Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Annoying malware will not go away [RESOLVED]

Started by Kenshi75 , Jan 30 2008 05:08 PM

  • This topic is locked This topic is locked

#1
Kenshi75
Posted 30 January 2008 - 05:08 PM

Kenshi75

    New Member

  • Member
  • Pip
  • 7 posts
have used spybot, avg, adaware, to flush but still no avail.

this is my last check with spybot

29.01.2008 07:56:52 - ##### check started #####
29.01.2008 07:56:52 - ### Version: 1.5
29.01.2008 07:56:52 - ### Date: 1/29/2008 7:56:52 AM
29.01.2008 07:56:53 - found: Network Monitor System Service
29.01.2008 07:57:01 - ##### checking bots #####
29.01.2008 08:03:03 - found: Command Service Library
29.01.2008 08:03:03 - found: Command Service Library
29.01.2008 08:03:03 - found: Command Service Settings
29.01.2008 08:03:03 - found: Command Service Settings
29.01.2008 08:03:03 - found: Command Service Settings
29.01.2008 08:03:03 - found: Command Service Uninstall settings
29.01.2008 08:07:00 - found: Smitfraud-C. Settings
29.01.2008 08:09:14 - found: Network Monitor Data
29.01.2008 08:09:14 - found: Network Monitor Uninstall settings
29.01.2008 08:09:14 - found: Network Monitor System Service
29.01.2008 08:09:14 - found: Network Monitor System Service
29.01.2008 08:09:14 - found: Network Monitor Program directory
29.01.2008 08:09:14 - found: Network Monitor Program directory
29.01.2008 09:15:36 - found: AdSpy.TTC Executable
29.01.2008 09:18:16 - found: Virtumonde Executable
29.01.2008 09:19:39 - found: Smitfraud-C.CoreService Data
29.01.2008 09:21:18 - found: Win32.Agent.qt Settings
29.01.2008 09:22:08 - found: Win32.Small.azl Autorun settings
29.01.2008 09:28:05 - found: MediaPlex Tracking cookie (Internet Explorer: Huy Tran)
29.01.2008 09:28:05 - found: K2L Tracking cookie (Internet Explorer: Huy Tran)
29.01.2008 09:28:06 - found: FastClick Tracking cookie (Internet Explorer: Huy Tran)
29.01.2008 09:28:06 - found: ZQest.K8L Tracking cookie (Internet Explorer: Huy Tran)
29.01.2008 09:28:06 - found: DoubleClick Tracking cookie (Internet Explorer: Huy Tran)
29.01.2008 09:28:06 - found: BurstMedia Tracking cookie (Internet Explorer: Huy Tran)
29.01.2008 09:28:07 - found: AdRevolver Tracking cookie (Internet Explorer: Huy Tran)
29.01.2008 09:28:07 - found: Vario.AntiVirus Tracking cookie (Internet Explorer: Huy Tran)
29.01.2008 09:28:07 - found: TagASaurus Tracking cookie (Internet Explorer: Huy Tran)
29.01.2008 09:28:08 - found: AdRevolver Tracking cookie (Internet Explorer: Huy Tran)
29.01.2008 09:28:08 - found: DirectTrack Tracking cookie (Internet Explorer: Huy Tran)
29.01.2008 09:28:08 - found: MediaPlex Tracking cookie (Internet Explorer: Huy Tran)
29.01.2008 09:28:08 - found: Clickspring.OuterInfo Tracking cookie (Internet Explorer: Huy Tran)
29.01.2008 09:28:08 - found: DirectTrack Tracking cookie (Internet Explorer: Huy Tran)
29.01.2008 09:28:08 - found: Searchingbooth.com Tracking cookie (Internet Explorer: Huy Tran)
29.01.2008 09:28:08 - found: Top-Banners Tracking cookie (Internet Explorer: Huy Tran)
29.01.2008 09:28:10 - ##### check finished #####

here is hte hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:22 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {74C1B851-5829-4219-BAD1-D8FCD9147600} - C:\WINDOWS\system32\vtstr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201591988629
O20 - Winlogon Notify: iifgdbb - iifgdbb.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6336 bytes


HELLLLPPPPPPPPPP student in need of a working laptop asap..
  • 0

Advertisements

#2
Rorschach112
Posted 06 February 2008 - 08:15 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
Kenshi75
Posted 07 February 2008 - 02:40 AM

Kenshi75

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ComboFix 08-02.05.3 - Huy Tran 2008-02-07 3:32:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.550 [GMT -5:00]
Running from: C:\Documents and Settings\Huy Tran\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\rndismpp.sys
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\rndismpp.sys

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_RNDISMPP
-------\rndismpp


((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-05 17:21 . 2008-02-05 17:21 <DIR> d-------- C:\Program Files\Veoh Networks
2008-02-05 15:38 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-05 15:38 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-05 15:38 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-05 15:38 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-05 15:38 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-05 15:38 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-01 16:59 . 2008-02-01 16:59 244 --ah----- C:\sqmnoopt14.sqm
2008-02-01 16:59 . 2008-02-01 16:59 232 --ah----- C:\sqmdata14.sqm
2008-01-31 22:47 . 2008-01-31 22:47 <DIR> d-------- C:\Program Files\Sun
2008-01-31 22:39 . 2008-01-31 22:44 <DIR> d-------- C:\Documents and Settings\Huy Tran\.SunDownloadManager
2008-01-31 19:41 . 2008-01-31 19:41 <DIR> d-------- C:\Documents and Settings\Huy Tran\Application Data\Hewlett-Packard
2008-01-31 19:38 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-31 19:38 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-31 19:35 . 2008-01-31 19:35 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-01-31 19:31 . 2008-01-31 19:32 <DIR> d-------- C:\hp
2008-01-31 19:30 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-31 19:30 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-31 19:28 . 2008-01-31 19:40 19,558 --a------ C:\WINDOWS\hpoins01.dat
2008-01-31 19:28 . 2003-04-22 10:24 16,606 --------- C:\WINDOWS\hpomdl01.dat
2008-01-30 18:02 . 2008-01-30 18:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-30 17:37 . 2006-02-28 07:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-30 17:23 . 2008-01-30 18:21 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-30 13:36 . 2008-01-30 13:35 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-30 13:35 . 2008-01-30 13:36 <DIR> d-------- C:\Documents and Settings\Huy Tran\.housecall6.6
2008-01-30 13:34 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-30 03:30 . 2008-01-30 09:12 697,120 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-30 03:30 . 2008-01-30 09:05 16,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-30 03:30 . 2008-01-30 03:32 1,508 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-30 03:30 . 2008-01-30 03:32 1,148 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-30 03:24 . 2008-01-30 03:24 <DIR> d-------- C:\KAV
2008-01-30 03:15 . 2008-02-05 15:40 <DIR> d-------- C:\Documents and Settings\Huy Tran\SmitfraudFix
2008-01-30 03:15 . 2008-02-05 15:40 2,172 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-29 20:02 . 2008-01-29 20:01 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2008-01-29 20:02 . 2008-01-29 20:01 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-01-29 20:02 . 2008-01-29 20:01 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2008-01-29 20:00 . 2008-01-29 20:28 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-01-29 16:44 . 2008-01-29 16:44 <DIR> d-------- C:\Documents and Settings\Huy Tran\Application Data\DivX
2008-01-29 13:07 . 2008-01-29 13:07 1,167 --a------ C:\WINDOWS\mozver.dat
2008-01-29 12:43 . 2008-01-29 12:43 18 --a------ C:\WINDOWS\gwhotkey.ini
2008-01-29 12:41 . 2008-01-29 12:41 <DIR> d-------- C:\Documents and Settings\Administrator.MASTERCHIEF\Application Data\AVG7
2008-01-29 12:15 . 2008-02-06 08:09 <DIR> d-------- C:\Documents and Settings\Huy Tran\Application Data\AVG7
2008-01-29 12:14 . 2008-01-29 12:14 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2008-01-29 12:14 . 2008-01-29 12:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-01-29 12:14 . 2008-01-29 12:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2008-01-29 12:08 . 2008-01-29 12:15 <DIR> d-------- C:\Documents and Settings\Huy Tran\Application Data\U3
2008-01-29 11:46 . 2008-01-29 11:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-29 10:10 . 2008-01-29 10:11 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-29 10:03 . 2007-10-10 18:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-29 10:03 . 2007-06-30 22:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-29 10:03 . 2007-06-30 22:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-29 10:03 . 2007-10-10 18:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-29 10:03 . 2007-10-10 18:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-29 10:03 . 2007-10-10 18:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-29 10:03 . 2007-10-10 18:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-29 10:03 . 2007-10-10 18:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-29 10:03 . 2007-10-10 05:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-29 09:28 . 2008-02-01 21:54 420 --a------ C:\WINDOWS\wininit.ini
2008-01-29 09:21 . 2008-01-29 09:21 <DIR> d-------- C:\Program Files\Logitech
2008-01-29 09:21 . 2008-01-29 09:21 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-01-29 09:20 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-01-29 09:19 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-29 09:19 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-29 09:16 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-01-29 09:16 . 2004-08-04 00:56 90,624 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-01-29 09:16 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-01-29 09:16 . 2004-08-04 00:56 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-01-29 09:16 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-01-29 09:16 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-01-29 09:16 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-01-29 09:16 . 2004-08-04 00:56 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-01-29 09:16 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-01-29 09:16 . 2004-08-04 00:56 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax
2008-01-29 09:14 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-29 09:14 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-29 04:17 . 2008-01-29 04:17 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-29 04:14 . 2008-01-29 04:14 <DIR> d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Yahoo!
2008-01-29 04:09 . 2008-01-30 14:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-01-29 04:07 . 2008-01-29 04:07 <DIR> d-------- C:\WINDOWS\system32\wts1
2008-01-29 04:07 . 2008-01-29 04:55 <DIR> d-------- C:\WINDOWS\system32\vip4
2008-01-29 04:07 . 2008-01-29 20:57 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-01-29 04:07 . 2008-01-29 21:07 <DIR> d-------- C:\WINDOWS\system32\knis6
2008-01-29 04:07 . 2008-01-29 20:56 <DIR> d-------- C:\WINDOWS\system32\jeb3
2008-01-29 04:07 . 2008-01-29 04:51 <DIR> d--hs---- C:\WINDOWS\SHV5IFRyYW4
2008-01-29 04:06 . 2008-01-29 04:06 1,220 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-01-29 04:05 . 2008-01-04 16:58 120,056 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2008-01-29 04:05 . 2008-01-04 16:58 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2008-01-29 03:41 . 2008-01-29 03:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-01-29 03:23 . 2001-08-17 13:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-01-29 03:23 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-01-29 03:20 . 2008-01-29 03:20 <DIR> d-------- C:\Documents and Settings\Huy Tran\Application Data\acccore
2008-01-29 03:19 . 2008-01-29 03:19 <DIR> d-------- C:\Program Files\AOL Search
2008-01-29 03:19 . 2008-01-30 17:28 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-01-29 03:19 . 2008-01-29 03:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2008-01-29 03:19 . 2008-01-30 17:24 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2008-01-29 03:17 . 2008-01-29 03:18 <DIR> d-------- C:\Documents and Settings\Huy Tran\Application Data\Yahoo!
2008-01-29 03:17 . 2008-01-29 03:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-01-29 03:12 . 2008-01-29 03:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-01-29 03:10 . 2008-01-29 03:10 <DIR> d-------- C:\Program Files\Driver-Soft
2008-01-29 03:10 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 03:47 --------- d-----w C:\Program Files\Java
2008-02-01 00:35 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-30 22:28 --------- d-----w C:\Program Files\Viewpoint
2008-01-30 01:22 --------- d-----w C:\Program Files\Lavasoft
2008-01-29 14:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-29 09:05 --------- d-----w C:\Program Files\DivX
2008-01-29 08:59 --------- d-----w C:\Program Files\XP Codec Pack
2008-01-29 08:20 --------- d-----w C:\Program Files\AIM6
2008-01-29 07:39 --------- d-----w C:\Program Files\Common Files\snp2std
2008-01-29 01:19 --------- d-----w C:\Program Files\Common Files\Real
2008-01-23 01:36 --------- d-----w C:\Program Files\QuickTime
2008-01-20 01:13 --------- d-----w C:\Program Files\MySpace
2008-01-19 16:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-17 16:22 --------- d-----w C:\Program Files\THQ
2008-01-16 05:50 --------- d-----w C:\Program Files\LimeWire
2008-01-16 04:43 --------- d-----w C:\Program Files\Lexmark 3500-4500 Series
2005-07-29 21:24 472 --sha-r C:\WINDOWS\SHV5IFRyYW4\mJpcKIlVsqb.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74C1B851-5829-4219-BAD1-D8FCD9147600}]
C:\WINDOWS\system32\vtstr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 12:55 3497984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-10-12 15:28 1282048]
"Multi-function Keyboard"="GWHotKey.exe" [2001-08-28 11:13 98361 C:\WINDOWS\GWHotKey.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-30 15:46 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-30 15:46 499712]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05 344064]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 09:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 16:12 579072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-07-07 16:33 675840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-13 12:43 219136]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
hp psc 1000 series.lnk.disabled [2008-01-31 19:40:55 779]
hpoddt01.exe.lnk.disabled [2008-01-31 19:34:50 779]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgdbb]
iifgdbb.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

S3 SDTHelper;Helper driver for SDT-Tool;C:\Documents and Settings\Huy Tran\Local Settings\Temp\radix_installer_trial\sdthlpr.sys []
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-07-10 15:49]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd28e15b-6efe-11dc-87ae-b43c29b6721c}]
\Shell\AutoRun\command - F:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 00:41:34 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1201826442.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 03:35:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-02-07 3:37:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-07 08:37:31
ComboFix2.txt 2008-01-31 23:40:27
.
2008-02-01 12:35:14 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:56 AM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {74C1B851-5829-4219-BAD1-D8FCD9147600} - C:\WINDOWS\system32\vtstr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk.disabled
O4 - Global Startup: hpoddt01.exe.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201591988629
O20 - Winlogon Notify: iifgdbb - iifgdbb.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7139 bytes
  • 0

#4
Rorschach112
Posted 07 February 2008 - 07:42 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {74C1B851-5829-4219-BAD1-D8FCD9147600} - C:\WINDOWS\system32\vtstr.dll (file missing)
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O20 - Winlogon Notify: iifgdbb - iifgdbb.dll (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
C:\WINDOWS\system32\wts1
C:\WINDOWS\system32\vip4
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\knis6
C:\WINDOWS\system32\jeb3
C:\WINDOWS\SHV5IFRyYW4
C:\Documents and Settings\Huy Tran\Application Data\acccore

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd28e15b-6efe-11dc-87ae-b43c29b6721c}]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Reboot and post a new HijackThis log
  • 0

#5
Kenshi75
Posted 07 February 2008 - 11:20 AM

Kenshi75

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:06 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk.disabled
O4 - Global Startup: hpoddt01.exe.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201591988629
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6618 bytes
  • 0

#6
Rorschach112
Posted 07 February 2008 - 11:23 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post the ComboFix log and do this

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

  • 0

#7
Kenshi75
Posted 07 February 2008 - 06:28 PM

Kenshi75

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ComboFix 08-02.05.3 - Huy Tran 2008-02-07 12:12:05.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.616 [GMT -5:00]
Running from: C:\Documents and Settings\Huy Tran\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Huy Tran\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Huy Tran\Application Data\acccore
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\0201D205A1
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\0201D2463C
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\0201D270B0
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\0201D295FE
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\0201D29FD2
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\0201E05185
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\0201E06201
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\0201E068C0
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\0201E0693B
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\0201E06F18
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\0201E07571
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\05396C6F6C6169636F6E
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\2073AF3CD817AD668301666EA256986D
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\2B0000045D
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\2B0000099F
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\2B0000111D
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\2B000013DF
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\2B00001731
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\2B00001843
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\2B00001C0C
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\2B00002830
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\2B00002C63
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\2E000C000000000000050064570D01
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\732FC54D86A6EC59C1D3B27D040DD5B0
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\8E27F5C32390CB29B9726467109F46FC
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\91BCB63B24BFFBA56188A4110198AB9E
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\987BE371CB919995C2E9F7862173C348
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\9D6BFC5DE06C83510FF817B67C2E82FB
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\A7ABEDF8C5C57371A9F37EAB36B4F004
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\B884696461E9437F9E332B4E764AB1ED
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\ECD6DC54BD1AA736DA5C195B42C1CF02
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\EF0D35C72B7342B02AB7C2E42DC839E4
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1\F9A483DF33E36AFB9950EC638A4D5328
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1024\0201D2071A
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1024\0201E05FA9
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1024\0201E05FD0
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1024\2B000001B7
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1024\2B000001E4
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1024\2B00000206
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\1024\2B00000243
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\129\0201D2110B
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\129\0201D215F1
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\129\0201D2209D
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\129\0201D268C8
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\129\0201D29B8F
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\129\0201D2A03C
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\129\2B000011C7
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\129\2B000012E0
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\129\2B000012F8
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\129\2B0000144F
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\129\2B000014DD
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\129\2B000014F1
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\129\2B00002D53
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\131\0201D20D7E
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\131\2B00001004
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\136\2B0000189A
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\136\2B000018BA
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\137\2B0000189A
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\137\2B00002D53
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\137\2E000C000000000000050064570D01
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\3\0201D214DF
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\3\0201D23F04
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\3\0201D25DBA
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\3\0201E010DF
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\3\2B0000069C
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\3\2B00000C2B
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\3\2B00001039
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\3\2B0000105A
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\5\2B00001843
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\96\0201D20D00
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\96\0201D214DF
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\96\2B0000069C
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\bart\96\2B00000C3F
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\users\boxy4lif3\buddyicon
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\users\boxy4lif3\feedbag
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\users\inspirationasian\buddyicon
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\users\inspirationasian\feedbag
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\users\nguoisoyeu\buddyicon
C:\Documents and Settings\Huy Tran\Application Data\acccore\caches\users\nguoisoyeu\feedbag
C:\Documents and Settings\Huy Tran\Application Data\acccore\nss\cert8.db
C:\Documents and Settings\Huy Tran\Application Data\acccore\nss\key3.db
C:\Documents and Settings\Huy Tran\Application Data\acccore\nss\secmod.db
C:\WINDOWS\SHV5IFRyYW4
C:\WINDOWS\SHV5IFRyYW4\mJpcKIlVsqb.vbs
C:\WINDOWS\system32\jeb3
C:\WINDOWS\system32\knis6
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\vip4
C:\WINDOWS\system32\wts1
C:\WINDOWS\system32\wts1\ovstadcom2.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-07 03:30 . 2004-08-04 07:00 388,608 --a------ C:\kmd.exe
2008-02-05 17:21 . 2008-02-05 17:21 <DIR> d-------- C:\Program Files\Veoh Networks
2008-02-05 15:38 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-05 15:38 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-05 15:38 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-05 15:38 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-05 15:38 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-05 15:38 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-01 16:59 . 2008-02-01 16:59 244 --ah----- C:\sqmnoopt14.sqm
2008-02-01 16:59 . 2008-02-01 16:59 232 --ah----- C:\sqmdata14.sqm
2008-01-31 22:47 . 2008-01-31 22:47 <DIR> d-------- C:\Program Files\Sun
2008-01-31 22:39 . 2008-01-31 22:44 <DIR> d-------- C:\Documents and Settings\Huy Tran\.SunDownloadManager
2008-01-31 19:41 . 2008-01-31 19:41 <DIR> d-------- C:\Documents and Settings\Huy Tran\Application Data\Hewlett-Packard
2008-01-31 19:38 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-31 19:38 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-31 19:35 . 2008-01-31 19:35 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-01-31 19:31 . 2008-01-31 19:32 <DIR> d-------- C:\hp
2008-01-31 19:30 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-31 19:30 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-31 19:28 . 2008-01-31 19:40 19,558 --a------ C:\WINDOWS\hpoins01.dat
2008-01-31 19:28 . 2003-04-22 10:24 16,606 --------- C:\WINDOWS\hpomdl01.dat
2008-01-30 18:02 . 2008-01-30 18:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-30 17:37 . 2006-02-28 07:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-30 17:23 . 2008-01-30 18:21 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-30 13:36 . 2008-01-30 13:35 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-30 13:35 . 2008-01-30 13:36 <DIR> d-------- C:\Documents and Settings\Huy Tran\.housecall6.6
2008-01-30 13:34 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-30 03:30 . 2008-01-30 09:12 697,120 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-30 03:30 . 2008-01-30 09:05 16,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-30 03:30 . 2008-01-30 03:32 1,508 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-30 03:30 . 2008-01-30 03:32 1,148 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-30 03:24 . 2008-01-30 03:24 <DIR> d-------- C:\KAV
2008-01-30 03:15 . 2008-02-05 15:40 <DIR> d-------- C:\Documents and Settings\Huy Tran\SmitfraudFix
2008-01-30 03:15 . 2008-02-05 15:40 2,172 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-29 20:02 . 2008-01-29 20:01 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2008-01-29 20:02 . 2008-01-29 20:01 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-01-29 20:02 . 2008-01-29 20:01 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2008-01-29 20:00 . 2008-01-29 20:28 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-01-29 16:44 . 2008-01-29 16:44 <DIR> d-------- C:\Documents and Settings\Huy Tran\Application Data\DivX
2008-01-29 13:07 . 2008-01-29 13:07 1,167 --a------ C:\WINDOWS\mozver.dat
2008-01-29 12:43 . 2008-01-29 12:43 18 --a------ C:\WINDOWS\gwhotkey.ini
2008-01-29 12:41 . 2008-01-29 12:41 <DIR> d-------- C:\Documents and Settings\Administrator.MASTERCHIEF\Application Data\AVG7
2008-01-29 12:15 . 2008-02-07 08:00 <DIR> d-------- C:\Documents and Settings\Huy Tran\Application Data\AVG7
2008-01-29 12:14 . 2008-01-29 12:14 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2008-01-29 12:14 . 2008-01-29 12:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-01-29 12:14 . 2008-01-29 12:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2008-01-29 12:08 . 2008-01-29 12:15 <DIR> d-------- C:\Documents and Settings\Huy Tran\Application Data\U3
2008-01-29 11:46 . 2008-01-29 11:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-29 10:10 . 2008-01-29 10:11 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-29 10:03 . 2007-10-10 18:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-29 10:03 . 2007-06-30 22:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-29 10:03 . 2007-06-30 22:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-29 10:03 . 2007-10-10 18:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-29 10:03 . 2007-10-10 18:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-29 10:03 . 2007-10-10 18:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-29 10:03 . 2007-10-10 18:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-29 10:03 . 2007-10-10 18:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-29 10:03 . 2007-10-10 05:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-29 09:28 . 2008-02-01 21:54 420 --a------ C:\WINDOWS\wininit.ini
2008-01-29 09:21 . 2008-01-29 09:21 <DIR> d-------- C:\Program Files\Logitech
2008-01-29 09:21 . 2008-01-29 09:21 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-01-29 09:20 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-01-29 09:19 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-29 09:19 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-29 09:16 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-01-29 09:16 . 2004-08-04 00:56 90,624 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-01-29 09:16 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-01-29 09:16 . 2004-08-04 00:56 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-01-29 09:16 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-01-29 09:16 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-01-29 09:16 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-01-29 09:16 . 2004-08-04 00:56 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-01-29 09:16 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-01-29 09:16 . 2004-08-04 00:56 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax
2008-01-29 09:14 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-29 09:14 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-29 04:17 . 2008-01-29 04:17 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-29 04:14 . 2008-01-29 04:14 <DIR> d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Yahoo!
2008-01-29 04:09 . 2008-01-30 14:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-01-29 04:06 . 2008-01-29 04:06 1,220 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-01-29 04:05 . 2008-01-04 16:58 120,056 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2008-01-29 04:05 . 2008-01-04 16:58 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2008-01-29 03:41 . 2008-01-29 03:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-01-29 03:23 . 2001-08-17 13:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-01-29 03:23 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-01-29 03:19 . 2008-01-29 03:19 <DIR> d-------- C:\Program Files\AOL Search
2008-01-29 03:19 . 2008-01-30 17:28 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-01-29 03:19 . 2008-01-29 03:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2008-01-29 03:19 . 2008-01-30 17:24 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2008-01-29 03:17 . 2008-01-29 03:18 <DIR> d-------- C:\Documents and Settings\Huy Tran\Application Data\Yahoo!
2008-01-29 03:17 . 2008-01-29 03:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-01-29 03:12 . 2008-01-29 03:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-01-29 03:10 . 2008-01-29 03:10 <DIR> d-------- C:\Program Files\Driver-Soft
2008-01-29 03:10 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-01-29 03:10 . 2004-06-14 14:56 427,864 --a------ C:\WINDOWS\system32\XceedZip.dll
2008-01-29 02:48 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-29 02:48 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-29 02:48 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-29 02:48 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-29 02:43 . 2003-06-18 16:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 03:47 --------- d-----w C:\Program Files\Java
2008-02-01 00:35 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-30 22:28 --------- d-----w C:\Program Files\Viewpoint
2008-01-30 01:22 --------- d-----w C:\Program Files\Lavasoft
2008-01-29 14:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-29 09:05 --------- d-----w C:\Program Files\DivX
2008-01-29 08:59 --------- d-----w C:\Program Files\XP Codec Pack
2008-01-29 08:20 --------- d-----w C:\Program Files\AIM6
2008-01-29 07:39 --------- d-----w C:\Program Files\Common Files\snp2std
2008-01-29 01:19 --------- d-----w C:\Program Files\Common Files\Real
2008-01-23 01:36 --------- d-----w C:\Program Files\QuickTime
2008-01-20 01:13 --------- d-----w C:\Program Files\MySpace
2008-01-19 16:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-17 16:22 --------- d-----w C:\Program Files\THQ
2008-01-16 05:50 --------- d-----w C:\Program Files\LimeWire
2008-01-16 04:43 --------- d-----w C:\Program Files\Lexmark 3500-4500 Series
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 12:55 3497984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-10-12 15:28 1282048]
"Multi-function Keyboard"="GWHotKey.exe" [2001-08-28 11:13 98361 C:\WINDOWS\GWHotKey.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-30 15:46 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-30 15:46 499712]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05 344064]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 09:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 16:12 579072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-07-07 16:33 675840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-13 12:43 219136]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
hp psc 1000 series.lnk.disabled [2008-01-31 19:40:55 779]
hpoddt01.exe.lnk.disabled [2008-01-31 19:34:50 779]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

S3 SDTHelper;Helper driver for SDT-Tool;C:\Documents and Settings\Huy Tran\Local Settings\Temp\radix_installer_trial\sdthlpr.sys []
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-07-10 15:49]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 00:41:34 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1201826442.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 12:13:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-07 12:14:12
ComboFix-quarantined-files.txt 2008-02-07 17:13:58
ComboFix2.txt 2008-02-07 08:37:41
ComboFix3.txt 2008-01-31 23:40:27
.
2008-02-01 12:35:14 --- E O F ---


here is teh superanti log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/07/2008 at 04:18 PM

Application Version : 3.9.1008

Core Rules Database Version : 3397
Trace Rules Database Version: 1389

Scan type : Complete Scan
Total Scan Time : 03:15:36

Memory items scanned : 488
Memory threats detected : 0
Registry items scanned : 5124
Registry threats detected : 1
File items scanned : 49155
File threats detected : 23

Adware.Tracking Cookie
C:\Documents and Settings\Huy Tran\Cookies\huy tran@realmedia[1].txt
C:\Documents and Settings\Huy Tran\Cookies\huy tran@revsci[2].txt
C:\Documents and Settings\Huy Tran\Cookies\huy [email protected][2].txt
C:\Documents and Settings\Huy Tran\Cookies\huy tran@specificclick[2].txt
C:\Documents and Settings\Huy Tran\Cookies\huy tran@66702201[2].txt
C:\Documents and Settings\Huy Tran\Cookies\huy [email protected][1].txt
C:\Documents and Settings\Huy Tran\Cookies\huy tran@adserver[1].txt
C:\Documents and Settings\Huy Tran\Cookies\huy [email protected][2].txt
C:\Documents and Settings\Huy Tran\Cookies\huy tran@questionmarket[2].txt
C:\Documents and Settings\Huy Tran\Cookies\huy tran@tribalfusion[2].txt
C:\Documents and Settings\Huy Tran\Cookies\huy [email protected][2].txt
C:\Documents and Settings\Huy Tran\Cookies\huy [email protected][1].txt
C:\Documents and Settings\Huy Tran\Cookies\huy tran@atwola[1].txt
C:\Documents and Settings\Huy Tran\Cookies\huy tran@html[1].txt
C:\Documents and Settings\Huy Tran\Cookies\huy [email protected][1].txt
C:\Documents and Settings\Huy Tran\Cookies\huy tran@indiads[1].txt
C:\Documents and Settings\Huy Tran\Cookies\huy [email protected][1].txt
C:\Documents and Settings\Huy Tran\Cookies\huy tran@adbrite[2].txt
C:\Documents and Settings\Huy Tran\Cookies\huy tran@dealtime[1].txt
C:\Documents and Settings\Huy Tran\Cookies\huy [email protected][2].txt

Adware.VXGame-Trace
HKU\S-1-5-21-861567501-1965331169-839522115-1003\Software\kernelexe

Adware.k8l
C:\PROGRAM FILES\MESSENGER\RTEQEGAB.HTML

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SHV5IFRYYW4\MJPCKILVSQB.VBS.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B992408D-4154-469E-BEF9-E7A38222DC99}\RP18\A0005802.VBS
  • 0

#8
Rorschach112
Posted 07 February 2008 - 06:32 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

Now lets uninstall Combofix:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
The above procedure will do the following:
  • Delete ComboFix and its associated files and folders.
  • Delete VundoFix backups, if present
  • Delete the C:\Deckard folder, if present
  • Delete the C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#9
Kenshi75
Posted 08 February 2008 - 03:52 PM

Kenshi75

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
seems like everything is working.. thank you soo much!!!
  • 0

#10
Rorschach112
Posted 08 February 2008 - 07:11 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP