Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

spamblockerutility is what i downloded [RESOLVED]


  • This topic is locked This topic is locked

#1
loser

loser

    Member

  • Member
  • PipPip
  • 75 posts
Hi geeks. I hope I am posting the right info.
I downloaded spamblockerutility.com and it makes pop-ups and a tool bar on my computer.
THANKS 1,000,000

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:07 PM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\AEIWLSTA.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\Belkinwcui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SBInst.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE
O4 - HKLM\..\Run: [tvdbdptw] C:\WINDOWS\system32\kgvshfdm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Belkin Wireless Utility.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190316439093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1190316646691
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...31.5/ttinst.cab
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe

--
End of file - 3832 bytes

Edited by loser, 31 January 2008 - 09:39 PM.

  • 0

Advertisements


#2
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

Please uninstall SpamblockerUtility again since it's known to display popups.
Reboot after uninstalling...

Also,

I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

Edited by miekiemoes, 01 February 2008 - 07:48 AM.

  • 0

#3
loser

loser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
miekiemoes

thank you thank you thank you soooooooooooooooooooooooooooooo much for replying

ill do what you say

can you tell me how to uninstall spamblockerutility ?

its not listed on control panel/uninstall programs

thanks again for all the help

loser
  • 0

#4
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
It should be listed there though, unless it has another name than spamblockerutility

To find out, do next please..

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
  • 0

#5
loser

loser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
You rule.

Yes it WAS there, and I uninstalled it.
I installed the anti spyware thing too!
Thank you. Thank you. Thank you.
  • 0

#6
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

Please install the Antivirus I mentioned previously and perform a full scan with it and post a log, together with a new HijackThislog, because there's other malware present in your log as well...
  • 0

#7
loser

loser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
omg I'mso sorry I didn't know you'd reply back or that I had a virus.

Thank you Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:06 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\AEIWLSTA.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\Belkinwcui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Belkin Wireless Utility.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190316439093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1190316646691
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...31.5/ttinst.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe

--
End of file - 4254 bytes
  • 0

#8
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

Can you also post the log from Avira I asked in my previous post? So I can see if the other leftovers were deleted as well.
  • 0

#9
loser

loser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Sorry about that. I hope this is what you need.

I also tried to donate to your paypal thing. I tried about five times but don't know if it ever went through!
Let me know if it didn't.

AntiVir PersonalEdition Classic
Report file date: Friday, February 01, 2008 19:50

Scanning for 1089295 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: IBM-PUIEJABUTDN

Version information:
BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 22:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 21:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/15/2007 00:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 21:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 23:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 12/14/2007 00:16:35
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 1/25/2008 00:16:35
ANTIVIR3.VDF : 7.0.2.82 259072 Bytes 2/1/2008 00:16:35
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 2/2/2008 00:16:35
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 19:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 16:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 22:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2/2/2008 00:16:35
AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 16:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 21:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 16:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 20:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 21:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 21:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 18:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Friday, February 01, 2008 19:50

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Belkinwcui.exe' - '1' Module(s) have been scanned
Scan process 'LinksysAgent.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'SBInst.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\PROGRA~1\SPAMBL~1\Bin\484~1.0\SBInst.exe'
Scan process 'AEIWLSTA.exe' - '1' Module(s) have been scanned
Scan process 'TPHKMGR.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'tp4serv.exe' - '1' Module(s) have been scanned
Scan process 'LTSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ibmpmsvc.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'SBInst.exe' has been terminated
C:\PROGRA~1\SPAMBL~1\Bin\484~1.0\SBInst.exe
[DETECTION] Is the Trojan horse TR/Holax.E
[INFO] The file was deleted!

35 processes with 34 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( '30' files ).


Starting the file scan:

Begin scan in 'C:\' <IBM_PRELOAD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Greg\Local Settings\Temp\~nsu.tmp\Bu_.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.AY
[INFO] The file was deleted!
C:\Program Files\Disney\Disney Online\PiratesOnline\avcodec.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\avformat.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\avutil.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\cg.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\cgD3D8.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\cgD3D9.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\cgGL.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\libdirect.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\libdtool.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\libdtoolconfig.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\libheapq.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\libmiles_audio.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\libotp.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\libpanda.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\libpandadx8.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\libpandadx9.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\libpandaegg.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\libpandaexpress.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\libpandafx.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\libpandagl.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\libpandaode.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\libpandaphysics.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\libpirates.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\libwindisplay.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\mfc71.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\mss32.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\msvcp71.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\msvcr71.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\Pirates.exe
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\python24.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\pywintypes24.dll
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\uninst.exe
[WARNING] The file could not be opened!
C:\Program Files\Disney\Disney Online\PiratesOnline\xpirates.exe
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SBInst.exe.vir
[DETECTION] Is the Trojan horse TR/Holax.E
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbWallpaper.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\SBTV\uninstaller.exe.vir
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.AY
[INFO] The file was deleted!
C:\System Volume Information\_restore{60719C8F-1F55-41EE-A5B6-57CDDCE3B9EA}\RP64\A0091997.exe
[DETECTION] Is the Trojan horse TR/Holax.E
[INFO] The file was deleted!
C:\System Volume Information\_restore{60719C8F-1F55-41EE-A5B6-57CDDCE3B9EA}\RP64\A0092011.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.AY
[INFO] The file was deleted!
C:\System Volume Information\_restore{60719C8F-1F55-41EE-A5B6-57CDDCE3B9EA}\RP64\A0092093.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.AY
[INFO] The file was deleted!
C:\System Volume Information\_restore{60719C8F-1F55-41EE-A5B6-57CDDCE3B9EA}\RP64\A0092117.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.AY.7
[INFO] The file was deleted!
C:\System Volume Information\_restore{60719C8F-1F55-41EE-A5B6-57CDDCE3B9EA}\RP64\A0092127.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.AY
[INFO] The file was deleted!
C:\System Volume Information\_restore{60719C8F-1F55-41EE-A5B6-57CDDCE3B9EA}\RP65\A0092131.exe
[DETECTION] Is the Trojan horse TR/Holax.E
[INFO] The file was deleted!


End of the scan: Friday, February 01, 2008 20:24
Used time: 34:01 min

The scan has been done completely.

3096 Scanning directories
147667 Files were scanned
12 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
11 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
35 Files cannot be scanned
147655 Files not concerned
6475 Archives were scanned
35 Warnings
7 Notes
  • 0

#10
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Yes, that's the one. :)

I see you also ran Combofix previously. Can you post the contents of C:\Combofix.txt as well please?
  • 0

Advertisements


#11
loser

loser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
i cant thank you enough

ComboFix 08-02.01.1 - Greg 2008-02-05 18:57:10.2 - NTFSx86
Running from: C:\Documents and Settings\Greg\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Greg\Application Data\SpamBlocker
C:\Documents and Settings\Greg\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\Greg\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Program Files\Hotbar

.
((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.

2008-02-01 16:13 . 2008-02-01 16:13 <DIR> d-------- C:\Program Files\Avira
2008-02-01 16:13 . 2008-02-01 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-31 18:39 . 2008-01-31 18:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-31 16:58 . 2008-01-31 16:58 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-21 16:10 . 2008-01-21 16:10 <DIR> d-------- C:\Program Files\Disney
2008-01-12 16:47 . 2006-10-04 06:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-12 16:47 . 2006-10-04 06:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-12 16:47 . 2006-10-04 06:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-12 16:46 . 2008-01-12 16:46 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-12 16:43 . 2008-01-12 16:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-12 16:43 . 2008-01-12 16:44 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-12 16:39 . 2008-01-12 16:39 <DIR> d-------- C:\Program Files\Netflix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 22:45 --------- d-----w C:\Documents and Settings\Greg\Application Data\Move Networks
2007-12-31 14:10 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2007-12-31 02:08 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek
2007-12-31 02:07 --------- d--h--w C:\Documents and Settings\Greg\Application Data\GTek
2007-12-31 02:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Gtek
2007-12-30 20:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-30 19:54 --------- d-----w C:\Program Files\Belkin
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 18:16 454784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-01-08 23:12 151552]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-01-08 23:04 106496]
"LTSMMSG"="LTSMMSG.exe" [2001-08-02 14:28 45056 C:\WINDOWS\LTSMMSG.exe]
"TrackPointSrv"="tp4serv.exe" [2001-09-14 02:03 176128 C:\WINDOWS\system32\tp4serv.exe]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2001-09-03 00:22 56320]
"TP4EX"="tp4ex.exe" [2001-07-05 00:02 40960 C:\WINDOWS\system32\TP4EX.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2001-12-20 20:27 69632]
"AEIWLSTA.EXE"="AEIWLSTA.EXE" [2001-09-28 20:47 213376 C:\WINDOWS\system32\AEIWLSTA.exe]
"UC_SMB"="" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-01 16:16 249896]

R1 CSMBATT;CSMBATT;C:\WINDOWS\system32\drivers\CSMBATT.SYS [2001-11-23 12:12]
R1 nbmkmd;nbmkmd;C:\WINDOWS\system32\drivers\nbmkmd.sys [1998-12-30 13:28]
R1 TDOEM;TDOEM;C:\WINDOWS\system32\Drivers\TDOEM.SYS [2001-09-03 00:22]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A;C:\WINDOWS\system32\drivers\Vch.sys [2002-01-15 15:43]
R3 AEIWL;IBM High Rate Wireless LAN MiniPCI Combo Card Driver;C:\WINDOWS\system32\DRIVERS\AEIWLNDS.sys [2001-09-28 20:36]
R3 LucentSoftModem;Lucent Technologies Soft Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2001-08-02 14:28]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2001-09-14 02:03]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [2003-07-24 12:10]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-05 22:47:17 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\Bmmtask.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 19:00:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-05 19:02:04
ComboFix-quarantined-files.txt 2008-02-06 03:01:49
ComboFix2.txt 2008-02-01 01:33:55
.
2008-01-16 22:31:50 --- E O F ---
  • 0

#12
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

This looks OK again. :)

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
  • 0

#13
loser

loser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hi I followed what you said. Thanks so such for fixing my computer. Saved me big time.
  • 0

#14
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
  • 0

#15
loser

loser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Well you also helped me to possibly avoid this problem in the future, and I thank you so so so so so so so much.
Greg in Upper Michigan.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP