behaving now ?
  • 0

#9
Lmommy

Lmommy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Thanks once again Don!!!!
The machine is better now. But, am in windows forum trying to fix those problems. It's going to feel like a new computer after all this cleaning & fixing :whistling:
Have a great weekend!
Lmommy
  • 0

#10
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Your in good hands over there I just peeked in on ya :whistling:

Be patient do exactly what they tell ya and you will be good to go soon
  • 0

#11
Lmommy

Lmommy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
I just saw you in there -- But, how can I cope :whistling: , you have spoiled me! :help: :blink:
THANKS SO MUCH -- AGAIN!!!!
Lmommy
  • 0

#12
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
You know how to find me :whistling:

Your very welcome
  • 0

#13
Lmommy

Lmommy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Don,
I owe you a tag -- any request? [non-flashy] or for a friend?? :blink:
Later - but, hopefully not because of more malware! :whistling:
Lmommy
  • 0

#14
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
OK I will close this for now and keep an eye on your topic in the XP forum

Good Luck :whistling:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP