Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Firefox spyware please help [RESOLVED]


  • This topic is locked This topic is locked

#1
brain1212

brain1212

    Member

  • Member
  • PipPip
  • 14 posts
I have been reading other peoples posts similar to my situation and thought this would be a great place to get some help. The same windows alert window pops up when I get on Firefox or IE. I have uninstalled firefox for the time being and am using mozzilla firebird as a browser for now (And I have not received a pop-up yet). Another thing that has been happening for a long while now is my browser (firefox or firebird) likes to crash all the time. I dont know if this is some spyware/virus or not, but I would like some guidance if possible. Please look at my Hijackthis log and help me out. Any help is much appreciated, thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:20 AM, on 1/5/2008
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
D:\apps\VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
D:\apps\VirusScan\VsStat.exe
D:\apps\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
D:\apps\VirusScan\Avconsol.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\Mixer.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINNT\system32\wuauclt.exe
D:\Apps\NetGear\wlancfg4.EXE
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\MOZILLA\MOZILL~1\MOZILL~1.EXE
C:\Documents and Settings\Brian Norris\Desktop\Stuff\Virus stuff\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bftwym.t.rack.cc/sp.php (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://bftwym.t.rack.cc/sp.php (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bftwym.t.rack.cc/hp.php (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchv.com/w/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.psn.cn/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bftwym.t.rack.cc/sp.php (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://bftwym.t.rack.cc/sp.php (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bftwym.t.rack.cc/hp.php (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://bftwym.t.rack.cc/sp.php (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchdot.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/w/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://bftwym.t.rack.cc/sp.php (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.psn.cn/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchdot.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: FFAF - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF} - C:\DOCUME~1\BRIANN~1\LOCALS~1\Temp\loglnhk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "D:\apps\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = D:\Apps\NetGear\wlancfg.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Apps\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Apps\AOL\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - D:\Games\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - D:\Games\PartyPoker.net\partypokernet.exe (file missing)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.belk...c.com/dwa7W.cab
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - D:\apps\VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IIS Admin Service (IISADMIN) - Unknown owner - C:\WINNT\System32\inetsrv\inetinfo.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: FTP Publishing Service (MSFTPSVC) - Unknown owner - C:\WINNT\System32\inetsrv\inetinfo.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Simple Mail Transport Protocol (SMTP) (SMTPSVC) - Unknown owner - C:\WINNT\System32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: World Wide Web Publishing Service (W3SVC) - Unknown owner - C:\WINNT\System32\inetsrv\inetinfo.exe (file missing)
O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINNT\System32\mspmspsv.exe (file missing)

--
End of file - 7459 bytes

Please help.
  • 0

Advertisements


#2
brain1212

brain1212

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Is there anyone that can help me?
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I am sorry for the delay . I will need a fresh look at your system

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#4
brain1212

brain1212

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for your response.

I downloaded DSS to my desktop and started the program up. The problem is that the program keeps crashing when it is "examining drivers". A program error box pops up and says "DSS
has generated errors and will be closed by Windows". I tried multiple times and I get the same results. (No additional windows were open).

Do you have any suggestions on what I need to do?

Oh yeah, I even disabled zonealarm and mcaffee and did the same thing.

Edited by brain1212, 09 February 2008 - 02:23 PM.

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK then lets try another spyware scan first to see if that works and/or reveals anything

FIRST

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bftwym.t.rack.cc/sp.php (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://bftwym.t.rack.cc/sp.php (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bftwym.t.rack.cc/hp.php (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchv.com/w/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.psn.cn/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bftwym.t.rack.cc/sp.php (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://bftwym.t.rack.cc/sp.php (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bftwym.t.rack.cc/hp.php (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://bftwym.t.rack.cc/sp.php (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchdot.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/w/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://bftwym.t.rack.cc/sp.php (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.psn.cn/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchdot.net
O2 - BHO: FFAF - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF} - C:\DOCUME~1\BRIANN~1\LOCALS~1\Temp\loglnhk.dll


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Download and then run SuperAntispyware
  • On the first page select Check for Updates
  • On completion select SCAN YOUR COMPUTER
  • On the next page select COMPLETE SCAN and tick ALL your drives
  • The next stage will take a while as your entire drive(s), memory and registry are scanned
  • When it has completed click NEXT
  • The next screen shows the problems found click OK
  • On the next screen place a tick against all items and select NEXT
  • Now to get the log Go to the PREFERENCES button on the right bottom
  • Select the STATISTICS/LOG tab
  • Highlight the scan just completed and click VIEW LOG
  • This will open a notepad text file copy and paste this to your next reply

Logs required : Superantispyware and Hijackthis
  • 0

#6
brain1212

brain1212

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I guess there was some nasty stuff in there. It already removed the files and I rebooted my computer. I am still getting pop-ups too. Here is the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/09/2008 at 08:35 PM

Application Version : 3.9.1008

Core Rules Database Version : 3399
Trace Rules Database Version: 1391

Scan type : Complete Scan
Total Scan Time : 00:44:08

Memory items scanned : 321
Memory threats detected : 0
Registry items scanned : 4544
Registry threats detected : 0
File items scanned : 26198
File threats detected : 68

Adware.Tracking Cookie
C:\Documents and Settings\Brian Norris\Cookies\brian [email protected][1].txt
C:\Documents and Settings\Brian Norris\Cookies\brian [email protected][2].txt
C:\Documents and Settings\Brian Norris\Cookies\brian [email protected][1].txt
C:\Documents and Settings\Brian Norris\Cookies\brian [email protected][2].txt
C:\Documents and Settings\Brian Norris\Cookies\brian [email protected][2].txt
C:\Documents and Settings\Brian Norris\Cookies\brian [email protected][1].txt
C:\Documents and Settings\Brian Norris\Cookies\brian [email protected][1].txt
C:\Documents and Settings\Brian Norris\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected]ricescan[1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][2].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][2].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][2].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][2].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][2].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][2].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][2].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][2].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][2].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][2].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][2].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][2].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][2].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][2].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][2].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][2].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][2].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][2].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][1].txt
C:\Deckard\System Scanner\20080209150627\backup\DOCUME~1\BRIANN~1\LOCALS~1\Temp\Cookies\brian [email protected][2].txt

Dialer.Columb-ContentAccessPlugin
C:\DECKARD\SYSTEM SCANNER\20080209150627\BACKUP\DOCUME~1\BRIANN~1\LOCALS~1\TEMP\DIA3C.EXE

Trojan.ToolbarCC
C:\DECKARD\SYSTEM SCANNER\20080209150627\BACKUP\DOCUME~1\BRIANN~1\LOCALS~1\TEMP\LOGLNHK.DLL

Parasite.CoolWebSearch Variant
C:\DOCUMENTS AND SETTINGS\BRIAN NORRIS\APPLICATION DATA\WINLINK\WINLINK.DLL

Trojan.Downloader-Gen/SVCHost-Fake
C:\SVCHOST.EXE

W32.MyDoom
C:\WINNT\SYSTEM32\SVHOST.EXE

Just want to thank you for all of the help so far.

Edited by brain1212, 09 February 2008 - 08:15 PM.

  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I would now like you to retry the DSS programme

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

If that should fail again then

We will now do a deep search of your processes and files

Download avz4.zip from here
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Investigation" check box.
  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Investigation" check box.
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both zip files to your next post
  • 0

#8
brain1212

brain1212

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Dss Failed again so here are the zip files from avz.

There are three log files. The first zip file (virusinfo_cure.zip) was the first scan I did and when it was about 86% through a window popped up saying something about an address failure (sorry I didnt remember it all). Don't know if you had ever seen or heard of that before.

So I did another "Healing/Quarantine and Advanced System Investigation" scan and this time no error box came up. This zip file is "virusinfo_syscure.zip"

And the last scan after reboot was done (Advance System Analysis)

EDIT: Well I just realized that the file "virusinfo_cure.zip" is too large to upload to the site (0.98 MB)

Attached Files


Edited by brain1212, 10 February 2008 - 08:41 AM.

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There is a possible rootkit there, I will try this programme first to try and get rid of it. If that fails I will go for a bigger hammer

AVZ FIX

  • Double click on AVZ.exe
  • Click File > Custom scripts
  • Copy & paste the contents of the following codebox in the box in the program (start with begin and end with end )
    begin
    SetAVZGuardStatus(True);
    SearchRootkit(true, true);
     DeleteFile('aijtzvo.exe');
     DeleteFile('C:\documents and settings\brian norris\local settings\application data\aijtzvo.exe');
    BC_ImportDeletedList;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
  • Note: When you run the script, your PC will be restarted
  • Click Run
  • Restart your PC if it doesn't do it automatically.

ON COMPLETION

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Investigation" check box.
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach the zip file to your next post
  • 0

#10
brain1212

brain1212

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here it is.

Attached Files


  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that appears to have killed it :)

One more tool to use to confirm

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#12
brain1212

brain1212

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix Log:

ComboFix 08-02.05.3 - Brian Norris 02/10/2008 10:19:27.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1033.18.73 [GMT -5:00]
Running from: C:\Documents and Settings\Brian Norris\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Brian Norris\Local Settings\Application Data\aijtzvo.dat
C:\Documents and Settings\Brian Norris\Local Settings\Application Data\aijtzvo_nav.dat
C:\Documents and Settings\Brian Norris\Local Settings\Application Data\aijtzvo_navps.dat
C:\WINNT\system32\Cache
C:\WINNT\system32\nvs2.inf
C:\WINNT\Web\default.htt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-02-09 19:48 . 08-02-09 20:48 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
2008-02-09 19:48 . 08-02-09 19:48 <DIR> d----c--- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-09 19:48 . 08-02-09 19:48 <DIR> d----c--- C:\Documents and Settings\Brian Norris\Application Data\SUPERAntiSpyware.com
2008-02-09 19:48 . 08-02-09 19:48 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-09 14:59 . 08-02-09 14:59 <DIR> d----c--- C:\Deckard
2008-02-07 11:17 . 08-02-07 11:18 <DIR> d----c--- C:\Program Files\Intel
2008-02-07 11:17 . 06-01-12 14:52 1,904 -----c--- C:\WINNT\system32\SetupBD.din

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 13:55 --------- dc----w C:\Documents and Settings\Brian Norris\Application Data\winshow
2008-02-10 02:02 --------- dc----w C:\Program Files\Common Files\Caere
2008-02-10 01:39 --------- dc----w C:\Documents and Settings\Brian Norris\Application Data\winlink
2008-02-07 15:20 5,976,302 -c--a-w C:\WINNT\Internet Logs\tvDebug.zip
2008-01-12 20:18 --------- dc----w C:\Program Files\Viewpoint
2008-01-12 20:18 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-12 20:17 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-01-12 20:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\Napster
2008-01-12 20:11 --------- dc----w C:\Documents and Settings\Brian Norris\Application Data\Canon
2008-01-01 14:34 --------- dc----w C:\Program Files\Maxis
2007-12-11 23:39 --------- dc----w C:\Program Files\Yahoo!
2007-08-05 22:08 1,353,728 -c--a-w C:\WINNT\Internet Logs\xDB2.tmp
2007-08-05 22:04 1,353,728 -c--a-w C:\WINNT\Internet Logs\xDB1.tmp
2002-04-21 01:37 271 ---h--w C:\Program Files\desktop.ini
2002-04-21 01:37 21,952 -c-h--w C:\Program Files\folder.htt
2001-11-23 16:08 712,704 -c--a-w C:\WINNT\inf\OTHER\audio3d.dll
1999-12-07 12:00 32,528 -c--a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [01-11-15 10:08 1216512 C:\WINNT\mixer.exe]
"NeroCheck"="C:\WINNT\System32\NeroCheck.exe" [01-08-06 19:03 155648]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [03-10-06 14:16 5058560]
"QuickTime Task"="D:\apps\quicktime\qttask.exe" [ ]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [02-10-14 14:09 57344]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07-03-08 23:02 919280]
"Synchronization Manager"="mobsync.exe" [99-12-07 07:00 111376 C:\WINNT\system32\mobsync.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05-12-09 18:14 180269]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [99-12-07 07:00 186640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-15 18:03:03 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
MA111 Configuration Utility.lnk - D:\Apps\NetGear\wlancfg.exe [2005-12-27 14:51:40 459264]
Microsoft Office.lnk - D:\Apps\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 07-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]
nwprovau.dll 02-07-22 14:05 139024 C:\WINNT\system32\NWPROVAU.DLL

R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM1.SYS [00-05-27 03:37 ]
R1 VIAPFD;VIAPFD;C:\WINNT\system32\Drivers\VIAPFD.SYS [01-05-04 10:24 ]
S2 SMTPSVC;Simple Mail Transport Protocol (SMTP);C:\WINNT\System32\inetsrv\inetinfo.exe []
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys [99-10-23 11:22 ]
S3 ELNK3;3Com EtherLink III;C:\WINNT\system32\DRIVERS\elnk3.sys [99-09-24 18:16 ]
S3 ENDETECT;ENDETECT;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\ENDETECT.SYS []
S3 L2XPSR;L2XPSR;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\L2XPSR.SYS []
S3 NTSTPL1;NTSTPL1;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL1.SYS []
S3 NTSTPL2;NTSTPL2;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL2.SYS []
S3 OlCamudp;OLYMPUS Digital Camera;C:\WINNT\system32\Drivers\olcamudp.sys [00-02-08 08:55 ]
S3 TAPBIND;TAPBIND;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TAPBIND1.SYS []
S3 UNDPX2A;UNDPX2A;C:\WINNT\system32\drivers\UNDPX2A.SYS []
S3 USB_RNDIS_2K;Westell WireSpeed Dual Connect Modem;C:\WINNT\system32\DRIVERS\usb8023k.sys [84-02-05 19:28 ]
S3 viafilter;VIA USB Filter;C:\WINNT\system32\Drivers\viausb.sys [01-10-18 15:35 ]
S3 WLAN_USB;Wireless LAN USB Driver;C:\WINNT\system32\DRIVERS\MA111nd5.sys [02-12-23 09:35 ]
S3 XIRLINK;Veo PC Camera;C:\WINNT\system32\DRIVERS\ucdnt.sys [02-05-22 21:55 ]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 10:24:47
Windows 5.0.2195 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
D:\Apps\NetGear\wlancfg4.EXE
.
**************************************************************************
.
Completion time: 2008-02-10 10:26:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-10 15:26:34


---------------------------------------
------------------------------------------
---------------------------------------------

HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:49 AM, on 2/10/2008
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\Mixer.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Apps\NetGear\wlancfg4.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brian Norris\Desktop\Stuff\Virus stuff\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "D:\apps\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = D:\Apps\NetGear\wlancfg.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Apps\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Apps\AOL\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.belk...c.com/dwa7W.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IIS Admin Service (IISADMIN) - Unknown owner - C:\WINNT\System32\inetsrv\inetinfo.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: FTP Publishing Service (MSFTPSVC) - Unknown owner - C:\WINNT\System32\inetsrv\inetinfo.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Simple Mail Transport Protocol (SMTP) (SMTPSVC) - Unknown owner - C:\WINNT\System32\inetsrv\inetinfo.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: World Wide Web Publishing Service (W3SVC) - Unknown owner - C:\WINNT\System32\inetsrv\inetinfo.exe (file missing)
O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINNT\System32\mspmspsv.exe (file missing)

--
End of file - 4592 bytes
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks a lot better - how is your system running now ?
  • 0

#14
brain1212

brain1212

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Seems to be running good. No pop ups yet. Seems a little bit quicker too. I sure do appreciate your time and help on this problem I had.

I do have a question for you.

I have another computer here (It dosnt seem to be infected, or atleast not acting like my computer was). If I took the same steps on it that you told me to do on mine, should that be an effective way of killing any viruses/trojans/ ect. off?

I put that same rootkit code on a computer that MAY not be infected, would it in anyway mess anything up?

Again, I do really appreciate all of your help. THANK YOU!!!
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

I have another computer here (It dosnt seem to be infected, or atleast not acting like my computer was). If I took the same steps on it that you told me to do on mine, should that be an effective way of killing any viruses/trojans/ ect. off?

I put that same rootkit code on a computer that MAY not be infected, would it in anyway mess anything up?

In a nutshell Yes, all the fixes were tailored to your current machine. If the other one is infected I would need to treat that as a different entity. You can post the log for that one next if you wish and I will look at it ..

Now the best part of the day ----- Your log now appears clean :)

You may now delete all the programmes I had you download


Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
  • SpywareBlaster to help prevent spyware from installing in the first place.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP