Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hard Drive Space Disappearing [RESOLVED]

Started by Sura , Aug 17 2007 12:37 PM

This topic is locked

#1
Sura

Posted 17 August 2007 - 12:37 PM

Member

Member
30 posts

I only use this computer to store music and for basic programs, since it only has a 19 gig hard drive. However I recently have noticed that a lot of my hard drive space has been disappearing. My music only takes up about 6 gigs and the rest of the programs about 3. It may be caused by a virus, or spyware, hopefully you can resolve this problem for me. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 2:25:48 PM, on 17/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunesKeys\iTunesKeys.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Sura\Setups-Installs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: C:\windows\hr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\SysAdmin\Desktop\winstall.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F8392B9-4B4B-4FF3-B4A9-302139CE8CA1}: Domain = sympatico.ca
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

#2
sarahw

Posted 17 August 2007 - 01:08 PM

Malware Staff

Member
2,781 posts

Hi Sura,
Welcome to Geekstogo.
I will be handling your log to get you cleaned up.

I want you to show hidden files. There are instructions HERE to help you do this.
You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in safe mode so you will be unable to access this thread at that time. These instructions should be read first, then followed. If you do not understand something, don't be afraid to ask.

:whistling:

Edited by sarahw, 17 August 2007 - 01:14 PM.

#3
sarahw

Posted 17 August 2007 - 02:09 PM

Malware Staff

Member
2,781 posts

Hi,

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread online at that time. Whilst using some of the following programs, problems will occur with the cleaning process if you open other programs. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

1.
Please go to UploadMalware to upload a suspicious file for analysis.

Enter your username from this forum: Sura
Copy and paste the link to this thread: http://www.geekstogo.com/forum/Hard-Drive-Space-Disappearing-t167848.html
Browse for this filename: C:\Documents and Settings\SysAdmin\Desktop\winstall.exe
In the comments, please mention that I asked you to upload this file: SarahW
Click on Send File

2.
First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

3.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
Do not use it yet, we will use it later. Save it somewhere you can acces it easily, like your desktop.

4.
If you did not install the file marked below in red skip this step.
Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

O4 - HKLM\..\Run: C:\windows\hr.exe HiddenRecorder periodically takes screenshots of the computer. If you didn't install this yourself remove it.

Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\windows\hr.exe HiddenRecorder periodically takes screenshots of the computer. If you didn't install this yourself remove it.

Now close all windows and continue to the next steps.

5.
Open ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

6.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

6.
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

7.

Updating Java and Clearing Cache
- Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
- It will say "Java Plug-in" under the icon.
  Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
- If you are unable to update you can manually update by going here:[list]http://www.java.com/en/download/manual.jsp
After the reboot, go back into the Control Panel and double-click the Java Icon.
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
Downloaded Applications
Other Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.

Post the AVG log, the uninstall list and a fresh Hijack This log in a reply.

Sarah :whistling:

#4
Sura

Posted 17 August 2007 - 02:35 PM

Member

Topic Starter
Member
30 posts

For step one the winstall.exe was not located in the folder you specified. I did a search for it and it was located in the Windows/system32 folder. Should I still upload it?

#5
sarahw

Posted 17 August 2007 - 02:41 PM

Malware Staff

Member
2,781 posts

Yes thankyou, I would like the file uploaded please.

:whistling:

#6
Sura

Posted 17 August 2007 - 02:47 PM

Member

Topic Starter
Member
30 posts

Everytime I try to upload the file I get this error message:

The file you tried to upload was 0 Bytes or something prevented it from being uploaded. If someone requested you upload the file please let them know

#7
sarahw

Posted 17 August 2007 - 02:50 PM

Malware Staff

Member
2,781 posts

Ok, skip that step and continue with the others above.

:whistling:

#8
Sura

Posted 17 August 2007 - 05:08 PM

Member

Topic Starter
Member
30 posts

Sorry it took so long to reply, the scan took over a hour

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:52:46 PM 17/08/2007

+ Scan result:

C:\Program Files\Microsoft AntiSpyware\Quarantine\4744EF89-E819-480B-978F-582B28\67F860A8-F32C-491A-8309-785808 -> Adware.Chiem : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DHSIGNED.DhsignedCtrl.1 -> Adware.DealHelper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4744EF89-E819-480B-978F-582B28\259CD770-F517-46B5-8394-443AA6 -> Adware.IMAd : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4744EF89-E819-480B-978F-582B28\2E5E4A82-BBA6-44E1-9407-79CCF1 -> Adware.IMAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WildMedia -> Adware.MidAddle : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WildMedia\LicenseStores -> Adware.MidAddle : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winstall.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SEP -> Adware.SEP : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{E0D32886-0296-1033-0711-021005990002}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\WINDOWS\uninstaller.exe -> Adware.WildMedia : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WeUninstall.exe -> Backdoor.Graybird : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mcnew.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\Program Files\ipwins\Services.dll -> Downloader.Small.ece : Cleaned with backup (quarantined).
C:\Program Files\ipwins\Uninst.exe -> Dropper.DollarR.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\isetup.exe -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

Uninstall List

24 Hour Clock Intro Screensaver
ABC (remove only)
ACDSee 5.0 Standard
Adobe Acrobat 5.0
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop 7.0
Adobe Reader 6.0.1
Adobe Shockwave Player
Apple Software Update
ArcSoft Camera Suite 1.3
Audacity 1.2.6
avast! Antivirus
AVG Anti-Spyware 7.5
BitLord 1.1
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Dell Wireless 2350 Control Utility
DivX
DivX Player
DivX Web Player
Easy CD Creator 5 Platinum
Elecard MPEG-2 Decoder&Streaming Pack
HijackThis 1.99.1
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
iPod for Windows 2005-09-23
IpWins
iTunes
iTunesKeys v1.43
J2SE Runtime Environment 5.0 Update 10
Java™ 6 Update 2
Kazaa Media Desktop 2.1.1
Logitech QuickCam Software
Logitech® Camera Driver
Media Library Management Wizard
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Office XP Professional
Microsoft Visual Basic 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Muiltmedia keyboard utility 1.3
NetoDragon 56K Voice Modem
OIN
OpenMG Limited Patch 4.1-05-13-31-01
OpenMG Secure Module 4.1.00
Plus! MP3 Audio Converter LE
PolderbitS Sound Recorder and Editor
QuickTime
RealPlayer
Rogers Self Healing (remove only)
Rogers Self Healing (remove only)
Rogers Update Manager (remove only)
Rogers Yahoo! Applications
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Shockwave
Softk56 Data Fax Voice Speakerphone CARP
SonicStage 3.0
SpywareBlaster v3.4
Starcraft
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Visual IP InSight(Sympatico Consumer)
Windows Defender
Windows Defender Signatures
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip

Logfile of HijackThis v1.99.1
Scan saved at 7:07:36 PM, on 17/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Sura\Setups-Installs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\SysAdmin\Desktop\winstall.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F8392B9-4B4B-4FF3-B4A9-302139CE8CA1}: Domain = sympatico.ca
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

#9
sarahw

Posted 17 August 2007 - 06:48 PM

Malware Staff

Member
2,781 posts

Hi,
The Anti Spyware program deleted a few nasties there. Lets try a Anti Virus scanner

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Space monger is a program that lets you find out how your hard drive space is being used. It is relativly simple to use and the easy to follow graphs are simple to understand.
Download it HERE

Post back with the Active scan report.

:whistling:

Edited by sarahw, 17 August 2007 - 06:56 PM.

#10
Sura

Posted 18 August 2007 - 07:34 PM

Member

Topic Starter
Member
30 posts

Incident Status Location

Adware:adware/cydoor Not disinfected C:\WINDOWS\system32\cd_clint.dll
Adware:adware/transponder Not disinfected c:\windows\inf\dlmax.inf
Adware:adware/ipinsight Not disinfected c:\windows\inf\farmmext.inf
Spyware:spyware/betterinet Not disinfected c:\windows\inf\satmat.inf
Adware:adware/dealhelper Not disinfected c:\windows\dhkw.bin
Adware:adware/ieplugin Not disinfected c:\windows\kwv2.dat
Adware:adware/twain-tech Not disinfected c:\windows\satmat.ini
Adware:adware/sidesearch Not disinfected c:\windows\sepsd.bin
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/block-checker Not disinfected Windows Registry
Adware:adware/iebar Not disinfected Windows Registry
Adware:adware/esyndicate Not disinfected Windows Registry
Adware:adware/beginto Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected HKEY_CLASSES_ROOT\Interface\{D273D427-57C6-4B12-860F-BBB8195F6E2A}
Adware:adware/wupd Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/wintools Not disinfected Windows Registry
Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Adware:adware/purityscan Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\SysAdmin\Cookies\sysadmin@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\SysAdmin\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\SysAdmin\Cookies\sysadmin@burstnet[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\SysAdmin\Cookies\sysadmin@go[1].txt
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
Adware:Adware/Mytoolbar Not disinfected C:\Program Files\Common Files\{30D32886-0296-1033-0711-021005990002}\UnInstall.exe
Adware:Adware/Transponder Not disinfected C:\WINDOWS\inf\polall1r.inf
Virus:Trojan Horse Disinfected C:\WINDOWS\system32\O.BAT

#11
sarahw

Posted 19 August 2007 - 01:18 AM

Malware Staff

Member
2,781 posts

Hi Sura,
There is quite a few infections on your computer, but don't worry, we are getting them.

1.
Please download the OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\cd_clint.dll
c:\windows\inf\dlmax.inf
c:\windows\inf\farmmext.inf
c:\windows\inf\satmat.inf
c:\windows\dhkw.bin
c:\windows\kwv2.dat
c:\windows\satmat.ini
c:\windows\sepsd.bin
C:\Documents and Settings\SysAdmin\Cookies\sysadmin@2o7[1].txt
C:\Documents and Settings\SysAdmin\Cookies\[email protected][1].txt
C:\Documents and Settings\SysAdmin\Cookies\sysadmin@burstnet[2].txt
C:\Documents and Settings\SysAdmin\Cookies\sysadmin@go[1].txt
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\{30D32886-0296-1033-0711-021005990002}\UnInstall.exe
C:\WINDOWS\inf\polall1r.inf
C:\WINDOWS\system32\O.BAT
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
Close OTMoveIt

*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

2.
Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

3.
Open ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

4.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
[*]Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
[*]Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
[*]AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
[*]If you have any infections you will prompted, then select "Apply all actions"
[*]Next select the "Reports" icon at the top.
[*]Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
[*]Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
[/list]6.
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

5.
Please go HERE and run Panda's ActiveScan again.

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Post the Combofix, AVG and Panda scans in your next response.
Tell me how the computer is running.

:whistling:

#12
Sura

Posted 19 August 2007 - 11:13 AM

Member

Topic Starter
Member
30 posts

Every time I tried running Panda's Activescan it resulted it in being stuck in the scanning memory process and wouldn’t continue the scan. :whistling:

ComboFix 07-08-14.4 - "SysAdmin" 2007-08-19 10:59:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.54 [GMT -4:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Autorun.inf
C:\Program Files\Common Files\{30D32~1
C:\Program Files\Common Files\{E0D32~1
C:\Program Files\ipwins
C:\Program Files\ipwins\pop101.tmp
C:\Program Files\ipwins\pop111.tmp
C:\Program Files\ipwins\pop125.tmp
C:\Program Files\ipwins\pop14B.tmp
C:\Program Files\ipwins\pop99.tmp
C:\Program Files\ipwins\pop9F.tmp
C:\Program Files\ipwins\popA0.tmp
C:\Program Files\ipwins\popA7.tmp
C:\Program Files\ipwins\popBA.tmp
C:\Program Files\ipwins\popC2.tmp
C:\Program Files\ipwins\popCC.tmp
C:\Program Files\ipwins\popD2.tmp
C:\Program Files\ipwins\popD3.tmp
C:\Program Files\ipwins\popD6.tmp
C:\Program Files\ipwins\popD7.tmp
C:\Program Files\ipwins\popE0.tmp
C:\Program Files\ipwins\popE2.tmp
C:\Program Files\ipwins\popE3.tmp
C:\Program Files\ipwins\popE4.tmp
C:\Program Files\ipwins\popE5.tmp
C:\Program Files\ipwins\popEB.tmp
C:\Program Files\ipwins\popEC.tmp
C:\Program Files\ipwins\popEF.tmp
C:\Program Files\ipwins\popF4.tmp
C:\Program Files\ipwins\popF5.tmp
C:\Program Files\ipwins\popF8.tmp
C:\Program Files\ipwins\popFE.tmp
C:\Program Files\ipwins\setA3.tmp
C:\Program Files\ipwins\setA4.tmp
C:\Program Files\ipwins\setA6.tmp
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\mbols~1
C:\WINDOWS\system32\ppatch~1
C:\WINDOWS\system32\sembly~1
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\stem32~1
C:\WINDOWS\system32\wnsxs~1

((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 )))))))))))))))))))))))))))))))

2007-08-19 10:57 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 16:57 <DIR> d-------- C:\Program Files\SpaceMonger
2007-08-18 16:57 <DIR> d-------- C:\DOCUME~1\SysAdmin\APPLIC~1\SpaceMonger
2007-08-18 11:08 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-17 17:20 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-17 16:52 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-15 23:55 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-10 17:39 <DIR> d-------- C:\Program Files\BitLord

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-18 22:56 --------- d-------- C:\Program Files\Starcraft
2007-08-18 20:53 --------- d-------- C:\Program Files\Windows Defender
2007-08-18 20:51 --------- d-------- C:\Program Files\QuickTime
2007-08-18 20:50 --------- d-------- C:\Program Files\MSN Messenger
2007-08-18 20:43 --------- d-------- C:\Program Files\iTunes
2007-08-01 20:11 --------- d-------- C:\DOCUME~1\SysAdmin\APPLIC~1\Image Zone Express
2007-07-10 19:46 --------- d-------- C:\Program Files\Valve
2007-07-10 08:22 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-28 18:00 --------- d-------- C:\Program Files\iPod
2007-06-28 17:51 --------- d-------- C:\Program Files\Google
2007-06-28 10:12 --------- d-------- C:\Program Files\Apple Software Update
2007-06-26 11:13 851968 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:09 658944 -----c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-23 09:30 --------- d-------- C:\DOCUME~1\SysAdmin\APPLIC~1\AdobeUM
2007-06-21 10:41 --------- d-------- C:\Program Files\iTunesKeys
2007-06-21 10:12 --------- d-------- C:\DOCUME~1\SysAdmin\APPLIC~1\Launchy
2007-06-20 14:26 --------- d-------- C:\Program Files\DivX
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 14:09 96256 --a--c--- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 14:09 615424 -----c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 14:09 55808 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 14:09 532480 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 14:09 474112 -----c--- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 14:09 449024 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 14:09 39424 --a--c--- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 14:09 357888 --a--c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 14:09 3058688 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 14:09 251392 --a--c--- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 14:09 205312 --a--c--- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 14:09 16384 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 14:09 151040 --a--c--- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 14:09 1494528 -----c--- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 14:09 146432 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 14:09 1054208 --a--c--- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 14:09 1023488 -----c--- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 10:07 18432 --a--c--- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2004-07-06 11:33 298 --a--c--- C:\Program Files\INSTALL.LOG

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2003-01-09 12:42 C:\WINDOWS\system32\carpserv.exe]
"Cmaudio"="cmicnfg.cpl" []
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-01-15 13:28]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-04-03 18:12]
"FLMK08KB"="C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE" [2006-07-29 19:37]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-17 16:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [2005-08-02 11:12]
"RHSI SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [2005-08-02 11:51]
"SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [2005-08-02 11:51]
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-28 18:00:41]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PowerManager"=2 (0x2)
"YPCService"=3 (0x3)
"SPTISRV"=3 (0x3)
"SNDSrvc"=3 (0x3)
"SBService"=2 (0x2)
"PACSPTISVR"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"ccPwdSvc"=3 (0x3)
"SSScsiSV"=3 (0x3)
"LVPrcSrv"=2 (0x2)
"iPodService"=3 (0x3)

R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
R3 allegro;ESS Allegro Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198x.sys
R3 S3SAVAGE4M;S3SAVAGE4M;C:\WINDOWS\system32\DRIVERS\s3sav4m.sys
S2 ATITUNEP;ATI WDM TV Tuner (Microsoft);C:\WINDOWS\system32\DRIVERS\atintuxx.sys
S2 ATIXSAudio;ATI WDM TV Audio Crossbar (Microsoft);C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
S2 PCDCODEC;ATI WDM Specialized PCD Codec (Microsoft);C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
S3 ativraxx;ATI WDM Rage Theater Audio (Microsoft);C:\WINDOWS\system32\DRIVERS\atinraxx.sys
S3 Intels51;Intel® 536EP V.92 Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys
S3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
S3 S3Inc;S3Inc;C:\WINDOWS\system32\DRIVERS\s3mini.sys
S3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys
S3 USRTI;U.S. Robotics Faxmodem Driver TI;C:\WINDOWS\system32\DRIVERS\USRTI.SYS
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys
S4 PowerManager;Power Manager;C:\WINDOWS\svchost.exe

Contents of the 'Scheduled Tasks' folder
2007-08-17 01:57:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-06-23 05:34:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
2007-08-19 14:44:02 C:\WINDOWS\Tasks\Windows Update.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-19 11:07:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-19 11:10:50
C:\ComboFix-quarantined-files.txt ... 2007-08-19 11:10

--- E O F ---

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:09:17 PM 19/08/2007

+ Scan result:

HKU\S-1-5-21-1801674531-1563985344-842925246-1003\Software\TimeSynchonization -> Adware.DealHelper : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-1563985344-842925246-1003\Software\TimeSynchonization\Time Synchronize -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88645016-93EC-44F8-A3BF-03C55BB1F70F}\RP40\A0011497.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88645016-93EC-44F8-A3BF-03C55BB1F70F}\RP40\A0011496.exe -> Adware.Softomate : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-1563985344-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-59D4-4008-9058-080011001200} -> Adware.TitanShieldAntispyware : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88645016-93EC-44F8-A3BF-03C55BB1F70F}\RP40\A0011498.exe -> Adware.WildMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88645016-93EC-44F8-A3BF-03C55BB1F70F}\RP40\A0011495.exe -> Backdoor.Graybird : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88645016-93EC-44F8-A3BF-03C55BB1F70F}\RP40\A0011494.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88645016-93EC-44F8-A3BF-03C55BB1F70F}\RP40\A0011491.dll -> Downloader.Small.ece : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88645016-93EC-44F8-A3BF-03C55BB1F70F}\RP40\A0011492.exe -> Dropper.DollarR.b : Cleaned with backup (quarantined).
C:\_OTMoveIt\MovedFiles\Documents and Settings\SysAdmin\Cookies\sysadmin@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\_OTMoveIt\MovedFiles\Documents and Settings\SysAdmin\Cookies\sysadmin@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\_OTMoveIt\MovedFiles\Documents and Settings\SysAdmin\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{88645016-93EC-44F8-A3BF-03C55BB1F70F}\RP40\A0011493.exe -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

Edited by Sura, 19 August 2007 - 11:15 AM.

#13
sarahw

Posted 19 August 2007 - 11:58 AM

Malware Staff

Member
2,781 posts

How is your computer running now?
Could you please post a fresh Hijack This log.

#14
Sura

Posted 19 August 2007 - 12:05 PM

Member

Topic Starter
Member
30 posts

The computer is running at a pretty fast speed with not much freezing or lag, and im back to about 2.5 gigs from 1.7.

Logfile of HijackThis v1.99.1
Scan saved at 2:04:30 PM, on 19/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Sura\Setups-Installs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F8392B9-4B4B-4FF3-B4A9-302139CE8CA1}: Domain = sympatico.ca
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

#15
sarahw

Posted 19 August 2007 - 12:11 PM

Malware Staff

Member
2,781 posts

Your log looks clean. The Antispyware scans found a bit. We can run two Virus scans to see if there is anything stubborn hanging around.

lease do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

TrendMicro™ HouseCall Java Scan

Please go HERE to run the Trend Micro™ HouseCall Scan.
Click Scan now. It's free!
Read and put a Check next to Yes I accept the terms of use.
Click the Launching HouseCall>> button.
Under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
You may receive a Security Warning about the TrendMicro Java applet, click YES.
Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
Please be patient while it installs, updates, and scans your system.
Once the scan is complete, it will take you to the summary page.
Under Cleanup options, choose clean all detected infections automatically.
Click the Clean now>> button.
If anything was found you may be prompted to run the scan again, you can just close the browser window.

Reply with those two logs.
You seem to have had alot of infections on your computer. This is most likely due to file sharing programs, I recomend that oyu delete them to prevent future infections.

:whistling: